def get_client(cls, org, username, password):
"""Returns a client for a particular user.
The user is identified by the specified username-password combo in a
given organization.
:param str org: name of the organization, which the user belongs to.
:param str username: username of the user.
:param str password: password of the user.
:return: a client.
:rtype: pyvcloud.vcd.client.Client
:raises: Exception: if the basic configuration is missing.
"""
if cls._config is None:
raise Exception('Missing base configuration.')
client = Client(
cls._config['vcd']['host'],
api_version=cls._config['vcd']['api_version'],
verify_ssl_certs=cls._config['connection']['verify'],
log_file=cls._config['logging']['default_client_log_filename'],
log_requests=cls._config['logging']['log_requests'],
log_headers=cls._config['logging']['log_headers'],
log_bodies=cls._config['logging']['log_bodies'])
client.set_credentials(BasicLoginCredentials(username, org, password))
return client
def init_environment(config_filepath=BASE_CONFIG_FILEPATH):
"""Set up module variables according to config dict.
:param str config_filepath:
"""
global AMQP_USERNAME, AMQP_PASSWORD, CLIENT, ORG_HREF, VDC_HREF, \
CATALOG_NAME, DEV_MODE
config = testutils.yaml_to_dict(config_filepath)
CLIENT = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'])
credentials = BasicLoginCredentials(config['vcd']['username'],
utils.SYSTEM_ORG_NAME,
config['vcd']['password'])
CLIENT.set_credentials(credentials)
org = utils.get_org(CLIENT, org_name=config['broker']['org'])
vdc = utils.get_vdc(CLIENT, config['broker']['vdc'], org=org)
ORG_HREF = org.href
VDC_HREF = vdc.href
CATALOG_NAME = config['broker']['catalog']
AMQP_USERNAME = config['amqp']['username']
AMQP_PASSWORD = config['amqp']['password']
try:
DEV_MODE = config['test']['developer_mode']
except KeyError:
pass
def __init__(self,
vcd_api_client: vcd_client.Client,
oauth_client_name: str,
logger_debug: logging.Logger = NULL_LOGGER,
logger_wire: logging.Logger = NULL_LOGGER):
self.vcd_api_client: vcd_client.Client = vcd_api_client
cloudapi_url = vcd_api_client.get_cloudapi_uri()
super().__init__(base_url=cloudapi_url,
token=vcd_api_client.get_access_token(),
api_version=vcd_api_client.get_api_version(),
logger_debug=logger_debug,
logger_wire=logger_wire,
verify_ssl=vcd_api_client._verify_ssl_certs,
is_sys_admin=vcd_api_client.is_sysadmin())
self.oauth_client_name = oauth_client_name
# cloudapi_url will be of the format https://vcd-host/cloudapi
# since /oauth endpoint is not associated with /cloudapi or /api,
# we need to format the cloudapi_url so that only https://vcd-host
# part is retained
url_host = urlparse(cloudapi_url)
self._host_url = f"{url_host.scheme}://{url_host.netloc}"
self.oauth_client_id = None
self.refresh_token = None
def restore_session(ctx):
profiles = Profiles.load()
token = profiles.get('token')
if token is None or len(token) == 0:
raise Exception('Can\'t restore session, please re-login.')
if not profiles.get('verify'):
if profiles.get('disable_warnings'):
pass
else:
click.secho('InsecureRequestWarning: '
'Unverified HTTPS request is being made. '
'Adding certificate verification is strongly '
'advised.', fg='yellow', err=True)
requests.packages.urllib3.disable_warnings()
client = Client(profiles.get('host'),
api_version=profiles.get('api_version'),
verify_ssl_certs=profiles.get('verify'),
log_file='vcd.log',
log_requests=profiles.get('log_request'),
log_headers=profiles.get('log_header'),
log_bodies=profiles.get('log_body')
)
client.rehydrate(profiles)
ctx.obj = {}
ctx.obj['client'] = client
ctx.obj['profiles'] = profiles
def login(self):
try:
user = self.params.get('user')
password = self.params.get('password')
org = self.params.get('org')
host = self.params.get('host')
api_version = self.params.get('api_version')
verify_ssl_certs = self.params.get('verify_ssl_certs')
# giving more precedence to module level details
user = user if user else os.environ['env_user']
password = password if password else os.environ['env_password']
host = host if host else os.environ['env_host']
org = org if org else os.environ['env_org']
api_version = api_version if api_version else os.environ[
'env_api_version']
verify_ssl_certs = verify_ssl_certs if verify_ssl_certs else os.environ[
'env_verify_ssl_certs']
verify_ssl_certs = False if verify_ssl_certs == "False" else True
self.client = Client(host,
api_version=api_version,
verify_ssl_certs=verify_ssl_certs)
self.client.set_credentials(
BasicLoginCredentials(user, org, password))
except Exception as error:
error = 'Login failed for user {} to org {}'
raise VCDLoginError(error.format(user, org))
def restore_session(ctx, vdc_required=False):
if type(ctx.obj) is dict and 'client' in ctx.obj and ctx.obj[
'client'] is not None:
return
profiles = Profiles.load()
token = profiles.get('token')
if token is None or len(token) == 0:
raise Exception('Can\'t restore session, please login again.')
