From eaaddbaf0fdeea8f0382ea8b041270b230d2a66460b0fd0dd20106e20abb6617 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= Date: Tue, 17 Sep 2024 12:44:15 +0000 Subject: [PATCH] - Update to version 8.0.3.0.1 Bindings * Added support for vSAN Health APIs * Updated bindings with support for the new vSphere 8.0U3 APIs. * New features of vSphere 8.0U3 based on REST APIs are available via the vSphere Automation SDK for Python Type Hints * Added type stubs for vSAN APIs. * All type stubs are refactored. Added * Python 3.12 compatibility * Stub adapters allow the usage of an existing session. * Added pyVmomi version in the user-agent request header * Added certFile and certKeyFile attributes to SoapStubAdapter. * Added project wide variables to hold the current pyVmomi version, version_info and version_info_str * Added functions to VmomiSupport to list all types ListManagedTypes(), ListDataTypes(), ListEnumTypes(). Changes * Doc: Non-remote ManagedObject and DataObject methods are documented. * The support statement now reflects the Broadcom support policy. * Copyright switch from VMware to Broadcom. Breaking changes * sso.SsoAuthenticator.get_bearer_saml_assertion_gss_api() is removed. * SSLTunnelConnection is trimmed down to handle only tunnel connections. The code that handles remote proxy doubles the HTTPProxyConnection logic and therefore is removed. Deprecated OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyvmomi?expand=0&rev=30 --- .gitattributes | 23 + .gitignore | 1 + ...-pyVmomi-pinned-certificates-support.patch | 528 ++++++++++++++++++ python-pyvmomi.changes | 325 +++++++++++ python-pyvmomi.spec | 85 +++ pyvmomi-7.0.3.tar.gz | 3 + pyvmomi-8.0.3.0.1.tar.gz | 3 + 7 files changed, 968 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 0001-pyVmomi-pinned-certificates-support.patch create mode 100644 python-pyvmomi.changes create mode 100644 python-pyvmomi.spec create mode 100644 pyvmomi-7.0.3.tar.gz create mode 100644 pyvmomi-8.0.3.0.1.tar.gz diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/0001-pyVmomi-pinned-certificates-support.patch b/0001-pyVmomi-pinned-certificates-support.patch new file mode 100644 index 0000000..7f11454 --- /dev/null +++ b/0001-pyVmomi-pinned-certificates-support.patch @@ -0,0 +1,528 @@ +From 9a8956f7b4a91b491e63454b3eb3c59d4abb8a31 Mon Sep 17 00:00:00 2001 +From: ddraganov +Date: Wed, 31 Jul 2024 10:56:55 +0300 +Subject: [PATCH] pyVmomi pinned certificates support + +New: +SoapStubAdapter and the connect.py wrappers now allows passing a serverPemCert parameter. +serverPemCert is an ASCII string of a PEM-encoded SSL certificate of the host to which a connection is attempted. A replacement of thumbprint. If both fields are set, thumbprint should match serverPemCert. +CertificateMismatchException is thrown when there's a mismatch. + +If the standard SSL verifications fails + if serverPemCert or thumbprint is provided try to connect with an unverified connection and try to match the peer certificate + else fail + +pyVmomi now has a single point of establishing a server connection SoapAdapter._Connect() + +Breaking changes in SoapAdapter.py: + HTTPProxyConnection is removed because it is unnecessary as the connection logic is now streamlined + SSLTunnelConnection is removed and replaced by _SSLTunnelConnection which inherits Python's standard HTTPSConnection. + UnixSocketConnection is removed and replaced by _UnixSocketConnection which inherits Python's standard HTTPConnection. +--- + pyVim/connect.py | 41 +++++++- + pyVmomi/Security.py | 38 ++++++++ + pyVmomi/SoapAdapter.py | 214 +++++++++++++++++++++++++---------------- + 3 files changed, 207 insertions(+), 86 deletions(-) + +diff --git a/pyVim/connect.py b/pyVim/connect.py +index 0609040..437065c 100644 +--- a/pyVim/connect.py ++++ b/pyVim/connect.py +@@ -211,6 +211,7 @@ def Connect(host='localhost', + httpProxyHost=None, + httpProxyPort=80, + thumbprint=None, ++ serverPemCert=None, + sslContext=None, + httpConnectionTimeout=None, + connectionPoolTimeout=CONNECTION_POOL_IDLE_TIMEOUT_SEC, +@@ -260,8 +261,17 @@ def Connect(host='localhost', + @type httpProxyHost: string + @param httpProxyPort The proxy server port. + @type httpProxyPort: int +- @param thumbprint: host cert thumbprint ++ @param thumbprint: **** Deprecated. Use serverPemCert instead. ++ If both fields are set, thumbprint should match ++ serverPemCert. ++ The SHA1/SHA256/SHA512 thumbprint of the server's ++ SSL certificate. ++ Some use a thumbprint of the form xx:xx:xx..:xx. ++ We ignore the ":" characters. + @type thumbprint: string ++ @param serverPemCert: PEM-encoded SSL certificate of the ++ host to which we are connecting. ++ @type serverPemCert: string + @param sslContext: SSL Context describing the various SSL options. It is only + supported