Example #1
0
func (flag *ClientFlag) newClient() (*vim25.Client, error) {
	sc := soap.NewClient(flag.url, flag.insecure)

	// Add retry functionality before making any calls
	rt := attachRetries(sc)
	c, err := vim25.NewClient(context.TODO(), rt)
	if err != nil {
		return nil, err
	}

	// Set client, since we didn't pass it in the constructor
	c.Client = sc

	m := session.NewManager(c)
	err = m.Login(context.TODO(), flag.url.User)
	if err != nil {
		return nil, err
	}

	err = flag.saveClient(c)
	if err != nil {
		return nil, err
	}

	return c, nil
}
Example #2
0
File: helper.go Project: vmware/vic
// NewAuthenticatedClient creates a new vim25.Client, authenticates the user
// specified in the test URL, and returns it.
func NewAuthenticatedClient(t *testing.T) *vim25.Client {
	u := URL()
	if u == nil {
		t.SkipNow()
	}

	soapClient := soap.NewClient(u, true)
	vimClient, err := vim25.NewClient(context.Background(), soapClient)
	if err != nil {
		t.Fatal(err)
	}

	req := types.Login{
		This: *vimClient.ServiceContent.SessionManager,
	}

	req.UserName = u.User.Username()
	if pw, ok := u.User.Password(); ok {
		req.Password = pw
	}

	_, err = methods.Login(context.Background(), vimClient, &req)
	if err != nil {
		t.Fatal(err)
	}

	return vimClient
}
Example #3
0
func TestClientSerialization(t *testing.T) {
	var c1, c2 *Client

	soapClient := soap.NewClient(testURL(t), true)
	c1, err := NewClient(context.Background(), soapClient)
	if err != nil {
		t.Fatal(err)
	}

	// Login
	sessionLogin(t, c1)
	sessionCheck(t, c1)

	// Serialize/deserialize
	b, err := json.Marshal(c1)
	if err != nil {
		t.Fatal(err)
	}
	c2 = &Client{}
	err = json.Unmarshal(b, c2)
	if err != nil {
		t.Fatal(err)
	}

	// Check the session is still valid
	sessionCheck(t, c2)
}
Example #4
0
func (flag *ClientFlag) newClient() (*vim25.Client, error) {
	ctx := context.TODO()
	sc := soap.NewClient(flag.url, flag.insecure)
	isTunnel := false

	if flag.cert != "" {
		isTunnel = true
		cert, err := tls.LoadX509KeyPair(flag.cert, flag.key)
		if err != nil {
			return nil, err
		}

		sc.SetCertificate(cert)
	}

	rt, err := flag.configure(sc)
	if err != nil {
		return nil, err
	}

	c, err := vim25.NewClient(ctx, rt)
	if err != nil {
		return nil, err
	}

	// Set client, since we didn't pass it in the constructor
	c.Client = sc

	m := session.NewManager(c)
	u := flag.url.User

	if u.Username() == "" {
		// Assume we are running on an ESX or Workstation host if no username is provided
		u, err = flag.localTicket(ctx, m)
		if err != nil {
			return nil, err
		}
	}

	if isTunnel {
		err = m.LoginExtensionByCertificate(ctx, u.Username(), "")
		if err != nil {
			return nil, err
		}
	} else {
		err = m.Login(ctx, u)
		if err != nil {
			return nil, err
		}
	}

	err = flag.saveClient(c)
	if err != nil {
		return nil, err
	}

	return c, nil
}
Example #5
0
func (flag *ClientFlag) newClient() (*vim25.Client, error) {
	sc := soap.NewClient(flag.url, flag.insecure)
	isTunnel := false

	if flag.cert != "" {
		isTunnel = true
		cert, err := tls.LoadX509KeyPair(flag.cert, flag.key)
		if err != nil {
			return nil, err
		}

		sc.SetCertificate(cert)
	}

	// Set namespace and version
	sc.Namespace = flag.vimNamespace
	sc.Version = flag.vimVersion

	// Add retry functionality before making any calls
	rt := attachRetries(sc)
	c, err := vim25.NewClient(context.TODO(), rt)
	if err != nil {
		return nil, err
	}

