github.com/vmware/govmomi@v0.43.0/session/manager.go

/*
Copyright (c) 2015 VMware, Inc. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package session

import (
	"context"
	"net/url"
	"os"
	"strings"

	"github.com/vmware/govmomi/property"
	"github.com/vmware/govmomi/vim25"
	"github.com/vmware/govmomi/vim25/methods"
	"github.com/vmware/govmomi/vim25/mo"
	"github.com/vmware/govmomi/vim25/types"
)

// Locale defaults to "en_US" and can be overridden via this var or the GOVMOMI_LOCALE env var.
// A value of "_" uses the server locale setting.
var Locale = os.Getenv("GOVMOMI_LOCALE")

func init() {
	if Locale == "_" {
		Locale = ""
	} else if Locale == "" {
		Locale = "en_US"
	}
}

// Secret returns the contents if a file path value is given, otherwise returns value itself.
func Secret(value string) (string, error) {
	if len(value) == 0 {
		return value, nil
	}
	contents, err := os.ReadFile(value)
	if err != nil {
		if os.IsPermission(err) {
			return "", err
		}
		return value, nil
	}
	return strings.TrimSpace(string(contents)), nil
}

type Manager struct {
	client      *vim25.Client
	userSession *types.UserSession
}

func NewManager(client *vim25.Client) *Manager {
	m := Manager{
		client: client,
	}

	return &m
}

func (sm Manager) Reference() types.ManagedObjectReference {
	return *sm.client.ServiceContent.SessionManager
}

func (sm *Manager) SetLocale(ctx context.Context, locale string) error {
	req := types.SetLocale{
		This:   sm.Reference(),
		Locale: locale,
	}

	_, err := methods.SetLocale(ctx, sm.client, &req)
	return err
}

func (sm *Manager) Login(ctx context.Context, u *url.Userinfo) error {
	req := types.Login{
		This:   sm.Reference(),
		Locale: Locale,
	}

	if u != nil {
		req.UserName = u.Username()
		if pw, ok := u.Password(); ok {
			req.Password = pw
		}
	}

	login, err := methods.Login(ctx, sm.client, &req)
	if err != nil {
		return err
	}

	sm.userSession = &login.Returnval
	return nil
}

// LoginExtensionByCertificate uses the vCenter SDK tunnel to login using a client certificate.
// The client certificate can be set using the soap.Client.SetCertificate method.
// See: https://kb.vmware.com/s/article/2004305
func (sm *Manager) LoginExtensionByCertificate(ctx context.Context, key string) error {
	c := sm.client
	u := c.URL()
	if u.Hostname() != "sdkTunnel" {
		sc := c.Tunnel()
		c = &vim25.Client{
			Client:         sc,
			RoundTripper:   sc,
			ServiceContent: c.ServiceContent,
		}
		// When http.Transport.Proxy is used, our thumbprint checker is bypassed, resulting in:
		// "Post https://sdkTunnel:8089/sdk: x509: certificate is valid for $vcenter_hostname, not sdkTunnel"
		// The only easy way around this is to disable verification for the call to LoginExtensionByCertificate().
		// TODO: find a way to avoid disabling InsecureSkipVerify.
		c.DefaultTransport().TLSClientConfig.InsecureSkipVerify = true
	}

	req := types.LoginExtensionByCertificate{
		This:         sm.Reference(),
		ExtensionKey: key,
		Locale:       Locale,
	}

	login, err := methods.LoginExtensionByCertificate(ctx, c, &req)
	if err != nil {
		return err
	}

	// Copy the session cookie
	sm.client.Jar.SetCookies(u, c.Jar.Cookies(c.URL()))

	sm.userSession = &login.Returnval
	return nil
}

func (sm *Manager) LoginByToken(ctx context.Context) error {
	req := types.LoginByToken{
		This:   sm.Reference(),
		Locale: Locale,
	}

	login, err := methods.LoginByToken(ctx, sm.client, &req)
	if err != nil {
		return err
	}

	sm.userSession = &login.Returnval
	return nil
}

func (sm *Manager) Logout(ctx context.Context) error {
	req := types.Logout{
		This: sm.Reference(),
	}

