Sync from SUSE:SLFO:Main python-pyvmomi revision 7d02bf0700e73809f2756570c6cdcf85

This commit is contained in:
2025-02-07 18:38:33 +01:00
commit 870f8f7b57
5 changed files with 968 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

View File

@@ -0,0 +1,528 @@
From 9a8956f7b4a91b491e63454b3eb3c59d4abb8a31 Mon Sep 17 00:00:00 2001
From: ddraganov <ddraganov@vmware.com>
Date: Wed, 31 Jul 2024 10:56:55 +0300
Subject: [PATCH] pyVmomi pinned certificates support
New:
SoapStubAdapter and the connect.py wrappers now allows passing a serverPemCert parameter.
serverPemCert is an ASCII string of a PEM-encoded SSL certificate of the host to which a connection is attempted. A replacement of thumbprint. If both fields are set, thumbprint should match serverPemCert.
CertificateMismatchException is thrown when there's a mismatch.
If the standard SSL verifications fails
if serverPemCert or thumbprint is provided try to connect with an unverified connection and try to match the peer certificate
else fail
pyVmomi now has a single point of establishing a server connection SoapAdapter._Connect()
Breaking changes in SoapAdapter.py:
HTTPProxyConnection is removed because it is unnecessary as the connection logic is now streamlined
SSLTunnelConnection is removed and replaced by _SSLTunnelConnection which inherits Python's standard HTTPSConnection.
UnixSocketConnection is removed and replaced by _UnixSocketConnection which inherits Python's standard HTTPConnection.
---
pyVim/connect.py | 41 +++++++-
pyVmomi/Security.py | 38 ++++++++
pyVmomi/SoapAdapter.py | 214 +++++++++++++++++++++++++----------------
3 files changed, 207 insertions(+), 86 deletions(-)
diff --git a/pyVim/connect.py b/pyVim/connect.py
index 0609040..437065c 100644
--- a/pyVim/connect.py
+++ b/pyVim/connect.py
@@ -211,6 +211,7 @@ def Connect(host='localhost',
httpProxyHost=None,
httpProxyPort=80,
thumbprint=None,
+ serverPemCert=None,
sslContext=None,
httpConnectionTimeout=None,
connectionPoolTimeout=CONNECTION_POOL_IDLE_TIMEOUT_SEC,
@@ -260,8 +261,17 @@ def Connect(host='localhost',
@type httpProxyHost: string
@param httpProxyPort The proxy server port.
@type httpProxyPort: int
- @param thumbprint: host cert thumbprint
+ @param thumbprint: **** Deprecated. Use serverPemCert instead.
+ If both fields are set, thumbprint should match
+ serverPemCert.
+ The SHA1/SHA256/SHA512 thumbprint of the server's
+ SSL certificate.
+ Some use a thumbprint of the form xx:xx:xx..:xx.
+ We ignore the ":" characters.
@type thumbprint: string
+ @param serverPemCert: PEM-encoded SSL certificate of the
+ host to which we are connecting.
+ @type serverPemCert: string
@param sslContext: SSL Context describing the various SSL options. It is only
supported in Python 2.7.9 or higher.
@type sslContext: SSL.Context
@@ -324,6 +334,7 @@ def Connect(host='localhost',
httpProxyHost,
httpProxyPort,
thumbprint,
+ serverPemCert,
sslContext,
httpConnectionTimeout,
connectionPoolTimeout,
@@ -395,6 +406,7 @@ def __Login(host,
httpProxyHost,
httpProxyPort,
thumbprint,
+ serverPemCert,
sslContext,
httpConnectionTimeout,
connectionPoolTimeout,
@@ -430,8 +442,17 @@ def __Login(host,
@type httpProxyHost: string
@param httpProxyPort The proxy server port.
@type httpProxyPort: int
- @param thumbprint: host cert thumbprint
+ @param thumbprint: **** Deprecated. Use serverPemCert instead.
+ If both fields are set, thumbprint should match
+ serverPemCert.
+ The SHA1/SHA256/SHA512 thumbprint of the server's
+ SSL certificate.
+ Some use a thumbprint of the form xx:xx:xx..:xx.
+ We ignore the ":" characters.
@type thumbprint: string
+ @param serverPemCert: PEM-encoded SSL certificate of the
+ host to which we are connecting.
+ @type serverPemCert: string
@param sslContext: SSL Context describing the various SSL options. It is only
supported in Python 2.7.9 or higher.