in Python 2.7.9 or higher. + @type sslContext: SSL.Context +@@ -324,6 +334,7 @@ def Connect(host='localhost', + httpProxyHost, + httpProxyPort, + thumbprint, ++ serverPemCert, + sslContext, + httpConnectionTimeout, + connectionPoolTimeout, +@@ -395,6 +406,7 @@ def __Login(host, + httpProxyHost, + httpProxyPort, + thumbprint, ++ serverPemCert, + sslContext, + httpConnectionTimeout, + connectionPoolTimeout, +@@ -430,8 +442,17 @@ def __Login(host, + @type httpProxyHost: string + @param httpProxyPort The proxy server port. + @type httpProxyPort: int +- @param thumbprint: host cert thumbprint ++ @param thumbprint: **** Deprecated. Use serverPemCert instead. ++ If both fields are set, thumbprint should match ++ serverPemCert. ++ The SHA1/SHA256/SHA512 thumbprint of the server's ++ SSL certificate. ++ Some use a thumbprint of the form xx:xx:xx..:xx. ++ We ignore the ":" characters. + @type thumbprint: string ++ @param serverPemCert: PEM-encoded SSL certificate of the ++ host to which we are connecting. ++ @type serverPemCert: string + @param sslContext: SSL Context describing the various SSL options. It is only + supported in Python 2.7.9 or higher. + @type sslContext: SSL.Context +@@ -479,6 +500,7 @@ def __Login(host, + httpProxyHost=httpProxyHost, + httpProxyPort=httpProxyPort, + thumbprint=thumbprint, ++ serverPemCert=serverPemCert, + sslContext=sslContext, + httpConnectionTimeout=httpConnectionTimeout, + connectionPoolTimeout=connectionPoolTimeout, +@@ -814,6 +836,7 @@ def SmartStubAdapter(host='localhost', + httpProxyPort=80, + sslProxyPath=None, + thumbprint=None, ++ serverPemCert=None, + cacertsFile=None, + preferredApiVersions=None, + acceptCompressedResponses=True, +@@ -872,6 +895,7 @@ def SmartStubAdapter(host='localhost', + httpProxyPort=httpProxyPort, + sslProxyPath=sslProxyPath, + thumbprint=thumbprint, ++ serverPemCert=serverPemCert, + cacertsFile=cacertsFile, + version=supportedVersion, + acceptCompressedResponses=acceptCompressedResponses, +@@ -896,6 +920,7 @@ def SmartConnect(protocol='https', + httpProxyHost=None, + httpProxyPort=80, + thumbprint=None, ++ serverPemCert=None, + sslContext=None, + httpConnectionTimeout=None, + connectionPoolTimeout=CONNECTION_POOL_IDLE_TIMEOUT_SEC, +@@ -948,8 +973,17 @@ def SmartConnect(protocol='https', + @type httpProxyHost: string + @param httpProxyPort The proxy server port. + @type httpProxyPort: int +- @param thumbprint: host cert thumbprint ++ @param thumbprint: **** Deprecated. Use serverPemCert instead. ++ If both fields are set, thumbprint should match ++ serverPemCert. ++ The SHA1/SHA256/SHA512 thumbprint of the server's ++ SSL certificate. ++ Some use a thumbprint of the form xx:xx:xx..:xx. ++ We ignore the ":" characters. + @type thumbprint: string ++ @param serverPemCert: PEM-encoded SSL certificate of the ++ host to which we are connecting. ++ @type serverPemCert: string + @param sslContext: SSL Context describing the various SSL options. It is only + supported in Python 2.7.9 or higher. + @type sslContext: SSL.Context +@@ -1005,6 +1039,7 @@ def SmartConnect(protocol='https', + httpProxyHost=httpProxyHost, + httpProxyPort=httpProxyPort, + thumbprint=thumbprint, ++ serverPemCert=serverPemCert, + sslContext=sslContext, + httpConnectionTimeout=httpConnectionTimeout, + connectionPoolTimeout=connectionPoolTimeout, +diff --git a/pyVmomi/Security.py b/pyVmomi/Security.py +index 15309ce..a0e69fc 100644 +--- a/pyVmomi/Security.py ++++ b/pyVmomi/Security.py +@@ -4,6 +4,7 @@ + # Client security module. + + import hashlib ++import ssl + + _isSha1Enabled = True + _isSha256Enabled = True +@@ -25,6 +26,17 @@ def SetSha512Enabled(state): + _isSha512Enabled = state + + ++""" ++Verify that a thumbprint matches a certificate ++ ++:param derCert: DER-encoded SSL certificate ++:type derCert: str ++:param thumbprint: SHA1/SHA256/SHA512 thumbprint ++ of an SSL certificate ++:type thumbprint: str ++:returns: None ++:raises ThumbprintMismatchException ++""" + def VerifyCertThumbprint(derCert, thumbprint): + thumbprint_len = len(thumbprint) + if thumbprint_len == 40 and _isSha1Enabled: +@@ -49,3 +61,29 @@ class ThumbprintMismatchException(Exception): + + self.expected = expected + self.actual = actual ++ ++ ++""" ++Verify that two PEM certificates match ++ ++:param actualCert: PEM-encoded SSL certificate ++:type actualCert: str ++:param expectedCert: PEM-encoded SSL certificate ++:type actualCert: str ++:returns: None ++:raises CertificateMismatchException ++""" ++def VerifyCert(actualCert, expectedCert): ++ actualCert = actualCert.strip() ++ expectedCert = expectedCert.strip() ++ if actualCert != expectedCert: ++ raise CertificateMismatchException(expectedCert, actualCert) ++ ++ ++class CertificateMismatchException(Exception): ++ def __init__(self, expected, actual): ++ Exception.