diff --git a/src/Tasks/vmOperations/task.json b/src/Tasks/vmOperations/task.json index 5cfa110..b62fde0 100644 --- a/src/Tasks/vmOperations/task.json +++ b/src/Tasks/vmOperations/task.json @@ -65,7 +65,7 @@ { "name": "targetlocation", "type": "string", - "label": "Location", + "label": "Datacenter", "defaultValue": "", "required": true, "visibleRule": "action = Deploy Virtual Machines using Template", @@ -138,6 +138,14 @@ "defaultValue": "", "visibleRule": "action = Take Snapshot of Virtual Machines || action = Deploy Virtual Machines using Template", "helpMarkDown": "Additional description for the action." + }, + { + "name": "skipca", + "type": "boolean", + "label": "Skip Certification Authority check", + "required": false, + "defaultValue": "true", + "helpMarkDown": "Select the option to skip validating the authenticity of the machine's certificate by a trusted certification authority." } ], "instanceNameFormat": "$(action) : $(vmList)", diff --git a/src/Tasks/vmOperations/vmOperations.ts b/src/Tasks/vmOperations/vmOperations.ts index e89d1d1..6cb3b02 100644 --- a/src/Tasks/vmOperations/vmOperations.ts +++ b/src/Tasks/vmOperations/vmOperations.ts @@ -15,10 +15,11 @@ export class VmOperations { var vCenterUserName: string = endPointAuthCreds["username"]; var vCenterPassword: string = endPointAuthCreds["password"]; var vmList: string = tl.getInput("vmList", true); + var skipca: string = tl.getInput("skipca", false); this.validateVmListInput(vmList); cmdArgs += " -vCenterUrl \"" + vCenterUrl + "\" -vCenterUserName \"" + vCenterUserName + "\" -vCenterPassword \"" + - vCenterPassword + "\" -vmList \"" + vmList + "\""; + vCenterPassword + "\" -vmList \"" + vmList + "\"" + " -skipca " + skipca; tl.debug(util.format("common args: -vCenterUrl \"%s\" -vCenterUserName \"%s\" -vCenterPassword \"%s\" -vmList \"%s\"", vCenterUrl, vCenterUserName, "**********", vmList)); return cmdArgs; diff --git a/src/Tools/vmOpsTool/ConnectionData.java b/src/Tools/vmOpsTool/ConnectionData.java index 8c5787b..d1b92e3 100644 --- a/src/Tools/vmOpsTool/ConnectionData.java +++ b/src/Tools/vmOpsTool/ConnectionData.java @@ -1,14 +1,30 @@ - - public class ConnectionData { - public ConnectionData(String vCenterUrl, String vCenterUserName, String vCenterPassword) { + private String userName; + private String password; + private String url; + private boolean skipCACheck; + + public ConnectionData(String vCenterUrl, String vCenterUserName, String vCenterPassword, boolean skipCACheck) { this.userName = vCenterUserName; this.password = vCenterPassword; this.url = vCenterUrl; + this.skipCACheck = skipCACheck; } - public String userName; - public String password; - public String url; + public String getUserName() { + return userName; + } + + public String getPassword() { + return password; + } + + public String getUrl() { + return url; + } + + public boolean isSkipCACheck() { + return skipCACheck; + } } diff --git a/src/Tools/vmOpsTool/Constants.java b/src/Tools/vmOpsTool/Constants.java index 5a845ec..2cb1103 100644 --- a/src/Tools/vmOpsTool/Constants.java +++ b/src/Tools/vmOpsTool/Constants.java @@ -6,6 +6,7 @@ public class Constants { public static final String V_CENTER_USER_NAME = "-vCenterUserName"; public static final String V_CENTER_PASSWORD = "-vCenterPassword"; public static final String VM_LIST = "-vmList"; + public static final String SKIP_CA_CHECK = "-skipca"; public static final String SNAPSHOT_OPS = "-snapshotOps"; public static final String DELETE_VM = "-deletevm"; public static final String CLONE_TEMPLATE = "-clonetemplate"; diff --git a/src/Tools/vmOpsTool/SkipCACheck.java b/src/Tools/vmOpsTool/SkipCACheck.java new file mode 100644 index 0000000..736cb73 --- /dev/null +++ b/src/Tools/vmOpsTool/SkipCACheck.java @@ -0,0 +1,47 @@ +import javax.net.ssl.*; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +import static javax.net.ssl.HttpsURLConnection.