@type sslContext: SSL.Context
@@ -479,6 +500,7 @@ def __Login(host,
httpProxyHost=httpProxyHost,
httpProxyPort=httpProxyPort,
thumbprint=thumbprint,
+ serverPemCert=serverPemCert,
sslContext=sslContext,
httpConnectionTimeout=httpConnectionTimeout,
connectionPoolTimeout=connectionPoolTimeout,
@@ -814,6 +836,7 @@ def SmartStubAdapter(host='localhost',
httpProxyPort=80,
sslProxyPath=None,
thumbprint=None,
+ serverPemCert=None,
cacertsFile=None,
preferredApiVersions=None,
acceptCompressedResponses=True,
@@ -872,6 +895,7 @@ def SmartStubAdapter(host='localhost',
httpProxyPort=httpProxyPort,
sslProxyPath=sslProxyPath,
thumbprint=thumbprint,
+ serverPemCert=serverPemCert,
cacertsFile=cacertsFile,
version=supportedVersion,
acceptCompressedResponses=acceptCompressedResponses,
@@ -896,6 +920,7 @@ def SmartConnect(protocol='https',
httpProxyHost=None,
httpProxyPort=80,
thumbprint=None,
+ serverPemCert=None,
sslContext=None,
httpConnectionTimeout=None,
connectionPoolTimeout=CONNECTION_POOL_IDLE_TIMEOUT_SEC,
@@ -948,8 +973,17 @@ def SmartConnect(protocol='https',
@type httpProxyHost: string
@param httpProxyPort The proxy server port.
@type httpProxyPort: int
- @param thumbprint: host cert thumbprint
+ @param thumbprint: **** Deprecated. Use serverPemCert instead.
+ If both fields are set, thumbprint should match
+ serverPemCert.
+ The SHA1/SHA256/SHA512 thumbprint of the server's
+ SSL certificate.
+ Some use a thumbprint of the form xx:xx:xx..:xx.
+ We ignore the ":" characters.
@type thumbprint: string
+ @param serverPemCert: PEM-encoded SSL certificate of the
+ host to which we are connecting.
+ @type serverPemCert: string
@param sslContext: SSL Context describing the various SSL options. It is only
supported in Python 2.7.9 or higher.
@type sslContext: SSL.Context
@@ -1005,6 +1039,7 @@ def SmartConnect(protocol='https',
httpProxyHost=httpProxyHost,
httpProxyPort=httpProxyPort,
thumbprint=thumbprint,
+ serverPemCert=serverPemCert,
sslContext=sslContext,
httpConnectionTimeout=httpConnectionTimeout,
connectionPoolTimeout=connectionPoolTimeout,
diff --git a/pyVmomi/Security.py b/pyVmomi/Security.py
index 15309ce..a0e69fc 100644
--- a/pyVmomi/Security.py
+++ b/pyVmomi/Security.py
@@ -4,6 +4,7 @@
# Client security module.
import hashlib
+import ssl
_isSha1Enabled = True
_isSha256Enabled = True
@@ -25,6 +26,17 @@ def SetSha512Enabled(state):
_isSha512Enabled = state
+"""
+Verify that a thumbprint matches a certificate
+
+:param derCert: DER-encoded SSL certificate
+:type derCert: str
+:param thumbprint: SHA1/SHA256/SHA512 thumbprint
+ of an SSL certificate
+:type thumbprint: str
+:returns: None
+:raises ThumbprintMismatchException
+"""
def VerifyCertThumbprint(derCert, thumbprint):
thumbprint_len = len(thumbprint)
if thumbprint_len == 40 and _isSha1Enabled:
@@ -49,3 +61,29 @@ class ThumbprintMismatchException(Exception):
self.expected = expected
self.actual = actual
+
+
+"""
+Verify that two PEM certificates match
+
+:param actualCert: PEM-encoded SSL certificate
+:type actualCert: str
+:param expectedCert: PEM-encoded SSL certificate
+:type actualCert: str
+:returns: None
+:raises CertificateMismatchException
+"""
+def VerifyCert(actualCert, expectedCert):
+ actualCert = actualCert.strip()
+ expectedCert = expectedCert.strip()
+ if actualCert != expectedCert:
+ raise CertificateMismatchException(expectedCert, actualCert)
+
+
+class CertificateMismatchException(Exception):
+ def __init__(self, expected, actual):
+ Exception.__init__(self, "Certificate mismatch. Expected: \n{0}, "
+ "actual: \n{1}".format(expected, actual))
+
+ self.expected = expected
+ self.actual = actual
diff --git a/pyVmomi/SoapAdapter.py b/pyVmomi/SoapAdapter.py
index 64835d5..22c81f6 100644
--- a/pyVmomi/SoapAdapter.py
+++ b/pyVmomi/SoapAdapter.py
@@ -34,7 +34,7 @@ from .VmomiSupport import (
GetWsdlName, GetWsdlNamespace, GetWsdlType, GuessWsdlMethod, GuessWsdlType,
IsChildVersion, ManagedMethod, UnknownManagedMethod, ManagedObject,
Object, PropertyPath, Type, binary, versionIdMap, versionMap)
-from .Security import VerifyCertThumbprint
+from .Security import VerifyCert, VerifyCertThumbprint
from .Version import kind
from . import version_info_str
@@ -1054,18 +1054,19 @@ class SoapStubAdapterBase(StubAdapterBase):
# Subclass of HTTPConnection that connects over a Unix domain socket
-# instead of a TCP port. The path of the socket is passed in place of
-# the hostname. Fairly gross but does the job.