	// Set client, since we didn't pass it in the constructor
	c.Client = sc

	m := session.NewManager(c)
	u := flag.url.User

	if u.Username() == "" {
		// Assume we are running on an ESX or Workstation host if no username is provided
		u, err = flag.localTicket(context.TODO(), m)
		if err != nil {
			return nil, err
		}
	}

	if isTunnel {
		err = m.LoginExtensionByCertificate(context.TODO(), u.Username(), "")
		if err != nil {
			return nil, err
		}
	} else {
		err = m.Login(context.TODO(), u)
		if err != nil {
			return nil, err
		}
	}

	err = flag.saveClient(c)
	if err != nil {
		return nil, err
	}

	return c, nil
}
Example #6
0
func sessionClient(u *url.URL, t *testing.T) *Manager {
	soapClient := soap.NewClient(u, true)
	vimClient, err := vim25.NewClient(context.Background(), soapClient)
	if err != nil {
		t.Fatal(err)
	}

	return NewManager(vimClient)
}
Example #7
0
func newManager(t *testing.T) (*Manager, *url.URL) {
	u := test.URL()
	if u == nil {
		t.SkipNow()
	}

	soapClient := soap.NewClient(u, true)
	vimClient, err := vim25.NewClient(context.Background(), soapClient)
	if err != nil {
		t.Fatal(err)
	}

	return NewManager(vimClient), u
}
Example #8
0
func (flag *ClientFlag) newClient() (*vim25.Client, error) {
	sc := soap.NewClient(flag.url, flag.insecure)
	isTunnel := false

	if flag.cert != "" {
		isTunnel = true
		cert, err := tls.LoadX509KeyPair(flag.cert, flag.key)
		if err != nil {
			return nil, err
		}

		sc.SetCertificate(cert)
	}

	// Add retry functionality before making any calls
	rt := attachRetries(sc)
	c, err := vim25.NewClient(context.TODO(), rt)
	if err != nil {
		return nil, err
	}

	// Set client, since we didn't pass it in the constructor
	c.Client = sc

	m := session.NewManager(c)
	u := flag.url.User
	if isTunnel {
		err = m.LoginExtensionByCertificate(context.TODO(), u.Username(), "")
		if err != nil {
			return nil, err
		}
	} else {
		err = m.Login(context.TODO(), u)
		if err != nil {
			return nil, err
		}
	}

	err = flag.saveClient(c)
	if err != nil {
		return nil, err
	}

	return c, nil
}
Example #9
0
// NewClient creates a new client from a URL. The client authenticates with the
// server with username/password before returning if the URL contains user information.
func NewClient(ctx context.Context, u *url.URL, insecure bool) (*Client, error) {
	soapClient := soap.NewClient(u, insecure)
	vimClient, err := vim25.NewClient(ctx, soapClient)
	if err != nil {
		return nil, err
	}

	c := &Client{
		Client:         vimClient,
		SessionManager: session.NewManager(vimClient),
	}

	// Only login if the URL contains user information.
	if u.User != nil {
		err = c.Login(ctx, u.User)
		if err != nil {
			return nil, err
		}
	}

	return c, nil
}
Example #10
0
// NewClientWithCertificate creates a new client from a URL. The client authenticates with the
// server with the certificate before returning if the URL contains user information.
func NewClientWithCertificate(ctx context.Context, u *url.URL, insecure bool, cert tls.Certificate) (*Client, error) {
	soapClient := soap.NewClient(u, insecure)
	soapClient.SetCertificate(cert)
	vimClient, err := vim25.NewClient(ctx, soapClient)
	if err != nil {
		return nil, err
	}

	c := &Client{
		Client:         vimClient,
		SessionManager: session.NewManager(vimClient),
	}

	if u.User != nil {
		err = c.LoginExtensionByCertificate(ctx, u.User.Username(), "")
		if err != nil {
			return nil, err
		}
	}

	return c, nil
}
Example #11
0
func (cmd *cert) Run(ctx context.Context, f *flag.FlagSet) error {
	u := cmd.URLWithoutPassword()
	c := soap.NewClient(u, false)
	t := c.Client.Transport.(*http.Transport)
	r := certResult{cmd: cmd}

	if err := cmd.SetRootCAs(c); err != nil {
		return err
	}

	if err := r.info.FromURL(u, t.TLSClientConfig); err != nil {
		return err
	}

	if r.info.Err != nil && r.cmd.IsSecure() {
		cmd.Out = os.Stderr
		// using same exit code as curl:
		defer os.Exit(60)
	}

	return r.Write(cmd.Out)
}
Example #12
0
// Connect establishes the connection for the session but nothing more
func (s *Session) Connect(ctx context.Context) (*Session, error) {
	soapURL, err := soap.ParseURL(s.Service)
	if soapURL == nil || err != nil {
		return nil, errors.Errorf("SDK URL (%s) could not be parsed: %s", s.Service, err)
	}

	// LoginExtensionByCertificate proxies connections to a virtual host (sdkTunnel:8089) and
	// Go's http.Transport.DialTLS isn't called when using a proxy.  Even if using a known CA,
	// "sdkTunnel" does not pass Go's tls.VerifyHostname check.
	// We are moving away from LoginExtensionByCertificate anyhow, so disable thumbprint checks for now.
	if s.HasCertificate() {
		s.Insecure = true
	}

