pylxd/models/certificate: re-add password arg for backward compat

Fixes canonical/charm-lxd#168 where charm-lxd is calling certificates.create(): ```python config: Dict[str, Union[str, bytes, List[str], bool]] = { "name": name, "password": "", "cert_data": cert.encode(), } client.certificates.create(**config) ``` causing: ``` File "./src/charm.py", line 1139, in _on_https_relation_changed if self.lxd_trust_add(cert=cert, name=cert_name, projects=projects): File "./src/charm.py", line 2294, in lxd_trust_add client.certificates.create(**config) TypeError: create() got an unexpected keyword argument 'password' ``` Signed-off-by: Simon Deziel <[email protected]>
canonical · Sep 9, 2024 · bd6b150 · bd6b150
1 parent fb96065
commit bd6b150
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/pylxd/models/certificate.py b/pylxd/models/certificate.py
@@ -53,12 +53,13 @@ def all(cls, client):
     def create(
         cls,
         client,
-        secret,
+        password,
         cert_data,
         cert_type="client",
         name="",
         projects=None,
         restricted=False,
+        secret="",
     ):
         """Create a new certificate."""
         cert = x509.load_pem_x509_certificate(cert_data, default_backend())
@@ -68,14 +69,17 @@ def create(
         data = {
             "type": cert_type,
             "certificate": base64_cert,
+            "password": password,
             "name": name,
             "restricted": restricted,
             "projects": projects,
         }
-        if client.has_api_extension("explicit_trust_token"):
+
+        # secret/trust_token are safer than password
+        if client.has_api_extension("explicit_trust_token") and secret:
             data["trust_token"] = secret
-        else:
-            data["password"] = secret
+            del(data["password"])
+
         response = client.api.certificates.post(json=data)
         location = response.headers["Location"]
         fingerprint = location.split("/")[-1]