Skip to content

Commit

Permalink
Respect unsecured connections to vSphere
Browse files Browse the repository at this point in the history
The client to vSphere didn't respect the value to use insecure
connections. Now, it will be taken out from the secret and will be
respected.

Signed-off-by: Liran Rotenberg <[email protected]>
  • Loading branch information
liranr23 committed Nov 20, 2023
1 parent 092bd67 commit 51faea0
Show file tree
Hide file tree
Showing 3 changed files with 56 additions and 5 deletions.
19 changes: 18 additions & 1 deletion pkg/controller/plan/adapter/vsphere/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"fmt"
liburl "net/url"
"strconv"

planapi "github.com/konveyor/forklift-controller/pkg/apis/forklift/v1beta1/plan"
"github.com/konveyor/forklift-controller/pkg/apis/forklift/v1beta1/ref"
Expand Down Expand Up @@ -330,7 +331,7 @@ func (r *Client) connect() error {
url.User = liburl.UserPassword(
r.user(),
r.password())
soapClient := soap.NewClient(url, false)
soapClient := soap.NewClient(url, r.getInsecureSkipVerifyFlag())
soapClient.SetThumbprint(url.Host, r.thumbprint())
vimClient, err := vim25.NewClient(context.TODO(), soapClient)
if err != nil {
Expand Down Expand Up @@ -369,6 +370,22 @@ func (r *Client) thumbprint() string {
return ""
}

// getInsecureSkipVerifyFlag gets the insecureSkipVerify boolean flag
// value from the provider connection secret.
func (r *Client) getInsecureSkipVerifyFlag() bool {
insecure, found := r.Source.Secret.Data["insecureSkipVerify"]
if !found {
return false
}

insecureSkipVerify, err := strconv.ParseBool(string(insecure))
if err != nil {
return false
}

return insecureSkipVerify
}

func (r *Client) DetachDisks(vmRef ref.Ref) (err error) {
// no-op
return
Expand Down
24 changes: 21 additions & 3 deletions pkg/controller/plan/adapter/vsphere/host.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ package vsphere

import (
"context"
liburl "net/url"
"strconv"
"time"

model "github.com/konveyor/forklift-controller/pkg/controller/provider/web/vsphere"
liberr "github.com/konveyor/forklift-controller/pkg/lib/error"
"github.com/vmware/govmomi"
Expand All @@ -10,8 +14,6 @@ import (
"github.com/vmware/govmomi/vim25"
"github.com/vmware/govmomi/vim25/soap"
core "k8s.io/api/core/v1"
liburl "net/url"
"time"
)

// ESX Host.
Expand Down Expand Up @@ -92,7 +94,7 @@ func (r *EsxHost) connect(ctx context.Context) (err error) {
url.User = liburl.UserPassword(
r.user(),
r.password())
soapClient := soap.NewClient(url, false)
soapClient := soap.NewClient(url, r.getInsecureSkipVerifyFlag())
soapClient.SetThumbprint(url.Host, r.thumbprint())
vimClient, err := vim25.NewClient(ctx, soapClient)
if err != nil {
Expand Down Expand Up @@ -147,3 +149,19 @@ func (r *EsxHost) thumbprint() string {

return ""
}

// GetInsecureSkipVerifyFlag gets the insecureSkipVerify boolean flag
// value from the provider connection secret.
func (r *EsxHost) getInsecureSkipVerifyFlag() bool {
insecure, found := r.Secret.Data["insecureSkipVerify"]
if !found {
return false
}

insecureSkipVerify, err := strconv.ParseBool(string(insecure))
if err != nil {
return false
}

return insecureSkipVerify
}
18 changes: 17 additions & 1 deletion pkg/controller/provider/container/vsphere/collector.go
Original file line number Diff line number Diff line change
Expand Up @@ -486,7 +486,7 @@ func (r *Collector) connect(ctx context.Context) (status int, err error) {
url.User = liburl.UserPassword(
r.user(),
r.password())
soapClient := soap.NewClient(url, false)
soapClient := soap.NewClient(url, r.getInsecureSkipVerifyFlag())
soapClient.SetThumbprint(url.Host, r.thumbprint())
vimClient, err := vim25.NewClient(ctx, soapClient)
if err != nil {
Expand Down Expand Up @@ -545,6 +545,22 @@ func (r *Collector) thumbprint() string {
return ""
}

// getInsecureSkipVerifyFlag gets the insecureSkipVerify boolean flag
// value from the provider connection secret.
func (r *Collector) getInsecureSkipVerifyFlag() bool {
insecure, found := r.secret.Data["insecureSkipVerify"]
if !found {
return false
}

insecureSkipVerify, err := strconv.ParseBool(string(insecure))
if err != nil {
return false
}

return insecureSkipVerify
}

// Build the object Spec filter.
func (r *Collector) filter(pc *property.Collector) *property.WaitFilter {
return &property.WaitFilter{
Expand Down

0 comments on commit 51faea0

Please sign in to comment.