if not profiles.get('verify'):
if profiles.get('disable_warnings'):
pass
else:
click.secho(
'InsecureRequestWarning: '
'Unverified HTTPS request is being made. '
'Adding certificate verification is strongly '
'advised.',
fg='yellow',
err=True)
requests.packages.urllib3.disable_warnings()
client = Client(profiles.get('host'),
api_version=profiles.get('api_version'),
verify_ssl_certs=profiles.get('verify'),
log_file='vcd.log',
log_requests=profiles.get('log_request'),
log_headers=profiles.get('log_header'),
log_bodies=profiles.get('log_body'))
client.rehydrate(profiles)
ctx.obj = {}
ctx.obj['client'] = client
ctx.obj['profiles'] = profiles
if vdc_required:
if not ctx.obj['profiles'].get('vdc_in_use') or \
not ctx.obj['profiles'].get('vdc_href'):
raise Exception('select a virtual datacenter')
def vcdlogin(host, user, password, org):
logging.basicConfig(level=logging.DEBUG)
logging.info("login called")
client = Client(host,
api_version="27.0",
verify_ssl_certs=False,
log_file='vcd.log',
log_requests=True,
log_headers=True,
log_bodies=True)
try:
client.set_credentials(BasicLoginCredentials(user, org, password))
x = client._session.headers['x-vcloud-authorization']
logging.info(" ===== X VCloud ========\n \n" + x + "\n \n")
#pRes= catalog.isPresent(client,"c1")
#res=catalog.create(client,"c3","c2UPD")
#logging.info(" is create ===== \n \n "+ str(res.created)+ "\n \n ")
logging.info("\n\n=====callling upload ova===\n")
catalog.upload_media(client,
"c3",
"/home/iso/vcains13.ova",
item_name="vc installer 1.3")
logging.info("\n\n=====upload done ===\n ")
#logging.info(" Delete ===== \n \n "+ str(catalog.delete(client,"c3").deleted)+ "\n \n ")
#logging.info(" Delete ===== \n \n "+ str(catalog.delete(client,"c4").deleted)+ "\n \n ")
return client
except Exception as e:
print('error occured', e)
def get_org_id_from_vdc_name(client: vcd_client.Client, vdc_name: str):
"""Return org id given vdc name.
:param vcd_client.Client client: vcd client
:param str vdc_name: vdc name
:return: org id, with no prefix, e.g., '12345'
:rtype: str
"""
if client.is_sysadmin():
resource_type = vcd_client.ResourceType.ADMIN_ORG_VDC.value
else:
resource_type = vcd_client.ResourceType.ORG_VDC.value
query = client.get_typed_query(
query_type_name=resource_type,
query_result_format=vcd_client.QueryResultFormat.ID_RECORDS,
equality_filter=('name', vdc_name))
records = list(query.execute())
if len(records) == 0:
return None
# Process org id
if client.is_sysadmin():
org_urn_id = records[0].attrib['org']
else:
org_name = records[0].attrib['orgName']
org_resource = client.get_org_by_name(org_name)
org_urn_id = org_resource.attrib['id']
return extract_id(org_urn_id)
def vcd_login(host, user, password, org):
logging.basicConfig(level=logging.DEBUG)
logging.info("login called")
client = Client(host,
api_version="27.0",
verify_ssl_certs=False,
log_file='vcd.log',
log_requests=True,
log_headers=True,
log_bodies=True)
try:
client.set_credentials(BasicLoginCredentials(user, org, password))
x = client._session.headers['x-vcloud-authorization']
logging.info(" ===== X VCloud ========\n \n" + x + "\n \n")
logged_in_org = client.get_org()
org = Org(client, resource=logged_in_org)
v = org.get_vdc('OVD2')
vdc = VDC(client, href=v.get('href'))
vapp = vdc.get_vapp('cento_vapp11_2')
nconfig_section = vapp.NetworkConfigSection
nconfig = nconfig_section.findall(
"{http://www.vmware.com/vcloud/v1.5}NetworkConfig")
for i in range(0, len(nconfig)):
print(nconfig[i].get('networkName'))
##print(etree.tostring(nconfig[0], pretty_print=True))
#pRes= catalog.isPresent(client,"c1")
# res=catalog.create(client,"c44","c44",True)
#logging.info(" is create ===== \n \n "+ str(res.created)+ "\n \n ")
#logging.info("\n\n=====callling upload ova===\n")
#catalog_item.upload_ova(client,"c44","/home/iso/tiny.ova",item_name="tiny3.ova")
#logging.info("\n\n=====upload done ===\n ")
#logging.info(" Delete ===== \n \n "+ str(catalog.delete(client,"c3").deleted)+ "\n \n ")
#logging.info(" Delete ===== \n \n "+ str(catalog.delete(client,"c4").deleted)+ "\n \n ")
#vappInfo=pyvcloudprovider_pb2.CreateVAppInfo()
#vappInfo.name="vappacc2"
#vappInfo.catalog_name="c1"
#vappInfo.template_name="cento_tmpl1"
#vapp.create(client,vappInfo)
#delVappInfo=pyvcloudprovider_pb2.DeleteVAppInfo()
#delVappInfo.name="vappacc2"
#vapp.delete(client,delVappInfo)
#ovaInfo=pyvcloudprovider_pb2.CatalogUploadOvaInfo()
#ovaInfo.item_name="item1"
#ovaInfo.catalog_name="testcata1"
#ovaInfo.file_path="/Users/srinarayana/vmws/tiny.ova"
# catalog_item.ova_check_resolved(client,ovaInfo)
#vappInfo.template_name="cento_tmpl1"
#vapp.create(client,vappInfo)
return client
except Exception as e:
print('error occured', e)
def init_environment(config_filepath=BASE_CONFIG_FILEPATH):
"""Set up module variables according to config dict.
:param str config_filepath:
"""
global AMQP_USERNAME, AMQP_PASSWORD, CLIENT, ORG_HREF, VDC_HREF, \
CATALOG_NAME, TEARDOWN_INSTALLATION, TEARDOWN_CLUSTERS, \
TEMPLATE_DEFINITIONS, TEST_ALL_TEMPLATES, SYS_ADMIN_LOGIN_CMD, \
ORG_ADMIN_LOGIN_CMD, VAPP_AUTHOR_LOGIN_CMD, USER_LOGIN_CMD_MAP
config = testutils.yaml_to_dict(config_filepath)
rtm = RemoteTemplateManager(
config['broker']['remote_template_cookbook_url'])
template_cookbook = rtm.get_remote_template_cookbook()
TEMPLATE_DEFINITIONS = template_cookbook['templates']
rtm.download_all_template_scripts(force_overwrite=True)
CLIENT = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'])
credentials = BasicLoginCredentials(config['vcd']['username'],
SYSTEM_ORG_NAME,
config['vcd']['password'])
CLIENT.set_credentials(credentials)
org = pyvcloud_utils.get_org(CLIENT, org_name=config['broker']['org'])
vdc = pyvcloud_utils.get_vdc(CLIENT,
vdc_name=config['broker']['vdc'],
org=org)
ORG_HREF = org.href
VDC_HREF = vdc.href
CATALOG_NAME = config['broker']['catalog']
AMQP_USERNAME = config['amqp']['username']
AMQP_PASSWORD = config['amqp']['password']
SYS_ADMIN_LOGIN_CMD = f"login {config['vcd']['host']} system " \
f"{config['vcd']['username']} " \
f"-iwp {config['vcd']['password']} " \
f"-V {config['vcd']['api_version']}"
ORG_ADMIN_LOGIN_CMD = f"login {config['vcd']['host']} " \
f"{config['broker']['org']}" \
f" {ORG_ADMIN_NAME} -iwp {ORG_ADMIN_PASSWORD} " \
f"-V {config['vcd']['api_version']}"
VAPP_AUTHOR_LOGIN_CMD = f"login {config['vcd']['host']} " \
f"{config['broker']['org']} " \
f"{VAPP_AUTHOR_NAME} -iwp {VAPP_AUTHOR_PASSWORD}" \
f" -V {config['vcd']['api_version']}"
USER_LOGIN_CMD_MAP = {
'sys_admin': SYS_ADMIN_LOGIN_CMD,
'org_admin': ORG_ADMIN_LOGIN_CMD,
'vapp_author': VAPP_AUTHOR_LOGIN_CMD
}
test_config = config.get('test')
if test_config is not None:
TEARDOWN_INSTALLATION = test_config.get('teardown_installation', True)
TEARDOWN_CLUSTERS = test_config.get('teardown_clusters', True)
TEST_ALL_TEMPLATES = test_config.get('test_all_templates', False)
def init_environment(config_filepath=BASE_CONFIG_FILEPATH):
"""Set up module variables according to config dict.
