kitchen-vcenter 1.5.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 31833a2dfb60dba469a3c03aa8261cc4639760770cb33b913909950009e5603b
-  data.tar.gz: c0c663f9b4ac33fdc505dab121ba33112d22b7cc9df59213a1aa1858c1191aa4
+  metadata.gz: 4830a5da83f0ac1eba8ce606f4151ff369058478452776699f45b52277bd4943
+  data.tar.gz: c7761ff930c8c78194dafe5c5ea7b55e4a27b1db992f4f1c678a66308cf75bb2
 SHA512:
-  metadata.gz: 4c5ef3e005c6f281b651c197a46a1bb84d38c3261973d5dc909d1924afd398a8c4debc2746f0de3f84d5e2dcd294a3e0537fb8df4210733abd9e7eb94ff9a40c
-  data.tar.gz: 66bc5bcb9263cbd8ab91757555f32daa26b0b2148c792ab1dd62613053bab7efdfa83673d6afbcc0e97621b393d7fb2f3339b853856f958d158f718cc16f43af
+  metadata.gz: 4986789d6c04264fcbf426176c3453427cf8a3f4b8cc951efe77a7b4d353b10aa20570c63f59b33294992f8a889b38b49454a25257ae6722a4431bb332272f4a
+  data.tar.gz: 3335539aeb36bd96b4e044c774501bee318ab1130a89cbb46fd319af83ee2d27952a9e8d232f3a1170b6baf196ee63cf6fd08bd952c920733d4993baffe8ea97

data/lib/kitchen-vcenter/version.rb

@@ -20,5 +20,5 @@
 # The main kitchen-vcenter module
 module KitchenVcenter
   # The version of this version of test-kitchen we assume enterprises want.
-  VERSION = "1.5.0"
+  VERSION = "2.0.0"
 end

data/lib/kitchen/driver/vcenter.rb

@@ -18,15 +18,8 @@
 #
 
 require "kitchen"
-require "rbvmomi"
-require "sso"
-require "base"
-require "lookup_service_helper"
-require "vapi"
-require "com/vmware/cis"
-require "com/vmware/cis/tagging"
-require "com/vmware/vcenter"
-require "com/vmware/vcenter/vm"
+require "vsphere-automation-cis"
+require "vsphere-automation-vcenter"
 require "support/clone_vm"
 require "securerandom"
 require "uri"
@@ -37,7 +30,7 @@ module Kitchen
   module Driver
     # Extends the Base class for vCenter
     class Vcenter < Kitchen::Driver::Base
-      attr_accessor :connection_options, :ipaddress, :vapi_config, :session_svc, :session_id
+      attr_accessor :connection_options, :ipaddress, :api_client
 
       required_config :vcenter_username
       required_config :vcenter_password
@@ -53,7 +46,6 @@ module Kitchen
       default_config :resource_pool, nil
       default_config :clone_type, :full
       default_config :cluster, nil
-      default_config :lookup_service_host, nil
       default_config :network_name, nil
       default_config :tags, nil
 
@@ -72,7 +64,6 @@ module Kitchen
         # @todo This does not allow to specify cluster AND pool yet
         unless config[:cluster].nil?
           cluster = get_cluster(config[:cluster])
-          # @todo Check for active hosts, to avoid "A specified parameter was not correct: spec.pool"
           config[:resource_pool] = cluster.resource_pool
         else
           # Find the first resource pool on any cluster
@@ -111,30 +102,38 @@ module Kitchen
         }
 
         # Create an object from which the clone operation can be called
-        clone_obj = Support::CloneVm.new(connection_options, options)
-        state[:hostname] = clone_obj.clone
-        state[:vm_name] = config[:vm_name]
+        new_vm = Support::CloneVm.new(connection_options, options)
+        new_vm.clone
+
+        state[:hostname] = new_vm.ip
+        state[:vm_name] = new_vm.name
 
         unless config[:tags].nil? || config[:tags].empty?
+          tag_api = VSphereAutomation::CIS::TaggingTagApi.new(api_client)
+          vm_tags = tag_api.list.value
+          raise format("No configured tags found on VCenter, but %s specified", config[:tags].to_s) if vm_tags.empty?
+
           valid_tags = {}
-          vm_tags = Com::Vmware::Cis::Tagging::Tag.new(vapi_config)
-          vm_tags.list.each do |uid|
-            tag = vm_tags.get(uid)
-            valid_tags[tag.name] = tag.id
+          vm_tags.each do |uid|
+            tag = tag_api.get(uid)
+
+            valid_tags[tag.value.name] = tag.value.id if tag.is_a? VSphereAutomation::CIS::CisTaggingTagResult
           end
 
           # Error out on undefined tags
           invalid = config[:tags] - valid_tags.keys
           raise format("Specified tag(s) %s not valid", invalid.join(",")) unless invalid.empty?
-
-          tag_service = Com::Vmware::Cis::Tagging::TagAssociation.new(vapi_config)
-
-          # calls needs a DynamicID object which we construct from type and mobID
-          mobid = get_vm(config[:vm_name]).vm
-          dynamic_id = Com::Vmware::Vapi::Std::DynamicID.new(type: "VirtualMachine", id: mobid)
-
+          tag_service = VSphereAutomation::CIS::TaggingTagAssociationApi.new(api_client)
           tag_ids = config[:tags].map { |name| valid_tags[name] }
-          tag_service.attach_multiple_tags_to_object(dynamic_id, tag_ids)
+
+          request_body = {
+            object_id: {
+              id: get_vm(config[:vm_name]).vm,
+              type: "VirtualMachine",
+            },
+            tag_ids: tag_ids,
+          }
+          tag_service.attach_multiple_tags_to_object(request_body)
         end
       end
 