-class UnixSocketConnection(HTTPConnection):
- # The HTTPConnection ctor expects a single argument, which it interprets
- # as the host to connect to; for UnixSocketConnection, we instead interpret
+# instead of a TCP port. The path of the socket is passed in place of
+# the hostname. Fairly gross but does the job.
+class _UnixSocketConnection(HTTPConnection):
+ # The HTTPConnection constructor expects a single argument, which it interprets
+ # as the host to connect to; for _UnixSocketConnection, we instead interpret
# the parameter as the filesystem path of the Unix domain socket.
- def __init__(self, path):
+ def __init__(self, host, **kwargs):
# Pass '' as the host to HTTPConnection; it doesn't really matter
# what we pass (since we've overridden the connect method) as long
# as it's a valid string.
- HTTPConnection.__init__(self, '')
- self.path = path
+ # kwargs allows to pass all other HTTPConnection constructor arguments
+ self.path = host
+ HTTPConnection.__init__(self, '', **kwargs)
def connect(self):
# Hijack the connect method of HTTPConnection to connect to the
@@ -1076,76 +1077,90 @@ class UnixSocketConnection(HTTPConnection):
self.sock = sock
-def _VerifyThumbprint(thumbprint, connection):
- """If there is a thumbprint, connect to the server and verify that the
- SSL certificate matches the given thumbprint. An exception is thrown
- if there is a mismatch.
+def _VerifyPinnedIdentity(connection, certificate, thumbprint):
"""
- if thumbprint and isinstance(connection, HTTPSConnection):
- if not connection.sock:
- connection.connect()
- derCert = connection.sock.getpeercert(True)
+ Verify that the server connection SSL certificate
+ matches the given certificate or thumbprint.
+
+ :param connection: Server connection
+ :type connection: HTTPSConnection
+ :param certificate: PEM-encoded SSL certificate of the server
+ :type certificate: str
+ :param thumbprint: SHA1/SHA256/SHA512 thumbprint
+ of an SSL certificate
+ :type thumbprint: str
+ :returns: None
+ :raises ThumbprintMismatchException or CertificateMismatchException
+ """
+ derCert = connection.sock.getpeercert(True)
+ if certificate:
+ pemCert = ssl.DER_cert_to_PEM_cert(derCert)
+ VerifyCert(pemCert, certificate)
+ elif thumbprint:
VerifyCertThumbprint(derCert, thumbprint)
-# Stand-in for the HTTPSConnection class that will connect to a regular HTTP
-# proxy.
-class HTTPProxyConnection(object):
- # @param proxyPath The path to pass to the CONNECT command.
- # @param customHeaders Dictionary with custom HTTP headers.
- def __init__(self, proxyPath, customHeaders=None):
- self.proxyPath = proxyPath
- self.customHeaders = customHeaders if customHeaders else {}
- # Connects to an HTTP proxy server and initiates a tunnel to the destination
- # specified by self.proxyPath.
- #
- # @param addr Address in the form of host:port
- # @param port If no port number is passed,
- # the port is extracted from the addr string
- # @param timeout Connection timeout in seconds
- # @param context SSL Context with the desired SSL options
- # @return HTTPSConnection to the destination
- def __call__(self, addr, port, timeout, context):
- conn = HTTPSConnection(host=addr, port=port,
- timeout=timeout, context=context)
- conn.set_tunnel(self.proxyPath, headers=self.customHeaders)
- return conn
+def _Connect(connection, serverPemCert=None, thumbprint=None):
+ """
+ Connect to the server specified when the connection object was created.
+
+ serverPemCert and thumbprint denote a pre-defined pinned
+ certificate/thumbprint which has been trusted by the user.
+ Whenever provided if that certificate/thumbprint of the peer exactly
+ matches the pinned certificate/thumbprint, then the connection is established.
+
+ :param connection: Server connection
+ :type connection: HTTPConnection
+ :param serverPemCert: PEM-encoded SSL certificate of the server
+ :type serverPemCert: str
+ :param thumbprint: SHA1/SHA256/SHA512 thumbprint
+ of an SSL certificate
+ :type thumbprint: str
+ :returns: HTTPConnection
+ """
+ try:
+ connection.connect()
+ except ssl.SSLCertVerificationError as ex:
+ if serverPemCert or thumbprint:
+ connection._context.check_hostname = False
+ connection._context.verify_mode = ssl.CERT_NONE
+ connection.connect()
+ _VerifyPinnedIdentity(connection, serverPemCert, thumbprint)
+ else:
+ raise ex
+ return connection
-# Stand-in for the HTTPSConnection class that will connect to a proxy and
-# issue a CONNECT command to start an SSL tunnel.
