From 39478338bb4a1cbd625a6176d4403bb34a2a0630 Mon Sep 17 00:00:00 2001 From: Vipin Balachandran Date: Mon, 4 May 2015 16:13:41 +0530 Subject: [PATCH] VMware: Enable vCenter certificate verification Currently vCenter certificate is not verified during connection establishment. This patch adds a config option to specify a CA bundle file to verify vCenter server certificate. DocImpact Change-Id: Ida730db66b154a4d445f7a91bccb9ca5b5a26f5e Closes-Bug: #1276207 --- cinder/tests/unit/test_vmware_vmdk.py | 18 ++++++++++++++++++ cinder/volume/drivers/vmware/vmdk.py | 9 +++++++-- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/cinder/tests/unit/test_vmware_vmdk.py b/cinder/tests/unit/test_vmware_vmdk.py index cf76beb2a..761525a34 100644 --- a/cinder/tests/unit/test_vmware_vmdk.py +++ b/cinder/tests/unit/test_vmware_vmdk.py @@ -147,6 +147,7 @@ class VMwareEsxVmdkDriverTestCase(test.TestCase): IMG_TX_TIMEOUT = 10 MAX_OBJECTS = 100 TMP_DIR = "/vmware-tmp" + CA_FILE = "/etc/ssl/rui-ca-cert.pem" VMDK_DRIVER = vmdk.VMwareEsxVmdkDriver def setUp(self): @@ -163,6 +164,7 @@ class VMwareEsxVmdkDriverTestCase(test.TestCase): self._config.vmware_image_transfer_timeout_secs = self.IMG_TX_TIMEOUT self._config.vmware_max_objects_retrieval = self.MAX_OBJECTS self._config.vmware_tmp_dir = self.TMP_DIR + self._config.vmware_ca_file = self.CA_FILE self._db = mock.Mock() self._driver = vmdk.VMwareEsxVmdkDriver(configuration=self._config, db=self._db) @@ -2835,6 +2837,22 @@ class VMwareVcVmdkDriverTestCase(VMwareEsxVmdkDriverTestCase): vops.move_backing_to_folder.assert_called_once_with(backing, folder) + @mock.patch('oslo_vmware.api.VMwareAPISession') + def test_session(self, apiSession): + self._session = None + + self._driver.session() + + apiSession.assert_called_once_with( + self._config.vmware_host_ip, + self._config.vmware_host_username, + self._config.vmware_host_password, + self._config.vmware_api_retry_count, + self._config.vmware_task_poll_interval, + wsdl_loc=self._config.safe_get('vmware_wsdl_location'), + pbm_wsdl_loc=None, + cacert=self._config.vmware_ca_file) + class ImageDiskTypeTest(test.TestCase): """Unit tests for ImageDiskType.""" diff --git a/cinder/volume/drivers/vmware/vmdk.py b/cinder/volume/drivers/vmware/vmdk.py index 9f318e331..af7600dab 100644 --- a/cinder/volume/drivers/vmware/vmdk.py +++ b/cinder/volume/drivers/vmware/vmdk.py @@ -106,7 +106,10 @@ vmdk_opts = [ cfg.StrOpt('vmware_tmp_dir', default='/tmp', help='Directory where virtual disks are stored during volume ' - 'backup and restore.') + 'backup and restore.'), + cfg.StrOpt('vmware_ca_file', + default=None, + help='CA bundle file to verify vCenter server certificate.') ] CONF = cfg.CONF @@ -1884,11 +1887,13 @@ class VMwareVcVmdkDriver(VMwareEsxVmdkDriver): task_poll_interval = self.configuration.vmware_task_poll_interval wsdl_loc = self.configuration.safe_get('vmware_wsdl_location') pbm_wsdl = self.pbm_wsdl if hasattr(self, 'pbm_wsdl') else None + ca_file = self.configuration.vmware_ca_file self._session = api.VMwareAPISession(ip, username, password, api_retry_count, task_poll_interval, wsdl_loc=wsdl_loc, - pbm_wsdl_loc=pbm_wsdl) + pbm_wsdl_loc=pbm_wsdl, + cacert=ca_file) return self._session def _get_vc_version(self): -- 2.45.2