@@ -146,18 +145,20 @@ module Kitchen
 
         save_and_validate_parameters
         connect
+
         vm = get_vm(state[:vm_name])
+        unless vm.nil?
+          vm_api = VSphereAutomation::VCenter::VMApi.new(api_client)
 
-        vm_obj = Com::Vmware::Vcenter::VM.new(vapi_config)
+          # shut the machine down if it is running
+          if vm.power_state == "POWERED_ON"
+            power = VSphereAutomation::VCenter::VmPowerApi.new(api_client)
+            power.stop(vm.vm)
+          end
 
-        # shut the machine down if it is running
-        if vm.power_state.value == "POWERED_ON"
-          power = Com::Vmware::Vcenter::Vm::Power.new(vapi_config)
-          power.stop(vm.vm)
+          # delete the vm
+          vm_api.delete(vm.vm)
         end
-
-        # delete the vm
-        vm_obj.delete(vm.vm)
       end
 
       private
@@ -195,22 +196,20 @@ module Kitchen
       #
       # @param [name] name is the name of the datacenter
       def datacenter_exists?(name)
-        filter = Com::Vmware::Vcenter::Datacenter::FilterSpec.new(names: Set.new([name]))
-        dc_obj = Com::Vmware::Vcenter::Datacenter.new(vapi_config)
-        dc = dc_obj.list(filter)
+        dc_api = VSphereAutomation::VCenter::DatacenterApi.new(api_client)
+        dcs = dc_api.list({ filter_names: name }).value
 
-        raise format("Unable to find data center: %s", name) if dc.empty?
+        raise format("Unable to find data center: %s", name) if dcs.empty?
       end
 
       # Checks if a network exists or not
       #
       # @param [name] name is the name of the Network
       def network_exists?(name)
-        net_obj = Com::Vmware::Vcenter::Network.new(vapi_config)
-        filter = Com::Vmware::Vcenter::Network::FilterSpec.new(names: Set.new([name]))
-        net = net_obj.list(filter)
+        net_api = VSphereAutomation::VCenter::NetworkApi.new(api_client)
+        nets = net_api.list({ filter_names: name }).value
 
-        raise format("Unable to find target network: %s", name) if net.empty?
+        raise format("Unable to find target network: %s", name) if nets.empty?
       end
 
       # Validates the host name of the server you can connect to
@@ -218,56 +217,58 @@ module Kitchen
       # @param [name] name is the name of the host
       def get_host(name)
         # create a host object to work with
-        host_obj = Com::Vmware::Vcenter::Host.new(vapi_config)
+        host_api = VSphereAutomation::VCenter::HostApi.new(api_client)
 
         if name.nil?
-          host = host_obj.list
+          hosts = host_api.list.value
         else
-          filter = Com::Vmware::Vcenter::Host::FilterSpec.new(names: Set.new([name]))
-          host = host_obj.list(filter)
+          hosts = host_api.list({ filter_names: name }).value
         end
 
-        raise format("Unable to find target host: %s", name) if host.empty?
+        raise format("Unable to find target host: %s", name) if hosts.empty?
 
-        host[0]
+        hosts.first
       end
 
       # Gets the folder you want to create the VM
       #
       # @param [name] name is the name of the folder
       def get_folder(name)
-        # Create a filter to ensure that only the named folder is returned
-        filter = Com::Vmware::Vcenter::Folder::FilterSpec.new(names: Set.new([name]))
-        folder_obj = Com::Vmware::Vcenter::Folder.new(vapi_config)
-        folder = folder_obj.list(filter)
+        folder_api = VSphereAutomation::VCenter::FolderApi.new(api_client)
+        folders = folder_api.list({ filter_names: name }).value
 
-        raise format("Unable to find folder: %s", name) if folder.empty?
+        raise format("Unable to find folder: %s", name) if folders.empty?
 
-        folder[0].folder
+        folders.first.folder
       end
 
       # Gets the name of the VM you are creating
       #
       # @param [name] name is the name of the VM
       def get_vm(name)
-        filter = Com::Vmware::Vcenter::VM::FilterSpec.new(names: Set.new([name]))
-        vm_obj = Com::Vmware::Vcenter::VM.new(vapi_config)
-        vm_obj.list(filter)[0]
+        vm_api = VSphereAutomation::VCenter::VMApi.new(api_client)
+        vms = vm_api.list({ filter_names: name }).value
+
+        vms.first
       end
 
       # Gets the info of the cluster
       #
       # @param [name] name is the name of the Cluster
       def get_cluster(name)
-        cl_obj = Com::Vmware::Vcenter::Cluster.new(vapi_config)
+        cluster_api = VSphereAutomation::VCenter::ClusterApi.new(api_client)
+        clusters = cluster_api.list({ filter_names: name }).value
 
-        # @todo: Use Cluster::FilterSpec to only get the cluster which was asked
-        # filter = Com::Vmware::Vcenter::Cluster::FilterSpec.new(clusters: Set.new(['...']))
-        clusters = cl_obj.list.select { |cluster| cluster.name == name }
         raise format("Unable to find Cluster: %s", name) if clusters.empty?
 
