From d131c013087c8ff2826395c9e5cd5c23ec1f451a Mon Sep 17 00:00:00 2001
From: Simon Deziel <simon.deziel@canonical.com>
Date: Mon, 9 Sep 2024 17:17:05 -0400
Subject: [PATCH] pylxd/client: fix auth without password support

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
---
 pylxd/client.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/pylxd/client.py b/pylxd/client.py
index c5c5c1eb..b8b37dd8 100644
--- a/pylxd/client.py
+++ b/pylxd/client.py
@@ -478,11 +478,15 @@ def assert_has_api_extension(self, name):
         if not self.has_api_extension(name):
             raise exceptions.LXDAPIExtensionNotAvailable(name)
 
-    def authenticate(self, secret):
+    def authenticate(self, secret, use_token_auth=True):
         if self.trusted:
             return
         cert = open(self.api.session.cert[0]).read().encode("utf-8")
-        self.certificates.create(secret, cert)
+
+        if self.has_api_extension("explicit_trust_token") and use_token_auth:
+            self.certificates.create(password="", cert_data=cert, secret=secret)
+        else:
+            self.certificates.create(password=secret, cert_data=cert)
 
         # Refresh the host info
         response = self.api.get()