From a84ec1f1cc94028173d4f028766eece6171cd0e7 Mon Sep 17 00:00:00 2001 From: garciadeblas Date: Mon, 11 Mar 2024 17:56:47 +0100 Subject: [PATCH] Fix improper certificate validation for VMWare and VROPS connectors Change-Id: I6a74e9cd62a4754a073d9dd0c025fd4f7fb8daa4 Signed-off-by: garciadeblas --- osm_mon/collector/infra_collectors/vmware.py | 11 +++++++--- osm_mon/collector/vnf_collectors/vmware.py | 2 +- .../vnf_collectors/vrops/vrops_helper.py | 20 +++++++++++++++---- 3 files changed, 25 insertions(+), 8 deletions(-) diff --git a/osm_mon/collector/infra_collectors/vmware.py b/osm_mon/collector/infra_collectors/vmware.py index 3c65270..09db0db 100644 --- a/osm_mon/collector/infra_collectors/vmware.py +++ b/osm_mon/collector/infra_collectors/vmware.py @@ -52,6 +52,7 @@ class VMwareInfraCollector(BaseVimInfraCollector): self.vim_uuid = vim_account["vim_uuid"] self.org_name = vim_account["orgname"] self.vim_project_id = vim_account["project_id"] + self.verify_ssl = vim_account.get("insecure", False) def connect_vim_as_admin(self): """Method connect as pvdc admin user to vCloud director. @@ -70,7 +71,7 @@ class VMwareInfraCollector(BaseVimInfraCollector): admin_user = self.admin_username admin_passwd = self.admin_password org = "System" - client = Client(host, verify_ssl_certs=False) + client = Client(host, verify_ssl_certs=self.verify_ssl) client.set_highest_supported_version() client.set_credentials(BasicLoginCredentials(admin_user, org, admin_passwd)) return client @@ -129,7 +130,9 @@ class VMwareInfraCollector(BaseVimInfraCollector): ], } - response = requests.get(url=url, headers=headers, verify=False) + response = requests.get( + url=url, headers=headers, verify=self.verify_ssl + ) if ( response.status_code != requests.codes.ok @@ -168,7 +171,9 @@ class VMwareInfraCollector(BaseVimInfraCollector): ], } - response = requests.get(url=url, headers=headers, verify=False) + response = requests.get( + url=url, headers=headers, verify=self.verify_ssl + ) if ( response.status_code != requests.codes.ok diff --git a/osm_mon/collector/vnf_collectors/vmware.py b/osm_mon/collector/vnf_collectors/vmware.py index 19065b3..2e03ebe 100644 --- a/osm_mon/collector/vnf_collectors/vmware.py +++ b/osm_mon/collector/vnf_collectors/vmware.py @@ -163,7 +163,7 @@ class VMwareCollector(BaseVimCollector): "x-vcloud-authorization" ], } - response = requests.get(get_vapp_restcall, headers=headers, verify=False) + response = requests.get(get_vapp_restcall, headers=headers) if response.status_code != 200: log.error( diff --git a/osm_mon/collector/vnf_collectors/vrops/vrops_helper.py b/osm_mon/collector/vnf_collectors/vrops/vrops_helper.py index 8164510..eadd5c7 100644 --- a/osm_mon/collector/vnf_collectors/vrops/vrops_helper.py +++ b/osm_mon/collector/vnf_collectors/vrops/vrops_helper.py @@ -44,10 +44,17 @@ METRIC_MULTIPLIERS = { class vROPS_Helper: - def __init__(self, vrops_site="https://vrops", vrops_user="", vrops_password=""): + def __init__( + self, + vrops_site="https://vrops", + vrops_user="", + vrops_password="", + verify_ssl=False, + ): self.vrops_site = vrops_site self.vrops_user = vrops_user self.vrops_password = vrops_password + self.verify_ssl = verify_ssl def get_vrops_token(self): """Fetches token from vrops""" @@ -55,7 +62,10 @@ class vROPS_Helper: headers = {"Content-Type": "application/json", "Accept": "application/json"} req_body = {"username": self.vrops_user, "password": self.vrops_password} resp = requests.post( - self.vrops_site + auth_url, json=req_body, verify=False, headers=headers + self.vrops_site + auth_url, + json=req_body, + verify=self.verify_ssl, + headers=headers, ) if resp.status_code != 200: log.error( @@ -78,7 +88,9 @@ class vROPS_Helper: } resource_list = [] - resp = requests.get(self.vrops_site + api_url, verify=False, headers=headers) + resp = requests.get( + self.vrops_site + api_url, verify=self.verify_ssl, headers=headers + ) if resp.status_code != 200: log.error( @@ -144,7 +156,7 @@ class vROPS_Helper: } resp = requests.get( - self.vrops_site + api_url, verify=False, headers=headers + self.vrops_site + api_url, verify=self.verify_ssl, headers=headers ) if resp.status_code != 200: -- 2.25.1