-        cluster_id = clusters[0].cluster
-        cl_obj.get(cluster_id)
+        cluster_id = clusters.first.cluster
+
+        host_api = VSphereAutomation::VCenter::HostApi.new(api_client)
+        hosts = host_api.list({ filter_clusters: cluster_id, connection_states: "CONNECTED" }).value
+
+        raise format("Unable to find active host in cluster %s", name) if hosts.empty?
+
+        cluster_api.get(cluster_id).value
       end
 
       # Gets the name of the resource pool
@@ -276,92 +277,47 @@ module Kitchen
       # @param [name] name is the name of the ResourcePool
       def get_resource_pool(name)
         # Create a resource pool object
-        rp_obj = Com::Vmware::Vcenter::ResourcePool.new(vapi_config)
+        rp_api = VSphereAutomation::VCenter::ResourcePoolApi.new(api_client)
 
         # If no name has been set, use the first resource pool that can be found,
         # otherwise try to find by given name
         if name.nil?
           # Remove default pool for first pass (<= 1.2.1 behaviour to pick first user-defined pool found)
-          resource_pool = rp_obj.list.delete_if { |pool| pool.name == "Resources" }
-          debug("Search of all resource pools found: " + resource_pool.map { |pool| pool.name }.to_s)
+          resource_pools = rp_api.list.value.delete_if { |pool| pool.name == "Resources" }
+          debug("Search of all resource pools found: " + resource_pools.map { |pool| pool.name }.to_s)
 
           # Revert to default pool, if no user-defined pool found (> 1.2.1 behaviour)
           # (This one might not be found under some circumstances by the statement above)
-          return get_resource_pool("Resources") if resource_pool.empty?
+          return get_resource_pool("Resources") if resource_pools.empty?
         else
-          # create a filter to find the named resource pool
-          filter = Com::Vmware::Vcenter::ResourcePool::FilterSpec.new(names: Set.new([name]))
-          resource_pool = rp_obj.list(filter)
-          debug("Search for resource pools found: " + resource_pool.map { |pool| pool.name }.to_s)
+          resource_pools = rp_api.list({ filter_names: name }).value
+          debug("Search for resource pools found: " + resource_pools.map { |pool| pool.name }.to_s)
         end
 
-        raise format("Unable to find Resource Pool: %s", name) if resource_pool.empty?
+        raise format("Unable to find Resource Pool: %s", name) if resource_pools.empty?
 
-        resource_pool[0].resource_pool
-      end
-
-      # Get location of lookup service
-      def lookup_service_host
-        # Allow manual overrides
-        return config[:lookup_service_host] unless config[:lookup_service_host].nil?
-
-        # Retrieve SSO service via RbVmomi, which is always co-located with the Lookup Service.
-        vim = RbVmomi::VIM.connect @connection_options
-        vim_settings = vim.serviceContent.setting.setting
-        sso_url = vim_settings.select { |o| o.key == "config.vpxd.sso.sts.uri" }&.first&.value
-
-        # Configuration fallback, if no SSO URL found for some reason
-        ls_host = sso_url.nil? ? config[:vcenter_host] : URI.parse(sso_url).host
-        debug("Using Lookup Service at: " + ls_host)
-
-        ls_host
-      end
-
-      # Get vCenter FQDN
-      def vcenter_host
-        # Retrieve SSO service via RbVmomi, which is always co-located with the Lookup Service.
-        vim = RbVmomi::VIM.connect @connection_options
-        vim_settings = vim.serviceContent.setting.setting
-
-        vim_settings.select { |o| o.key == "VirtualCenter.FQDN" }.first.value
+        resource_pools.first.resource_pool
       end
 
       # The main connect method
       #
       def connect
-        # Configure the connection to vCenter
-        lookup_service_helper = LookupServiceHelper.new(lookup_service_host)
-        vapi_urls = lookup_service_helper.find_vapi_urls
-        debug("Found vAPI endpoints: [" + vapi_urls.to_s + "]")
-
-        vim_urls = lookup_service_helper.find_vim_urls
-        debug("Found VIM endpoints: [" + vim_urls.to_s + "]")
-
-        node_id = vim_urls.select { |id, url| url.include? vcenter_host }.keys.first
-        debug("NodeID of vCenter " + config[:vcenter_host] + " is " + node_id.to_s)
-
-        vapi_url = lookup_service_helper.find_vapi_url(node_id)
-        debug("vAPI Endpoint for vCenter is " + vapi_url)
-
-        # Create the VAPI config object
-        ssl_options = {}
-        ssl_options[:verify] = config[:vcenter_disable_ssl_verify] ? :none : :peer
-        @vapi_config = VAPI::Bindings::VapiConfig.new(vapi_url, ssl_options)
-
-        # get the SSO url
-        sso_url = lookup_service_helper.find_sso_url
-        sso = SSO::Connection.new(sso_url).login(config[:vcenter_username], config[:vcenter_password])
-        token = sso.request_bearer_token
-        vapi_config.set_security_context(
-          VAPI::Security.create_saml_bearer_security_context(token.to_s)
-        )
-
-        # Login and get the session information
-        @session_svc = Com::Vmware::Cis::Session.new(vapi_config)
-        @session_id = session_svc.create
-        vapi_config.set_security_context(
-          VAPI::Security.create_session_security_context(session_id)
-        )
+        configuration = VSphereAutomation::Configuration.new.tap do |c|
+          c.host = config[:vcenter_host]
+          c.username = config[:vcenter_username]
+          c.password = config[:vcenter_password]
+          c.scheme = "https"
+          c.verify_ssl = config[:vcenter_disable_ssl_verify] ? false : true
+          c.verify_ssl_host = config[:vcenter_disable_ssl_verify] ? false : true
+        end
+
+        @api_client = VSphereAutomation::ApiClient.new(configuration)
+        api_client.default_headers["Authorization"] = configuration.basic_auth_token
+
+        session_api = VSphereAutomation::CIS::SessionApi.new(api_client)
+        session_id = session_api.create("").value
+
+        api_client.default_headers["vmware-api-session-id"] = session_id
       end
     end
   end

data/lib/support/clone_vm.rb

@@ -2,10 +2,11 @@ require "rbvmomi"
 
 class Support
   class CloneVm
-    attr_reader :vim, :options
+    attr_reader :vim, :options, :vm, :name, :path
 
     def initialize(conn_opts, options)
       @options = options
+      @name = options[:name]
 
