From 65866a099cc85b97e954e86444361366f09fd36d07f31352931d85644123516c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= Date: Tue, 17 Sep 2024 12:44:15 +0000 Subject: [PATCH] Accepting request 1201462 from home:mnhauke - Update to version 8.0.3.0.1 Bindings * Added support for vSAN Health APIs * Updated bindings with support for the new vSphere 8.0U3 APIs. * New features of vSphere 8.0U3 based on REST APIs are available via the vSphere Automation SDK for Python Type Hints * Added type stubs for vSAN APIs. * All type stubs are refactored. Added * Python 3.12 compatibility * Stub adapters allow the usage of an existing session. * Added pyVmomi version in the user-agent request header * Added certFile and certKeyFile attributes to SoapStubAdapter. * Added project wide variables to hold the current pyVmomi version, version_info and version_info_str * Added functions to VmomiSupport to list all types ListManagedTypes(), ListDataTypes(), ListEnumTypes(). Changes * Doc: Non-remote ManagedObject and DataObject methods are documented. * The support statement now reflects the Broadcom support policy. * Copyright switch from VMware to Broadcom. Breaking changes * sso.SsoAuthenticator.get_bearer_saml_assertion_gss_api() is removed. * SSLTunnelConnection is trimmed down to handle only tunnel connections. The code that handles remote proxy doubles the HTTPProxyConnection logic and therefore is removed. Deprecated OBS-URL: https://build.opensuse.org/request/show/1201462 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyvmomi?expand=0&rev=30 --- ...-pyVmomi-pinned-certificates-support.patch | 528 ++++++++++++++++++ python-pyvmomi.changes | 161 ++++++ python-pyvmomi.spec | 12 +- pyvmomi-7.0.3.tar.gz | 3 - pyvmomi-8.0.3.0.1.tar.gz | 3 + 5 files changed, 701 insertions(+), 6 deletions(-) create mode 100644 0001-pyVmomi-pinned-certificates-support.patch delete mode 100644 pyvmomi-7.0.3.tar.gz create mode 100644 pyvmomi-8.0.3.0.1.tar.gz diff --git a/0001-pyVmomi-pinned-certificates-support.patch b/0001-pyVmomi-pinned-certificates-support.patch new file mode 100644 index 0000000..7f11454 --- /dev/null +++ b/0001-pyVmomi-pinned-certificates-support.patch @@ -0,0 +1,528 @@ +From 9a8956f7b4a91b491e63454b3eb3c59d4abb8a31 Mon Sep 17 00:00:00 2001 +From: ddraganov +Date: Wed, 31 Jul 2024 10:56:55 +0300 +Subject: [PATCH] pyVmomi pinned certificates support + +New: +SoapStubAdapter and the connect.py wrappers now allows passing a serverPemCert parameter. +serverPemCert is an ASCII string of a PEM-encoded SSL certificate of the host to which a connection is attempted. A replacement of thumbprint. If both fields are set, thumbprint should match serverPemCert. +CertificateMismatchException is thrown when there's a mismatch. + +If the standard SSL verifications fails + if serverPemCert or thumbprint is provided try to connect with an unverified connection and try to match the peer certificate + else fail + +pyVmomi now has a single point of establishing a server connection SoapAdapter._Connect() + +Breaking changes in SoapAdapter.py: + HTTPProxyConnection is removed because it is unnecessary as the connection logic is now streamlined + SSLTunnelConnection is removed and replaced by _SSLTunnelConnection which inherits Python's standard HTTPSConnection. + UnixSocketConnection is removed and replaced by _UnixSocketConnection which inherits Python's standard HTTPConnection. +--- + pyVim/connect.py | 41 +++++++- + pyVmomi/Security.py | 38 ++++++++ + pyVmomi/SoapAdapter.py | 214 +++++++++++++++++++++++++---------------- + 3 files changed, 207 insertions(+), 86 deletions(-) + +diff --git a/pyVim/connect.py b/pyVim/connect.py +index 0609040..437065c 100644 +--- a/pyVim/connect.py ++++ b/pyVim/connect.py +@@ -211,6 +211,7 @@ def Connect(host='localhost', + httpProxyHost=None, + httpProxyPort=80, + thumbprint=None, ++ serverPemCert=None, + sslContext=None, + httpConnectionTimeout=None, + connectionPoolTimeout=CONNECTION_POOL_IDLE_TIMEOUT_SEC, +@@ -260,8 +261,17 @@ def Connect(host='localhost', + @type httpProxyHost: string + @param httpProxyPort The proxy server port. + @type httpProxyPort: int +- @param thumbprint: host cert thumbprint ++ @param thumbprint: **** Deprecated. Use serverPemCert instead. ++ If both fields are set, thumbprint should match ++ serverPemCert. ++ The SHA1/SHA256/SHA512 thumbprint of the server's ++ SSL certificate. ++ Some use a thumbprint of the form xx:xx:xx..:xx. ++ We ignore the ":" characters. + @type thumbprint: string ++ @param serverPemCert: PEM-encoded SSL certificate of the ++ host to which we are connecting. ++ @type serverPemCert: string + @param sslContext: SSL Context describing the various SSL options. It is only + supported in Python 2.7.9 or higher. + @type sslContext: SSL.Context +@@ -324,6 +334,7 @@ def Connect(host='localhost', + httpProxyHost, + httpProxyPort, + thumbprint, ++ serverPemCert, + sslContext, + httpConnectionTimeout, + connectionPoolTimeout, +@@ -395,6 +406,7 @@ def __Login(host, + httpProxyHost, + httpProxyPort, + thumbprint, ++ serverPemCert, + sslContext, + httpConnectionTimeout, + connectionPoolTimeout, +@@ -430,8 +442,17 @@ def __Login(host, + @type httpProxyHost: string + @param httpProxyPort The proxy server port. + @type httpProxyPort: int +- @param thumbprint: host cert thumbprint ++ @param thumbprint: **** Deprecated. Use serverPemCert instead. ++ If both fields are set, thumbprint should match ++ serverPemCert. ++ The SHA1/SHA256/SHA512 thumbprint of the server's ++ SSL certificate. ++ Some use a thumbprint of the form xx:xx:xx..:xx. ++ We ignore the ":" characters. + @type thumbprint: string ++ @param serverPemCert: PEM-encoded SSL certificate of the ++ host to which we are connecting. ++ @type serverPemCert: string + @param sslContext: SSL Context describing the various SSL options. It is only + supported in Python 2.7.9 or higher. + @type sslContext: SSL.Context +@@ -479,6 +500,7 @@ def __Login(host, + httpProxyHost=httpProxyHost, + httpProxyPort=httpProxyPort, + thumbprint=thumbprint, ++ serverPemCert=serverPemCert, + sslContext=sslContext, + httpConnectionTimeout=httpConnectionTimeout, + connectionPoolTimeout=connectionPoolTimeout, +@@ -814,6 +836,7 @@ def SmartStubAdapter(host='localhost', + httpProxyPort=80, + sslProxyPath=None, + thumbprint=None, ++ serverPemCert=None, + cacertsFile=None, + preferredApiVersions=None, + acceptCompressedResponses=True, +@@ -872,6 +895,7 @@ def SmartStubAdapter(host='localhost', + httpProxyPort=httpProxyPort, + sslProxyPath=sslProxyPath, + thumbprint=thumbprint, ++ serverPemCert=serverPemCert, + cacertsFile=cacertsFile, + version=supportedVersion, + acceptCompressedResponses=acceptCompressedResponses, +@@ -896,6 +920,7 @@ def SmartConnect(protocol='https', + httpProxyHost=None, + httpProxyPort=80, + thumbprint=None, ++ serverPemCert=None, + sslContext=None, + httpConnectionTimeout=None, + connectionPoolTimeout=CONNECTION_POOL_IDLE_TIMEOUT_SEC, +@@ -948,8 +973,17 @@ def SmartConnect(protocol='https', + @type httpProxyHost: string + @param httpProxyPort The proxy server port. + @type httpProxyPort: int +- @param thumbprint: host cert thumbprint ++ @param thumbprint: **** Deprecated. Use serverPemCert instead. ++ If both fields are set, thumbprint should match ++ serverPemCert. ++ The SHA1/SHA256/SHA512 thumbprint of the server's ++ SSL certificate. ++ Some use a thumbprint of the form xx:xx:xx..:xx. ++ We ignore the ":" characters. + @type thumbprint: string ++ @param serverPemCert: PEM-encoded SSL certificate of the ++ host to which we are connecting. ++ @type serverPemCert: string + @param sslContext: SSL Context describing the various SSL options. It is only + supported in Python 2.7.9 or higher. + @type sslContext: SSL.Context +@@ -1005,6 +1039,7 @@ def