*; + +public class SkipCACheck { + + public static void AllowUntrustedConnections() throws NoSuchAlgorithmException, KeyManagementException { + System.out.println("Setting allow untrusted connections for the session."); + + HostnameVerifier verifier = (urlHostName, session) -> true; + TrustManager[] trustAllCerts = new TrustManager[1]; + TrustManager trustManager = new TrustAllTrustManager(); + trustAllCerts[0] = trustManager; + SSLContext sslContext = SSLContext.getInstance("SSL"); + + SSLSessionContext serverSessionContext = sslContext.getServerSessionContext(); + + + serverSessionContext.setSessionTimeout(30 * 60); + sslContext.init(null, trustAllCerts, null); + + setDefaultSSLSocketFactory(sslContext.getSocketFactory()); + setDefaultHostnameVerifier(verifier); + } + + private static class TrustAllTrustManager implements TrustManager, X509TrustManager { + + @Override + public X509Certificate[] getAcceptedIssuers() { + return null; + } + + @Override + public void checkServerTrusted(X509Certificate[] certs, String authType) + throws CertificateException { + } + + @Override + public void checkClientTrusted(X509Certificate[] certs, String authType) + throws CertificateException { + } + } +} diff --git a/src/Tools/vmOpsTool/VMWareImpl.java b/src/Tools/vmOpsTool/VMWareImpl.java index 4e832b0..8095b49 100644 --- a/src/Tools/vmOpsTool/VMWareImpl.java +++ b/src/Tools/vmOpsTool/VMWareImpl.java @@ -1,8 +1,8 @@ -import java.util.*; +import com.sun.xml.ws.client.BindingProviderProperties; +import com.vmware.vim25.*; import javax.xml.ws.BindingProvider; - -import com.vmware.vim25.*; +import java.util.*; public class VMWareImpl implements IVMWare { @@ -497,15 +497,21 @@ public class VMWareImpl implements IVMWare { vimPort = vimService.getVimPort(); Map reqContext = ((BindingProvider) vimPort).getRequestContext(); - reqContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, connData.url); + reqContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, connData.getUrl()); reqContext.put(BindingProvider.SESSION_MAINTAIN_PROPERTY, true); + reqContext.put(BindingProviderProperties.REQUEST_TIMEOUT, 30 * 60 * 1000); + reqContext.put(BindingProviderProperties.CONNECT_TIMEOUT, 5 * 60 * 1000); ManagedObjectReference serviceInstance = new ManagedObjectReference(); serviceInstance.setType("ServiceInstance"); serviceInstance.setValue("ServiceInstance"); + if (connData.isSkipCACheck()) { + SkipCACheck.AllowUntrustedConnections(); + } + serviceContent = vimPort.retrieveServiceContent(serviceInstance); rootFolder = serviceContent.getRootFolder(); - userSession = vimPort.login(serviceContent.getSessionManager(), connData.userName, connData.password, + userSession = vimPort.login(serviceContent.getSessionManager(), connData.getUserName(), connData.getPassword(), null); } } catch (Exception exp) { diff --git a/src/Tools/vmOpsTool/VmOpsTool.java b/src/Tools/vmOpsTool/VmOpsTool.java index 3408ba3..48cd447 100644 --- a/src/Tools/vmOpsTool/VmOpsTool.java +++ b/src/Tools/vmOpsTool/VmOpsTool.java @@ -32,8 +32,9 @@ public class VmOpsTool { String vCenterUserName = argsMap.get(Constants.V_CENTER_USER_NAME); String vCenterPassword = argsMap.get(Constants.V_CENTER_PASSWORD); String vmList = argsMap.get(Constants.VM_LIST); + boolean skipCACheck = Boolean.parseBoolean(argsMap.get(Constants.SKIP_CA_CHECK)); - ConnectionData connData = new ConnectionData(vCenterUrl, vCenterUserName, vCenterPassword); + ConnectionData connData = new ConnectionData(vCenterUrl, vCenterUserName, vCenterPassword, skipCACheck); String[] vmNames = vmList.split(","); String failedVmList = ""; String errorMessage = ""; diff --git a/src/Tools/vmOpsTool/pom.xml b/src/Tools/vmOpsTool/pom.xml index b23d22a..5b59637 100644 --- a/src/Tools/vmOpsTool/pom.xml +++ b/src/Tools/vmOpsTool/pom.xml @@ -27,6 +27,11 @@ jaxws-api 2.1 + + com.sun.xml.ws + jaxws-rt + 2.1.4 + diff --git a/tests/Tasks/vmOperations/vmOperationsTests.ts b/tests/Tasks/vmOperations/vmOperationsTests.ts index 299a530..ce55497 100644 --- a/tests/Tasks/vmOperations/vmOperationsTests.ts +++ b/tests/Tasks/vmOperations/vmOperationsTests.ts @@ -39,12 +39,13 @@ describe("getCmdCommonArgs", (): void => { sandbox.restore(); }); - it("Successfully read all the common params (url, username, password, vmList)", (): void => { + it("Successfully read all the common params (url, username, password, vmList, skipca)", (): void => { getInputStub.withArgs("vCenterConnection", true).returns(dummyConnectionName); getInputStub.withArgs("vmList", true).returns(dummyVmList); getEndPointUrlStub.withArgs(dummyConnectionName, false).returns(dummyEndpointUrl); getEndpointAuthorizationStub.withArgs(dummyConnectionName, false).returns( { "parameters": { "username" : "dummyuser", "password" : "dummypassword"}}); + getInputStub.withArgs("skipca", false).returns("true"); var