       # Connect to vSphere
       @vim ||= RbVmomi::VIM.connect conn_opts
@@ -83,7 +84,7 @@ class Support
         # @todo not working yet
         # relocate_spec.folder = dest_folder
         clone_spec = RbVmomi::VIM.VirtualMachineInstantCloneSpec(location: relocate_spec,
-                                                                 name: options[:name])
+                                                                 name: name)
 
         task = src_vm.InstantClone_Task(spec: clone_spec)
       else
@@ -91,24 +92,27 @@ class Support
                                                           powerOn: options[:poweron],
                                                           template: false)
 
-        task = src_vm.CloneVM_Task(spec: clone_spec, folder: dest_folder, name: options[:name])
+        task = src_vm.CloneVM_Task(spec: clone_spec, folder: dest_folder, name: name)
       end
       task.wait_for_completion
 
       # get the IP address of the machine for bootstrapping
       # machine name is based on the path, e.g. that includes the folder
-      name = options[:folder].nil? ? options[:name] : format("%s/%s", options[:folder][:name], options[:name])
-      new_vm = dc.find_vm(name)
+      @path = options[:folder].nil? ? name : format("%s/%s", options[:folder][:name], name)
+      @vm = dc.find_vm(path)
 
-      if new_vm.nil?
-        puts format("Unable to find machine: %s", name)
+      if vm.nil?
+        puts format("Unable to find machine: %s", path)
       else
         puts "Waiting for network interfaces to become available..."
-        sleep 2 while new_vm.guest.net.empty? || !new_vm.guest.ipAddress
-        new_vm.guest.net[0].ipConfig.ipAddress.detect do |addr|
-          addr.origin != "linklayer"
-        end.ipAddress
+        sleep 2 while vm.guest.net.empty? || !vm.guest.ipAddress
       end
     end
+
+    def ip
+      vm.guest.net[0].ipConfig.ipAddress.detect do |addr|
+        addr.origin != "linklayer"
+      end.ipAddress
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kitchen-vcenter
 version: !ruby/object:Gem::Version
-  version: 1.5.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Chef Software
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-12 00:00:00.000000000 Z
+date: 2019-01-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rbvmomi
@@ -58,28 +58,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.6'
+        version: '0.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.6'
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -102,11 +102,8 @@ extensions: []
 extra_rdoc_files: []
 files:
 - LICENSE
-- lib/base.rb
 - lib/kitchen-vcenter/version.rb
 - lib/kitchen/driver/vcenter.rb
-- lib/lookup_service_helper.rb
-- lib/sso.rb
 - lib/support/clone_vm.rb
 homepage: https://github.com/chef/kitchen-vcenter
 licenses:
@@ -127,8 +124,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.2
 signing_key: 
 specification_version: 4
 summary: Test Kitchen driver for VMare vCenter

data/lib/base.rb

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-#
-# Author:: Chef Partner Engineering (<partnereng@chef.io>)
-# Copyright:: Copyright (c) 2017 Chef Software, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require "logger"
-
-module Base
-  attr_accessor :log
-
-  def self.log
-    @log ||= init_logger
-  end
-
-  def self.init_logger
-    log = Logger.new(STDOUT)
-    log.progname = "Knife VCenter"
-    log.level = Logger::INFO
-    log
-  end
-end