SmartConnect(protocol='https', + httpProxyHost=httpProxyHost, + httpProxyPort=httpProxyPort, + thumbprint=thumbprint, ++ serverPemCert=serverPemCert, + sslContext=sslContext, + httpConnectionTimeout=httpConnectionTimeout, + connectionPoolTimeout=connectionPoolTimeout, +diff --git a/pyVmomi/Security.py b/pyVmomi/Security.py +index 15309ce..a0e69fc 100644 +--- a/pyVmomi/Security.py ++++ b/pyVmomi/Security.py +@@ -4,6 +4,7 @@ + # Client security module. + + import hashlib ++import ssl + + _isSha1Enabled = True + _isSha256Enabled = True +@@ -25,6 +26,17 @@ def SetSha512Enabled(state): + _isSha512Enabled = state + + ++""" ++Verify that a thumbprint matches a certificate ++ ++:param derCert: DER-encoded SSL certificate ++:type derCert: str ++:param thumbprint: SHA1/SHA256/SHA512 thumbprint ++ of an SSL certificate ++:type thumbprint: str ++:returns: None ++:raises ThumbprintMismatchException ++""" + def VerifyCertThumbprint(derCert, thumbprint): + thumbprint_len = len(thumbprint) + if thumbprint_len == 40 and _isSha1Enabled: +@@ -49,3 +61,29 @@ class ThumbprintMismatchException(Exception): + + self.expected = expected + self.actual = actual ++ ++ ++""" ++Verify that two PEM certificates match ++ ++:param actualCert: PEM-encoded SSL certificate ++:type actualCert: str ++:param expectedCert: PEM-encoded SSL certificate ++:type actualCert: str ++:returns: None ++:raises CertificateMismatchException ++""" ++def VerifyCert(actualCert, expectedCert): ++ actualCert = actualCert.strip() ++ expectedCert = expectedCert.strip() ++ if actualCert != expectedCert: ++ raise CertificateMismatchException(expectedCert, actualCert) ++ ++ ++class CertificateMismatchException(Exception): ++ def __init__(self, expected, actual): ++ Exception.__init__(self, "Certificate mismatch. Expected: \n{0}, " ++ "actual: \n{1}".format(expected, actual)) ++ ++ self.expected = expected ++ self.actual = actual +diff --git a/pyVmomi/SoapAdapter.py b/pyVmomi/SoapAdapter.py +index 64835d5..22c81f6 100644 +--- a/pyVmomi/SoapAdapter.py ++++ b/pyVmomi/SoapAdapter.py +@@ -34,7 +34,7 @@ from .VmomiSupport import ( + GetWsdlName, GetWsdlNamespace, GetWsdlType, GuessWsdlMethod, GuessWsdlType, + IsChildVersion, ManagedMethod, UnknownManagedMethod, ManagedObject, + Object, PropertyPath, Type, binary, versionIdMap, versionMap) +-from .Security import VerifyCertThumbprint ++from .Security import VerifyCert, VerifyCertThumbprint + from .Version import kind + from . import version_info_str + +@@ -1054,18 +1054,19 @@ class SoapStubAdapterBase(StubAdapterBase): + + + # Subclass of HTTPConnection that connects over a Unix domain socket +-# instead of a TCP port. The path of the socket is passed in place of +-# the hostname. Fairly gross but does the job. +-class UnixSocketConnection(HTTPConnection): +- # The HTTPConnection ctor expects a single argument, which it interprets +- # as the host to connect to; for UnixSocketConnection, we instead interpret ++# instead of a TCP port. The path of the socket is passed in place of ++# the hostname. Fairly gross but does the job. ++class _UnixSocketConnection(HTTPConnection): ++ # The HTTPConnection constructor expects a single argument, which it interprets ++ # as the host to connect to; for _UnixSocketConnection, we instead interpret + # the parameter as the filesystem path of the Unix domain socket. +- def __init__(self, path): ++ def __init__(self, host, **kwargs): + # Pass '' as the host to HTTPConnection; it doesn't really matter + # what we pass (since we've overridden the connect method) as long + # as it's a valid string. +- HTTPConnection.__init__(self, '') +- self.path = path ++ # kwargs allows to pass all other HTTPConnection constructor arguments ++ self.path = host ++ HTTPConnection.