def login(self): """ Finds the SSO URL from the lookup service and retrieves the SAML token from STS URL """ print('Connecting to lookup service url: {0}'.format(self.lssoapurl)) self.lookupservicehelper = LookupServiceHelper( wsdl_url=self.lswsdlurl, soap_url=self.lssoapurl, skip_verification=self.skip_verification) self.lookupservicehelper.connect() self.stsurl = self.lookupservicehelper.find_sso_url() assert self.stsurl is not None print('Retrieving a SAML bearer token from STS url : {0}'.format( self.stsurl)) au = sso.SsoAuthenticator(self.stsurl) context = None if self.skip_verification: context = get_unverified_context() self.bearer_token = au.get_bearer_saml_assertion(self.ssousername, self.ssopassword, delegatable=True, ssl_context=context) self.sec_ctx = create_saml_bearer_security_context(self.bearer_token)
class PlatformServiceController(object): """ Manages services on the infrastructure node (e.g. lookup service, SSO etc.) """ def __init__(self, lswsdlurl, lssoapurl, ssousername, ssopassword, skip_verification): self.lswsdlurl = lswsdlurl self.lssoapurl = lssoapurl self.ssousername = ssousername self.ssopassword = ssopassword self.lookupservicehelper = None self.stsurl = None self.bearer_token = None # SAML bearer token self.sec_ctx = None # Security context self.skip_verification = skip_verification def login(self): """ Finds the SSO URL from the lookup service and retrieves the SAML token from STS URL """ print('Connecting to lookup service url: {0}'.format(self.lssoapurl)) self.lookupservicehelper = LookupServiceHelper( wsdl_url=self.lswsdlurl, soap_url=self.lssoapurl, skip_verification=self.skip_verification) self.lookupservicehelper.connect() self.stsurl = self.lookupservicehelper.find_sso_url() assert self.stsurl is not None print('Retrieving a SAML bearer token from STS url : {0}'.format( self.stsurl)) au = sso.SsoAuthenticator(self.stsurl) context = None if self.skip_verification: context = get_unverified_context() self.bearer_token = au.get_bearer_saml_assertion(self.ssousername, self.ssopassword, delegatable=True, ssl_context=context) self.sec_ctx = create_saml_bearer_security_context(self.bearer_token)
def run(self): print('\n\n#### Example: Login to vCenter server with ' 'external Platform Services Controller') print('\nStep 1: Connect to the lookup service on the ' 'Platform Services Controller node: {0}'.format(self.lsurl)) # Convert wsdl path to url self.lswsdl = parse.urljoin('file:', request.pathname2url(self.lswsdl)) lookupservicehelper = LookupServiceHelper( wsdl_url=self.lswsdl, soap_url=self.lsurl, skip_verification=self.skip_verification) lookupservicehelper.connect() if self.mgmtinstancename is None: self.mgmtinstancename, self.mgmtnodeid = lookupservicehelper.get_default_mgmt_node( ) elif self.mgmtnodeid is None: self.mgmtnodeid = lookupservicehelper.get_mgmt_node_id( self.mgmtinstancename) assert self.mgmtnodeid is not None print('\nStep 2: Discover the Single Sign-On service URL' ' from lookup service.') sso_url = lookupservicehelper.find_sso_url() print('Sso URL: {0}'.format(sso_url)) print('\nStep 3: Connect to the Single Sign-On URL and ' 'retrieve the SAML bearer token.') authenticator = sso.SsoAuthenticator(sso_url) context = None if self.skip_verification: context = get_unverified_context() bearer_token = authenticator.get_bearer_saml_assertion( self.username, self.password, delegatable=True, ssl_context=context) print('\nStep 4. Discover the vAPI service URL from lookup service.') vapi_url = lookupservicehelper.find_vapi_url(self.mgmtnodeid) print('vAPI URL: {0}'.format(vapi_url)) print('\nStep 5. Login to vAPI service using the SAML bearer token.') session = get_unverified_session() if self.skip_verification else None client = create_vsphere_client( server=parse.urlparse(vapi_url).hostname, bearer_token=bearer_token, session=session) # Create and Delete TagCategory to Verify connection is successful print('\nStep 3: Creating and Deleting Tag Category...\n') create_spec = client.tagging.Category.CreateSpec() create_spec.name = 'TestTag_embeded_psc_sso_workflow' create_spec.description = 'TestTagDesc' create_spec.cardinality = CategoryModel.Cardinality.MULTIPLE create_spec.associable_types = set() category_id = client.tagging.Category.create(create_spec) assert category_id is not None print('Tag category created; Id: {0}\n'.format(category_id)) # Delete TagCategory client.tagging.Category.delete(category_id)
def run(self): print('\n\n#### Example: Login to vCenter server with ' 'external Platform Services Controller') print('\nStep 1: Connect to the lookup service on the ' 'Platform Services Controller node: {0}'.format(self.lsurl)) # Convert wsdl path to url self.lswsdl = parse.urljoin('file:', request.pathname2url(self.lswsdl)) lookupservicehelper = LookupServiceHelper( wsdl_url=self.lswsdl, soap_url=self.lsurl, skip_verification=self.skip_verification) lookupservicehelper.connect() if self.mgmtinstancename is None: self.mgmtinstancename, self.mgmtnodeid = lookupservicehelper.get_default_mgmt_node( ) elif self.mgmtnodeid is None: self.mgmtnodeid = lookupservicehelper.get_mgmt_node_id( self.mgmtinstancename) assert self.mgmtnodeid is not None print('\nStep 2: Discover the Single Sign-On service URL' ' from lookup service.') sso_url = lookupservicehelper.find_sso_url() print('Sso URL: {0}'.format(sso_url)) print('\nStep 3: Connect to the Single Sign-On URL and ' 'retrieve the SAML bearer token.') authenticator = sso.SsoAuthenticator(sso_url) context = None if self.skip_verification: context = get_unverified_context() bearer_token = authenticator.get_bearer_saml_assertion( self.username, self.password, delegatable=True, ssl_context=context) # Creating SAML Bearer Security Context sec_ctx = create_saml_bearer_security_context(bearer_token) print('\nStep 4. Discover the vAPI service URL from lookup service.') vapi_url = lookupservicehelper.find_vapi_url(self.mgmtnodeid) print('vAPI URL: {0}'.format(vapi_url)) print('\nStep 5. Login to vAPI service using the SAML bearer token.') # Create an authenticated stub configuration object that can be used to # issue requests against vCenter. session = requests.Session() if self.skip_verification: session = create_unverified_session(session) connector = get_requests_connector(session=session, url=vapi_url) connector.set_security_context(sec_ctx) stub_config = StubConfigurationFactory.new_std_configuration(connector) self.session = Session(stub_config) # Login to VAPI endpoint and get the session_id self.session_id = self.session.create() # Update the VAPI connection with session_id session_sec_ctx = create_session_security_context(self.session_id) connector.set_security_context(session_sec_ctx) # Create and Delete TagCategory to Verify connection is successful print('\nStep 6: Creating and Deleting Tag Category...\n') self.category_svc = Category(stub_config) self.category_id = self.create_tag_category( 'TestTagCat', 'TestTagDesc', CategoryModel.Cardinality.MULTIPLE) assert self.category_id is not None print('Tag category created; Id: {0}\n'.format(self.category_id)) # Delete TagCategory self.category_svc.delete(self.category_id) self.session.delete() print('VAPI session disconnected successfully...')