data/lib/lookup_service_helper.rb

@@ -1,464 +0,0 @@
-# Copyright 2014-2017 VMware, Inc.  All Rights Reserved.
-# SPDX-License-Identifier: MIT
-
-require "savon"
-require "nokogiri"
-require "base"
-# require 'sample/framework/sample_base'
-
-# Utility class that helps use the lookup service.
-class LookupServiceHelper
-  attr_reader :sample, :wsdl_url, :soap_url
-  attr_reader :serviceRegistration
-
-  # Constructs a new instance.
-  # @param [Object] host the associated sample, which provides access
-  #     to the configuration properties of the sample
-  def initialize(host)
-    @soap_url = format("https://%s/lookupservice/sdk", host)
-    @wsdl_url = format("https://%s/lookupservice/wsdl/lookup.wsdl", host)
-  end
-
-  # Connects to the lookup service.
-  def connect
-    rsc = RetrieveServiceContent.new(client).invoke
-    @serviceRegistration = rsc.get_service_registration
-    Base.log.info "service registration = #{serviceRegistration}"
-  end
-
-  # Finds the SSO service URL.
-  # In a MxN setup where there are more than one PSC nodes;
-  # This method returns the first SSO service endpoint URL
-  # as returned by the lookup service.
-  #
-  # @return [String] SSO Service endpoint URL.
-  def find_sso_url
-    result = find_service_url(product = "com.vmware.cis",
-                              service = "cs.identity",
-                              endpoint = "com.vmware.cis.cs.identity.sso",
-                              protocol = "wsTrust")
-    raise "SSO URL not found" unless result && result.size > 0
-
-    result.values[0]
-  end
-
-  # Finds all the vAPI service endpoint URLs.
-  # In a MxN setup where there are more than one management node;
-  # this method returns more than one URL
-  #
-  # @return [Hash] vapi service endpoint URLs in a dictionary
-  #     where the key is the node_id and the value is the service URL.
-  def find_vapi_urls
-    find_service_url(product = "com.vmware.cis",
-                     service = "cs.vapi",
-                     endpoint = "com.vmware.vapi.endpoint",
-                     protocol = "vapi.json.https.public")
-  end
-
-  # Finds the vapi service endpoint URL of a management node.
-  #
-  # @param node_id [String] The UUID of the management node.
-  # @return [String] vapi service endpoint URL of a management node or
-  #     nil if no vapi endpoint is found.
-  def find_vapi_url(node_id)
-    raise "node_id is required" if node_id.nil?
-    result = find_vapi_urls()
-    raise "VAPI URLs not found" unless result && result.size > 0
-    result[node_id]
-  end
-
-  # Finds all the vim service endpoint URLs
-  # In a MxN setup where there are more than one management node;
-  # this method returns more than one URL
-  #
-  # @return [Hash] vim service endpoint URLs in a dictionary where
-  #     the key is the node_id and the value is the service URL.
-  def find_vim_urls
-    find_service_url(product = "com.vmware.cis",
-                     service = "vcenterserver",
-                     endpoint = "com.vmware.vim",
-                     protocol = "vmomi")
-  end
-
-  # Finds the vim service endpoint URL of a management node
-  #
-  # @param node_id [String] The UUID of the management node.
-  # @return [String] vim service endpoint URL of a management node or
-  #     nil if no vim endpoint is found.
-  def find_vim_url(node_id)
-    raise "node_id is required" if node_id.nil?
-    result = find_vim_urls()
-    raise "VIM URLs not found" unless result && result.size > 0
-    result[node_id]
-  end
-
-  # Finds all the spbm service endpoint URLs
-  # In a MxN setup where there are more than one management node;
-  # this method returns more than one URL
-  #
-  # @return [Hash] spbm service endpoint URLs in a dictionary where
-  #     the key is the node_id and the value is the service URL.
-  def find_vim_pbm_urls
-    find_service_url(product = "com.vmware.vim.sms",
-                     service = "sms",
-                     endpoint = "com.vmware.vim.pbm",
-                     protocol = "https")
-  end
-
-  # Finds the spbm service endpoint URL of a management node
-  #
-  # @param node_id [String] The UUID of the management node.
-  # @return [String] spbm service endpoint URL of a management node or
-  #     nil if no spbm endpoint is found.
-  def find_vim_pbm_url(node_id)
-    raise "node_id is required" if node_id.nil?
-    result = find_vim_pbm_urls()
-    raise "PBM URLs not found" unless result && result.size > 0
-    result[node_id]
-  end
-
-  # Get the management node id from the instance name
-  #
-  # @param instance_name [String] The instance name of the management node
-  # @return [String] The UUID of the management node or
-  #     nil is no management node is found by the given instance name
-  def get_mgmt_node_id(instance_name)
-    raise "instance_name is required" if instance_name.nil?
-
-    result = find_mgmt_nodes
-    raise "Management nodes not found" unless result && !result.empty?
-
-    result[instance_name]
-  end
-
-  def get_mgmt_node_instance_name(node_id)
-    raise "node_id is required" if node_id.nil?
-
-    result = find_mgmt_nodes
-    raise "Management nodes not found" unless result && !result.empty?
-
-    result.each { |k, v| return k if v == node_id }
-    nil
-  end
-
-  # Finds the instance name and UUID of the management node for M1xN1 or
