VMware: Enable vCenter certificate verification
Currently vCenter certificate is not verified during connection establishment. This patch adds a config option to specify a CA bundle file to verify vCenter server certificate. DocImpact Change-Id: Ida730db66b154a4d445f7a91bccb9ca5b5a26f5e Closes-Bug: #1276207
This commit is contained in:
parent
51ae2ebccd
commit
39478338bb
|
@ -147,6 +147,7 @@ class VMwareEsxVmdkDriverTestCase(test.TestCase):
|
|||
IMG_TX_TIMEOUT = 10
|
||||
MAX_OBJECTS = 100
|
||||
TMP_DIR = "/vmware-tmp"
|
||||
CA_FILE = "/etc/ssl/rui-ca-cert.pem"
|
||||
VMDK_DRIVER = vmdk.VMwareEsxVmdkDriver
|
||||
|
||||
def setUp(self):
|
||||
|
@ -163,6 +164,7 @@ class VMwareEsxVmdkDriverTestCase(test.TestCase):
|
|||
self._config.vmware_image_transfer_timeout_secs = self.IMG_TX_TIMEOUT
|
||||
self._config.vmware_max_objects_retrieval = self.MAX_OBJECTS
|
||||
self._config.vmware_tmp_dir = self.TMP_DIR
|
||||
self._config.vmware_ca_file = self.CA_FILE
|
||||
self._db = mock.Mock()
|
||||
self._driver = vmdk.VMwareEsxVmdkDriver(configuration=self._config,
|
||||
db=self._db)
|
||||
|
@ -2835,6 +2837,22 @@ class VMwareVcVmdkDriverTestCase(VMwareEsxVmdkDriverTestCase):
|
|||
vops.move_backing_to_folder.assert_called_once_with(backing,
|
||||
folder)
|
||||
|
||||
@mock.patch('oslo_vmware.api.VMwareAPISession')
|
||||
def test_session(self, apiSession):
|
||||
self._session = None
|
||||
|
||||
self._driver.session()
|
||||
|
||||
apiSession.assert_called_once_with(
|
||||
self._config.vmware_host_ip,
|
||||
self._config.vmware_host_username,
|
||||
self._config.vmware_host_password,
|
||||
self._config.vmware_api_retry_count,
|
||||
self._config.vmware_task_poll_interval,
|
||||
wsdl_loc=self._config.safe_get('vmware_wsdl_location'),
|
||||
pbm_wsdl_loc=None,
|
||||
cacert=self._config.vmware_ca_file)
|
||||
|
||||
|
||||
class ImageDiskTypeTest(test.TestCase):
|
||||
"""Unit tests for ImageDiskType."""
|
||||
|
|
|
@ -106,7 +106,10 @@ vmdk_opts = [
|
|||
cfg.StrOpt('vmware_tmp_dir',
|
||||
default='/tmp',
|
||||
help='Directory where virtual disks are stored during volume '
|
||||
'backup and restore.')
|
||||
'backup and restore.'),
|
||||
cfg.StrOpt('vmware_ca_file',
|
||||
default=None,
|
||||
help='CA bundle file to verify vCenter server certificate.')
|
||||
]
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
@ -1884,11 +1887,13 @@ class VMwareVcVmdkDriver(VMwareEsxVmdkDriver):
|
|||
task_poll_interval = self.configuration.vmware_task_poll_interval
|
||||
wsdl_loc = self.configuration.safe_get('vmware_wsdl_location')
|
||||
pbm_wsdl = self.pbm_wsdl if hasattr(self, 'pbm_wsdl') else None
|
||||
ca_file = self.configuration.vmware_ca_file
|
||||
self._session = api.VMwareAPISession(ip, username,
|
||||
password, api_retry_count,
|
||||
task_poll_interval,
|
||||
wsdl_loc=wsdl_loc,
|
||||
pbm_wsdl_loc=pbm_wsdl)
|
||||
pbm_wsdl_loc=pbm_wsdl,
|
||||
cacert=ca_file)
|
||||
return self._session
|
||||
|
||||
def _get_vc_version(self):
|
||||
|
|
Loading…
Reference in New Issue