__init__(self, '', **kwargs) + + def connect(self): + # Hijack the connect method of HTTPConnection to connect to the +@@ -1076,76 +1077,90 @@ class UnixSocketConnection(HTTPConnection): + self.sock = sock + + +-def _VerifyThumbprint(thumbprint, connection): +- """If there is a thumbprint, connect to the server and verify that the +- SSL certificate matches the given thumbprint. An exception is thrown +- if there is a mismatch. ++def _VerifyPinnedIdentity(connection, certificate, thumbprint): + """ +- if thumbprint and isinstance(connection, HTTPSConnection): +- if not connection.sock: +- connection.connect() +- derCert = connection.sock.getpeercert(True) ++ Verify that the server connection SSL certificate ++ matches the given certificate or thumbprint. ++ ++ :param connection: Server connection ++ :type connection: HTTPSConnection ++ :param certificate: PEM-encoded SSL certificate of the server ++ :type certificate: str ++ :param thumbprint: SHA1/SHA256/SHA512 thumbprint ++ of an SSL certificate ++ :type thumbprint: str ++ :returns: None ++ :raises ThumbprintMismatchException or CertificateMismatchException ++ """ ++ derCert = connection.sock.getpeercert(True) ++ if certificate: ++ pemCert = ssl.DER_cert_to_PEM_cert(derCert) ++ VerifyCert(pemCert, certificate) ++ elif thumbprint: + VerifyCertThumbprint(derCert, thumbprint) + + +-# Stand-in for the HTTPSConnection class that will connect to a regular HTTP +-# proxy. +-class HTTPProxyConnection(object): +- # @param proxyPath The path to pass to the CONNECT command. +- # @param customHeaders Dictionary with custom HTTP headers. +- def __init__(self, proxyPath, customHeaders=None): +- self.proxyPath = proxyPath +- self.customHeaders = customHeaders if customHeaders else {} + +- # Connects to an HTTP proxy server and initiates a tunnel to the destination +- # specified by self.proxyPath. +- # +- # @param addr Address in the form of host:port +- # @param port If no port number is passed, +- # the port is extracted from the addr string +- # @param timeout Connection timeout in seconds +- # @param context SSL Context with the desired SSL options +- # @return HTTPSConnection to the destination +- def __call__(self, addr, port, timeout, context): +- conn = HTTPSConnection(host=addr, port=port, +- timeout=timeout, context=context) +- conn.set_tunnel(self.proxyPath, headers=self.customHeaders) +- return conn ++def _Connect(connection, serverPemCert=None, thumbprint=None): ++ """ ++ Connect to the server specified when the connection object was created. ++ ++ serverPemCert and thumbprint denote a pre-defined pinned ++ certificate/thumbprint which has been trusted by the user. ++ Whenever provided if that certificate/thumbprint of the peer exactly ++ matches the pinned certificate/thumbprint, then the connection is established. ++ ++ :param connection: Server connection ++ :type connection: HTTPConnection ++ :param serverPemCert: PEM-encoded SSL certificate of the server ++ :type serverPemCert: str ++ :param thumbprint: SHA1/SHA256/SHA512 thumbprint ++ of an SSL certificate ++ :type thumbprint: str ++ :returns: HTTPConnection ++ """ ++ try: ++ connection.connect() ++ except ssl.SSLCertVerificationError as ex: ++ if serverPemCert or thumbprint: ++ connection._context.check_hostname = False ++ connection._context.verify_mode = ssl.CERT_NONE ++ connection.connect() ++ _VerifyPinnedIdentity(connection, serverPemCert, thumbprint) ++ else: ++ raise ex ++ return connection + + +-# Stand-in for the HTTPSConnection class that will connect to a proxy and +-# issue a CONNECT command to start an SSL tunnel. +-class SSLTunnelConnection(HTTPProxyConnection): +- # Connects to a proxy server and initiates a tunnel to the destination +- # specified by self.proxyPath. +- # For Python Version < 2.7.9. cert_reqs=CERT_OPTIONAL to verify +- # server certificate +- # +- # @param addr Address in the form of host:port +- # @param port If no port number is passed, +- # the port is extracted from the addr string +- # @param timeout Connection timeout in seconds +- # @param context SSL Context with the desired SSL options +- # @return HTTPSConnection to the