-  # when the PSC and management services all reside on a single node.
-  def get_default_mgmt_node
-    result = find_mgmt_nodes
-    raise "Management nodes not found" unless result && !result.empty?
-
-    # WHY: raise MultipleManagementNodeException.new if result.size > 1
-    [result.keys[0], result.values[0]]
-  end
-
-  # Finds all the management nodes
-  #
-  # @return [Hash] management node instance name and node id (UUID) in a dictionary.
-  def find_mgmt_nodes
-    # assert self.serviceRegistration is not None
-    list = List.new(client, "com.vmware.cis", "vcenterserver",
-                    "vmomi", "com.vmware.vim")
-
-    list.invoke
-    list.get_instance_names
-  end
-
-  private
-
-  # Finds a service URL with the given attributes.
-  def find_service_url(product, service, endpoint, protocol)
-    # assert serviceRegistration is not None
-    list = List.new(client, product, service, protocol, endpoint)
-
-    list.invoke
-    list.get_service_endpoints
-  end
-
-  # Gets or creates the Savon client instance.
-  def client
-    @client ||= Savon.client do |globals|
-      # see: http://savonrb.com/version2/globals.html
-      globals.wsdl wsdl_url
-      globals.endpoint soap_url
-
-      globals.strip_namespaces false
-      globals.env_namespace :S
-
-      # set like this so https connection does not fail
-      # TODO: find an acceptable solution for production
-      globals.ssl_verify_mode :none
-
-      # dev/debug settings
-      # globals.pretty_print_xml ENV['DEBUG_SOAP']
-      # globals.log ENV['DEBUG_SOAP']
-    end
-  end
-end
-
-# @abstract Base class for invocable service calls.
-class Invocable
-  attr_reader :operation, :client, :response
-
-  # Constructs a new instance.
-  # @param operation [Symbol] the operation name
-  # @param client [Savon::Client] the client
-  def initialize(operation, client)
-    @operation = operation
-    @client = client
-  end
-
-  # Invokes the service call represented by this type.
-  def invoke
-    request = request_xml.to_s
-    Base.log.debug(request)
-    @response = client.call(operation, xml: request)
-    Base.log.debug(response)
-    self # for chaining with new
-  end
-
-  # Builds the request XML content.
-  def request_xml
-    builder = Builder::XmlMarkup.new
-    builder.instruct!(:xml, encoding: "UTF-8")
-
-    builder.tag!("S:Envelope",
-                 "xmlns:S" => "http://schemas.xmlsoap.org/soap/envelope/") do |envelope|
-      envelope.tag!("S:Body") do |body|
-        body_xml(body)
-      end
-    end
-    builder.target!
-  end
-
-  # Builds the body portion of the request XML content.
-  # Specific service operations must override this method.
-  def body_xml
-    raise "abstract method not implemented!"
-  end
-
-  # Gets the response XML content.
-  def response_xml
-    raise "illegal state: response not set yet" if response.nil?
-
-    @response_xml ||= Nokogiri::XML(response.to_xml)
-  end
-
-  def response_hash
-    @response_hash ||= response.to_hash
-  end
-end
-
-# Encapsulates the list operation of the lookup service.
-class List < Invocable
-  # Constructs a new instance.
-  def initialize(client, product, service, protocol, endpoint)
-    super(:list, client)
-
-    @product = product
-    @service = service
-    @protocol = protocol
-    @endpoint = endpoint
-  end
-
-=begin
-    <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
-        <S:Body>
-            <List xmlns="urn:lookup">
-                <_this type="LookupServiceRegistration">ServiceRegistration</_this>
-                <filterCriteria>
-                    <serviceType>
-                        <product>com.vmware.cis</product>
-                        <type>cs.identity</type>
-                    </serviceType>
-                    <endpointType>
-                        <protocol>wsTrust</protocol>
-                        <type>com.vmware.cis.cs.identity.sso</type>
-                    </endpointType>
-                </filterCriteria>
-            </List>
-        </S:Body>
-    </S:Envelope>
-=end
-  def body_xml(body)
-    body.tag!("List", "xmlns" => "urn:lookup") do |list|
-      # TODO: use the copy that was retrieved on startup?
-      list.tag!("_this",
-                "type" => "LookupServiceRegistration") do |this|
-        this << "ServiceRegistration"
-      end
-      list.tag!("filterCriteria") do |criteria|
-        criteria.tag!("serviceType") do |stype|
-          stype.tag!("product") do |p|
-            p << @product
-          end
-          stype.tag!("type") do |t|
-            t << @service
-          end
-        end
-        criteria.tag!("endpointType") do |etype|
-          etype.tag!("protocol") do |p|
-            p << @protocol
-          end
-          etype.tag!("type") do |t|
-            t << @endpoint
-          end
-        end
-      end
-    end
-  end
-
-  # Gets the service endpoint information from the response.
-  # Support for MxN.
-  # @return [Hash] a hash where the key is NodeId and the Value is a Service URL
-  def get_service_endpoints
-    result = {}
-=begin
-    <ListResponse xmlns="urn:lookup">
-        <returnval>
-            <serviceVersion>2.0</serviceVersion>
-            <vendorNameResourceKey/>
-            <vendorNameDefault/>
-            <vendorProductInfoResourceKey/>
