// NewAuthenticatedClient creates a new vim25.Client, authenticates the user // specified in the test URL, and returns it. func NewAuthenticatedClient(t *testing.T) *vim25.Client { u := URL() if u == nil { t.SkipNow() } soapClient := soap.NewClient(u, true) vimClient, err := vim25.NewClient(context.Background(), soapClient) if err != nil { t.Fatal(err) } req := types.Login{ This: *vimClient.ServiceContent.SessionManager, } req.UserName = u.User.Username() if pw, ok := u.User.Password(); ok { req.Password = pw } _, err = methods.Login(context.Background(), vimClient, &req) if err != nil { t.Fatal(err) } return vimClient }
func (flag *ClientFlag) newClient() (*vim25.Client, error) { sc := soap.NewClient(flag.url, flag.insecure) // Add retry functionality before making any calls rt := attachRetries(sc) c, err := vim25.NewClient(context.TODO(), rt) if err != nil { return nil, err } // Set client, since we didn't pass it in the constructor c.Client = sc m := session.NewManager(c) err = m.Login(context.TODO(), flag.url.User) if err != nil { return nil, err } err = flag.saveClient(c) if err != nil { return nil, err } return c, nil }
func (flag *ClientFlag) newClient() (*vim25.Client, error) { ctx := context.TODO() sc := soap.NewClient(flag.url, flag.insecure) isTunnel := false if flag.cert != "" { isTunnel = true cert, err := tls.LoadX509KeyPair(flag.cert, flag.key) if err != nil { return nil, err } sc.SetCertificate(cert) } rt, err := flag.configure(sc) if err != nil { return nil, err } c, err := vim25.NewClient(ctx, rt) if err != nil { return nil, err } // Set client, since we didn't pass it in the constructor c.Client = sc m := session.NewManager(c) u := flag.url.User if u.Username() == "" { // Assume we are running on an ESX or Workstation host if no username is provided u, err = flag.localTicket(ctx, m) if err != nil { return nil, err } } if isTunnel { err = m.LoginExtensionByCertificate(ctx, u.Username(), "") if err != nil { return nil, err } } else { err = m.Login(ctx, u) if err != nil { return nil, err } } err = flag.saveClient(c) if err != nil { return nil, err } return c, nil }
func (flag *ClientFlag) newClient() (*vim25.Client, error) { sc := soap.NewClient(flag.url, flag.insecure) isTunnel := false if flag.cert != "" { isTunnel = true cert, err := tls.LoadX509KeyPair(flag.cert, flag.key) if err != nil { return nil, err } sc.SetCertificate(cert) } // Set namespace and version sc.Namespace = flag.vimNamespace sc.Version = flag.vimVersion // Add retry functionality before making any calls rt := attachRetries(sc) c, err := vim25.NewClient(context.TODO(), rt) if err != nil { return nil, err } // Set client, since we didn't pass it in the constructor c.Client = sc m := session.NewManager(c) u := flag.url.User if u.Username() == "" { // Assume we are running on an ESX or Workstation host if no username is provided u, err = flag.localTicket(context.TODO(), m) if err != nil { return nil, err } } if isTunnel { err = m.LoginExtensionByCertificate(context.TODO(), u.Username(), "") if err != nil { return nil, err } } else { err = m.Login(context.TODO(), u) if err != nil { return nil, err } } err = flag.saveClient(c) if err != nil { return nil, err } return c, nil }
func sessionClient(u *url.URL, t *testing.T) *Manager { soapClient := soap.NewClient(u, true) vimClient, err := vim25.NewClient(context.Background(), soapClient) if err != nil { t.Fatal(err) } return NewManager(vimClient) }
// New returns an initialized simulator Service instance func New(instance *ServiceInstance) *Service { s := &Service{ readAll: ioutil.ReadAll, } s.client, _ = vim25.NewClient(context.Background(), s) return s }
func newManager(t *testing.T) (*Manager, *url.URL) { u := test.URL() if u == nil { t.SkipNow() } soapClient := soap.NewClient(u, true) vimClient, err := vim25.NewClient(context.Background(), soapClient) if err != nil { t.Fatal(err) } return NewManager(vimClient), u }
func (flag *ClientFlag) newClient() (*vim25.Client, error) { sc := soap.NewClient(flag.url, flag.insecure) isTunnel := false if flag.cert != "" { isTunnel = true cert, err := tls.LoadX509KeyPair(flag.cert, flag.key) if err != nil { return nil, err } sc.SetCertificate(cert) } // Add retry functionality before making any calls rt := attachRetries(sc) c, err := vim25.NewClient(context.TODO(), rt) if err != nil { return nil, err } // Set client, since we didn't pass it in the constructor c.Client = sc m := session.NewManager(c) u := flag.url.User if isTunnel { err = m.LoginExtensionByCertificate(context.TODO(), u.Username(), "") if err != nil { return nil, err } } else { err = m.Login(context.TODO(), u) if err != nil { return nil, err } } err = flag.saveClient(c) if err != nil { return nil, err } return c, nil }
// NewClient creates a new client from a URL. The client authenticates with the // server with username/password before returning if the URL contains user information. func NewClient(ctx context.Context, u *url.URL, insecure bool) (*Client, error) { soapClient := soap.NewClient(u, insecure) vimClient, err := vim25.NewClient(ctx, soapClient) if err != nil { return nil, err } c := &Client{ Client: vimClient, SessionManager: session.NewManager(vimClient), } // Only login if the URL contains user information. if u.User != nil { err = c.Login(ctx, u.User) if err != nil { return nil, err } } return c, nil }