	_, err := methods.Logout(ctx, sm.client, &req)
	if err != nil {
		return err
	}

	sm.userSession = nil
	return nil
}

// UserSession retrieves and returns the SessionManager's CurrentSession field.
// Nil is returned if the session is not authenticated.
func (sm *Manager) UserSession(ctx context.Context) (*types.UserSession, error) {
	var mgr mo.SessionManager

	pc := property.DefaultCollector(sm.client)
	err := pc.RetrieveOne(ctx, sm.Reference(), []string{"currentSession"}, &mgr)
	if err != nil {
		// It's OK if we can't retrieve properties because we're not authenticated
		if f, ok := err.(types.HasFault); ok {
			switch f.Fault().(type) {
			case *types.NotAuthenticated:
				return nil, nil
			}
		}

		return nil, err
	}

	return mgr.CurrentSession, nil
}

func (sm *Manager) TerminateSession(ctx context.Context, sessionId []string) error {
	req := types.TerminateSession{
		This:      sm.Reference(),
		SessionId: sessionId,
	}

	_, err := methods.TerminateSession(ctx, sm.client, &req)
	return err
}

// SessionIsActive checks whether the session that was created at login is
// still valid. This function only works against vCenter.
func (sm *Manager) SessionIsActive(ctx context.Context) (bool, error) {
	if sm.userSession == nil {
		return false, nil
	}

	req := types.SessionIsActive{
		This:      sm.Reference(),
		SessionID: sm.userSession.Key,
		UserName:  sm.userSession.UserName,
	}

	active, err := methods.SessionIsActive(ctx, sm.client, &req)
	if err != nil {
		return false, err
	}

	return active.Returnval, err
}

func (sm *Manager) AcquireGenericServiceTicket(ctx context.Context, spec types.BaseSessionManagerServiceRequestSpec) (*types.SessionManagerGenericServiceTicket, error) {
	req := types.AcquireGenericServiceTicket{
		This: sm.Reference(),
		Spec: spec,
	}

	res, err := methods.AcquireGenericServiceTicket(ctx, sm.client, &req)
	if err != nil {
		return nil, err
	}

	return &res.Returnval, nil
}

func (sm *Manager) AcquireLocalTicket(ctx context.Context, userName string) (*types.SessionManagerLocalTicket, error) {
	req := types.AcquireLocalTicket{
		This:     sm.Reference(),
		UserName: userName,
	}

	res, err := methods.AcquireLocalTicket(ctx, sm.client, &req)
	if err != nil {
		return nil, err
	}

	return &res.Returnval, nil
}

func (sm *Manager) AcquireCloneTicket(ctx context.Context) (string, error) {
	req := types.AcquireCloneTicket{
		This: sm.Reference(),
	}

	res, err := methods.AcquireCloneTicket(ctx, sm.client, &req)
	if err != nil {
		return "", err
	}

	return res.Returnval, nil
}

func (sm *Manager) CloneSession(ctx context.Context, ticket string) error {
	req := types.CloneSession{
		This:        sm.Reference(),
		CloneTicket: ticket,
	}

	res, err := methods.CloneSession(ctx, sm.client, &req)
	if err != nil {
		return err
	}

	sm.userSession = &res.Returnval
	return nil
}

func (sm *Manager) UpdateServiceMessage(ctx context.Context, message string) error {
	req := types.UpdateServiceMessage{
		This:    sm.Reference(),
		Message: message,
	}

	_, err := methods.UpdateServiceMessage(ctx, sm.client, &req)

	return err
}

func (sm *Manager) ImpersonateUser(ctx context.Context, name string) error {
	req := types.ImpersonateUser{
		This:     sm.Reference(),
		UserName: name,
		Locale:   Locale,
	}

	res, err := methods.ImpersonateUser(ctx, sm.client, &req)
	if err != nil {
		return err
	}

	sm.userSession = &res.Returnval
	return nil
}