-            <vendorProductInfoDefault/>
-            <serviceEndpoints>
-                <url>https://pa-rdinfra3-vm7-dhcp5583.eng.vmware.com/sts/STSService/vsphere.local</url>
-                <endpointType>
-                    <protocol>wsTrust</protocol>
-                    <type>com.vmware.cis.cs.identity.sso</type>
-                </endpointType>
-                <sslTrust>
-                    ...
-                </sslTrust>
-            </serviceEndpoints>
-            <serviceNameResourceKey/>
-            <serviceNameDefault/>
-            <serviceDescriptionResourceKey/>
-            <serviceDescriptionDefault/>
-            <ownerId>pa-rdinfra3-vm7-dhcp5583.eng.vmware.com@vsphere.local</ownerId>
-            <serviceType>
-                <product>com.vmware.cis</product>
-                <type>cs.identity</type>
-            </serviceType>
-            <nodeId/>
-            <serviceId>6a8a5058-5d3d-4d42-bb5e-383b91c8732e</serviceId>
-            <siteId>default-first-site</siteId>
-        </returnval>
-    </ListResponse>
-=end
-    Base.log.debug "List: response_hash = #{response_hash}"
-    return_val = response_hash[:list_response][:returnval]
-    return_val = [return_val] if return_val.is_a? Hash
-    return_val.each do |entry|
-        # FYI: the node_id is sometimes null, so use the service_id in this case
-      node_id = entry[:node_id] || entry[:service_id]
-      result[node_id] = entry[:service_endpoints][:url]
-    end
-    Base.log.debug "List: result = #{result}"
-    result
-  end
-
-  def get_instance_names
-    result = {}
-=begin
-      <serviceAttributes>
-          <key>com.vmware.cis.cm.GroupInternalId</key>
-          <value>com.vmware.vim.vcenter</value>
-      </serviceAttributes>
-      <serviceAttributes>
-          <key>com.vmware.cis.cm.ControlScript</key>
-          <value>vmware-vpxd.sh</value>
-      </serviceAttributes>
-      <serviceAttributes>
-          <key>com.vmware.cis.cm.HostId</key>
-          <value>906477a1-24c6-4d48-9e99-55ef962878f7</value>
-      </serviceAttributes>
-      <serviceAttributes>
-          <key>com.vmware.vim.vcenter.instanceName</key>
-          <value>pa-rdinfra3-vm7-dhcp5583.eng.vmware.com</value>
-      </serviceAttributes>
-=end
-    Base.log.debug "List: response_hash = #{response_hash}"
-    return_val = response_hash[:list_response][:returnval]
-    return_val = [return_val] if return_val.is_a? Hash
-    return_val.each do |entry|
-      node_id = entry[:node_id]
-      # TODO: is it possible there be 0 or 1 attrs?  if so, deal with it.
-      attrs = entry[:service_attributes]
-      Base.log.debug "List: attrs=#{attrs}"
-      attrs.each do |attr|
-        if attr[:key] == "com.vmware.vim.vcenter.instanceName"
-          result[attr[:value]] = node_id
-        end
-      end
-    end
-    Base.log.debug "List: result = #{result}"
-    result
-  end
-end
-
-# Encapsulates the RetrieveServiceContent operation of the lookup service.
-class RetrieveServiceContent < Invocable
-
-  # Constructs a new instance.
-  def initialize(client)
-    super(:retrieve_service_content, client)
-  end
-
-=begin
-    <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
-        <S:Body>
-            <RetrieveServiceContent xmlns="urn:lookup">
-                <_this type="LookupServiceInstance">ServiceInstance</_this>
-            </RetrieveServiceContent>
-        </S:Body>
-    </S:Envelope>
-=end
-  def body_xml(body)
-    body.tag!("RetrieveServiceContent", "xmlns" => "urn:lookup") do |rsc|
-      rsc.tag!("_this", "type" => "LookupServiceInstance") do |this|
-        this << "ServiceInstance"
-      end
-    end
-  end
-
-=begin
-    ...
-        <RetrieveServiceContentResponse xmlns="urn:lookup">
-            <returnval>
-                <lookupService type="LookupLookupService">lookupService</lookupService>
-                <serviceRegistration type="LookupServiceRegistration">ServiceRegistration</serviceRegistration>
-                <deploymentInformationService type="LookupDeploymentInformationService">deploymentInformationService</deploymentInformationService>
-                <l10n type="LookupL10n">l10n</l10n>
-            </returnval>
-        </RetrieveServiceContentResponse>
-    ...
-=end
-  def get_service_registration
-    Base.log.debug "RetrieveServiceContent: response_hash = #{response_hash}"
-    return_val = response_hash[:retrieve_service_content_response][:returnval]
-    result = return_val[:service_registration]
-    Base.log.debug "RetrieveServiceContent: result = #{result}"
-    result
-  end
-end
-
-class MultipleManagementNodeException < RuntimeError
-end
-
-# main: quick self tester
-if __FILE__ == $0
-  Base.log.level = Logger::DEBUG if ENV["DEBUG"]
-  sample = SelfTestSample.new
-  sample.ls_ip = ARGV[0] || "10.67.245.207"
-  # MXN: sample.ls_ip = '10.160.42.83'
-  # MXN: sample.ls_ip = '10.160.35.191'
-  # MAYBE: sample.main() # for arg parsing
-  ls_helper = LookupServiceHelper.new(sample)
-  ls_helper.connect
-  puts "***************************************"
-  puts "SSO URL: #{ls_helper.find_sso_url}"
-  puts "VAPI URL: #{ls_helper.find_vapi_urls}"
-  puts "VIM URL: #{ls_helper.find_vim_urls}"
-  puts "PBM URL: #{ls_helper.find_vim_pbm_urls}"
-  puts "Mgmt Nodes: #{ls_helper.find_mgmt_nodes}"
-end