:param str config_filepath:
"""
global AMQP_USERNAME, AMQP_PASSWORD, CLIENT, ORG_HREF, VDC_HREF, \
CATALOG_NAME, TEARDOWN_INSTALLATION, TEARDOWN_CLUSTERS, \
TEST_ALL_TEMPLATES
config = testutils.yaml_to_dict(config_filepath)
CLIENT = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'])
credentials = BasicLoginCredentials(config['vcd']['username'],
utils.SYSTEM_ORG_NAME,
config['vcd']['password'])
CLIENT.set_credentials(credentials)
org = utils.get_org(CLIENT, org_name=config['broker']['org'])
vdc = utils.get_vdc(CLIENT, config['broker']['vdc'], org=org)
ORG_HREF = org.href
VDC_HREF = vdc.href
CATALOG_NAME = config['broker']['catalog']
AMQP_USERNAME = config['amqp']['username']
AMQP_PASSWORD = config['amqp']['password']
test_config = config.get('test')
if test_config is not None:
TEARDOWN_INSTALLATION = test_config.get('teardown_installation', True)
TEARDOWN_CLUSTERS = test_config.get('teardown_clusters', True)
TEST_ALL_TEMPLATES = test_config.get('test_all_templates', False)
class VcdAnsibleModule(AnsibleModule):
def __init__(self, *args, **kwargs):
argument_spec = vcd_argument_spec()
argument_spec.update(kwargs.get('argument_spec', dict()))
kwargs['argument_spec'] = argument_spec
super(VcdAnsibleModule, self).__init__(*args, **kwargs)
self.login()
def login(self):
try:
user = self.params.get('user')
password = self.params.get('password')
org = self.params.get('org')
host = self.params.get('host')
api_version = self.params.get('api_version')
verify_ssl_certs = self.params.get('verify_ssl_certs')
# giving more precedence to module level details
user = user if user else os.environ['env_user']
password = password if password else os.environ['env_password']
host = host if host else os.environ['env_host']
org = org if org else os.environ['env_org']
api_version = api_version if api_version else os.environ[
'env_api_version']
verify_ssl_certs = verify_ssl_certs if verify_ssl_certs else os.environ[
'env_verify_ssl_certs']
verify_ssl_certs = False if verify_ssl_certs == "False" else True
self.client = Client(host,
api_version=api_version,
verify_ssl_certs=verify_ssl_certs)
self.client.set_credentials(
BasicLoginCredentials(user, org, password))
except Exception as error:
error = 'Login failed for user {} to org {}'
raise VCDLoginError(error.format(user, org))
def execute_task(self, task):
task_monitor = self.client.get_task_monitor()
task_state = task_monitor.wait_for_status(task=task,
timeout=60,
poll_frequency=2,
fail_on_statuses=None,
expected_target_statuses=[
TaskStatus.SUCCESS,
TaskStatus.ABORTED,
TaskStatus.ERROR,
TaskStatus.CANCELED
],
callback=None)
task_status = task_state.get('status')
if task_status != TaskStatus.SUCCESS.value:
raise Exception(etree.tostring(task_state, pretty_print=True))
return 1
def login(user, org, password):
requests.packages.urllib3.disable_warnings()
client = Client(host,
api_version='29.0',
verify_ssl_certs=False,
log_file='pyvcloud.log',
log_requests=True,
log_headers=True,
log_bodies=True)
client.set_credentials(BasicLoginCredentials(user, org, password))
return client
def client(self):
if self._client is None:
self._client = Client(
self.endpoint,
api_version=self.api_version,
verify_ssl_certs=False,
)
self.client.set_credentials(
BasicLoginCredentials(self.username, self.organization,
self.password))
return self._client
def get_cloudapi_client_from_vcd_client(client: vcd_client.Client,
logger_debug=NULL_LOGGER,
logger_wire=NULL_LOGGER):
token = client.get_access_token()
return cloud_api_client.CloudApiClient(
base_url=client.get_cloudapi_uri(),
token=token,
api_version=client.get_api_version(),
logger_debug=logger_debug,
logger_wire=logger_wire,
verify_ssl=client._verify_ssl_certs,
is_sys_admin=client.is_sysadmin())
def get_all_ovdcs(client: vcd_client.Client):
if client.is_sysadmin():
# use adminOrgVdc in typed query
query = client.get_typed_query(
vcd_client.ResourceType.ADMIN_ORG_VDC.value,
query_result_format=vcd_client.QueryResultFormat.ID_RECORDS)
else:
# use orgVdc in typed query
query = client.get_typed_query(
vcd_client.ResourceType.ORG_VDC.value,
query_result_format=vcd_client.QueryResultFormat.ID_RECORDS)
return list(query.execute())
def check_config(config_file_name, template='*'):
click.secho('Validating CSE on vCD from file: %s' % config_file_name)
config = get_config(config_file_name)
validate_broker_config_elements(config['broker'])
amqp = config['amqp']
credentials = pika.PlainCredentials(amqp['username'], amqp['password'])
parameters = pika.ConnectionParameters(
amqp['host'], amqp['port'], '/', credentials, ssl=amqp['ssl'])
connection = pika.BlockingConnection(parameters)
click.echo('Connected to AMQP server (%s:%s): %s' %
(amqp['host'], amqp['port'], bool_to_msg(connection.is_open)))
connection.close()
v = VSphere(
config['vcs']['host'],
config['vcs']['username'],
config['vcs']['password'],
port=int(config['vcs']['port']))
v.connect()
click.echo('Connected to vCenter Server as %s '
'(%s:%s): %s' % (config['vcs']['username'],
config['vcs']['host'], config['vcs']['port'],
bool_to_msg(True)))
if not config['vcd']['verify']:
click.secho(
'InsecureRequestWarning: '
'Unverified HTTPS request is being made. '
'Adding certificate verification is strongly '
'advised.',
fg='yellow',
err=True)
requests.packages.urllib3.disable_warnings()
client = Client(
config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'],
log_file='cse.log',
log_headers=True,
log_bodies=True)
client.set_credentials(
BasicLoginCredentials(config['vcd']['username'], 'System',
config['vcd']['password']))
click.echo('Connected to vCloud Director as system '
'administrator (%s:%s): %s' % (config['vcd']['host'],
config['vcd']['port'],
bool_to_msg(True)))
click.secho('Validating \'%s\' service broker' % config['broker']['type'])
if config['broker']['type'] == 'default':
validate_broker_config_content(config, client, template)
return config
def get_vsphere(config, vapp, vm_name, logger=None):
"""Get the VSphere object for a specific VM inside a VApp.