-class SSLTunnelConnection(HTTPProxyConnection):
- # Connects to a proxy server and initiates a tunnel to the destination
- # specified by self.proxyPath.
- # For Python Version < 2.7.9. cert_reqs=CERT_OPTIONAL to verify
- # server certificate
- #
- # @param addr Address in the form of host:port
- # @param port If no port number is passed,
- # the port is extracted from the addr string
- # @param timeout Connection timeout in seconds
- # @param context SSL Context with the desired SSL options
- # @return HTTPSConnection to the destination
- def __call__(self, addr, port=None, timeout=None, context=None):
- tunnelConn = HTTPConnection(host=addr, port=port, timeout=timeout)
- tunnelConn.request('CONNECT', self.proxyPath)
+# A subclass of HTTPConnection that uses SSL through an HTTP proxy tunnel
+class _SSLTunnelConnection(HTTPSConnection):
+
+ def connect(self):
+ tunnelConn = HTTPConnection(host=self.host,
+ port=self.port,
+ timeout=self.timeout)
+ tunnelConn.request('CONNECT', self._proxyPath)
resp = tunnelConn.getresponse()
if resp.status != 200:
raise HTTPException(
"{0} {1}".format(resp.status, resp.reason))
- conn = HTTPSConnection(host=tunnelConn.host,
- port=tunnelConn.port,
- context=context,
- timeout=timeout)
- if conn.host in ('localhost', '127.0.0.1', '::1'):
- conn._context.check_hostname = False
- conn._context.verify_mode = ssl.CERT_NONE
+ if self.host in ('localhost', '127.0.0.1', '::1'):
+ self._context.check_hostname = False
+ self._context.verify_mode = ssl.CERT_NONE
- conn.sock = conn._context.wrap_socket(sock=tunnelConn.sock,
+ self.sock = self._context.wrap_socket(sock=tunnelConn.sock,
server_hostname=tunnelConn.host)
- return conn
+
+ def setVcTunnel(self, proxyPath):
+ """
+ Set the path to use when tunneling through VC's reverse proxy
+ ex: /sdkTunnel
+
+ :param proxyPath: Tunnel path
+ :type proxyPath: str
+ """
+ self._proxyPath = proxyPath
class GzipReader:
@@ -1244,10 +1259,21 @@ class SoapStubAdapter(SoapStubAdapterBase):
# @param httpProxyHost The host name of the proxy server.
# @param httpProxyPort The proxy server port.
# @param sslProxyPath Path to use when tunneling through VC's reverse proxy
- # @param thumbprint The SHA1/SHA256/SHA512 thumbprint of the server's
+ # @param thumbprint **** Deprecated. Use serverPemCert instead.
+ # If both fields are set, thumbprint should match
+ # serverPemCert.
+ # The SHA1/SHA256/SHA512 thumbprint of the server's
# SSL certificate.
- # Some use a thumbprint of the form xx:xx:xx..:xx. We ignore the ":"
- # characters. If set to None, any thumbprint is accepted.
+ # Whenever provided if that thumbprint of the peer's
+ # certificate exactly matches the pinned thumbprint
+ # the connection is established.
+ # Some use a thumbprint of the form xx:xx:xx..:xx.
+ # We ignore the ":" characters.
+ # @param serverPemCert PEM-encoded SSL certificate of the
+ # host to which we are connecting.
+ # Whenever provided if that certificate of the peer
+ # exactly matches the pinned certificate
+ # the connection is established.
# @param cacertsFile **** Deprecated. Please load cert to context and pass
# context instread ****
# sslContext.load_verify_locations(cafile=ca_cert_file)
@@ -1278,6 +1304,7 @@ class SoapStubAdapter(SoapStubAdapterBase):
httpProxyPort=80,
sslProxyPath=None,
thumbprint=None,
+ serverPemCert=None,
cacertsFile=None,
version=None,
acceptCompressedResponses=True,
@@ -1297,12 +1324,16 @@ class SoapStubAdapter(SoapStubAdapterBase):
version = 'vim.version.version9'
SoapStubAdapterBase.__init__(self, version=version, sessionId=sessionId)
if sock:
- self.scheme = UnixSocketConnection
+ self.scheme = _UnixSocketConnection
# Store sock in the host member variable because that's where
- # the UnixSocketConnection ctor expects to find it -- see above
+ # the _UnixSocketConnection ctor expects to find it -- see above
self.host = sock
elif url:
- url_scheme_specifier, self.host, urlpath = urlparse(url)[:3]
+ parse_result = urlparse(url)
+ url_scheme_specifier = parse_result.scheme
+ self.host = parse_result.netloc
+ port = parse_result.port
+ urlpath = parse_result.path
# Only use the URL path if it's sensible, otherwise use the path
# keyword argument as passed in.
if urlpath not in ('', '/'):
@@ -1317,8 +1348,10 @@ class SoapStubAdapter(SoapStubAdapterBase):
if host.find(':') != -1 and host[0] != '[': # is IPv6?