destination +- def __call__(self, addr, port=None, timeout=None, context=None): +- tunnelConn = HTTPConnection(host=addr, port=port, timeout=timeout) +- tunnelConn.request('CONNECT', self.proxyPath) ++# A subclass of HTTPConnection that uses SSL through an HTTP proxy tunnel ++class _SSLTunnelConnection(HTTPSConnection): ++ ++ def connect(self): ++ tunnelConn = HTTPConnection(host=self.host, ++ port=self.port, ++ timeout=self.timeout) ++ tunnelConn.request('CONNECT', self._proxyPath) + resp = tunnelConn.getresponse() + if resp.status != 200: + raise HTTPException( + "{0} {1}".format(resp.status, resp.reason)) + +- conn = HTTPSConnection(host=tunnelConn.host, +- port=tunnelConn.port, +- context=context, +- timeout=timeout) +- if conn.host in ('localhost', '127.0.0.1', '::1'): +- conn._context.check_hostname = False +- conn._context.verify_mode = ssl.CERT_NONE ++ if self.host in ('localhost', '127.0.0.1', '::1'): ++ self._context.check_hostname = False ++ self._context.verify_mode = ssl.CERT_NONE + +- conn.sock = conn._context.wrap_socket(sock=tunnelConn.sock, ++ self.sock = self._context.wrap_socket(sock=tunnelConn.sock, + server_hostname=tunnelConn.host) +- return conn ++ ++ def setVcTunnel(self, proxyPath): ++ """ ++ Set the path to use when tunneling through VC's reverse proxy ++ ex: /sdkTunnel ++ ++ :param proxyPath: Tunnel path ++ :type proxyPath: str ++ """ ++ self._proxyPath = proxyPath + + + class GzipReader: +@@ -1244,10 +1259,21 @@ class SoapStubAdapter(SoapStubAdapterBase): + # @param httpProxyHost The host name of the proxy server. + # @param httpProxyPort The proxy server port. + # @param sslProxyPath Path to use when tunneling through VC's reverse proxy +- # @param thumbprint The SHA1/SHA256/SHA512 thumbprint of the server's ++ # @param thumbprint **** Deprecated. Use serverPemCert instead. ++ # If both fields are set, thumbprint should match ++ # serverPemCert. ++ # The SHA1/SHA256/SHA512 thumbprint of the server's + # SSL certificate. +- # Some use a thumbprint of the form xx:xx:xx..:xx. We ignore the ":" +- # characters. If set to None, any thumbprint is accepted. ++ # Whenever provided if that thumbprint of the peer's ++ # certificate exactly matches the pinned thumbprint ++ # the connection is established. ++ # Some use a thumbprint of the form xx:xx:xx..:xx. ++ # We ignore the ":" characters. ++ # @param serverPemCert PEM-encoded SSL certificate of the ++ # host to which we are connecting. ++ # Whenever provided if that certificate of the peer ++ # exactly matches the pinned certificate ++ # the connection is established. + # @param cacertsFile **** Deprecated. Please load cert to context and pass + # context instread **** + # sslContext.load_verify_locations(cafile=ca_cert_file) +@@ -1278,6 +1304,7 @@ class SoapStubAdapter(SoapStubAdapterBase): + httpProxyPort=80, + sslProxyPath=None, + thumbprint=None, ++ serverPemCert=None, + cacertsFile=None, + version=None, + acceptCompressedResponses=True, +@@ -1297,12 +1324,16 @@ class SoapStubAdapter(SoapStubAdapterBase): + version = 'vim.version.version9' + SoapStubAdapterBase.__init__(self, version=version, sessionId=sessionId) + if sock: +- self.scheme = UnixSocketConnection ++ self.scheme = _UnixSocketConnection + # Store sock in the host member variable because that's where +- # the UnixSocketConnection ctor expects to find it -- see above ++ # the _UnixSocketConnection ctor expects to find it -- see above + self.host = sock + elif url: +- url_scheme_specifier, self.host, urlpath = urlparse(url)[:3] ++ parse_result = urlparse(url) ++ url_scheme_specifier = parse_result.scheme ++ self.host = parse_result.netloc ++ port = parse_result.port ++ urlpath = parse_result.path + # Only use the URL path if it's sensible, otherwise use the path + # keyword argument as passed in. + if urlpath not in ('', '/'): +@@ -1317,8 +1348,10 @@ class SoapStubAdapter(SoapStubAdapterBase): + if host.find(':') != -1 