:param dict config: CSE config as a dictionary
:param pyvcloud.vcd.vapp.VApp vapp: VApp used to get the VM ID.
:param str vm_name:
:param logging.Logger logger: optional logger to log with.
:return: VSphere object for a specific VM inside a VApp
:rtype: vsphere_guest_run.vsphere.VSphere
"""
global cache
# get vm id from vm resource
vm_id = vapp.get_vm(vm_name).get('id')
if vm_id not in cache:
client = Client(uri=config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'],
log_headers=True,
log_bodies=True)
credentials = BasicLoginCredentials(config['vcd']['username'],
SYSTEM_ORG_NAME,
config['vcd']['password'])
client.set_credentials(credentials)
# must recreate vapp, or cluster creation fails
vapp = VApp(client, href=vapp.href)
vm_resource = vapp.get_vm(vm_name)
vm_sys = VM(client, resource=vm_resource)
vcenter_name = vm_sys.get_vc()
platform = Platform(client)
vcenter = platform.get_vcenter(vcenter_name)
vcenter_url = urlparse(vcenter.Url.text)
cache_item = {
'hostname': vcenter_url.hostname,
'port': vcenter_url.port
}
for vc in config['vcs']:
if vc['name'] == vcenter_name:
cache_item['username'] = vc['username']
cache_item['password'] = vc['password']
break
cache[vm_id] = cache_item
if logger:
logger.debug(f"VM ID: {vm_id}, Hostname: {cache[vm_id]['hostname']}")
return VSphere(cache[vm_id]['hostname'], cache[vm_id]['username'],
cache[vm_id]['password'], cache[vm_id]['port'])
def connect_vcd_user_via_token(tenant_auth_token):
server_config = get_server_runtime_config()
vcd_uri = server_config['vcd']['host']
version = server_config['vcd']['api_version']
verify_ssl_certs = server_config['vcd']['verify']
client_tenant = Client(uri=vcd_uri,
api_version=version,
verify_ssl_certs=verify_ssl_certs,
log_file=SERVER_DEBUG_WIRELOG_FILEPATH,
log_requests=True,
log_headers=True,
log_bodies=True)
session = client_tenant.rehydrate_from_token(tenant_auth_token)
return (client_tenant, session)
def _connect_sysadmin(self):
if not self.verify:
LOGGER.warning('InsecureRequestWarning: '
'Unverified HTTPS request is being made. '
'Adding certificate verification is strongly '
'advised.')
requests.packages.urllib3.disable_warnings()
self.client_sysadmin = Client(uri=self.host,
api_version=self.version,
verify_ssl_certs=self.verify,
log_headers=True,
log_bodies=True)
self.client_sysadmin.set_credentials(
BasicLoginCredentials(self.username, 'System', self.password))
def connect_tenant(self, headers):
token = headers.get('x-vcloud-authorization')
accept_header = headers.get('Accept')
version = accept_header.split('version=')[1]
client_tenant = Client(uri=self.config['vcd']['host'],
api_version=version,
verify_ssl_certs=self.config['vcd']['verify'],
log_headers=True,
log_bodies=True)
session = client_tenant.rehydrate_from_token(token)
return (
client_tenant,
session,
)
def __new__(cls, client: vcd_client.Client, k8_runtime=None):
"""Create the right cluster class for the negotiated API version.
In case of ApiVersion.VERSION_35, return specific instance if the
cluster kind is known up-front.
If the cluster entity kind is unknown, return instance of
DefEntityCluster for all common operations like get_cluster_info(),
list_clusters()
:param pyvcloud.vcd.client client: vcd client
:param dict cluster_config: cluster configuration
:return: instance of version specific client side cluster
"""
api_version = client.get_api_version()
if float(api_version) < float(
vcd_client.ApiVersion.VERSION_35.value): # noqa: E501
return LegacyClusterNative(client)
elif float(api_version) >= float(
vcd_client.ApiVersion.VERSION_35.value): # noqa: E501
if k8_runtime == ClusterEntityKind.NATIVE.value or k8_runtime == ClusterEntityKind.TKG_PLUS.value: # noqa: E501
return DEClusterNative(client)
elif k8_runtime == ClusterEntityKind.TKG.value:
return DEClusterTKG(client)
else:
return DECluster(client)
def get_missing_rights_for_cluster_force_delete(client: vcd_client.Client,
is_cluster_owner=False,
logger=NULL_LOGGER) -> set:
"""
Find the missing rights for force-deleting the cluster.
:param vcd_client.Client client: current client
:param bool is_cluster_owner: true if the client is cluster owner
:param logging.Logger logger: logger to record errors.