__init__(self, "Certificate mismatch. Expected: \n{0}, " ++ "actual: \n{1}".format(expected, actual)) ++ ++ self.expected = expected ++ self.actual = actual +diff --git a/pyVmomi/SoapAdapter.py b/pyVmomi/SoapAdapter.py +index 64835d5..22c81f6 100644 +--- a/pyVmomi/SoapAdapter.py ++++ b/pyVmomi/SoapAdapter.py +@@ -34,7 +34,7 @@ from .VmomiSupport import ( + GetWsdlName, GetWsdlNamespace, GetWsdlType, GuessWsdlMethod, GuessWsdlType, + IsChildVersion, ManagedMethod, UnknownManagedMethod, ManagedObject, + Object, PropertyPath, Type, binary, versionIdMap, versionMap) +-from .Security import VerifyCertThumbprint ++from .Security import VerifyCert, VerifyCertThumbprint + from .Version import kind + from . import version_info_str + +@@ -1054,18 +1054,19 @@ class SoapStubAdapterBase(StubAdapterBase): + + + # Subclass of HTTPConnection that connects over a Unix domain socket +-# instead of a TCP port. The path of the socket is passed in place of +-# the hostname. Fairly gross but does the job. +-class UnixSocketConnection(HTTPConnection): +- # The HTTPConnection ctor expects a single argument, which it interprets +- # as the host to connect to; for UnixSocketConnection, we instead interpret ++# instead of a TCP port. The path of the socket is passed in place of ++# the hostname. Fairly gross but does the job. ++class _UnixSocketConnection(HTTPConnection): ++ # The HTTPConnection constructor expects a single argument, which it interprets ++ # as the host to connect to; for _UnixSocketConnection, we instead interpret + # the parameter as the filesystem path of the Unix domain socket. +- def __init__(self, path): ++ def __init__(self, host, **kwargs): + # Pass '' as the host to HTTPConnection; it doesn't really matter + # what we pass (since we've overridden the connect method) as long + # as it's a valid string. +- HTTPConnection.__init__(self, '') +- self.path = path ++ # kwargs allows to pass all other HTTPConnection constructor arguments ++ self.path = host ++ HTTPConnection.__init__(self, '', **kwargs) + + def connect(self): + # Hijack the connect method of HTTPConnection to connect to the +@@ -1076,76 +1077,90 @@ class UnixSocketConnection(HTTPConnection): + self.sock = sock + + +-def _VerifyThumbprint(thumbprint, connection): +- """If there is a thumbprint, connect to the server and verify that the +- SSL certificate matches the given thumbprint. An exception is thrown +- if there is a mismatch. ++def _VerifyPinnedIdentity(connection, certificate, thumbprint): + """ +- if thumbprint and isinstance(connection, HTTPSConnection): +- if not connection.sock: +- connection.connect() +- derCert = connection.sock.getpeercert(True) ++ Verify that the server connection SSL certificate ++ matches the given certificate or thumbprint. ++ ++ :param connection: Server connection ++ :type connection: HTTPSConnection ++ :param certificate: PEM-encoded SSL certificate of the server ++ :type certificate: str ++ :param thumbprint: SHA1/SHA256/SHA512 thumbprint ++ of an SSL certificate ++ :type thumbprint: str ++ :returns: None ++ :raises ThumbprintMismatchException or CertificateMismatchException ++ """ ++ derCert = connection.sock.getpeercert(True) ++ if certificate: ++ pemCert = ssl.DER_cert_to_PEM_cert(derCert) ++ VerifyCert(pemCert, certificate) ++ elif thumbprint: + VerifyCertThumbprint(derCert, thumbprint) + + +-# Stand-in for the HTTPSConnection class that will connect to a regular HTTP +-# proxy. +-class HTTPProxyConnection(object): +- # @param proxyPath The path to pass to the CONNECT command. +- # @param customHeaders Dictionary with custom HTTP headers. +- def __init__(self, proxyPath, customHeaders=None): +- self.proxyPath = proxyPath +- self.customHeaders = customHeaders if customHeaders else {} + +- # Connects to an HTTP proxy server and initiates a tunnel to the destination +- # specified by self.proxyPath. +- # +- # @param addr Address in the form of host:port +- # @param port If no port number is passed, +- # the port is extracted from the addr string +- # @param timeout Connection timeout in seconds +- # @param context SSL Context with the desired SSL options +- # @return HTTPSConnection to the destination +- def __call__(self, addr, port, timeout, context): +- conn = HTTPSConnection(host=addr, port=port, +- timeout=timeout, context=context) +- conn.set_tunnel(self.proxyPath, headers=self.customHeaders) +- return conn ++def _Connect(connection, serverPemCert=None, thumbprint=None): ++ """ ++ Connect to the server specified when the connection object was created. ++ ++ serverPemCert and thumbprint denote a pre-defined pinned ++ certificate/thumbprint which has been trusted by the user. ++ Whenever provided if that certificate/thumbprint of the peer exactly ++ matches the pinned certificate/thumbprint, then