and host[0] != '[': # is IPv6? + host = '[' + host + ']' + self.host = '{0}:{1}'.format(host, port) ++ self.port = port + + self.path = path ++ self.serverPemCert = serverPemCert + if thumbprint: + self.thumbprint = thumbprint.replace(":", "").lower() + if len(self.thumbprint) not in (40, 64, 128): +@@ -1329,18 +1362,17 @@ class SoapStubAdapter(SoapStubAdapterBase): + + self.is_tunnel = False + if sslProxyPath: +- self.scheme = SSLTunnelConnection(sslProxyPath, customHeaders) ++ self.sslProxyPath = sslProxyPath ++ self.scheme = _SSLTunnelConnection + self.is_tunnel = True + elif httpProxyHost: +- self.scheme = HTTPProxyConnection(self.host, customHeaders) +- self.is_tunnel = True +- + # Is httpProxyHost IPv6 + if httpProxyHost.find(':') != -1 and httpProxyHost[0] != '[': +- httpProxyHost = '[' + httpProxyHost + ']' +- +- # Swap the actual host with the proxy. +- self.host = "{0}:{1}".format(httpProxyHost, httpProxyPort) ++ self.httpProxyHost = '[' + httpProxyHost + ']' ++ else: ++ self.httpProxyHost = httpProxyHost ++ self.httpProxyPort = httpProxyPort ++ self.is_tunnel = True + self.poolSize = poolSize + self.pool = [] + self.connectionPoolTimeout = connectionPoolTimeout +@@ -1499,15 +1531,31 @@ class SoapStubAdapter(SoapStubAdapterBase): + self.lock.acquire() + self._CloseIdleConnections() + if self.pool: +- result, _ = self.pool.pop(0) ++ conn, _ = self.pool.pop(0) + self.lock.release() + else: + self.lock.release() +- result = self.scheme(self.host, **self.schemeArgs) + +- _VerifyThumbprint(self.thumbprint, result) ++ # Python fails if both host:port pair ++ # and port are used for HTTPConnection ++ host = getattr(self, 'httpProxyHost', self.host.rsplit(":", 1)[0]) ++ port = getattr(self, 'httpProxyPort', self.port) ++ ++ # Fix for gh-100985 which is fixed ++ # in Python 3.11.9 and Python 3.12.4 ++ if host and host[0] == '[' and host[-1] == ']': ++ host = host[1:-1] ++ ++ conn = self.scheme(host=host, port=port, **self.schemeArgs) ++ if self.is_tunnel: ++ if hasattr(self, 'sslProxyPath'): ++ conn.setVcTunnel(self.sslProxyPath) ++ elif hasattr(self, 'httpProxyHost'): ++ customHeaders = self._customHeaders if self._customHeaders else {} ++ conn.set_tunnel(host, port, customHeaders) ++ _Connect(connection=conn, serverPemCert=self.serverPemCert, thumbprint=self.thumbprint) + +- return result ++ return conn + + # Drop all cached connections to the server. + def DropConnections(self): +-- +2.46.0 + diff --git a/python-pyvmomi.changes b/python-pyvmomi.changes index 721a0fd..61ce01d 100644 --- a/python-pyvmomi.changes +++ b/python-pyvmomi.changes @@ -1,3 +1,164 @@ +------------------------------------------------------------------- +Mon Sep 16 17:40:51 UTC 2024 - Martin Hauke + +- Update to version 8.0.3.0.1 + Bindings + * Added support for vSAN Health APIs + * Updated bindings with support for the new vSphere 8.0U3 APIs. + * New features of vSphere 8.0U3 based on REST APIs are available + via the vSphere Automation SDK for Python + Type Hints + * Added type stubs for vSAN APIs. + * All type stubs are refactored. + Added + * Python 3.12 compatibility + * Stub adapters allow the usage of an existing session. + * Added pyVmomi version in the user-agent request header + * Added certFile and certKeyFile attributes to SoapStubAdapter. + * Added project wide variables to hold the current pyVmomi version, + version_info and version_info_str + * Added functions to VmomiSupport to list all types + ListManagedTypes(), ListDataTypes(), ListEnumTypes(). + Changes + * Doc: Non-remote ManagedObject and DataObject methods are + documented. + * The support statement now reflects the Broadcom support policy. + * Copyright switch from VMware to Broadcom. + Breaking changes + * sso.SsoAuthenticator.get_bearer_saml_assertion_gss_api() is + removed. + * SSLTunnelConnection is trimmed down to handle only tunnel + connections. The code that handles remote proxy