:return: all missing rights
:rtype: set
:raises: OperationNotSupportedException
:raises: Exception for any unexpected errors
"""
role_name = ""
try:
role_name = get_user_role_name(client)
org_obj = vcd_org.Org(client, resource=client.get_org())
role_obj = vcd_role.Role(
client,
resource=org_obj.get_role_resource(role_name)) # noqa: E501
logger.debug(f"role_name:{role_name}")
role_rights = set()
for right_dict in role_obj.list_rights():
role_rights.update(right_dict.values())
logger.debug(f"rights of role:{role_name}--{role_rights}")
missing_rights = set()
if not server_constants.VAPP_DELETE_RIGHTS.issubset(role_rights):
missing_rights.update(server_constants.VAPP_DELETE_RIGHTS)
if not server_constants.DNAT_DELETE_RIGHTS.issubset(role_rights):
missing_rights.update(server_constants.DNAT_DELETE_RIGHTS)
if is_cluster_owner:
if not server_constants.CSE_NATIVE_CLUSTER_FULL_ACCESS_RIGHTS.issubset(
role_rights
) and not server_constants.CSE_NATIVE_CLUSTER_ADMINISTRATOR_FULL_ACCESS_RIGHTS.issubset(
role_rights): # noqa: E501
missing_rights.update(
server_constants.CSE_NATIVE_CLUSTER_FULL_ACCESS_RIGHTS
) # noqa: E501
else:
if not server_constants.CSE_NATIVE_CLUSTER_ADMINISTRATOR_FULL_ACCESS_RIGHTS.issubset(
role_rights): # noqa: E501
missing_rights.update(
server_constants.
CSE_NATIVE_CLUSTER_ADMINISTRATOR_FULL_ACCESS_RIGHTS
) # noqa: E501
except OperationNotSupportedException as err:
logger.warning(
f"Cannot determine the rights associated with role:{role_name} {err}"
) # noqa: E501
raise
except Exception as err:
logger.warning(
f"Cannot determine the rights associated with role:{role_name} {err}"
) # noqa: E501
raise
logger.debug(f"missing rights of role:{role_name}--{missing_rights}")
return missing_rights
def vcd_login(host, user, password, org):
logging.basicConfig(level=logging.DEBUG)
logging.info("login called")
client = Client(host,
api_version="27.0",
verify_ssl_certs=False,
log_file='vcd.log',
log_requests=True,
log_headers=True,
log_bodies=True)
try:
client.set_credentials(BasicLoginCredentials(user, org, password))
return client
except Exception as e:
print('error occured', e)
def _authenticate(self):
_password = self.templar.template(self.get_option('password'))
if not _password:
raise AnsibleError(f"Password returned None. Check and try again.")
try:
self.client = Client(
self.get_option('host'),
api_version=self.get_option('api_version'),
verify_ssl_certs=self.get_option('verify_ssl_certs'),
log_file=None)
self.client.set_credentials(
BasicLoginCredentials(self.get_option('user'),
self.get_option('org'), _password))
except Exception as e:
raise AnsibleError(f"Failed to login to endpoint. MSG: {e}")
def get_org_name_from_ovdc_id(sysadmin_client: vcd_client.Client, vdc_id):
"""Get org_name from vdc_id using OVDC_TO_ORG_MAP.
Update OVDC_TO_ORG_MAP for new {org_name:vdc_id} pair
:param vdc_id: unique ovdc id
:return: org_name
:rtype: str
"""
raise_error_if_not_sysadmin(sysadmin_client)
if vdc_id in OVDC_TO_ORG_MAP:
return OVDC_TO_ORG_MAP.get(vdc_id)
vdc_href = f"{sysadmin_client.get_api_uri()}/vdc/{vdc_id}"
vdc_resource = sysadmin_client.get_resource(get_admin_href(vdc_href))
vdc_obj = VDC(sysadmin_client, resource=vdc_resource)
link = vcd_client.find_link(vdc_obj.get_resource(),
vcd_client.RelationType.UP,
vcd_client.EntityType.ADMIN_ORG.value)
org = vcd_org.Org(sysadmin_client, href=link.href)
OVDC_TO_ORG_MAP[vdc_id] = org.get_name()
return org.get_name()
def get_cloudapi_client_from_vcd_client(client: vcd_client.Client,
logger_debug=NULL_LOGGER,
logger_wire=NULL_LOGGER):
token = client.get_access_token()
is_jwt = True
if not token:
token = client.get_xvcloud_authorization_token()
is_jwt = False
return cloudApiClient.CloudApiClient(base_url=client.get_cloudapi_uri(),
token=token,
is_jwt_token=is_jwt,
api_version=client.get_api_version(),
logger_debug=logger_debug,
logger_wire=logger_wire,
verify_ssl=client._verify_ssl_certs,
is_sys_admin=client.is_sysadmin())
def get_org_name_href_from_ovdc_id(sysadmin_client: vcd_client.Client, vdc_id):
"""Get org name and href from vdc_id using OVDC_TO_ORG_MAP.