host = '[' + host + ']'
self.host = '{0}:{1}'.format(host, port)
+ self.port = port
self.path = path
+ self.serverPemCert = serverPemCert
if thumbprint:
self.thumbprint = thumbprint.replace(":", "").lower()
if len(self.thumbprint) not in (40, 64, 128):
@@ -1329,18 +1362,17 @@ class SoapStubAdapter(SoapStubAdapterBase):
self.is_tunnel = False
if sslProxyPath:
- self.scheme = SSLTunnelConnection(sslProxyPath, customHeaders)
+ self.sslProxyPath = sslProxyPath
+ self.scheme = _SSLTunnelConnection
self.is_tunnel = True
elif httpProxyHost:
- self.scheme = HTTPProxyConnection(self.host, customHeaders)
- self.is_tunnel = True
-
# Is httpProxyHost IPv6
if httpProxyHost.find(':') != -1 and httpProxyHost[0] != '[':
- httpProxyHost = '[' + httpProxyHost + ']'
-
- # Swap the actual host with the proxy.
- self.host = "{0}:{1}".format(httpProxyHost, httpProxyPort)
+ self.httpProxyHost = '[' + httpProxyHost + ']'
+ else:
+ self.httpProxyHost = httpProxyHost
+ self.httpProxyPort = httpProxyPort
+ self.is_tunnel = True
self.poolSize = poolSize
self.pool = []
self.connectionPoolTimeout = connectionPoolTimeout
@@ -1499,15 +1531,31 @@ class SoapStubAdapter(SoapStubAdapterBase):
self.lock.acquire()
self._CloseIdleConnections()
if self.pool:
- result, _ = self.pool.pop(0)
+ conn, _ = self.pool.pop(0)
self.lock.release()
else:
self.lock.release()
- result = self.scheme(self.host, **self.schemeArgs)
- _VerifyThumbprint(self.thumbprint, result)
+ # Python fails if both host:port pair
+ # and port are used for HTTPConnection
+ host = getattr(self, 'httpProxyHost', self.host.rsplit(":", 1)[0])
+ port = getattr(self, 'httpProxyPort', self.port)
+
+ # Fix for gh-100985 which is fixed
+ # in Python 3.11.9 and Python 3.12.4
+ if host and host[0] == '[' and host[-1] == ']':
+ host = host[1:-1]
+
+ conn = self.scheme(host=host, port=port, **self.schemeArgs)
+ if self.is_tunnel:
+ if hasattr(self, 'sslProxyPath'):
+ conn.setVcTunnel(self.sslProxyPath)
+ elif hasattr(self, 'httpProxyHost'):
+ customHeaders = self._customHeaders if self._customHeaders else {}
+ conn.set_tunnel(host, port, customHeaders)
+ _Connect(connection=conn, serverPemCert=self.serverPemCert, thumbprint=self.thumbprint)
- return result
+ return conn
# Drop all cached connections to the server.
def DropConnections(self):
--
2.46.0

330
python-pyvmomi.changes Normal file
View File

@@ -0,0 +1,330 @@
-------------------------------------------------------------------
Fri Jan 31 10:17:11 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
- Remove not needed BuildRequires tox
-------------------------------------------------------------------
Mon Sep 16 17:40:51 UTC 2024 - Martin Hauke <mardnh@gmx.de>
- Update to version 8.0.3.0.1
Bindings
* Added support for vSAN Health APIs
* Updated bindings with support for the new vSphere 8.0U3 APIs.
* New features of vSphere 8.0U3 based on REST APIs are available
via the vSphere Automation SDK for Python
Type Hints
* Added type stubs for vSAN APIs.
* All type stubs are refactored.
Added
* Python 3.12 compatibility
* Stub adapters allow the usage of an existing session.
* Added pyVmomi version in the user-agent request header
* Added certFile and certKeyFile attributes to SoapStubAdapter.
* Added project wide variables to hold the current pyVmomi version,
version_info and version_info_str
* Added functions to VmomiSupport to list all types
ListManagedTypes(), ListDataTypes(), ListEnumTypes().
Changes
* Doc: Non-remote ManagedObject and DataObject methods are
documented.
* The support statement now reflects the Broadcom support policy.
* Copyright switch from VMware to Broadcom.
Breaking changes
* sso.SsoAuthenticator.get_bearer_saml_assertion_gss_api() is
removed.
* SSLTunnelConnection is trimmed down to handle only tunnel
connections. The code that handles remote proxy doubles the
HTTPProxyConnection logic and therefore is removed.
