Respect unsecured connections to vSphere

The client to vSphere didn't respect the value to use insecure
connections. Now, it will be taken out from the secret and will be
respected.

Signed-off-by: Liran Rotenberg <[email protected]>

pkg/controller/plan/adapter/vsphere/client.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	liburl "net/url"
+	"strconv"
 
 	planapi "github.com/konveyor/forklift-controller/pkg/apis/forklift/v1beta1/plan"
 	"github.com/konveyor/forklift-controller/pkg/apis/forklift/v1beta1/ref"
@@ -330,7 +331,7 @@ func (r *Client) connect() error {
 	url.User = liburl.UserPassword(
 		r.user(),
 		r.password())
-	soapClient := soap.NewClient(url, false)
+	soapClient := soap.NewClient(url, r.getInsecureSkipVerifyFlag())
 	soapClient.SetThumbprint(url.Host, r.thumbprint())
 	vimClient, err := vim25.NewClient(context.TODO(), soapClient)
 	if err != nil {
@@ -369,6 +370,22 @@ func (r *Client) thumbprint() string {
 	return ""
 }
 
+// getInsecureSkipVerifyFlag gets the insecureSkipVerify boolean flag
+// value from the provider connection secret.
+func (r *Client) getInsecureSkipVerifyFlag() bool {
+	insecure, found := r.Source.Secret.Data["insecureSkipVerify"]
+	if !found {
+		return false
+	}
+
+	insecureSkipVerify, err := strconv.ParseBool(string(insecure))
+	if err != nil {
+		return false
+	}
+
+	return insecureSkipVerify
+}
+
 func (r *Client) DetachDisks(vmRef ref.Ref) (err error) {
 	// no-op
 	return

pkg/controller/plan/adapter/vsphere/host.go

@@ -2,6 +2,10 @@ package vsphere
 
 import (
 	"context"
+	liburl "net/url"
+	"strconv"
+	"time"
+
 	model "github.com/konveyor/forklift-controller/pkg/controller/provider/web/vsphere"
 	liberr "github.com/konveyor/forklift-controller/pkg/lib/error"
 	"github.com/vmware/govmomi"
@@ -10,8 +14,6 @@ import (
 	"github.com/vmware/govmomi/vim25"
 	"github.com/vmware/govmomi/vim25/soap"
 	core "k8s.io/api/core/v1"
-	liburl "net/url"
-	"time"
 )
 
 // ESX Host.
@@ -92,7 +94,7 @@ func (r *EsxHost) connect(ctx context.Context) (err error) {
 	url.User = liburl.UserPassword(
 		r.user(),
 		r.password())
-	soapClient := soap.NewClient(url, false)
+	soapClient := soap.NewClient(url, r.getInsecureSkipVerifyFlag())
 	soapClient.SetThumbprint(url.Host, r.thumbprint())
 	vimClient, err := vim25.NewClient(ctx, soapClient)
 	if err != nil {
@@ -147,3 +149,19 @@ func (r *EsxHost) thumbprint() string {
 
 	return ""
 }
+
+// GetInsecureSkipVerifyFlag gets the insecureSkipVerify boolean flag
+// value from the provider connection secret.
+func (r *EsxHost) getInsecureSkipVerifyFlag() bool {
+	insecure, found := r.Secret.Data["insecureSkipVerify"]
+	if !found {
+		return false
+	}
+
+	insecureSkipVerify, err := strconv.ParseBool(string(insecure))
+	if err != nil {
+		return false
+	}
+
+	return insecureSkipVerify
+}

pkg/controller/provider/container/vsphere/collector.go

@@ -485,7 +485,7 @@ func (r *Collector) connect(ctx context.Context) (status int, err error) {
 	url.User = liburl.UserPassword(
 		r.user(),
 		r.password())
-	soapClient := soap.NewClient(url, false)
+	soapClient := soap.NewClient(url, r.getInsecureSkipVerifyFlag())
 	soapClient.SetThumbprint(url.Host, r.thumbprint())
 	vimClient, err := vim25.NewClient(ctx, soapClient)
 	if err != nil {
@@ -544,6 +544,22 @@ func (r *Collector) thumbprint() string {
 	return ""
 }
 
+// getInsecureSkipVerifyFlag gets the insecureSkipVerify boolean flag
+// value from the provider connection secret.
+func (r *Collector) getInsecureSkipVerifyFlag() bool {
+	insecure, found := r.secret.Data["insecureSkipVerify"]
+	if !found {
+		return false
+	}
+
+	insecureSkipVerify, err := strconv.ParseBool(string(insecure))
+	if err != nil {
+		return false
+	}
+
+	return insecureSkipVerify
+}
+
 // Build the object Spec filter.
 func (r *Collector) filter(pc *property.Collector) *property.WaitFilter {
 	return &property.WaitFilter{