Update OVDC_TO_ORG_MAP for new vdc_id
:param vdc_id: unique ovdc id
:return: org's name and href
:rtype: dict
"""
raise_error_if_user_not_from_system_org(sysadmin_client)
if vdc_id in OVDC_TO_ORG_MAP:
return OVDC_TO_ORG_MAP.get(vdc_id)
vdc_href = f"{sysadmin_client.get_api_uri()}/vdc/{vdc_id}"
vdc_resource = sysadmin_client.get_resource(get_admin_href(vdc_href))
vdc_obj = VDC(sysadmin_client, resource=vdc_resource)
link = vcd_client.find_link(vdc_obj.get_resource(),
vcd_client.RelationType.UP,
vcd_client.EntityType.ADMIN_ORG.value)
org_href = link.href
org = vcd_org.Org(sysadmin_client, href=org_href)
org_name = org.get_name()
result = {'name': org_name, 'href': org_href}
OVDC_TO_ORG_MAP[vdc_id] = result
return result
def setUpClass(cls):
config_file = 'config.yml'
if 'VCD_TEST_CONFIG_FILE' in os.environ:
config_file = os.environ['VCD_TEST_CONFIG_FILE']
with open(config_file, 'r') as f:
cls.config = yaml.safe_load(f)
if not cls.config['vcd']['verify'] and \
cls.config['vcd']['disable_ssl_warnings']:
requests.packages.urllib3.disable_warnings()
cls.client = Client(
cls.config['vcd']['host'],
api_version=cls.config['vcd']['api_version'],
verify_ssl_certs=cls.config['vcd']['verify'],
log_file='pyvcloud.log',
log_requests=True,
log_headers=True,
log_bodies=True)
cls.client.set_credentials(
BasicLoginCredentials(cls.config['vcd']['user'],
cls.config['vcd']['org'],
cls.config['vcd']['password']))
logging.basicConfig(
filename='tests.log',
level=logging.DEBUG,
format='%(asctime)s %(name)-12s %(lineno)s '
'%(levelname)-8s %(message)s',
datefmt='%m-%d %H:%M:%S')
cls.logger = logging.getLogger(__name__)
class VcdAnsibleModule(AnsibleModule):
def __init__(self, *args, **kwargs):
argument_spec = vcd_argument_spec()
argument_spec.update(kwargs.get('argument_spec', dict()))
kwargs['argument_spec'] = argument_spec
super(VcdAnsibleModule, self).__init__(*args, **kwargs)
self.login()
def login(self):
try:
user = self.params.get('user')
password = self.params.get('password')
org = self.params.get('org')
host = self.params.get('host')
api_version = self.params.get('api_version')
verify_ssl_certs = self.params.get('verify_ssl_certs')
self.client = Client(host,
api_version=api_version,
verify_ssl_certs=verify_ssl_certs)
self.client.set_credentials(
BasicLoginCredentials(user, org, password))
except Exception as error:
self.fail_json(
msg='Login failed for user {} to org {}'.format(user, org))
def execute_task(self, task):
task_monitor = self.client.get_task_monitor()
task_state = task_monitor.wait_for_status(task=task,
timeout=60,
poll_frequency=2,
fail_on_statuses=None,
expected_target_statuses=[
TaskStatus.SUCCESS,
TaskStatus.ABORTED,
TaskStatus.ERROR,
TaskStatus.CANCELED
],
callback=None)
task_status = task_state.get('status')
if task_status != TaskStatus.SUCCESS.value:
raise Exception(etree.tostring(task_state, pretty_print=True))
return 1
def vcd_login(host, user, password, org):
logging.basicConfig(level=logging.DEBUG)
logging.info("login called")
client = Client(
host,
api_version="27.0",
verify_ssl_certs=False,
log_file='vcd.log',
log_requests=True,
log_headers=True,
log_bodies=True)
try:
client.set_credentials(BasicLoginCredentials(user, org, password))
return client
except Exception as e:
print('error occured', e)
class VcdAnsibleModule(AnsibleModule):
def __init__(self, *args, **kwargs):
argument_spec = vcd_argument_spec()
argument_spec.update(kwargs.get('argument_spec', dict()))
kwargs['argument_spec'] = argument_spec
super(VcdAnsibleModule, self).__init__(*args, **kwargs)
self.login()
def login(self):
try:
user = self.params.get('user')
password = self.params.get('password')
org = self.params.get('org')
host = self.params.get('host')
api_version = self.params.get('api_version')
verify_ssl_certs = self.params.get('verify_ssl_certs')
self.client = Client(host,
api_version=api_version,
verify_ssl_certs=verify_ssl_certs)
self.client.set_credentials(BasicLoginCredentials(user, org, password))
except Exception as error:
error = 'Login failed for user {} to org {}'
raise VCDLoginError(error.format(user, org))
def execute_task(self, task):
task_monitor = self.client.get_task_monitor()
task_state = task_monitor.wait_for_status(
task=task,
timeout=60,
poll_frequency=2,
fail_on_statuses=None,
expected_target_statuses=[
TaskStatus.SUCCESS, TaskStatus.ABORTED, TaskStatus.ERROR,
TaskStatus.CANCELED
],
callback=None)
task_status = task_state.get('status')
if task_status != TaskStatus.SUCCESS.value:
raise Exception(etree.tostring(task_state, pretty_print=True))
return 1
def vcd_login_with_token(host):
logging.basicConfig(level=logging.DEBUG)
logging.info("INIT vcd_login_with_token")
profiles = Profiles.load()
token = profiles.get('token')
client = Client(
host,
api_version="27.0",
verify_ssl_certs=False,
log_file='vcd.log',
log_requests=True,
log_headers=True,
log_bodies=True)
try:
client.rehydrate_from_token(token)
x = client._session.headers['x-vcloud-authorization']
logging.info(" ===== X VCloud ========\n \n" + x + "\n \n")
except Exception as e:
print('error occured', e)
def vcd_login(context, lc):
logging.info("__INIT__vcd_login [%s]", lc)
login_path = ""
client = Client(
lc.ip,
api_version="27.0",
verify_ssl_certs=not lc.allow_insecure_flag,
log_file='vcd.log',
log_requests=True,
log_headers=True,
log_bodies=True)
try:
if lc.use_vcd_cli_profile:
login_path = "rehydrate_from_token"
profiles = Profiles.load()
token = profiles.get('token')
client.rehydrate_from_token(token)
else:
login_path = "set_credentials"
client.set_credentials(
BasicLoginCredentials(lc.username, lc.org, lc.password))
vref = VCDClientRef()
vref.set_ref(client)
logging.debug('LOGIN VIA :[{0}] ARG :[{1}]'.format(
login_path, str(lc)))
return client
except Exception as e:
traceback.print_exc()
error_message = 'ERROR IN LOGIN .. Exception [{0}] LOGIN VIA :[{1}] ARG :[{2}]'.format(
str(e), login_path, str(lc))
error_message = error_message.replace('\n', ' ')
context.set_code(grpc.StatusCode.INVALID_ARGUMENT)
context.set_details(error_message)
raise
def restore_session(ctx, vdc_required=False):
if type(
ctx.obj
) is dict and 'client' in ctx.obj and ctx.obj['client'] is not None:
return
profiles = Profiles.load()
token = profiles.get('token')
if token is None or len(token) == 0:
raise Exception('Can\'t restore session, please login again.')