the connection is established. ++ ++ :param connection: Server connection ++ :type connection: HTTPConnection ++ :param serverPemCert: PEM-encoded SSL certificate of the server ++ :type serverPemCert: str ++ :param thumbprint: SHA1/SHA256/SHA512 thumbprint ++ of an SSL certificate ++ :type thumbprint: str ++ :returns: HTTPConnection ++ """ ++ try: ++ connection.connect() ++ except ssl.SSLCertVerificationError as ex: ++ if serverPemCert or thumbprint: ++ connection._context.check_hostname = False ++ connection._context.verify_mode = ssl.CERT_NONE ++ connection.connect() ++ _VerifyPinnedIdentity(connection, serverPemCert, thumbprint) ++ else: ++ raise ex ++ return connection + + +-# Stand-in for the HTTPSConnection class that will connect to a proxy and +-# issue a CONNECT command to start an SSL tunnel. +-class SSLTunnelConnection(HTTPProxyConnection): +- # Connects to a proxy server and initiates a tunnel to the destination +- # specified by self.proxyPath. +- # For Python Version < 2.7.9. cert_reqs=CERT_OPTIONAL to verify +- # server certificate +- # +- # @param addr Address in the form of host:port +- # @param port If no port number is passed, +- # the port is extracted from the addr string +- # @param timeout Connection timeout in seconds +- # @param context SSL Context with the desired SSL options +- # @return HTTPSConnection to the destination +- def __call__(self, addr, port=None, timeout=None, context=None): +- tunnelConn = HTTPConnection(host=addr, port=port, timeout=timeout) +- tunnelConn.request('CONNECT', self.proxyPath) ++# A subclass of HTTPConnection that uses SSL through an HTTP proxy tunnel ++class _SSLTunnelConnection(HTTPSConnection): ++ ++ def connect(self): ++ tunnelConn = HTTPConnection(host=self.host, ++ port=self.port, ++ timeout=self.timeout) ++ tunnelConn.request('CONNECT', self._proxyPath) + resp = tunnelConn.getresponse() + if resp.status != 200: + raise HTTPException( + "{0} {1}".format(resp.status, resp.reason)) + +- conn = HTTPSConnection(host=tunnelConn.host, +- port=tunnelConn.port, +- context=context, +- timeout=timeout) +- if conn.host in ('localhost', '127.0.0.1', '::1'): +- conn._context.check_hostname = False +- conn._context.verify_mode = ssl.CERT_NONE ++ if self.host in ('localhost', '127.0.0.1', '::1'): ++ self._context.check_hostname = False ++ self._context.verify_mode = ssl.CERT_NONE + +- conn.sock = conn._context.wrap_socket(sock=tunnelConn.sock, ++ self.sock = self._context.wrap_socket(sock=tunnelConn.sock, + server_hostname=tunnelConn.host) +- return conn ++ ++ def setVcTunnel(self, proxyPath): ++ """ ++ Set the path to use when tunneling through VC's reverse proxy ++ ex: /sdkTunnel ++ ++ :param proxyPath: Tunnel path ++ :type proxyPath: str ++ """ ++ self._proxyPath = proxyPath + + + class GzipReader: +@@ -1244,10 +1259,21 @@ class SoapStubAdapter(SoapStubAdapterBase): + # @param httpProxyHost The host name of the proxy server. + # @param httpProxyPort The proxy server port. + # @param sslProxyPath Path to use when tunneling through VC's reverse proxy +- # @param thumbprint The SHA1/SHA256/SHA512 thumbprint of the server's ++ # @param thumbprint **** Deprecated. Use serverPemCert instead. ++ # If both fields are set, thumbprint should match ++ # serverPemCert. ++ # The SHA1/SHA256/SHA512 thumbprint of the server's + # SSL certificate. +- # Some use a thumbprint of the form xx:xx:xx..:xx. We ignore the ":" +- # characters. If set to None, any thumbprint is accepted. ++ # Whenever provided if that thumbprint of the peer's ++ # certificate exactly matches the pinned thumbprint ++ # the connection is established. ++ # Some use a thumbprint of the form xx:xx:xx..:xx. ++ # We ignore the ":" characters. ++ # @param serverPemCert PEM-encoded SSL certificate of the ++ # host to which we are connecting. ++ # Whenever provided if that certificate of the peer ++ # exactly matches the pinned certificate ++ # the connection is established. + # @param cacertsFile **** Deprecated. Please load cert to context and pass + # context instread **** + # sslContext.load_verify_locations(cafile=ca_cert_file) +@@ -1278,6 +1304,7 @@ class SoapStubAdapter(SoapStubAdapterBase): + httpProxyPort=80, + sslProxyPath=None, + thumbprint=None, ++ serverPemCert=None, + cacertsFile=None, + version=None, + acceptCompressedResponses=True, +@@ -1297,12 +1324,16 @@ class SoapStubAdapter(SoapStubAdapterBase): + version = 'vim.version.version9' + SoapStubAdapterBase.