From a84ec1f1cc94028173d4f028766eece6171cd0e7 Mon Sep 17 00:00:00 2001
From: garciadeblas <gerardo.garciadeblas@telefonica.com>
Date: Mon, 11 Mar 2024 17:56:47 +0100
Subject: [PATCH] Fix improper certificate validation for VMWare and VROPS
 connectors

Change-Id: I6a74e9cd62a4754a073d9dd0c025fd4f7fb8daa4
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
---
 osm_mon/collector/infra_collectors/vmware.py  | 11 +++++++---
 osm_mon/collector/vnf_collectors/vmware.py    |  2 +-
 .../vnf_collectors/vrops/vrops_helper.py      | 20 +++++++++++++++----
 3 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/osm_mon/collector/infra_collectors/vmware.py b/osm_mon/collector/infra_collectors/vmware.py
index 3c65270..09db0db 100644
--- a/osm_mon/collector/infra_collectors/vmware.py
+++ b/osm_mon/collector/infra_collectors/vmware.py
@@ -52,6 +52,7 @@ class VMwareInfraCollector(BaseVimInfraCollector):
         self.vim_uuid = vim_account["vim_uuid"]
         self.org_name = vim_account["orgname"]
         self.vim_project_id = vim_account["project_id"]
+        self.verify_ssl = vim_account.get("insecure", False)
 
     def connect_vim_as_admin(self):
         """Method connect as pvdc admin user to vCloud director.
@@ -70,7 +71,7 @@ class VMwareInfraCollector(BaseVimInfraCollector):
             admin_user = self.admin_username
             admin_passwd = self.admin_password
             org = "System"
-            client = Client(host, verify_ssl_certs=False)
+            client = Client(host, verify_ssl_certs=self.verify_ssl)
             client.set_highest_supported_version()
             client.set_credentials(BasicLoginCredentials(admin_user, org, admin_passwd))
             return client
@@ -129,7 +130,9 @@ class VMwareInfraCollector(BaseVimInfraCollector):
                     ],
                 }
 
-                response = requests.get(url=url, headers=headers, verify=False)
+                response = requests.get(
+                    url=url, headers=headers, verify=self.verify_ssl
+                )
 
                 if (
                     response.status_code != requests.codes.ok
@@ -168,7 +171,9 @@ class VMwareInfraCollector(BaseVimInfraCollector):
                     ],
                 }
 
-                response = requests.get(url=url, headers=headers, verify=False)
+                response = requests.get(
+                    url=url, headers=headers, verify=self.verify_ssl
+                )
 
                 if (
                     response.status_code != requests.codes.ok
diff --git a/osm_mon/collector/vnf_collectors/vmware.py b/osm_mon/collector/vnf_collectors/vmware.py
index 19065b3..2e03ebe 100644
--- a/osm_mon/collector/vnf_collectors/vmware.py
+++ b/osm_mon/collector/vnf_collectors/vmware.py
@@ -163,7 +163,7 @@ class VMwareCollector(BaseVimCollector):
                     "x-vcloud-authorization"
                 ],
             }
-            response = requests.get(get_vapp_restcall, headers=headers, verify=False)
+            response = requests.get(get_vapp_restcall, headers=headers)
 
             if response.status_code != 200:
                 log.error(
diff --git a/osm_mon/collector/vnf_collectors/vrops/vrops_helper.py b/osm_mon/collector/vnf_collectors/vrops/vrops_helper.py
index 8164510..eadd5c7 100644
--- a/osm_mon/collector/vnf_collectors/vrops/vrops_helper.py
+++ b/osm_mon/collector/vnf_collectors/vrops/vrops_helper.py
@@ -44,10 +44,17 @@ METRIC_MULTIPLIERS = {
 
 
 class vROPS_Helper:
-    def __init__(self, vrops_site="https://vrops", vrops_user="", vrops_password=""):
+    def __init__(
+        self,
+        vrops_site="https://vrops",
+        vrops_user="",
+        vrops_password="",
+        verify_ssl=False,
+    ):
         self.vrops_site = vrops_site
         self.vrops_user = vrops_user
         self.vrops_password = vrops_password
+        self.verify_ssl = verify_ssl
 
     def get_vrops_token(self):
         """Fetches token from vrops"""
@@ -55,7 +62,10 @@ class vROPS_Helper:
         headers = {"Content-Type": "application/json", "Accept": "application/json"}
         req_body = {"username": self.vrops_user, "password": self.vrops_password}
         resp = requests.post(
-            self.vrops_site + auth_url, json=req_body, verify=False, headers=headers
+            self.vrops_site + auth_url,
+            json=req_body,
+            verify=self.verify_ssl,
+            headers=headers,
         )
         if resp.status_code != 200:
             log.error(
@@ -78,7 +88,9 @@ class vROPS_Helper:
         }
         resource_list = []
 
-        resp = requests.get(self.vrops_site + api_url, verify=False, headers=headers)
+        resp = requests.get(
+            self.vrops_site + api_url, verify=self.verify_ssl, headers=headers
+        )
 
         if resp.status_code != 200:
             log.error(
@@ -144,7 +156,7 @@ class vROPS_Helper:
             }
 
             resp = requests.get(
-                self.vrops_site + api_url, verify=False, headers=headers
+                self.vrops_site + api_url, verify=self.verify_ssl, headers=headers
             )
 
             if resp.status_code != 200:
-- 
2.25.1