Deprecated
* 'publicVersions' and 'dottedVersions' aliases are deprecated.
* pyVmomiSettings.py and related settings are deprecated
allowGetSet, allowCapitalizedNames, binaryIsBytearray,
legacyThumbprintException.
* Features.py and all pyVmomi feature states logic is deprecated
* pyVmomi.VmomiSupport.VmomiJSONEncoder is deprecated.
Use pyVmomi.VmomiJSONEncoder.VmomiJSONEncoder
* pyVmomi.VmomiSupport.templateOf() is deprecated.
Use pyVmomi.VmomiJSONEncoder.templateOf()
* pyVmomi.SoapAdapter.ThumbprintMismatchException is deprecated.
Use pyVmomi.Security.ThumbprintMismatchException
- Update to version 8.0.2.0.1
Maintenance Patch 1 for 8.0U2 - 2023-11-17
Changes
* Fixed: #978 and #1053 - Fix SmartConnect()'s handling of IPv6
address with square brackets
* Added PyPI classifiers for Python 3.10 and Python 3.11.
Support for both versions is verified.
- Update to version 8.0.2.0
Bindings
* Updated bindings and type hints with support for vSphere 8.0U2.
Includes updates to VIM, PBM, EAM, SMS and VSLM namespaces.
* New features of vSphere 8.0U2 based on REST APIs are available
via the vSphere Automation SDK for Python
https://github.com/vmware/vsphere-automation-sdk-python
- Update to version 8.0.1.0.2
Bindings
* Added bindings and type hints for Virtual Storage Lifecycle
Management for vSphere 8.0U1 - VSLM namespace.
Changes
* Fixed: #1021 - Switch to static imports for type info modules.
* Fixed: #1022 - Support proxy authentication.
* Add custom HTTP headers support to connect.SmartStubAdapter().
* Missing filters are no longer treated as task failures.
* Various small fixes for docstrings and linter checks.
Type Hints Fixes
* Fixed: #1026 - Use the "from Y import X as X" format to
re-export submodules.
* Fixed: #1030 - Use a fully qualified name when the type is from
another namespace/package
Tests
* vcrpy dependency is updated to the latest version with Python 2
support.
* testtools dependency is removed.
* Travis CI is no longer used.
* Various test updates and fixes. All tests are enabled.
- Update to version 8.0.1.0.1
Type Hints Fixes
* Added missing VMODL1 classes to the type hints
* Enum values now match the letter case of the values from
typeinfo files.
* Fixed: #1115 - Syntax error in vim/__init__pyi.
* Fixed: #1117 - Type stubs: Writable properties are marked as
read-only.
* Fixed: #1118 - Type stubs: Missing vim.fault.* and
vmodl.fault.* types
* Fixed: #1119 - Type stubs: Enum fields should also accept
Literal[] str type.
* Fixed: #1120 - Type stubs: Exception types must inherit from
(Base)Exception.
- Update to version 8.0.1.0
Bindings
* Updated bindings with support for vSphere 8.0U1. Includes
updates to VIM, PBM, EAM and SMS namespaces.
* New features of vSphere 8.0U1 based on REST APIs are available
via the vSphere Automation SDK for Python.
Changes
* Added support for type hints.
* #892 - Allow passing ssl_context when login in with a token.
* Fixed: #750 - Bumped vcrpy tests dependency to 2.1.
* Fixed: #812 - Fix exception leaks.
* Fixed: #1004 - Fix SmartConnect()'s SOAP and OAuth token login.
- Update to version 8.0.0.1.1
Changes
* Fixed: #993 - WaitForTask broken on version >8.0.0.
* Fixed: #994 - Pyvomi module failing in connect method.
* Replace publicVersions with ltsVersions.
* Updated VIM namespace for the next vSphere 8.0 patch release.
- Update to version 8.0.0.1
Bindings
* Updated bindings with support for vSphere 8.0. Includes updates
* New features of vSphere 8.0 based on REST APIs are available
via the vSphere Automation SDK for Python.
Breaking changes
* Minimum Python 2 requirement is 2.7.9.
* DynamicTypeManagerHelper.py is removed.
* ManagedMethodExecutorHelper.py is removed.
* connect.ConnectNoSSL() and connect.SmartConnectNoSSL() are
removed. Use connect.Connect(disableSslCertValidation=True)
and connect.SmartConnect(disableSslCertValidation=True)
* VmomiSupport.UncallableManagedMethod is renamed to
VmomiSupport.UnknownManagedMethod.
New modules
* Security.py A new module is added to handle thumbprint
verification. There is a predefined set of available crypto
functions to verify the certificate thumbprints. Its possible
to configure during runtime which of the available crypto
functions are allowed.
* Feature.py A new module related to pyVmomi development within
VMware.