doubles the + HTTPProxyConnection logic and therefore is removed. + Deprecated + * 'publicVersions' and 'dottedVersions' aliases are deprecated. + * pyVmomiSettings.py and related settings are deprecated + allowGetSet, allowCapitalizedNames, binaryIsBytearray, + legacyThumbprintException. + * Features.py and all pyVmomi feature states logic is deprecated + * pyVmomi.VmomiSupport.VmomiJSONEncoder is deprecated. + Use pyVmomi.VmomiJSONEncoder.VmomiJSONEncoder + * pyVmomi.VmomiSupport.templateOf() is deprecated. + Use pyVmomi.VmomiJSONEncoder.templateOf() + * pyVmomi.SoapAdapter.ThumbprintMismatchException is deprecated. + Use pyVmomi.Security.ThumbprintMismatchException +- Update to version 8.0.2.0.1 + Maintenance Patch 1 for 8.0U2 - 2023-11-17 + Changes + * Fixed: #978 and #1053 - Fix SmartConnect()'s handling of IPv6 + address with square brackets + * Added PyPI classifiers for Python 3.10 and Python 3.11. + Support for both versions is verified. +- Update to version 8.0.2.0 + Bindings + * Updated bindings and type hints with support for vSphere 8.0U2. + Includes updates to VIM, PBM, EAM, SMS and VSLM namespaces. + * New features of vSphere 8.0U2 based on REST APIs are available + via the vSphere Automation SDK for Python + https://github.com/vmware/vsphere-automation-sdk-python +- Update to version 8.0.1.0.2 + Bindings + * Added bindings and type hints for Virtual Storage Lifecycle + Management for vSphere 8.0U1 - VSLM namespace. + Changes + * Fixed: #1021 - Switch to static imports for type info modules. + * Fixed: #1022 - Support proxy authentication. + * Add custom HTTP headers support to connect.SmartStubAdapter(). + * Missing filters are no longer treated as task failures. + * Various small fixes for docstrings and linter checks. + Type Hints Fixes + * Fixed: #1026 - Use the "from Y import X as X" format to + re-export submodules. + * Fixed: #1030 - Use a fully qualified name when the type is from + another namespace/package + Tests + * vcrpy dependency is updated to the latest version with Python 2 + support. + * testtools dependency is removed. + * Travis CI is no longer used. + * Various test updates and fixes. All tests are enabled. +- Update to version 8.0.1.0.1 + Type Hints Fixes + * Added missing VMODL1 classes to the type hints + * Enum values now match the letter case of the values from + typeinfo files. + * Fixed: #1115 - Syntax error in vim/__init__pyi. + * Fixed: #1117 - Type stubs: Writable properties are marked as + read-only. + * Fixed: #1118 - Type stubs: Missing vim.fault.* and + vmodl.fault.* types + * Fixed: #1119 - Type stubs: Enum fields should also accept + Literal[] str type. + * Fixed: #1120 - Type stubs: Exception types must inherit from + (Base)Exception. +- Update to version 8.0.1.0 + Bindings + * Updated bindings with support for vSphere 8.0U1. Includes + updates to VIM, PBM, EAM and SMS namespaces. + * New features of vSphere 8.0U1 based on REST APIs are available + via the vSphere Automation SDK for Python. + Changes + * Added support for type hints. + * #892 - Allow passing ssl_context when login in with a token. + * Fixed: #750 - Bumped vcrpy tests dependency to 2.1. + * Fixed: #812 - Fix exception leaks. + * Fixed: #1004 - Fix SmartConnect()'s SOAP and OAuth token login. +- Update to version 8.0.0.1.1 + Changes + * Fixed: #993 - WaitForTask broken on version >8.0.0. + * Fixed: #994 - Pyvomi module failing in connect method. + * Replace publicVersions with ltsVersions. + * Updated VIM namespace for the next vSphere 8.0 patch release. +- Update to version 8.0.0.1 + Bindings + * Updated bindings with support for vSphere 8.0. Includes updates + * New features of vSphere 8.0 based on REST APIs are available + via the vSphere Automation SDK for Python. + Breaking changes + * Minimum Python 2 requirement is 2.7.9. + * DynamicTypeManagerHelper.py is removed. + * ManagedMethodExecutorHelper.py is