data/lib/sso.rb

@@ -1,268 +0,0 @@
-# Copyright 2014-2017 VMware, Inc.  All Rights Reserved.
-# SPDX-License-Identifier: MIT
-
-require "savon"
-require "nokogiri"
-require "date"
-require "securerandom"
-
-# A little utility library for VMware SSO.
-# For now, this is not a general purpose library that covers all
-# the interfaces of the SSO service.
-# Specifically, the support is limited to the following:
-# * request bearer token.
-module SSO
-  # The XML date format.
-  DATE_FORMAT = "%FT%T.%LZ".freeze
-
-  # The XML namespaces that are required: SOAP, WSDL, et al.
-  NAMESPACES = {
-    "xmlns:S" => "http://schemas.xmlsoap.org/soap/envelope/",
-    "xmlns:wst" => "http://docs.oasis-open.org/ws-sx/ws-trust/200512",
-    "xmlns:u" => "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd",
-    "xmlns:x" => "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
-  }.freeze
-
-  # Provides the connection details for the SSO service.
-  class Connection
-    attr_accessor :sso_url, :wsdl_url, :username, :password
-
-    # Creates a new instance.
-    def initialize(sso_url, wsdl_url = nil)
-      self.sso_url = sso_url
-      self.wsdl_url = wsdl_url || "#{sso_url}?wsdl"
-    end
-
-    # Login with the given credentials.
-    # Note: this does not invoke a login action, but rather stores the
-    # credentials for use later.
-    def login(username, password)
-      self.username = username
-      self.password = password
-      self # enable builder pattern
-    end
-
-    # Gets (or creates) the Savon client instance.
-    def client
-      # construct and init the client proxy
-      @client ||= Savon.client do |globals|
-        # see: http://savonrb.com/version2/globals.html
-        globals.wsdl wsdl_url
-        globals.endpoint sso_url
-
-        globals.strip_namespaces false
-        globals.env_namespace :S
-
-        # set like this so https connection does not fail
-        # TODO: find an acceptable solution for production
-        globals.ssl_verify_mode :none
-
-        # dev/debug settings
-        # globals.pretty_print_xml ENV['DEBUG_SOAP']
-        # globals.log ENV['DEBUG_SOAP']
-      end
-    end
-
-    # Invokes the request bearer token operation.
-    # @return [SamlToken]
-    def request_bearer_token
-      rst = RequestSecurityToken.new(client, username, password)
-      rst.invoke
-      rst.saml_token
-    end
-  end
-
-  # @abstract Base class for invocable service calls.
-  class SoapInvocable
-    attr_reader :operation, :client, :response
-
-    # Constructs a new instance.
-    # @param operation [Symbol] the SOAP operation name (in Symbol form)
-    # @param client [Savon::Client] the client
-    def initialize(operation, client)
-      @operation = operation
-      @client = client
-    end
-
-    # Invokes the service call represented by this type.
-    def invoke
-      request = request_xml.to_s
-      puts "request = #{request}" if ENV["DEBUG"]
-      @response = client.call(operation, xml: request)
-      puts "response = #{response}" if ENV["DEBUG"]
-      self # for chaining with new
-    end
-
-    # Builds the request XML content.
-    def request_xml
-      builder = Builder::XmlMarkup.new
-      builder.instruct!(:xml, encoding: "UTF-8")
-
-      builder.tag!("S:Envelope", NAMESPACES) do |envelope|
-        if has_header?
-          envelope.tag!("S:Header") do |header|
-            header_xml(header)
-          end
-        end
-        envelope.tag!("S:Body") do |body|
-          body_xml(body)
-        end
-      end
-      builder.target!
-    end
-
-    def has_header?
-      true
-    end
-
-    # Builds the header portion of the SOAP request.
-    # Specific service operations must override this method.
-    def header_xml(_header)
-      raise "abstract method not implemented!"
-    end
-
-    # Builds the body portion of the SOAP request.
-    # Specific service operations must override this method.
-    def body_xml(_body)
-      raise "abstract method not implemented!"
-    end
-
-    # Gets the response XML content.
-    def response_xml
-      raise "illegal state: response not set yet" if response.nil?
-
-      @response_xml ||= Nokogiri::XML(response.to_xml)
-    end
-
-    def response_hash
-      @response_hash ||= response.to_hash
-    end
-  end
-
-  # Encapsulates an issue operation that requests a security token
-  # from the SSO service.
-  class RequestSecurityToken < SoapInvocable
-
-    attr_accessor :request_type, :delegatable
-
-    # Constructs a new instance.
-    def initialize(client, username, password, hours = 2)
-      super(:issue, client)
-
-      @username = username
-      @password = password
-      @hours = hours
-
-      # TODO: these things should be configurable, so we can get
-      # non-delegatable tokens, HoK tokens, etc.
-      @request_type = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"
-      @delegatable = true
-    end
-
-    def now
-      @now ||= Time.now.utc.to_datetime
-    end
-
-    def created
-      @created ||= now.strftime(DATE_FORMAT)
-    end
-
-    def future
-      @future ||= now + (2 / 24.0) # days (for DateTime math)
-    end
-
-    def expires
-      @expires ||= future.strftime(DATE_FORMAT)
-    end
-
-    # Builds the header XML for the SOAP request.
-    def header_xml(header)
-      id = "uuid-" + SecureRandom.uuid
-
-      # header.tag!("x:Security", "x:mustUnderstand" => "1") do |security|
-      header.tag!("x:Security") do |security|
-        security.tag!("u:Timestamp", "u:Id" => "_0") do |timestamp|
-          timestamp.tag!("u:Created") do |element|
-            element << created
-          end
-          timestamp.tag!("u:Expires") do |element|
-            element << expires
-          end
-        end
-
-        security.tag!("x:UsernameToken", "u:Id" => id) do |utoken|
-          utoken.tag!("x:Username") do |element|
-            element << @username
-          end
-          utoken.tag!("x:Password") do |element|
-            element << @password
-          end
-        end
-      end
-    end
-
-    # Builds the body XML for the SOAP request.
-    def body_xml(body)
-      body.tag!("wst:RequestSecurityToken") do |rst|
-        rst.tag!("wst:RequestType") do |element|
-          element << request_type
-        end
-        rst.tag!("wst:Delegatable") do |element|
-          element << delegatable.to_s
-        end
-=begin
-          #TODO: we don't seem to need this, but I'm leaving this
-          #here for now as a reminder.
-          rst.tag!("wst:Lifetime") do |lifetime|
-              lifetime.tag!("u:Created") do |element|
-                  element << created
-              end
-              lifetime.tag!("u:Expires") do |element|
-                  element << expires
-              end
-          end
-=end
-      end
-    end
-
-  # Gets the saml_token from the SOAP response body.
-  # @return [SamlToken] the requested SAML token
-    def saml_token
-      assertion = response_xml.at_xpath("//saml2:Assertion",
-              "saml2" => "urn:oasis:names:tc:SAML:2.0:assertion")
-      SamlToken.new(assertion)
-    end
-  end
-
-    # Holds a SAML token.
-  class SamlToken
-    attr_reader :xml
-
-      # Creates a new instance.
-    def initialize(xml)
-      @xml = xml
-    end
-
-      # TODO: add some getters for interesting content
-
-    def to_s
-      esc_token = xml.to_xml(indent: 0, encoding: "UTF-8")
-      esc_token = esc_token.delete("\n")
-      esc_token
-    end
-  end
-end
-
-# main: quick self tester
-if __FILE__ == $0
-  cloudvm_ip = ARGV[0]
-  cloudvm_ip ||= "10.20.17.0"
-  # cloudvm_ip ||= "10.67.245.207"
-  sso_url = "https://#{cloudvm_ip}/sts/STSService/vsphere.local"
-  wsdl_url = "#{sso_url}?wsdl"
-  sso = SSO::Connection.new(sso_url, wsdl_url)
-  # sso.login("administrator@vsphere.local", "Admin!23")
-  sso.login("root", "vmware")
-  token = sso.request_bearer_token
-  puts token.to_s
-end