* VmomiJSONEncoder.py The VmomiJSONEncoder is moved into a
dedicated module.
More changes
* A new 'binaryIsBytearray' setting is added to select the base
type for the binary type. By default, the binary type is 'str'
for Python 2 and 'bytes' for Python 3. If binaryIsBytearray is
True, the binary type for Python 2 is set to 'bytearray'.
Required for VmomiJSONEncoder to work properly.
* The license note is removed from the Python files. LICENSE.txt
holds the Apache 2 license note.
* pyVmomi now uses relative imports
* Dependency on "requests" is removed
* Added support for SAML token authentication
* Added timeout for HTTP requests
* Added option to set the maximum amount of time a task is
allowed to run. On timeout, an exception is generated if
raiseOnError is True.
* Add option to get all updates for the task.
* Add option to use a logger instead of the standard output.
* Various bug fixes
* Code style improvements
Deprecated
* connect.OpenUrlWithBasicAuth()
* connect.OpenPathWithStub()
- Add patch
* 0001-pyVmomi-pinned-certificates-support.patch
- Reenable python3.12 builds
-------------------------------------------------------------------
Mon Apr 8 05:55:35 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- add sle15 macro; disable python3.12 builds
-------------------------------------------------------------------
Thu Apr 14 06:43:18 UTC 2022 - pgajdos@suse.com
- python-mock is not required for build
-------------------------------------------------------------------
Mon Oct 25 20:06:37 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 7.0.3
* Added new bindings to support vSphere 7.0U3. Includes updates
to VIM, PBM, EAM and SMS namespaces.
* New features of vSphere 7.0U3 based on REST APIs are available
via the vSphere Automation SDK for Python.
* Outdated samples are removed. Community samples project:
https://github.com/vmware/pyvmomi-community-samples
* Bindings files are renamed to _typeinfo_{namespace}.py
* "stable" version alias is removed
* "public" version alias is renamed to "LTS"
-------------------------------------------------------------------
Fri May 28 10:00:57 UTC 2021 - pgajdos@suse.com
- %check: use %pyunittest rpm macro
-------------------------------------------------------------------
Fri Apr 9 17:21:04 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 7.0.2
* Added new bindings to support vSphere 7.0U2. Includes updates
to VIM, PBM, EAM and SMS namespaces. For details, refer
“Whats New in vSphere API 7.0U2?” section in the API
reference guide: https://code.vmware.com/apis/1131/vsphere
-------------------------------------------------------------------
Sat Oct 31 09:59:23 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- update to version 7.0.1
* Added new bindings to support vSphere 7.0U1. Includes updates
to VIM, PBM, and EAM namespaces. For details, refer “Whats
New in vSphere API 7.0U1?” section in the API reference guide:
https://code.vmware.com/apis/1067/vsphere
* New features of vSphere 7.0U1 based on REST APIs are available
via the vSphere Automation SDK for Python:
https://github.com/vmware/vsphere-automation-sdk-python
- Switch to github source url
-------------------------------------------------------------------
Tue Apr 14 12:26:49 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- update to version 7.0
* Added new bindings to support vSphere 7.0. For details, refer
"Whats New in vSphere API 7.0?" section in the API reference
guide: https://code.vmware.com/apis/968/vsphere
* New features of vSphere 7.0 based on REST APIs are available
via the vSphere Automation SDK for Python:
https://github.com/vmware/vsphere-automation-sdk-python
-------------------------------------------------------------------
Sun Sep 15 13:47:46 UTC 2019 - John Vandenberg <jayvdb@gmail.com>
- Add runtime recommends for pyOpenSSL and lxml, needed for SSO support
- Update to v6.7.3
* Publish new bindings to support vSphere 6.7 Update 3 Release
* Add sso.py to support get bearer/hok token from sso server
* pydoc support Fix
* httpProxy Support Fix
* Changes to VmomiSupport to handle API versions
- Convert line endings on README.rst
- Drop python-pyvmomi-fix-incompatibility-with-vcrpy2.patch as the
vcrpy fix has been released
-------------------------------------------------------------------
Sat Dec 29 16:24:24 UTC 2018 - mardnh@gmx.de
- Update to version 6.7.1.2018.12
* Support JSON encoding for pyVmomi objects
* Fix vcrpy hardening in test-requirements. Support versions < 2.0
* Delete deprecated Docs folder
- Add patch:
* python-pyvmomi-fix-incompatibility-with-vcrpy2.patch
-------------------------------------------------------------------
Tue Dec 4 12:53:21 UTC 2018 - Matej Cepl <mcepl@suse.com>
- Remove superfluous devel dependency for noarch package
-------------------------------------------------------------------
Wed Nov 21 13:15:48 UTC 2018 - Santiago Zarate <santiago.zarate@suse.com>
_ Update to version 6.7.1
* Publish new bindings to support vSphere 6.7 Update 1 Release
* Newer features are available via the new vSphere Automation SDK for Python
-------------------------------------------------------------------
Wed Apr 18 17:58:09 UTC 2018 - mardnh@gmx.de
- Update to version 6.7
* Publish new bindings to support vSphere 6.7
- Change URL to download sources from github
- Remove hotfix macro
- Enable tests
-------------------------------------------------------------------
Sat Mar 3 18:41:57 UTC 2018 - arun@gmx.de
- specfile:
* update copyright year
* don't use python_module for Requires
-------------------------------------------------------------------
Wed Nov 29 15:01:48 UTC 2017 - boris@steki.net
- updated to release v6.5.0.2017.5-1
+ Fix SoapAdapter serializer to support serializing unicode chars
+ Remove custom getattr in _HTTPSConnection
+ Add user-agent header when connecting to vsphere
- moved to single spec logic to build py2 and py3 package
-------------------------------------------------------------------
Sun Jan 15 11:57:13 UTC 2017 - hpj@urpla.net
- fix build: add python-fixtures to build dependencies
-------------------------------------------------------------------
Thu Jan 12 19:30:55 UTC 2017 - mardnh@gmx.de
- Update to version 6.5
* Spec bump to support vSphere 6.5.
