Skip to content

Commit

Permalink
Allow overriding the ApiClient scheme/host/verify_ssl
Browse files Browse the repository at this point in the history
  • Loading branch information
@agrare
agrare committed Feb 22, 2024
1 parent bfd080e commit dff0a58
Show file tree
Hide file tree
Showing 2 changed files with 90 additions and 8 deletions.
49 changes: 45 additions & 4 deletions app/models/manageiq/providers/cisco_intersight/manager_mixin.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ def connect(options = {})
key = authentication_password
raise MiqException::MiqHostError, "No credentials defined" if !keyid || !key

api_client = self.class.raw_connect(keyid, key)
api_client = self.class.raw_connect(default_endpoint&.url, default_endpoint&.verify_ssl, keyid, key)

service = options.delete(:service)
if service
Expand Down Expand Up @@ -49,6 +49,34 @@ def params_for_create
:isRequired => true,
:validationDependencies => %w[type zone_id],
:fields => [
{
:component => "select",
:id => "endpoints.default.verify_ssl",
:name => "endpoints.default.verify_ssl",
:label => _("SSL verification"),
:dataType => "integer",
:isRequired => true,
:initialValue => OpenSSL::SSL::VERIFY_PEER,
:options => [
{
:label => _('Do not verify'),
:value => OpenSSL::SSL::VERIFY_NONE,
},
{
:label => _('Verify'),
:value => OpenSSL::SSL::VERIFY_PEER,
},
]
},
{
:component => "text-field",
:id => "endpoints.default.url",
:name => "endpoints.default.url",
:label => _("Endpoint URL"),
:initialValue => "https://intersight.com",
:isRequired => true,
:validate => [{:type => "required"}]
},
{
:component => "text-field",
:id => "authentications.default.userid",
Expand Down Expand Up @@ -89,11 +117,14 @@ def params_for_create
# }

def verify_credentials(args)
endpoint = args.dig("endpoints", "default")
authentication = args.dig("authentications", "default")
keyid, enc_key = authentication&.values_at("userid", "password")

url, verify_ssl = endpoint&.values_at("url", "verify_ssl")
keyid, enc_key = authentication&.values_at("userid", "password")
key = ManageIQ::Password.try_decrypt(enc_key)

verify_provider_connection(raw_connect(keyid, key))
verify_provider_connection(raw_connect(url, verify_ssl, keyid, key))
end

def verify_provider_connection(api_client)
Expand All @@ -108,11 +139,21 @@ def verify_provider_connection(api_client)
end
end

def raw_connect(key_id, key)
def raw_connect(url, verify_ssl, key_id, key)
require "intersight_client"

uri = URI.parse(url || "https://intersight.com")
scheme = uri.scheme
host = "#{uri.host}:#{uri.port}"

verify_ssl = OpenSSL::SSL::VERIFY_PEER if verify_ssl.nil?
verify_ssl = verify_ssl == OpenSSL::SSL::VERIFY_PEER

IntersightClient::ApiClient.new(
IntersightClient::Configuration.new do |config|
config.scheme = scheme
config.host = host
config.verify_ssl = verify_ssl
config.api_key = key
config.api_key_id = key_id
end
Expand Down
49 changes: 45 additions & 4 deletions spec/models/manageiq/providers/cisco_intersight/physical_infra_manager_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,24 @@
context ".raw_connect" do
it "connects with key_id and secret key" do
expect(IntersightClient::Configuration).to receive(:new).and_yield(config_mock)
expect(config_mock).to receive(:scheme=).with("https")
expect(config_mock).to receive(:host=).with("intersight.com:443")
expect(config_mock).to receive(:verify_ssl=).with(true)
expect(config_mock).to receive(:api_key_id=).with("keyid")
expect(config_mock).to receive(:api_key=).with("secretkey")

described_class.raw_connect("keyid", "secretkey")
described_class.raw_connect("https://intersight.com", OpenSSL::SSL::VERIFY_PEER, "keyid", "secretkey")
end

it "defaults to url=https://intersight.com and verify_ssl=true" do
expect(IntersightClient::Configuration).to receive(:new).and_yield(config_mock)
expect(config_mock).to receive(:scheme=).with("https")
expect(config_mock).to receive(:host=).with("intersight.com:443")
expect(config_mock).to receive(:verify_ssl=).with(true)
expect(config_mock).to receive(:api_key_id=).with("keyid")
expect(config_mock).to receive(:api_key=).with("secretkey")

described_class.raw_connect(nil, nil, "keyid", "secretkey")
end
end

Expand All @@ -37,17 +51,44 @@
end

context "#connect" do
it "aborts on missing credentials" do
ems = FactoryBot.create(:ems_cisco_intersight_physical_infra)
expect { ems.connect }.to raise_error(MiqException::MiqHostError)
context "with missing credentials" do
let(:ems) { FactoryBot.create(:ems_cisco_intersight_physical_infra) }

it "aborts" do
expect { ems.connect }.to raise_error(MiqException::MiqHostError)
end
end

it "connects with key_id and secret key" do
expect(IntersightClient::Configuration).to receive(:new).and_yield(config_mock)
expect(config_mock).to receive(:scheme=).with("https")
expect(config_mock).to receive(:host=).with("intersight.com:443")
expect(config_mock).to receive(:verify_ssl=).with(true)
expect(config_mock).to receive(:api_key_id=).with("keyid")
expect(config_mock).to receive(:api_key=).with("secretkey")

ems.connect
end

context "with an alternate URL" do
let(:url) { "http://intersight.localdomain:8080" }
let(:ems) do
FactoryBot.create(:ems_cisco_intersight_physical_infra, :auth).tap do |ems|
ems.default_endpoint.url = url
ems.default_endpoint.verify_ssl = OpenSSL::SSL::VERIFY_NONE
end
end

it "connects with the alternate host" do
expect(IntersightClient::Configuration).to receive(:new).and_yield(config_mock)
expect(config_mock).to receive(:scheme=).with("http")
expect(config_mock).to receive(:host=).with("intersight.localdomain:8080")
expect(config_mock).to receive(:verify_ssl=).with(false)
expect(config_mock).to receive(:api_key_id=).with("keyid")
expect(config_mock).to receive(:api_key=).with("secretkey")

ems.connect
end
end
end
end

0 comments on commit dff0a58

Please sign in to comment.