From 6b5e025c41a5f21397200fa4c1e4ca96854f5487 Mon Sep 17 00:00:00 2001 From: Ahmad Musa <53178237+ahmadiesa-abu@users.noreply.github.com> Date: Fri, 29 Sep 2023 19:09:55 +0300 Subject: [PATCH] add-certificate-data-support (#261) --- CHANGELOG.txt | 2 ++ cloudify_vsphere/__version__.py | 2 +- plugin.yaml | 5 ++++- plugin_1_4.yaml | 6 +++++- plugin_1_5.yaml | 10 +++++++++- v2_plugin.yaml | 5 ++++- vsphere_plugin_common/clients/__init__.py | 19 ++++++++++++++----- 7 files changed, 39 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 6264f32a..b05f96e9 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,5 @@ +2.20.9: + - add certificate_data to connection config. 2.20.8: - add plugin_1_5.yaml and handle ctx.plugin properties. 2.20.7: diff --git a/cloudify_vsphere/__version__.py b/cloudify_vsphere/__version__.py index a4956112..82aeb0f2 100644 --- a/cloudify_vsphere/__version__.py +++ b/cloudify_vsphere/__version__.py @@ -1 +1 @@ -version = '2.20.8' +version = '2.20.9' diff --git a/plugin.yaml b/plugin.yaml index ad06b32c..6c86fa02 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -6,7 +6,7 @@ plugins: vsphere: executor: central_deployment_agent package_name: cloudify-vsphere-plugin - package_version: '2.20.8' + package_version: '2.20.9' data_types: @@ -39,6 +39,9 @@ data_types: certificate_path: type: string required: false + certificate_data: + type: string + required: false cloudify.datatypes.vsphere.ServerProperties: properties: diff --git a/plugin_1_4.yaml b/plugin_1_4.yaml index 462075f4..25f1bb7f 100755 --- a/plugin_1_4.yaml +++ b/plugin_1_4.yaml @@ -6,7 +6,7 @@ plugins: vsphere: executor: central_deployment_agent package_name: cloudify-vsphere-plugin - package_version: '2.20.8' + package_version: '2.20.9' data_types: @@ -68,6 +68,10 @@ data_types: It is not supported to set this while allow_insecure is set to 'true'. type: string required: false + certificate_data: + type: string + description: The PEM encoded certificate for the vCenter. + required: false cloudify.datatypes.vsphere.ServerProperties: properties: diff --git a/plugin_1_5.yaml b/plugin_1_5.yaml index 0f5e982b..068681e6 100644 --- a/plugin_1_5.yaml +++ b/plugin_1_5.yaml @@ -6,7 +6,7 @@ plugins: vsphere: executor: central_deployment_agent package_name: cloudify-vsphere-plugin - package_version: '2.20.8' + package_version: '2.20.9' properties_description: | Manage vSphere resources. properties: @@ -46,6 +46,10 @@ plugins: type: string display_label: Certificate path for the vCenter. description: The path to the PEM encoded certificate for the vCenter. + certificate_data: + type: string + display_label: Certificate PEM content for the vCenter. + description: The PEM encoded certificate for the vCenter. data_types: @@ -107,6 +111,10 @@ data_types: It is not supported to set this while allow_insecure is set to 'true'. type: string required: false + certificate_data: + type: string + description: The PEM encoded certificate for the vCenter. + required: false cloudify.datatypes.vsphere.ServerProperties: properties: diff --git a/v2_plugin.yaml b/v2_plugin.yaml index 17e244bc..9786adcc 100755 --- a/v2_plugin.yaml +++ b/v2_plugin.yaml @@ -10,7 +10,7 @@ plugins: vsphere: executor: central_deployment_agent package_name: cloudify-vsphere-plugin - package_version: '2.20.8' + package_version: '2.20.9' data_types: @@ -43,6 +43,9 @@ data_types: certificate_path: type: string required: false + certificate_data: + type: string + required: false cloudify.datatypes.vsphere.ServerProperties: properties: diff --git a/vsphere_plugin_common/clients/__init__.py b/vsphere_plugin_common/clients/__init__.py index 514803c3..c0de3acf 100644 --- a/vsphere_plugin_common/clients/__init__.py +++ b/vsphere_plugin_common/clients/__init__.py @@ -216,18 +216,19 @@ def connect(self, cfg): port = cfg['port'] certificate_path = cfg.get('certificate_path') + certificate_data = cfg.get('certificate_data') # Until the next major release this will have limited effect, but is # in place to allow a clear path to the next release for users allow_insecure = cfg.get('allow_insecure', False) ssl_context = None - if certificate_path and allow_insecure: + if (certificate_path or certificate_data) and allow_insecure: raise NonRecoverableError( 'Cannot connect when certificate_path and allow_insecure ' 'are both set. Unable to determine whether connection should ' 'be secure or insecure.' ) - elif certificate_path: + elif certificate_path or certificate_data: if not hasattr(ssl, '_create_default_https_context'): raise NonRecoverableError( 'Cannot create secure connection with this version of ' @@ -235,19 +236,22 @@ def connect(self, cfg): '2.7.9 and has been confirmed to work on at least 2.7.12.' ) - if not os.path.exists(certificate_path): + if certificate_path and not os.path.exists(certificate_path): raise NonRecoverableError( 'Certificate was not found in {path}.'.format( path=certificate_path, ) ) - elif not os.path.isfile(certificate_path): + elif certificate_path and not os.path.isfile(certificate_path): raise NonRecoverableError( 'Found directory at {path}, but the certificate_path ' 'must be a file.'.format( path=certificate_path, ) ) + if certificate_data and not certificate_data.startswith( + '-----BEGIN CERTIFICATE-----'): + raise NonRecoverableError('certificate_data is not valid') try: # We want to load the cert into the existing default context # in case any other python modules have already defined their @@ -260,7 +264,12 @@ def connect(self, cfg): 'modules are disabling verification on the default ' 'SSL context.' ) - ssl_context.load_verify_locations(certificate_path) + # we will give priority to certificate_data if passed + if certificate_data: + ssl_context.load_verify_locations( + ca_data=certificate_data) + else: + ssl_context.load_verify_locations(certificate_path) except ssl.SSLError as err: if 'unknown error' in text_type(err).lower() or \ 'no certificate or crl found' in \