feat: Introducing support for VMware module without SSL validation

[cristianocasella]

Hello everyone,
this PR add the support for a VMware virtual host manager skipping the TLS validation.

As many VMware are using self-signed certificate, this reduce the complexity of the setup.

Tested on Uyuni 2024.05.

This topic has been discussed also here: https://lists.opensuse.org/archives/list/[email protected]/message/EHPKTVYUEFCPR7DS5PDLEL7DI56DDO2J/

[meaksh]

Thanks for this contribution!

Let's try to avoid having duplicated code between the two VMware modules, as they share most of it.

I would consider the new VMwareNoSSL.py module file as something like:

import atexit

from gatherer.modules.VMware import VMware

    
try:
    from pyVim.connect import SmartConnectNoSSL, Disconnect
    IS_VALID = True
except ImportError as ex:
    IS_VALID = False

class VMwareNoSSL(VMware):
    def run(self):
        ...

This way we would just need to redefine the run function to use the SmartConnectNoSSL. How does this sound to you?

One more thing that would be needed here is to add this new file to be included as part of the virtual-host-gatherer-VMware subpackage: https://github.com/uyuni-project/virtual-host-gatherer/blob/master/virtual-host-gatherer/virtual-host-gatherer.spec#L152 and also a new changelog entry.

You can take some inspiration from: #5

@cristianocasella could you please consider this? Thanks!

[cristianocasella]

Hello @meaksh, really thanks for the quick feedback and reply.

I'm fine implementing the logic that you suggested, my initial concern regarding this approach is that this is silently ignoring SSL validation for everyone (or at least you lose the control on it). This could be a security issue for many users, preventing them from adopting the library/tool.

There is any "easy" way to add a flag into the UI so that we manage the SSL skip with a parameter? Instead that going for attempt?

[meaksh]

Hello @meaksh, really thanks for the quick feedback and reply.

I'm fine implementing the logic that you suggested, my initial concern regarding this approach is that this is silently ignoring SSL validation for everyone (or at least you lose the control on it). This could be a security issue for many users, preventing them from adopting the library/tool.

Hey @cristianocasella, I totally agree on your concerns, but what I'm suggesting here is to have 2 different separated modules, VMware (with SSL validation) and VMwareNoSSL (without it), each one on a different file, so the user can choose between them. It is just that most of the code for VMwareNoSSL is being reused from the VMware module.

There is any "easy" way to add a flag into the UI so that we manage the SSL skip with a parameter? Instead that going for attempt?

I was also initially thinking on introducing a parameter for the VMware module, like disable_ssl checkbox or similar. That is definetely also a valid and simpler approach but AFAIK it would requiere also some changes on the Java side, as currently all parameters are considered strings.