From eb3023a6e4c58594f62e9d31d0220c7017ac9b55 Mon Sep 17 00:00:00 2001 From: Liran Rotenberg Date: Sun, 19 Nov 2023 09:36:45 +0200 Subject: [PATCH] Respect unsecured connections to vSphere The client to vSphere didn't respect the value to use insecure connections. Now, it will be taken out from the secret and will be respected. Signed-off-by: Liran Rotenberg --- pkg/controller/plan/adapter/vsphere/client.go | 19 ++++++++++++++- pkg/controller/plan/adapter/vsphere/host.go | 24 ++++++++++++++++--- .../provider/container/vsphere/collector.go | 18 +++++++++++++- 3 files changed, 56 insertions(+), 5 deletions(-) diff --git a/pkg/controller/plan/adapter/vsphere/client.go b/pkg/controller/plan/adapter/vsphere/client.go index 1480b7a36..89acfe80c 100644 --- a/pkg/controller/plan/adapter/vsphere/client.go +++ b/pkg/controller/plan/adapter/vsphere/client.go @@ -4,6 +4,7 @@ import ( "context" "fmt" liburl "net/url" + "strconv" planapi "github.com/konveyor/forklift-controller/pkg/apis/forklift/v1beta1/plan" "github.com/konveyor/forklift-controller/pkg/apis/forklift/v1beta1/ref" @@ -330,7 +331,7 @@ func (r *Client) connect() error { url.User = liburl.UserPassword( r.user(), r.password()) - soapClient := soap.NewClient(url, false) + soapClient := soap.NewClient(url, r.getInsecureSkipVerifyFlag()) soapClient.SetThumbprint(url.Host, r.thumbprint()) vimClient, err := vim25.NewClient(context.TODO(), soapClient) if err != nil { @@ -369,6 +370,22 @@ func (r *Client) thumbprint() string { return "" } +// getInsecureSkipVerifyFlag gets the insecureSkipVerify boolean flag +// value from the provider connection secret. +func (r *Client) getInsecureSkipVerifyFlag() bool { + insecure, found := r.Source.Secret.Data["insecureSkipVerify"] + if !found { + return false + } + + insecureSkipVerify, err := strconv.ParseBool(string(insecure)) + if err != nil { + return false + } + + return insecureSkipVerify +} + func (r *Client) DetachDisks(vmRef ref.Ref) (err error) { // no-op return diff --git a/pkg/controller/plan/adapter/vsphere/host.go b/pkg/controller/plan/adapter/vsphere/host.go index 1ba4c77f1..13df8d71c 100644 --- a/pkg/controller/plan/adapter/vsphere/host.go +++ b/pkg/controller/plan/adapter/vsphere/host.go @@ -2,6 +2,10 @@ package vsphere import ( "context" + liburl "net/url" + "strconv" + "time" + model "github.com/konveyor/forklift-controller/pkg/controller/provider/web/vsphere" liberr "github.com/konveyor/forklift-controller/pkg/lib/error" "github.com/vmware/govmomi" @@ -10,8 +14,6 @@ import ( "github.com/vmware/govmomi/vim25" "github.com/vmware/govmomi/vim25/soap" core "k8s.io/api/core/v1" - liburl "net/url" - "time" ) // ESX Host. @@ -92,7 +94,7 @@ func (r *EsxHost) connect(ctx context.Context) (err error) { url.User = liburl.UserPassword( r.user(), r.password()) - soapClient := soap.NewClient(url, false) + soapClient := soap.NewClient(url, r.getInsecureSkipVerifyFlag()) soapClient.SetThumbprint(url.Host, r.thumbprint()) vimClient, err := vim25.NewClient(ctx, soapClient) if err != nil { @@ -147,3 +149,19 @@ func (r *EsxHost) thumbprint() string { return "" } + +// GetInsecureSkipVerifyFlag gets the insecureSkipVerify boolean flag +// value from the provider connection secret. +func (r *EsxHost) getInsecureSkipVerifyFlag() bool { + insecure, found := r.Secret.Data["insecureSkipVerify"] + if !found { + return false + } + + insecureSkipVerify, err := strconv.ParseBool(string(insecure)) + if err != nil { + return false + } + + return insecureSkipVerify +} diff --git a/pkg/controller/provider/container/vsphere/collector.go b/pkg/controller/provider/container/vsphere/collector.go index aeb82c93c..f926cc198 100644 --- a/pkg/controller/provider/container/vsphere/collector.go +++ b/pkg/controller/provider/container/vsphere/collector.go @@ -485,7 +485,7 @@ func (r *Collector) connect(ctx context.Context) (status int, err error) { url.User = liburl.UserPassword( r.user(), r.password()) - soapClient := soap.NewClient(url, false) + soapClient := soap.NewClient(url, r.getInsecureSkipVerifyFlag()) soapClient.SetThumbprint(url.Host, r.thumbprint()) vimClient, err := vim25.NewClient(ctx, soapClient) if err != nil { @@ -544,6 +544,22 @@ func (r *Collector) thumbprint() string { return "" } +// getInsecureSkipVerifyFlag gets the insecureSkipVerify boolean flag +// value from the provider connection secret. +func (r *Collector) getInsecureSkipVerifyFlag() bool { + insecure, found := r.secret.Data["insecureSkipVerify"] + if !found { + return false + } + + insecureSkipVerify, err := strconv.ParseBool(string(insecure)) + if err != nil { + return false + } + + return insecureSkipVerify +} + // Build the object Spec filter. func (r *Collector) filter(pc *property.Collector) *property.WaitFilter { return &property.WaitFilter{