// NewClientWithCertificate creates a new client from a URL. The client authenticates with the // server with the certificate before returning if the URL contains user information. func NewClientWithCertificate(ctx context.Context, u *url.URL, insecure bool, cert tls.Certificate) (*Client, error) { soapClient := soap.NewClient(u, insecure) soapClient.SetCertificate(cert) vimClient, err := vim25.NewClient(ctx, soapClient) if err != nil { return nil, err } c := &Client{ Client: vimClient, SessionManager: session.NewManager(vimClient), } if u.User != nil { err = c.LoginExtensionByCertificate(ctx, u.User.Username(), "") if err != nil { return nil, err } } return c, nil }
// Connect establishes the connection for the session but nothing more func (s *Session) Connect(ctx context.Context) (*Session, error) { soapURL, err := soap.ParseURL(s.Service) if soapURL == nil || err != nil { return nil, errors.Errorf("SDK URL (%s) could not be parsed: %s", s.Service, err) } // LoginExtensionByCertificate proxies connections to a virtual host (sdkTunnel:8089) and // Go's http.Transport.DialTLS isn't called when using a proxy. Even if using a known CA, // "sdkTunnel" does not pass Go's tls.VerifyHostname check. // We are moving away from LoginExtensionByCertificate anyhow, so disable thumbprint checks for now. if s.HasCertificate() { s.Insecure = true } // Update the service URL with expanded defaults s.Service = soapURL.String() soapClient := soap.NewClient(soapURL, s.Insecure) var login func(context.Context) error if s.HasCertificate() { cert, err2 := tls.X509KeyPair([]byte(s.ExtensionCert), []byte(s.ExtensionKey)) if err2 != nil { return nil, errors.Errorf("Unable to load X509 key pair(%s,%s): %s", s.ExtensionCert, s.ExtensionKey, err2) } soapClient.SetCertificate(cert) log.Debugf("Logging in via extension %s certificate", s.ExtensionName) login = func(ctx context.Context) error { return s.LoginExtensionByCertificate(ctx, s.ExtensionName, "") } } else { log.Debugf("Logging in via username/password") login = func(ctx context.Context) error { return s.Client.Login(ctx, soapURL.User) } } soapClient.SetThumbprint(soapURL.Host, s.Thumbprint) // TODO: option to set http.Client.Transport.TLSClientConfig.RootCAs vimClient, err := vim25.NewClient(ctx, soapClient) if err != nil { return nil, errors.Errorf("Failed to connect to %s: %s", soapURL.Host, err) } if s.Keepalive != 0 { vimClient.RoundTripper = session.KeepAliveHandler(soapClient, s.Keepalive, func(roundTripper soap.RoundTripper) error { _, err := methods.GetCurrentTime(context.Background(), roundTripper) if err == nil { return nil } log.Warnf("session keepalive error: %s", err) if isNotAuthenticated(err) { if err = login(ctx); err != nil { log.Errorf("session keepalive failed to re-authenticate: %s", err) } else { log.Info("session keepalive re-authenticated") } } return nil }) } // TODO: get rid of govmomi.Client usage, only provides a few helpers we don't need. s.Client = &govmomi.Client{ Client: vimClient, SessionManager: session.NewManager(vimClient), } err = login(ctx) if err != nil { return nil, errors.Errorf("Failed to log in to %s: %s", soapURL.Host, err) } s.Finder = find.NewFinder(s.Vim25(), false) // log high-level environment information s.logEnvironmentInfo() return s, nil }
func TestServeHTTPS(t *testing.T) { s := New(NewServiceInstance(esx.ServiceContent, esx.RootFolder)) s.TLS = new(tls.Config) ts := s.NewServer() defer ts.Close() ctx := context.Background() // insecure=true OK client, err := govmomi.NewClient(ctx, ts.URL, true) if err != nil { t.Fatal(err) } err = client.Login(ctx, ts.URL.User) if err != nil { t.Fatal(err) } // insecure=false should FAIL _, err = govmomi.NewClient(ctx, ts.URL, false) if err == nil { t.Fatal("expected error") } uerr, ok := err.(*url.Error) if !ok { t.Fatalf("err type=%T", err) } _, ok = uerr.Err.(x509.UnknownAuthorityError) if !ok { t.Fatalf("err type=%T", uerr.Err) } sinfo := ts.CertificateInfo() // Test thumbprint validation sc := soap.NewClient(ts.URL, false) // Add host with thumbprint mismatch should fail sc.SetThumbprint(ts.URL.Host, "nope") _, err = vim25.NewClient(ctx, sc) if err == nil { t.Error("expected error") } // Add host with thumbprint match should pass sc.SetThumbprint(ts.URL.Host, sinfo.ThumbprintSHA1) _, err = vim25.NewClient(ctx, sc) if err != nil { t.Fatal(err) } var pinfo object.HostCertificateInfo err = pinfo.FromURL(ts.URL, nil) if err != nil { t.Fatal(err) } if pinfo.ThumbprintSHA1 != sinfo.ThumbprintSHA1 { t.Error("thumbprint mismatch") } // Test custom RootCAs list sc = soap.NewClient(ts.URL, false) caFile, err := ts.CertificateFile() if err != nil { t.Fatal(err) } if err = sc.SetRootCAs(caFile); err != nil { t.Fatal(err) } _, err = vim25.NewClient(ctx, sc) if err != nil { t.Fatal(err) } }