* Include EAM bindings to support vSphere EAM service.
* Fixed server thumbprint verification.
* Fixed sslcontext creation in sample code.
-------------------------------------------------------------------
Sun Sep 18 12:40:36 UTC 2016 - mardnh@gmx.de
- Update to version 6.0.0.2016.4
* Python3 related bug fixes.
* Include task.py utility class.
- Changes from version 6.0.0
* Spec bump to support vSphere 6.0 server objects and types
vSphere 6.0 U1 spec is used
* New ssl context parameter in Connect.py and SoapAdapter.py to
support passing various ssl options while connecting to vSphere.
* Drop python 2.6 support.
* Critical bug fixes.
- Remove patch: pyvmomi-git20141104-new.diff (fixed upstream)
- Fix Source-Url
-------------------------------------------------------------------
Wed May 13 15:03:26 UTC 2015 - mc@suse.com
- add requires for python-six and python-requests
-------------------------------------------------------------------
Tue Nov 4 17:28:19 UTC 2014 - hpj@urpla.net
- version 5.5.0.2014.1.1: initial build
- apply asorted fixes from todays git tree

84
python-pyvmomi.spec Normal file
View File

@@ -0,0 +1,84 @@
#
# spec file for package python-pyvmomi
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2014 LISA GmbH, Bingen, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%{?sle15_python_module_pythons}
Name: python-pyvmomi
Version: 8.0.3.0.1
Release: 0
Summary: VMware vSphere Python SDK
License: Apache-2.0
Group: Development/Languages/Python
URL: https://github.com/vmware/pyvmomi
Source: https://github.com/vmware/pyvmomi/archive/v%{version}.tar.gz#/pyvmomi-%{version}.tar.gz
Patch0: 0001-pyVmomi-pinned-certificates-support.patch
BuildRequires: %{python_module fixtures >= 1.3.0}
BuildRequires: %{python_module requests >= 2.3.0}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module six >= 1.7.3}
BuildRequires: dos2unix
BuildRequires: fdupes
BuildRequires: python-rpm-macros
# SECTION test requirements
BuildRequires: %{python_module testtools >= 0.9.34}
BuildRequires: %{python_module vcrpy}
# /SECTION
Requires: python-requests >= 2.3.0
Requires: python-six >= 1.7.3
Recommends: python-lxml
Recommends: python-pyOpenSSL
BuildArch: noarch
%python_subpackages
%description
pyVmomi is the Python SDK for the VMware vSphere API that allows you to manage
ESX, ESXi, and vCenter.
%prep
%setup -q -n pyvmomi-%{version}%{?version_suffix}
%autopatch -p1
dos2unix README.rst LICENSE.txt NOTICE.txt
# https://github.com/vmware/pyvmomi/pull/750
# Unpin vcrpy; the fix was released
sed -i 's/vcrpy<2/vcrpy/' test-requirements.txt
%build
%python_build
%install
%python_install
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%check
rm tests/test_json.py
rm tests/test_connect.py
rm tests/test_pbm_check_compatibility.py
%pyunittest discover -v
%files %{python_files}
%license LICENSE.txt
%doc NOTICE.txt README.rst
%{python_sitelib}/pyVim
%{python_sitelib}/pyVmomi
%{python_sitelib}/vsanapiutils.py
%{python_sitelib}/vsanmgmtObjects.py
%{python_sitelib}/pyvmomi-%{version}*-py*.egg-info
%pycache_only %{python_sitelib}/__pycache__
%changelog

BIN
pyvmomi-8.0.3.0.1.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.