if not profiles.get('verify'):
if profiles.get('disable_warnings'):
pass
else:
click.secho(
'InsecureRequestWarning: '
'Unverified HTTPS request is being made. '
'Adding certificate verification is strongly '
'advised.',
fg='yellow',
err=True)
requests.packages.urllib3.disable_warnings()
client = Client(
profiles.get('host'),
api_version=profiles.get('api_version'),
verify_ssl_certs=profiles.get('verify'),
log_file='vcd.log',
log_requests=profiles.get('log_request'),
log_headers=profiles.get('log_header'),
log_bodies=profiles.get('log_body'))
client.rehydrate(profiles)
ctx.obj = {}
ctx.obj['client'] = client
ctx.obj['profiles'] = profiles
if vdc_required:
if not ctx.obj['profiles'].get('vdc_in_use') or \
not ctx.obj['profiles'].get('vdc_href'):
raise Exception('select a virtual datacenter')
def login(self):
try:
user = self.params.get('user')
password = self.params.get('password')
org = self.params.get('org')
host = self.params.get('host')
api_version = self.params.get('api_version')
verify_ssl_certs = self.params.get('verify_ssl_certs')
self.client = Client(host,
api_version=api_version,
verify_ssl_certs=verify_ssl_certs)
self.client.set_credentials(BasicLoginCredentials(user, org, password))
except Exception as error:
error = 'Login failed for user {} to org {}'
raise VCDLoginError(error.format(user, org))
# Load the YAML configuration and convert to an object with properties for
# top-level entries. Values are either scalar variables, dictionaries,
# or lists depending on the structure of the YAML.
with open(config_yaml, "r") as config_file:
config_dict = yaml.safe_load(config_file)
cfg = namedtuple('ConfigObject', config_dict.keys())(**config_dict)
# Disable warnings from self-signed certificates.
requests.packages.urllib3.disable_warnings()
# Login. SSL certificate verification is turned off to allow self-signed
# certificates. You should only do this in trusted environments.
print("Logging in...")
client = Client(cfg.vcd_host, verify_ssl_certs=False,
log_file='pyvcloud.log',
log_requests=True,
log_headers=True,
log_bodies=True)
client.set_highest_supported_version()
client.set_credentials(BasicLoginCredentials(cfg.vcd_admin_user,
"System", cfg.vcd_admin_password))
# Ensure the org exists.
print("Fetching org...")
try:
# This call gets a record that we can turn into an Org class.
org_record = client.get_org_by_name(cfg.org)
org = Org(client, href=org_record.get('href'))
print("Org already exists: {0}".format(org.get_name()))
except Exception:
print("Org does not exist, creating: {0}".format(cfg.org))
def vcd_login(host, user, password, org):
logging.basicConfig(level=logging.DEBUG)
logging.info("login called")
client = Client(
host,
api_version="27.0",
verify_ssl_certs=False,
log_file='vcd.log',
log_requests=True,
log_headers=True,
log_bodies=True)
try:
client.set_credentials(BasicLoginCredentials(user, org, password))
x = client._session.headers['x-vcloud-authorization']
logging.info(" ===== X VCloud ========\n \n" + x + "\n \n")
logged_in_org = client.get_org()
org = Org(client, resource=logged_in_org)
v = org.get_vdc('OVD2')
vdc = VDC(client, href=v.get('href'))
vapp = vdc.get_vapp('cento_vapp11_2')
nconfig_section = vapp.NetworkConfigSection
nconfig = nconfig_section.findall(
"{http://www.vmware.com/vcloud/v1.5}NetworkConfig")
for i in range(0, len(nconfig)):
print(nconfig[i].get('networkName'))
##print(etree.tostring(nconfig[0], pretty_print=True))
#pRes= catalog.isPresent(client,"c1")
# res=catalog.create(client,"c44","c44",True)
#logging.info(" is create ===== \n \n "+ str(res.created)+ "\n \n ")
#logging.info("\n\n=====callling upload ova===\n")
#catalog_item.upload_ova(client,"c44","/home/iso/tiny.ova",item_name="tiny3.ova")
#logging.info("\n\n=====upload done ===\n ")
#logging.info(" Delete ===== \n \n "+ str(catalog.delete(client,"c3").deleted)+ "\n \n ")
#logging.info(" Delete ===== \n \n "+ str(catalog.delete(client,"c4").deleted)+ "\n \n ")
#vappInfo=pyvcloudprovider_pb2.CreateVAppInfo()
#vappInfo.name="vappacc2"
#vappInfo.catalog_name="c1"
#vappInfo.template_name="cento_tmpl1"
#vapp.create(client,vappInfo)
#delVappInfo=pyvcloudprovider_pb2.DeleteVAppInfo()
#delVappInfo.name="vappacc2"
#vapp.delete(client,delVappInfo)
#ovaInfo=pyvcloudprovider_pb2.CatalogUploadOvaInfo()
#ovaInfo.item_name="item1"
#ovaInfo.catalog_name="testcata1"
#ovaInfo.file_path="/Users/srinarayana/vmws/tiny.ova"
# catalog_item.ova_check_resolved(client,ovaInfo)
#vappInfo.template_name="cento_tmpl1"
#vapp.create(client,vappInfo)
return client
except Exception as e:
print('error occured', e)
sys.exit(1)
vcd_host = sys.argv[1]
org = sys.argv[2]
user = sys.argv[3]
password = sys.argv[4]
# Disable warnings from self-signed certificates.
requests.packages.urllib3.disable_warnings()
# Login. SSL certificate verification is turned off to allow self-signed
# certificates. You should only do this in trusted environments.
print("Logging in: host={0}, org={1}, user={2}".format(vcd_host, org, user))
client = Client(vcd_host,
api_version='29.0',
verify_ssl_certs=False,
log_file='pyvcloud.log',
log_requests=True,
log_headers=True,
log_bodies=True)
client.set_credentials(BasicLoginCredentials(user, org, password))
print("Fetching vCD installation info...")
results = client.get_resource(
client._session_endpoints[_WellKnownEndpoint.ADMIN])
for k, v in results.items():
print("Key: {0} Value: {1}".format(k, v))
# Log out.
print("Logging out")
client.logout()
user = sys.argv[3]
password = sys.argv[4]
vdc = sys.argv[5]
vapp = sys.argv[6]
vm = sys.argv[7]
# Disable warnings from self-signed certificates.
requests.packages.urllib3.disable_warnings()
# Login. SSL certificate verification is turned off to allow self-signed
# certificates. You should only do this in trusted environments.
print("Logging in: host={0}, org={1}, user={2}".format(host, org, user))
client = Client(host,
api_version='27.0',
verify_ssl_certs=False,
log_file='pyvcloud.log',
log_requests=True,
log_headers=True,
log_bodies=True)
client.set_credentials(BasicLoginCredentials(user, org, password))
task_monitor = client.get_task_monitor()
print("Fetching Org...")
org_resource = client.get_org()
org = Org(client, resource=org_resource)
print("Fetching VDC...")
vdc_resource = org.get_vdc(vdc)
vdc = VDC(client, resource=vdc_resource)
print("Fetching vApp...")