__init__(self, version=version, sessionId=sessionId) + if sock: +- self.scheme = UnixSocketConnection ++ self.scheme = _UnixSocketConnection + # Store sock in the host member variable because that's where +- # the UnixSocketConnection ctor expects to find it -- see above ++ # the _UnixSocketConnection ctor expects to find it -- see above + self.host = sock + elif url: +- url_scheme_specifier, self.host, urlpath = urlparse(url)[:3] ++ parse_result = urlparse(url) ++ url_scheme_specifier = parse_result.scheme ++ self.host = parse_result.netloc ++ port = parse_result.port ++ urlpath = parse_result.path + # Only use the URL path if it's sensible, otherwise use the path + # keyword argument as passed in. + if urlpath not in ('', '/'): +@@ -1317,8 +1348,10 @@ class SoapStubAdapter(SoapStubAdapterBase): + if host.find(':') != -1 and host[0] != '[': # is IPv6? + host = '[' + host + ']' + self.host = '{0}:{1}'.format(host, port) ++ self.port = port + + self.path = path ++ self.serverPemCert = serverPemCert + if thumbprint: + self.thumbprint = thumbprint.replace(":", "").lower() + if len(self.thumbprint) not in (40, 64, 128): +@@ -1329,18 +1362,17 @@ class SoapStubAdapter(SoapStubAdapterBase): + + self.is_tunnel = False + if sslProxyPath: +- self.scheme = SSLTunnelConnection(sslProxyPath, customHeaders) ++ self.sslProxyPath = sslProxyPath ++ self.scheme = _SSLTunnelConnection + self.is_tunnel = True + elif httpProxyHost: +- self.scheme = HTTPProxyConnection(self.host, customHeaders) +- self.is_tunnel = True +- + # Is httpProxyHost IPv6 + if httpProxyHost.find(':') != -1 and httpProxyHost[0] != '[': +- httpProxyHost = '[' + httpProxyHost + ']' +- +- # Swap the actual host with the proxy. +- self.host = "{0}:{1}".format(httpProxyHost, httpProxyPort) ++ self.httpProxyHost = '[' + httpProxyHost + ']' ++ else: ++ self.httpProxyHost = httpProxyHost ++ self.httpProxyPort = httpProxyPort ++ self.is_tunnel = True + self.poolSize = poolSize + self.pool = [] + self.connectionPoolTimeout = connectionPoolTimeout +@@ -1499,15 +1531,31 @@ class SoapStubAdapter(SoapStubAdapterBase): + self.lock.acquire() + self._CloseIdleConnections() + if self.pool: +- result, _ = self.pool.pop(0) ++ conn, _ = self.pool.pop(0) + self.lock.release() + else: + self.lock.release() +- result = self.scheme(self.host, **self.schemeArgs) + +- _VerifyThumbprint(self.thumbprint, result) ++ # Python fails if both host:port pair ++ # and port are used for HTTPConnection ++ host = getattr(self, 'httpProxyHost', self.host.rsplit(":", 1)[0]) ++ port = getattr(self, 'httpProxyPort', self.port) ++ ++ # Fix for gh-100985 which is fixed ++ # in Python 3.11.9 and Python 3.12.4 ++ if host and host[0] == '[' and host[-1] == ']': ++ host = host[1:-1] ++ ++ conn = self.scheme(host=host, port=port, **self.schemeArgs) ++ if self.is_tunnel: ++ if hasattr(self, 'sslProxyPath'): ++ conn.setVcTunnel(self.sslProxyPath) ++ elif hasattr(self, 'httpProxyHost'): ++ customHeaders = self._customHeaders if self._customHeaders else {} ++ conn.set_tunnel(host, port, customHeaders) ++ _Connect(connection=conn, serverPemCert=self.serverPemCert, thumbprint=self.thumbprint) + +- return result ++ return conn + + # Drop all cached connections to the server. + def DropConnections(self): +-- +2.46.0 + diff --git a/python-pyvmomi.changes b/python-pyvmomi.changes new file mode 100644 index 0000000..61ce01d --- /dev/null +++ b/python-pyvmomi.changes @@ -0,0 +1,325 @@ +------------------------------------------------------------------- +Mon Sep 16 17:40:51 UTC 2024 - Martin Hauke + +- Update to version 8.0.3.0.1 + Bindings + * Added support for vSAN Health APIs + * Updated bindings with support for the new vSphere 8.0U3 APIs. + * New features of vSphere 8.0U3 based on REST APIs are available + via the vSphere Automation SDK for Python + Type Hints + * Added type stubs for vSAN APIs. + * All type stubs are refactored. + Added + * Python 3.12 compatibility + * Stub adapters allow the usage of an existing session. + * Added pyVmomi version in the user-agent request header + * Added certFile and certKeyFile attributes to SoapStubAdapter. + * Added project wide variables to hold the current pyVmomi version, + version_info and version_info_str + * Added functions to VmomiSupport to list all types + ListManagedTypes(), ListDataTypes(), ListEnumTypes(). + Changes + * Doc: Non-remote ManagedObject and DataObject methods are + documented. + * The support statement now reflects the Broadcom support policy. + * Copyright switch from VMware to Broadcom. + Breaking changes + * sso.SsoAuthenticator.get_bearer_saml_assertion_gss_api() is + removed. + * SSLTunnelConnection is trimmed down to handle only tunnel + connections. The code that handles remote proxy doubles the + HTTPProxyConnection logic and therefore is removed. + Deprecated + * 'publicVersions' and 'dottedVersions' aliases are deprecated. + * pyVmomiSettings.py and related settings are deprecated + allowGetSet, allowCapitalizedNames, binaryIsBytearray, + legacyThumbprintException. + * Features.py and all pyVmomi feature states logic is deprecated + * pyVmomi.VmomiSupport.VmomiJSONEncoder