cmdArgs = vmOperations.VmOperations.getCmdCommonArgs(); @@ -52,6 +53,7 @@ describe("getCmdCommonArgs", (): void => { cmdArgs.should.contain("-vCenterUserName \"dummyuser\""); cmdArgs.should.contain("-vCenterPassword \"dummypassword\""); cmdArgs.should.contain("-vmList \"" + dummyVmList + "\""); + cmdArgs.should.contain("-skipca true"); }); it("Should throw on failure to get connected service name", (): void => { @@ -81,6 +83,18 @@ describe("getCmdCommonArgs", (): void => { getEndpointAuthorizationStub.should.have.thrown("Error"); }); + it("Should throw on failure read skipca check", (): void => { + getInputStub.withArgs("vCenterConnection", true).returns(dummyConnectionName); + getEndPointUrlStub.withArgs(dummyConnectionName, false).returns(dummyEndpointUrl); + getEndpointAuthorizationStub.withArgs(dummyConnectionName, false).returns( { "parameters": { "username" : "dummyuser", "password" : "dummypassword"}}); + getInputStub.withArgs("vmList", true).returns("vm1"); + getInputStub.withArgs("skipca", false).throws(); + + expect(vmOperations.VmOperations.getCmdCommonArgs).to.throw("Error"); + getInputStub.withArgs("skipca", false).should.have.been.calledOnce; + getInputStub.withArgs("skipca", false).should.have.thrown("Error"); + }); + it("Should fail task for invalid vmList input, i.e vmname empty string", (): void => { getInputStub.withArgs("vCenterConnection", true).returns(dummyConnectionName); getInputStub.withArgs("vmList", true).returns("vm1, ,vm, vm2, vm3,"); diff --git a/tests/Tools/vmOpsTool/InMemoryVMWareImpl.java b/tests/Tools/vmOpsTool/InMemoryVMWareImpl.java index 921d7c7..0d41455 100644 --- a/tests/Tools/vmOpsTool/InMemoryVMWareImpl.java +++ b/tests/Tools/vmOpsTool/InMemoryVMWareImpl.java @@ -80,7 +80,7 @@ public class InMemoryVMWareImpl implements IVMWare { } public void connect(ConnectionData connData) throws Exception { - if (connData.password.equals("InvalidPassword")) { + if (connData.getPassword().equals("InvalidPassword") || !connData.isSkipCACheck()) { throw new Exception(); } } diff --git a/tests/Tools/vmOpsTool/VMWarePlatformTests.java b/tests/Tools/vmOpsTool/VMWarePlatformTests.java index a2009ca..5421201 100644 --- a/tests/Tools/vmOpsTool/VMWarePlatformTests.java +++ b/tests/Tools/vmOpsTool/VMWarePlatformTests.java @@ -6,7 +6,7 @@ public abstract class VMWarePlatformTests { private String vCenterUserName = "Administrator@vsphere.local"; private String vCenterPassword = "Password~1"; private String vCenterUrl = getvCenterUrl(); - private ConnectionData connData = new ConnectionData(vCenterUrl, vCenterUserName, vCenterPassword); + private ConnectionData connData = new ConnectionData(vCenterUrl, vCenterUserName, vCenterPassword, true); private IVMWare vmWareImpl = getVmWareImpl(); private String snapshotOne = "Snapshot1"; private String templateName = "Ubuntu"; @@ -182,10 +182,21 @@ public abstract class VMWarePlatformTests { } @Test - public void connectShouldThrowConnectionToServerFailsAuthentication() { + public void connectShouldThrowForInvalidCredentials() { Exception exp = null; try { - vmWareImpl.connect(new ConnectionData(vCenterUrl, vCenterUserName, "InvalidPassword")); + vmWareImpl.connect(new ConnectionData(vCenterUrl, vCenterUserName, "InvalidPassword", true)); + } catch (Exception e) { + exp = e; + } + assertThat(exp).isNotNull(); + } + + @Test + public void connectShouldThrowWithoutSkipCACheck() { + Exception exp = null; + try { + vmWareImpl.connect(new ConnectionData(vCenterUrl, vCenterUserName, vCenterPassword, false)); } catch (Exception e) { exp = e; } diff --git a/tests/Tools/vmOpsTool/VmOpsToolUnitTests.java b/tests/Tools/vmOpsTool/VmOpsToolUnitTests.java index 3eed3e5..1a05b65 100644 --- a/tests/Tools/vmOpsTool/VmOpsToolUnitTests.java +++ b/tests/Tools/vmOpsTool/VmOpsToolUnitTests.java @@ -17,7 +17,7 @@ public class VmOpsToolUnitTests { private String vCenterPassword = "Password~1"; private String vmSnapshotName = "Snapshot1"; - private ConnectionData connData = new ConnectionData(vCenterUrl, vCenterUserName, vCenterPassword); + private ConnectionData connData = new ConnectionData(vCenterUrl, vCenterUserName, vCenterPassword, true); @Test public void parseCmdArgsWithAllRequiredInputs() {