From 754e6c11357f138b1dfdf14913a9e2c8a32f0d6b Mon Sep 17 00:00:00 2001 From: Alexander Nikitin Date: Tue, 23 Jan 2024 23:04:08 +0300 Subject: [PATCH 1/3] Issue #1930 Replaced for code based on ssl.get_server_certificate(). (#1967) Issue #1930 Replaced for code based on ssl.get_server_certificate(). SUMMARY Replaced for code based on ssl.get_server_certificate(). Fixes #1930 ISSUE TYPE Bugfix Pull Request Reviewed-by: Mario Lenz --- .../1930-fix_ssl_deprecation_function.yml | 3 +++ plugins/module_utils/vmware.py | 23 +++++++++---------- 2 files changed, 14 insertions(+), 12 deletions(-) create mode 100644 changelogs/fragments/1930-fix_ssl_deprecation_function.yml diff --git a/changelogs/fragments/1930-fix_ssl_deprecation_function.yml b/changelogs/fragments/1930-fix_ssl_deprecation_function.yml new file mode 100644 index 000000000..3aba4f2ef --- /dev/null +++ b/changelogs/fragments/1930-fix_ssl_deprecation_function.yml @@ -0,0 +1,3 @@ +bugfixes: + - module_utils/vmware.py - remove ssl.wrap_socet() function. Replaced for code based on ssl.get_server_certificate + (https://github.com/ansible-collections/community.vmware/issues/1930). diff --git a/plugins/module_utils/vmware.py b/plugins/module_utils/vmware.py index c495d0544..9ad01d253 100644 --- a/plugins/module_utils/vmware.py +++ b/plugins/module_utils/vmware.py @@ -1174,9 +1174,9 @@ def vcenter_version_at_least(self, version=None): self.module.fail_json(msg='The passed vCenter version: %s is None.' % version) def get_cert_fingerprint(self, fqdn, port, proxy_host=None, proxy_port=None): - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - sock.settimeout(1) if proxy_host: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.settimeout(1) sock.connect(( proxy_host, proxy_port)) @@ -1191,17 +1191,16 @@ def get_cert_fingerprint(self, fqdn, port, proxy_host=None, proxy_port=None): der_cert_bin = ctx.wrap_socket(sock, server_hostname=fqdn).getpeercert(True) sock.close() else: - wrapped_socket = ssl.wrap_socket(sock) try: - wrapped_socket.connect((fqdn, port)) - except socket.error as socket_error: - self.module.fail_json(msg="Cannot connect to host : %s" % socket_error) - else: - der_cert_bin = wrapped_socket.getpeercert(True) - wrapped_socket.close() - - string = str(hashlib.sha1(der_cert_bin).hexdigest()) - return ':'.join(a + b for a, b in zip(string[::2], string[1::2])) + pem = ssl.get_server_certificate((fqdn, port)) + except Exception: + self.module.fail_json(msg=f"Cannot connect to host: {fqdn}") + der_cert_bin = ssl.PEM_cert_to_DER_cert(pem) + if der_cert_bin: + string = str(hashlib.sha1(der_cert_bin).hexdigest()) + return ':'.join(a + b for a, b in zip(string[::2], string[1::2])) + else: + self.module.fail_json(msg=f"Unable to obtain certificate fingerprint for host: {fqdn}") def get_managed_objects_properties(self, vim_type, properties=None): """ From 6bde749991bc8119f0bb6efba536f5b5b4a933ec Mon Sep 17 00:00:00 2001 From: Yannik Sembritzki Date: Wed, 24 Jan 2024 17:53:21 +0100 Subject: [PATCH 2/3] Fix failure of vm reconfiguration with enabled virt_based_security (#1848) Fix failure of vm reconfiguration with enabled virt_based_security SUMMARY VM reconfiguration is currently broken when virt_based_security is configured due to checking for vbsEnabled on the wrong object. ISSUE TYPE Bugfix Pull Request COMPONENT NAME vmware_guest Reviewed-by: Mario Lenz --- .../fragments/1848-fix-vm-reconfiguration-with-enabled-vbs.yml | 3 +++ plugins/modules/vmware_guest.py | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/1848-fix-vm-reconfiguration-with-enabled-vbs.yml diff --git a/changelogs/fragments/1848-fix-vm-reconfiguration-with-enabled-vbs.yml b/changelogs/fragments/1848-fix-vm-reconfiguration-with-enabled-vbs.yml new file mode 100644 index 000000000..ae9f7e8ce --- /dev/null +++ b/changelogs/fragments/1848-fix-vm-reconfiguration-with-enabled-vbs.yml @@ -0,0 +1,3 @@ +minor_changes: + - vmware_guest - Fix failure of vm reconfiguration with enabled virt_based_security + (https://github.com/ansible-collections/community.vmware/pull/1848). diff --git a/plugins/modules/vmware_guest.py b/plugins/modules/vmware_guest.py index c0c9fde20..1f5a0a818 100644 --- a/plugins/modules/vmware_guest.py +++ b/plugins/modules/vmware_guest.py @@ -1672,7 +1672,7 @@ def configure_hardware_params(self, vm_obj): virt_based_security = self.params['hardware']['virt_based_security'] if virt_based_security is not None: - if vm_obj is None or virt_based_security != self.configspec.flags.vbsEnabled: + if vm_obj is None or virt_based_security != vm_obj.config.flags.vbsEnabled: self.change_detected = True if self.configspec.flags is None: self.configspec.flags = vim.vm.FlagInfo() From 8d998296725815a972cf59727bf5363072d12caf Mon Sep 17 00:00:00 2001 From: Mario Lenz Date: Wed, 24 Jan 2024 19:07:36 +0100 Subject: [PATCH 3/3] Fix PR 1848 changelog (#1981) Fix PR 1848 changelog SUMMARY Fix #1848 changelog. ISSUE TYPE Docs Pull Request --- .../fragments/1848-fix-vm-reconfiguration-with-enabled-vbs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/fragments/1848-fix-vm-reconfiguration-with-enabled-vbs.yml b/changelogs/fragments/1848-fix-vm-reconfiguration-with-enabled-vbs.yml index ae9f7e8ce..b8bb576c3 100644 --- a/changelogs/fragments/1848-fix-vm-reconfiguration-with-enabled-vbs.yml +++ b/changelogs/fragments/1848-fix-vm-reconfiguration-with-enabled-vbs.yml @@ -1,3 +1,3 @@ -minor_changes: +bugfixes: - vmware_guest - Fix failure of vm reconfiguration with enabled virt_based_security (https://github.com/ansible-collections/community.vmware/pull/1848).