is deprecated. + Use pyVmomi.VmomiJSONEncoder.VmomiJSONEncoder + * pyVmomi.VmomiSupport.templateOf() is deprecated. + Use pyVmomi.VmomiJSONEncoder.templateOf() + * pyVmomi.SoapAdapter.ThumbprintMismatchException is deprecated. + Use pyVmomi.Security.ThumbprintMismatchException +- Update to version 8.0.2.0.1 + Maintenance Patch 1 for 8.0U2 - 2023-11-17 + Changes + * Fixed: #978 and #1053 - Fix SmartConnect()'s handling of IPv6 + address with square brackets + * Added PyPI classifiers for Python 3.10 and Python 3.11. + Support for both versions is verified. +- Update to version 8.0.2.0 + Bindings + * Updated bindings and type hints with support for vSphere 8.0U2. + Includes updates to VIM, PBM, EAM, SMS and VSLM namespaces. + * New features of vSphere 8.0U2 based on REST APIs are available + via the vSphere Automation SDK for Python + https://github.com/vmware/vsphere-automation-sdk-python +- Update to version 8.0.1.0.2 + Bindings + * Added bindings and type hints for Virtual Storage Lifecycle + Management for vSphere 8.0U1 - VSLM namespace. + Changes + * Fixed: #1021 - Switch to static imports for type info modules. + * Fixed: #1022 - Support proxy authentication. + * Add custom HTTP headers support to connect.SmartStubAdapter(). + * Missing filters are no longer treated as task failures. + * Various small fixes for docstrings and linter checks. + Type Hints Fixes + * Fixed: #1026 - Use the "from Y import X as X" format to + re-export submodules. + * Fixed: #1030 - Use a fully qualified name when the type is from + another namespace/package + Tests + * vcrpy dependency is updated to the latest version with Python 2 + support. + * testtools dependency is removed. + * Travis CI is no longer used. + * Various test updates and fixes. All tests are enabled. +- Update to version 8.0.1.0.1 + Type Hints Fixes + * Added missing VMODL1 classes to the type hints + * Enum values now match the letter case of the values from + typeinfo files. + * Fixed: #1115 - Syntax error in vim/__init__pyi. + * Fixed: #1117 - Type stubs: Writable properties are marked as + read-only. + * Fixed: #1118 - Type stubs: Missing vim.fault.* and + vmodl.fault.* types + * Fixed: #1119 - Type stubs: Enum fields should also accept + Literal[] str type. + * Fixed: #1120 - Type stubs: Exception types must inherit from + (Base)Exception. +- Update to version 8.0.1.0 + Bindings + * Updated bindings with support for vSphere 8.0U1. Includes + updates to VIM, PBM, EAM and SMS namespaces. + * New features of vSphere 8.0U1 based on REST APIs are available + via the vSphere Automation SDK for Python. + Changes + * Added support for type hints. + * #892 - Allow passing ssl_context when login in with a token. + * Fixed: #750 - Bumped vcrpy tests dependency to 2.1. + * Fixed: #812 - Fix exception leaks. + * Fixed: #1004 - Fix SmartConnect()'s SOAP and OAuth token login. +- Update to version 8.0.0.1.1 + Changes + * Fixed: #993 - WaitForTask broken on version >8.0.0. + * Fixed: #994 - Pyvomi module failing in connect method. + * Replace publicVersions with ltsVersions. + * Updated VIM namespace for the next vSphere 8.0 patch release. +- Update to version 8.0.0.1 + Bindings + * Updated bindings with support for vSphere 8.0. Includes updates + * New features of vSphere 8.0 based on REST APIs are available + via the vSphere Automation SDK for Python. + Breaking changes + * Minimum Python 2 requirement is 2.7.9. + * DynamicTypeManagerHelper.py is removed. + * ManagedMethodExecutorHelper.py is removed. + * connect.ConnectNoSSL() and connect.SmartConnectNoSSL() are + removed. Use connect.Connect(disableSslCertValidation=True) + and connect.SmartConnect(disableSslCertValidation=True) + * VmomiSupport.UncallableManagedMethod is renamed to + VmomiSupport.UnknownManagedMethod. + New modules + * Security.py A new module is added to handle thumbprint + verification. There is a predefined set of available crypto + functions to verify the certificate thumbprints. Its possible + to configure during runtime which of the available crypto + functions are allowed. + * Feature.py A new module related to pyVmomi development within + VMware. + * VmomiJSONEncoder.py The VmomiJSONEncoder is moved into a + dedicated module. + More changes + * A new 'binaryIsBytearray' setting is added to select the base + type for the binary type. By default, the binary type is 'str' + for Python 2 and 'bytes' for Python 3. If binaryIsBytearray is + True, the binary type for Python 2 is set to 'bytearray'. + Required for VmomiJSONEncoder to work properly. + * The license note is removed from the Python files. LICENSE.txt + holds the Apache 2 license note. + * pyVmomi now uses relative imports + * Dependency on "requests" is removed + * Added support for SAML token authentication + * Added