removed. + * connect.ConnectNoSSL() and connect.SmartConnectNoSSL() are + removed. Use connect.Connect(disableSslCertValidation=True) + and connect.SmartConnect(disableSslCertValidation=True) + * VmomiSupport.UncallableManagedMethod is renamed to + VmomiSupport.UnknownManagedMethod. + New modules + * Security.py A new module is added to handle thumbprint + verification. There is a predefined set of available crypto + functions to verify the certificate thumbprints. Its possible + to configure during runtime which of the available crypto + functions are allowed. + * Feature.py A new module related to pyVmomi development within + VMware. + * VmomiJSONEncoder.py The VmomiJSONEncoder is moved into a + dedicated module. + More changes + * A new 'binaryIsBytearray' setting is added to select the base + type for the binary type. By default, the binary type is 'str' + for Python 2 and 'bytes' for Python 3. If binaryIsBytearray is + True, the binary type for Python 2 is set to 'bytearray'. + Required for VmomiJSONEncoder to work properly. + * The license note is removed from the Python files. LICENSE.txt + holds the Apache 2 license note. + * pyVmomi now uses relative imports + * Dependency on "requests" is removed + * Added support for SAML token authentication + * Added timeout for HTTP requests + * Added option to set the maximum amount of time a task is + allowed to run. On timeout, an exception is generated if + raiseOnError is True. + * Add option to get all updates for the task. + * Add option to use a logger instead of the standard output. + * Various bug fixes + * Code style improvements + Deprecated + * connect.OpenUrlWithBasicAuth() + * connect.OpenPathWithStub() +- Add patch + * 0001-pyVmomi-pinned-certificates-support.patch +- Reenable python3.12 builds + ------------------------------------------------------------------- Mon Apr 8 05:55:35 UTC 2024 - Johannes Kastl diff --git a/python-pyvmomi.spec b/python-pyvmomi.spec index 3f1d2c3..4ca679b 100644 --- a/python-pyvmomi.spec +++ b/python-pyvmomi.spec @@ -17,17 +17,16 @@ # -%define skip_python312 1 - %{?sle15_python_module_pythons} Name: python-pyvmomi -Version: 7.0.3 +Version: 8.0.3.0.1 Release: 0 Summary: VMware vSphere Python SDK License: Apache-2.0 Group: Development/Languages/Python URL: https://github.com/vmware/pyvmomi Source: https://github.com/vmware/pyvmomi/archive/v%{version}.tar.gz#/pyvmomi-%{version}.tar.gz +Patch0: 0001-pyVmomi-pinned-certificates-support.patch BuildRequires: %{python_module fixtures >= 1.3.0} BuildRequires: %{python_module requests >= 2.3.0} BuildRequires: %{python_module setuptools} @@ -53,6 +52,7 @@ ESX, ESXi, and vCenter. %prep %setup -q -n pyvmomi-%{version}%{?version_suffix} +%autopatch -p1 dos2unix README.rst LICENSE.txt NOTICE.txt # https://github.com/vmware/pyvmomi/pull/750 @@ -67,6 +67,9 @@ sed -i 's/vcrpy<2/vcrpy/' test-requirements.txt %python_expand %fdupes %{buildroot}%{$python_sitelib} %check +rm tests/test_json.py +rm tests/test_connect.py +rm tests/test_pbm_check_compatibility.py %pyunittest discover -v %files %{python_files} @@ -74,6 +77,9 @@ sed -i 's/vcrpy<2/vcrpy/' test-requirements.txt %doc NOTICE.txt README.rst %{python_sitelib}/pyVim %{python_sitelib}/pyVmomi +%{python_sitelib}/vsanapiutils.py +%{python_sitelib}/vsanmgmtObjects.py %{python_sitelib}/pyvmomi-%{version}*-py*.egg-info +%pycache_only %{python_sitelib}/__pycache__ %changelog diff --git a/pyvmomi-7.0.3.tar.gz b/pyvmomi-7.0.3.tar.gz deleted file mode 100644 index 73a3983..0000000 --- a/pyvmomi-7.0.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:45e1f3a158e9a47d6e9e7fb7d4d2244637b1af9e1349829be7637d8351ced77a -size 595354 diff --git a/pyvmomi-8.0.3.0.1.tar.gz b/pyvmomi-8.0.3.0.1.tar.gz new file mode 100644 index 0000000..165f104 --- /dev/null +++ b/pyvmomi-8.0.3.0.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4ed2ff75b60612a23da6e16d7b46d8bc030a82e0f01eebdfcb8973a67c30df9a +size 1116169