# Collect arguments.
if len(sys.argv) != 5:
print("Usage: python3 {0} host org user password".format(sys.argv[0]))
sys.exit(1)
host = sys.argv[1]
org = sys.argv[2]
user = sys.argv[3]
password = sys.argv[4]
# Disable warnings from self-signed certificates.
requests.packages.urllib3.disable_warnings()
# Login. SSL certificate verification is turned off to allow self-signed
# certificates. You should only do this in trusted environments.
print("Logging in: host={0}, org={1}, user={2}".format(host, org, user))
client = Client(host, verify_ssl_certs=False)
client.set_highest_supported_version()
client.set_credentials(BasicLoginCredentials(user, org, password))
print("Fetching Org...")
org = Org(client, resource=client.get_org())
print("Fetching VDCs...")
for vdc_info in org.list_vdcs():
name = vdc_info['name']
href = vdc_info['href']
print("VDC name: {0}\n href: {1}".format(
vdc_info['name'], vdc_info['href']))
vdc = VDC(client, resource=org.get_vdc(vdc_info['name']))
print("{0}{1}".format("Name".ljust(40), "Type"))
print("{0}{1}".format("----".ljust(40), "----"))
for resource in vdc.list_resources():
def login(ctx, user, host, password, api_version, org, verify_ssl_certs,
disable_warnings, vdc, session_id, use_browser_session):
"""Login to vCloud Director
\b
Login to a vCloud Director service.
\b
Examples
vcd login mysp.com org1 usr1
Login to host 'mysp.com'.
\b
vcd login test.mysp.com org1 usr1 -i -w
Login to a host with self-signed SSL certificate.
\b
vcd login mysp.com org1 usr1 --use-browser-session
Login using active session from browser.
\b
vcd login session list chrome
List active session ids from browser.
\b
vcd login mysp.com org1 usr1 \\
--session-id ee968665bf3412d581bbc6192508eec4
Login using active session id.
\b
Environment Variables
VCD_PASSWORD
If this environment variable is set, the command will use its value
as the password to login and will not ask for one. The --password
option has precedence over the environment variable.
"""
if not verify_ssl_certs:
if disable_warnings:
pass
else:
click.secho(
'InsecureRequestWarning: '
'Unverified HTTPS request is being made. '
'Adding certificate verification is strongly '
'advised.',
fg='yellow',
err=True)
requests.packages.urllib3.disable_warnings()
if host == 'session' and org == 'list':
sessions = []
if user == 'chrome':
cookies = browsercookie.chrome()
for c in cookies:
if c.name == 'vcloud_session_id':
sessions.append({'host': c.domain, 'session_id': c.value})
stdout(sessions, ctx)
return
client = Client(
host,
api_version=api_version,
verify_ssl_certs=verify_ssl_certs,
log_file='vcd.log',
log_requests=True,
log_headers=True,
log_bodies=True)
try:
if api_version is None:
api_version = client.set_highest_supported_version()
if session_id is not None or use_browser_session:
if use_browser_session:
browser_session_id = None
cookies = browsercookie.chrome()
for c in cookies:
if c.name == 'vcloud_session_id' and \
c.domain == host:
browser_session_id = c.value
break
if browser_session_id is None:
raise Exception('Session not found in browser.')
session_id = browser_session_id
client.rehydrate_from_token(session_id)
else:
if password is None:
password = click.prompt('Password', hide_input=True, type=str)
client.set_credentials(BasicLoginCredentials(user, org, password))
wkep = {}
for endpoint in _WellKnownEndpoint:
if endpoint in client._session_endpoints:
wkep[endpoint.name] = client._session_endpoints[endpoint]
profiles = Profiles.load()
logged_in_org = client.get_org()
org_href = logged_in_org.get('href')
vdc_href = ''
in_use_vdc = ''
if vdc is None:
for v in get_links(logged_in_org, media_type=EntityType.VDC.value):
in_use_vdc = v.name
vdc_href = v.href
break
else:
for v in get_links(logged_in_org, media_type=EntityType.VDC.value):
if vdc == v.name:
in_use_vdc = v.name
vdc_href = v.href
break
if len(in_use_vdc) == 0:
raise Exception('VDC not found')
profiles.update(
host,
org,
user,
client._session.headers['x-vcloud-authorization'],
api_version,
wkep,
verify_ssl_certs,
disable_warnings,
vdc=in_use_vdc,
org_href=org_href,
vdc_href=vdc_href,
log_request=True,
log_header=True,
log_body=True,
vapp='',
vapp_href='')
alt_text = '%s logged in, org: \'%s\', vdc: \'%s\'' % \
(user, org, in_use_vdc)
stdout({
'user': user,
'org': org,
'vdc': in_use_vdc,
'logged_in': True
}, ctx, alt_text)
except Exception as e:
try:
profiles = Profiles.load()
profiles.set('token', '')
except Exception:
pass
stderr(e, ctx)
#!/usr/bin/env python3
import os
from pyvcloud.vcd.client import BasicLoginCredentials
from pyvcloud.vcd.client import Client
from pyvcloud.vcd.client import EntityType
from pyvcloud.vcd.org import Org
from pyvcloud.vcd.vdc import VDC
import requests
requests.packages.urllib3.disable_warnings()
client = Client('bos1-vcd-sp-static-202-34.eng.vmware.com',
verify_ssl_certs=False)
client.set_highest_supported_version()
client.set_credentials(BasicLoginCredentials('usr1', 'org1', 'ca$hc0w'))
org = Org(client, resource=client.get_org())
vdc = VDC(client, resource=org.get_vdc('vdc1'))
for resource in vdc.list_resources():
print('%s%s' % (resource['name'].ljust(40),
resource['type']))
client.logout()