timeout for HTTP requests + * Added option to set the maximum amount of time a task is + allowed to run. On timeout, an exception is generated if + raiseOnError is True. + * Add option to get all updates for the task. + * Add option to use a logger instead of the standard output. + * Various bug fixes + * Code style improvements + Deprecated + * connect.OpenUrlWithBasicAuth() + * connect.OpenPathWithStub() +- Add patch + * 0001-pyVmomi-pinned-certificates-support.patch +- Reenable python3.12 builds + +------------------------------------------------------------------- +Mon Apr 8 05:55:35 UTC 2024 - Johannes Kastl + +- add sle15 macro; disable python3.12 builds + +------------------------------------------------------------------- +Thu Apr 14 06:43:18 UTC 2022 - pgajdos@suse.com + +- python-mock is not required for build + +------------------------------------------------------------------- +Mon Oct 25 20:06:37 UTC 2021 - Martin Hauke + +- Update to version 7.0.3 + * Added new bindings to support vSphere 7.0U3. Includes updates + to VIM, PBM, EAM and SMS namespaces. + * New features of vSphere 7.0U3 based on REST APIs are available + via the vSphere Automation SDK for Python. + * Outdated samples are removed. Community samples project: + https://github.com/vmware/pyvmomi-community-samples + * Bindings files are renamed to _typeinfo_{namespace}.py + * "stable" version alias is removed + * "public" version alias is renamed to "LTS" + +------------------------------------------------------------------- +Fri May 28 10:00:57 UTC 2021 - pgajdos@suse.com + +- %check: use %pyunittest rpm macro + +------------------------------------------------------------------- +Fri Apr 9 17:21:04 UTC 2021 - Martin Hauke + +- Update to version 7.0.2 + * Added new bindings to support vSphere 7.0U2. Includes updates + to VIM, PBM, EAM and SMS namespaces. For details, refer + “What’s New in vSphere API 7.0U2?” section in the API + reference guide: https://code.vmware.com/apis/1131/vsphere + +------------------------------------------------------------------- +Sat Oct 31 09:59:23 UTC 2020 - Martin Hauke + +- update to version 7.0.1 + * Added new bindings to support vSphere 7.0U1. Includes updates + to VIM, PBM, and EAM namespaces. For details, refer “What’s + New in vSphere API 7.0U1?” section in the API reference guide: + https://code.vmware.com/apis/1067/vsphere + * New features of vSphere 7.0U1 based on REST APIs are available + via the vSphere Automation SDK for Python: + https://github.com/vmware/vsphere-automation-sdk-python +- Switch to github source url + +------------------------------------------------------------------- +Tue Apr 14 12:26:49 UTC 2020 - Martin Hauke + +- update to version 7.0 + * Added new bindings to support vSphere 7.0. For details, refer + "What’s New in vSphere API 7.0?" section in the API reference + guide: https://code.vmware.com/apis/968/vsphere + * New features of vSphere 7.0 based on REST APIs are available + via the vSphere Automation SDK for Python: + https://github.com/vmware/vsphere-automation-sdk-python + +------------------------------------------------------------------- +Sun Sep 15 13:47:46 UTC 2019 - John Vandenberg + +- Add runtime recommends for pyOpenSSL and lxml, needed for SSO support +- Update to v6.7.3 + * Publish new bindings to support vSphere 6.7 Update 3 Release + * Add sso.py to support get bearer/hok token from sso server + * pydoc support Fix + * httpProxy Support Fix + * Changes to VmomiSupport to handle API versions +- Convert line endings on README.rst +- Drop python-pyvmomi-fix-incompatibility-with-vcrpy2.patch as the + vcrpy fix has been released + +------------------------------------------------------------------- +Sat Dec 29 16:24:24 UTC 2018 - mardnh@gmx.de + +- Update to version 6.7.1.2018.12 + * Support JSON encoding for pyVmomi objects + * Fix vcrpy hardening in test-requirements. Support versions < 2.0 + * Delete deprecated Docs folder +- Add patch: + * python-pyvmomi-fix-incompatibility-with-vcrpy2.patch + +------------------------------------------------------------------- +Tue Dec 4 12:53:21 UTC 2018 - Matej Cepl + +- Remove superfluous devel dependency for noarch package + +------------------------------------------------------------------- +Wed Nov 21 13:15:48 UTC 2018 - Santiago Zarate + +_ Update to version 6.7.1 + * Publish new bindings to support vSphere 6.7 Update 1 Release + * Newer features are available via the new vSphere Automation SDK for Python + +------------------------------------------------------------------- +Wed Apr 18 17:58:09 UTC 2018 - mardnh@gmx.de + +- Update to version 6.7 + * Publish new bindings to support vSphere 6.7 +- Change URL to download sources from github +- Remove hotfix macro +- Enable tests + +------------------------------------------------------------------- +Sat Mar 3 18:41:57 UTC 2018 - arun@gmx.de + +- specfile: + * update copyright year + * don't use python_module for Requires + +------------------------------------------------------------------- +Wed Nov 29 15:01:48 UTC 2017 - boris@steki.net + +- updated to release v6.5.0.2017.5-1 + + Fix SoapAdapter serializer to support serializing unicode chars + + Remove custom getattr in _HTTPSConnection + + Add user-agent header when connecting to vsphere +- moved to single spec logic to build py2 and py3 package + +------------------------------------------------------------------- +Sun Jan 15 11:57:13 UTC 2017 - hpj@urpla.net + +- fix build: add python-fixtures to build dependencies + +------------------------------------------------------------------- +Thu Jan 12 19:30:55 UTC 2017 - mardnh@gmx.de + +- Update to version 6.5 + * Spec bump to support vSphere 6.5. + * Include EAM bindings to support vSphere EAM service. + * Fixed server thumbprint verification. + * Fixed sslcontext creation in sample code. + +------------------------------------------------------------------- +Sun Sep 18 12:40:36 UTC 2016 - mardnh@gmx.de + +- Update to version 6.0.0.2016.4 + * Python3 related bug fixes. + * Include task.py utility class. +- Changes from version 6.0.0 + * Spec bump to support vSphere 6.0 server objects and types + vSphere 6.0 U1 spec is used + * New ssl context parameter in Connect.py and SoapAdapter.py to + support passing various ssl options while connecting to vSphere. + * Drop python 2.6 support. + * Critical bug fixes. +- Remove patch: pyvmomi-git20141104-new.diff (fixed upstream) +- Fix Source-Url + +------------------------------------------------------------------- +Wed May 13 15:03:26 UTC 2015 - mc@suse.com + +- add requires for python-six and python-requests + +------------------------------------------------------------------- +Tue Nov 4 17:28:19 UTC 2014 - hpj@urpla.net + +- version 5.5.0.2014.1.1: initial build +- apply asorted fixes from todays git tree + diff --git a/python-pyvmomi.spec b/python-pyvmomi.spec new file mode 100644 index 0000000..4ca679b --- /dev/null +++ b/python-pyvmomi.spec @@ -0,0 +1,85 @@ +# +# spec file for package python-pyvmomi +# +# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2014 LISA GmbH, Bingen, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{?sle15_python_module_pythons} +Name: python-pyvmomi +Version: 8.0.3.0.1 +Release: 0 +Summary: VMware vSphere Python SDK +License: Apache-2.0 +Group: Development/Languages/Python +URL: https://github.com/vmware/pyvmomi +Source: https://github.com/vmware/pyvmomi/archive/v%{version}.tar.gz#/pyvmomi-%{version}.tar.gz +Patch0: 0001-pyVmomi-pinned-certificates-support.patch +BuildRequires: %{python_module fixtures >= 1.3.0} +BuildRequires: %{python_module requests >= 2.3.0} +BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module six >= 1.7.3} +BuildRequires: dos2unix +BuildRequires: fdupes +BuildRequires: python-rpm-macros +# SECTION test requirements +BuildRequires: %{python_module testtools >= 0.9.34} +BuildRequires: %{python_module tox} +BuildRequires: %{python_module vcrpy} +# /SECTION +Requires: python-requests >= 2.3.0 +Requires: python-six >= 1.7.3 +Recommends: python-lxml +Recommends: python-pyOpenSSL +BuildArch: noarch +%python_subpackages + +%description +pyVmomi is the Python SDK for the VMware vSphere API that allows you to manage +ESX, ESXi, and vCenter. + +%prep +%setup -q -n pyvmomi-%{version}%{?version_suffix} +%autopatch -p1 +dos2unix README.rst LICENSE.txt NOTICE.txt + +# https://github.com/vmware/pyvmomi/pull/750 +# Unpin vcrpy; the fix was released +sed -i 's/vcrpy<2/vcrpy/' test-requirements.txt + +%build +%python_build + +%install +%python_install +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%check +rm tests/test_json.py +rm tests/test_connect.py +rm tests/test_pbm_check_compatibility.py +%pyunittest discover -v + +%files %{python_files} +%license LICENSE.txt +%doc NOTICE.txt README.rst +%{python_sitelib}/pyVim +%{python_sitelib}/pyVmomi +%{python_sitelib}/vsanapiutils.py +%{python_sitelib}/vsanmgmtObjects.py +%{python_sitelib}/pyvmomi-%{version}*-py*.egg-info +%pycache_only %{python_sitelib}/__pycache__ + +%changelog diff --git a/pyvmomi-7.0.3.tar.gz b/pyvmomi-7.0.3.tar.gz new file mode 100644 index 0000000..73a3983 --- /dev/null +++ b/pyvmomi-7.0.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:45e1f3a158e9a47d6e9e7fb7d4d2244637b1af9e1349829be7637d8351ced77a +size 595354 diff --git a/pyvmomi-8.0.3.0.1.tar.gz b/pyvmomi-8.0.3.0.1.tar.gz new file mode 100644 index 0000000..165f104 --- /dev/null +++ b/pyvmomi-8.0.3.0.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4ed2ff75b60612a23da6e16d7b46d8bc030a82e0f01eebdfcb8973a67c30df9a +size 1116169