Browse Source

VMware: Enable vCenter certificate verification

Currently vCenter certificate is not verified during connection
establishment. This patch adds a config option to specify a CA
bundle file to verify vCenter server certificate.

DocImpact

Change-Id: Ida730db66b154a4d445f7a91bccb9ca5b5a26f5e
Closes-Bug: #1276207
changes/53/179753/1
Vipin Balachandran 7 years ago
parent
commit
39478338bb
  1. 18
      cinder/tests/unit/test_vmware_vmdk.py
  2. 9
      cinder/volume/drivers/vmware/vmdk.py

18
cinder/tests/unit/test_vmware_vmdk.py

@ -147,6 +147,7 @@ class VMwareEsxVmdkDriverTestCase(test.TestCase):
IMG_TX_TIMEOUT = 10
MAX_OBJECTS = 100
TMP_DIR = "/vmware-tmp"
CA_FILE = "/etc/ssl/rui-ca-cert.pem"
VMDK_DRIVER = vmdk.VMwareEsxVmdkDriver
def setUp(self):
@ -163,6 +164,7 @@ class VMwareEsxVmdkDriverTestCase(test.TestCase):
self._config.vmware_image_transfer_timeout_secs = self.IMG_TX_TIMEOUT
self._config.vmware_max_objects_retrieval = self.MAX_OBJECTS
self._config.vmware_tmp_dir = self.TMP_DIR
self._config.vmware_ca_file = self.CA_FILE
self._db = mock.Mock()
self._driver = vmdk.VMwareEsxVmdkDriver(configuration=self._config,
db=self._db)
@ -2835,6 +2837,22 @@ class VMwareVcVmdkDriverTestCase(VMwareEsxVmdkDriverTestCase):
vops.move_backing_to_folder.assert_called_once_with(backing,
folder)
@mock.patch('oslo_vmware.api.VMwareAPISession')
def test_session(self, apiSession):
self._session = None
self._driver.session()
apiSession.assert_called_once_with(
self._config.vmware_host_ip,
self._config.vmware_host_username,
self._config.vmware_host_password,
self._config.vmware_api_retry_count,
self._config.vmware_task_poll_interval,
wsdl_loc=self._config.safe_get('vmware_wsdl_location'),
pbm_wsdl_loc=None,
cacert=self._config.vmware_ca_file)
class ImageDiskTypeTest(test.TestCase):
"""Unit tests for ImageDiskType."""

9
cinder/volume/drivers/vmware/vmdk.py

@ -106,7 +106,10 @@ vmdk_opts = [
cfg.StrOpt('vmware_tmp_dir',
default='/tmp',
help='Directory where virtual disks are stored during volume '
'backup and restore.')
'backup and restore.'),
cfg.StrOpt('vmware_ca_file',
default=None,
help='CA bundle file to verify vCenter server certificate.')
]
CONF = cfg.CONF
@ -1884,11 +1887,13 @@ class VMwareVcVmdkDriver(VMwareEsxVmdkDriver):
task_poll_interval = self.configuration.vmware_task_poll_interval
wsdl_loc = self.configuration.safe_get('vmware_wsdl_location')
pbm_wsdl = self.pbm_wsdl if hasattr(self, 'pbm_wsdl') else None
ca_file = self.configuration.vmware_ca_file
self._session = api.VMwareAPISession(ip, username,
password, api_retry_count,
task_poll_interval,
wsdl_loc=wsdl_loc,
pbm_wsdl_loc=pbm_wsdl)
pbm_wsdl_loc=pbm_wsdl,
cacert=ca_file)
return self._session
def _get_vc_version(self):

Loading…
Cancel
Save