	// Update the service URL with expanded defaults
	s.Service = soapURL.String()

	soapClient := soap.NewClient(soapURL, s.Insecure)
	var login func(context.Context) error

	if s.HasCertificate() {
		cert, err2 := tls.X509KeyPair([]byte(s.ExtensionCert), []byte(s.ExtensionKey))
		if err2 != nil {
			return nil, errors.Errorf("Unable to load X509 key pair(%s,%s): %s",
				s.ExtensionCert, s.ExtensionKey, err2)
		}

		soapClient.SetCertificate(cert)
		log.Debugf("Logging in via extension %s certificate", s.ExtensionName)

		login = func(ctx context.Context) error {
			return s.LoginExtensionByCertificate(ctx, s.ExtensionName, "")
		}
	} else {
		log.Debugf("Logging in via username/password")

		login = func(ctx context.Context) error {
			return s.Client.Login(ctx, soapURL.User)
		}
	}

	soapClient.SetThumbprint(soapURL.Host, s.Thumbprint)

	// TODO: option to set http.Client.Transport.TLSClientConfig.RootCAs

	vimClient, err := vim25.NewClient(ctx, soapClient)
	if err != nil {
		return nil, errors.Errorf("Failed to connect to %s: %s", soapURL.Host, err)
	}

	if s.Keepalive != 0 {
		vimClient.RoundTripper = session.KeepAliveHandler(soapClient, s.Keepalive,
			func(roundTripper soap.RoundTripper) error {
				_, err := methods.GetCurrentTime(context.Background(), roundTripper)
				if err == nil {
					return nil
				}

				log.Warnf("session keepalive error: %s", err)

				if isNotAuthenticated(err) {

					if err = login(ctx); err != nil {
						log.Errorf("session keepalive failed to re-authenticate: %s", err)
					} else {
						log.Info("session keepalive re-authenticated")
					}
				}

				return nil
			})
	}

	// TODO: get rid of govmomi.Client usage, only provides a few helpers we don't need.
	s.Client = &govmomi.Client{
		Client:         vimClient,
		SessionManager: session.NewManager(vimClient),
	}

	err = login(ctx)
	if err != nil {
		return nil, errors.Errorf("Failed to log in to %s: %s", soapURL.Host, err)
	}

	s.Finder = find.NewFinder(s.Vim25(), false)
	// log high-level environment information
	s.logEnvironmentInfo()
	return s, nil
}
Example #13
0
func TestServeHTTPS(t *testing.T) {
	s := New(NewServiceInstance(esx.ServiceContent, esx.RootFolder))
	s.TLS = new(tls.Config)
	ts := s.NewServer()
	defer ts.Close()

	ctx := context.Background()
	// insecure=true OK
	client, err := govmomi.NewClient(ctx, ts.URL, true)
	if err != nil {
		t.Fatal(err)
	}

	err = client.Login(ctx, ts.URL.User)
	if err != nil {
		t.Fatal(err)
	}

	// insecure=false should FAIL
	_, err = govmomi.NewClient(ctx, ts.URL, false)
	if err == nil {
		t.Fatal("expected error")
	}

	uerr, ok := err.(*url.Error)
	if !ok {
		t.Fatalf("err type=%T", err)
	}

	_, ok = uerr.Err.(x509.UnknownAuthorityError)
	if !ok {
		t.Fatalf("err type=%T", uerr.Err)
	}

	sinfo := ts.CertificateInfo()

	// Test thumbprint validation
	sc := soap.NewClient(ts.URL, false)
	// Add host with thumbprint mismatch should fail
	sc.SetThumbprint(ts.URL.Host, "nope")
	_, err = vim25.NewClient(ctx, sc)
	if err == nil {
		t.Error("expected error")
	}
	// Add host with thumbprint match should pass
	sc.SetThumbprint(ts.URL.Host, sinfo.ThumbprintSHA1)
	_, err = vim25.NewClient(ctx, sc)
	if err != nil {
		t.Fatal(err)
	}

	var pinfo object.HostCertificateInfo
	err = pinfo.FromURL(ts.URL, nil)
	if err != nil {
		t.Fatal(err)
	}
	if pinfo.ThumbprintSHA1 != sinfo.ThumbprintSHA1 {
		t.Error("thumbprint mismatch")
	}

	// Test custom RootCAs list
	sc = soap.NewClient(ts.URL, false)
	caFile, err := ts.CertificateFile()
	if err != nil {
		t.Fatal(err)
	}
	if err = sc.SetRootCAs(caFile); err != nil {
		t.Fatal(err)
	}

	_, err = vim25.NewClient(ctx, sc)
	if err != nil {
		t.Fatal(err)
	}
}