[MTV-1794] Update provider vCenter validation

Signed-off-by: Jeff Puzzo <[email protected]>

Author: jpuzz0

packages/forklift-console-plugin/package.json

@@ -41,7 +41,6 @@
     "jsonpath": "^1.1.1",
     "jsrsasign": "11.1.0",
     "luxon": "^3.5.0",
-    "node-forge": "^1",
     "react": "17.0.2",
     "react-dom": "17.0.2",
     "react-i18next": "^11.14.3",

packages/forklift-console-plugin/src/modules/Providers/modals/EditProviderURL/EditProviderURLModal.tsx

@@ -18,6 +18,7 @@ export type EditProviderURLModalProps = Modify<
     label?: string;
     model?: K8sModel;
     jsonPath?: string | string[];
+    insecureSkipVerify?: string;
   }
 >;
 

packages/forklift-console-plugin/src/modules/Providers/modals/EditProviderURL/VSphereEditURLModal.tsx

@@ -10,18 +10,22 @@ import { EditModal, ValidationHookType } from '../EditModal';
 import { patchProviderURL } from './utils/patchProviderURL';
 import { EditProviderURLModalProps } from './EditProviderURLModal';
 
-export const VSphereEditURLModal: React.FC<EditProviderURLModalProps> = (props) => {
+export const VSphereEditURLModal: React.FC<EditProviderURLModalProps> = ({
+  title,
+  label,
+  resource: provider,
+  insecureSkipVerify,
+  ...props
+}) => {
   const { t } = useForkliftTranslation();
-  const provider = props.resource;
-
   let validationHook: ValidationHookType;
 
   // VCenter of ESXi
   const sdkEndpoint = provider?.spec?.settings?.['sdkEndpoint'] || '';
   if (sdkEndpoint === 'esxi') {
     validationHook = validateEsxiURL;
   } else {
-    validationHook = validateVCenterURL;
+    validationHook = (url) => validateVCenterURL(url, insecureSkipVerify);
   }
 
   const ModalBody = (
@@ -39,14 +43,15 @@ export const VSphereEditURLModal: React.FC<EditProviderURLModalProps> = (props)
   return (
     <EditModal
       {...props}
+      resource={provider}
       jsonPath={'spec.url'}
-      title={props?.title || t('Edit URL')}
-      label={props?.label || t('URL')}
+      title={title || t('Edit URL')}
+      label={label || t('URL')}
       model={ProviderModel}
       variant={ModalVariant.large}
       body={ModalBody}
       helperText={t(
-        'The URL of the vCenter API endpoint, for example: https://vCenter-host-example.com/sdk .',
+        'The URL of the vCenter API endpoint, for example: https://vCenter-host-example.com/sdk.',
       )}
       onConfirmHook={patchProviderURL}
       validationHook={validationHook}

packages/forklift-console-plugin/src/modules/Providers/utils/validators/provider/providerValidator.ts

@@ -27,7 +27,7 @@ export function providerValidator(
       validationError = ovirtProviderValidator(provider);
       break;
     case 'vsphere':
-      validationError = vsphereProviderValidator(provider, subType, secret?.data?.cacert);
+      validationError = vsphereProviderValidator(provider, subType, secret);
       break;
     case 'ova':
       validationError = ovaProviderValidator(provider);

packages/forklift-console-plugin/src/modules/Providers/utils/validators/provider/vsphere/validateVCenterURL.ts

@@ -1,26 +1,10 @@
-import { pki } from 'node-forge';
-
 import { safeBase64Decode } from '../../../helpers';
 import { validateIpv4, validateURL, ValidationMsg } from '../../common';
 
-export const urlMatchesCertFqdn = (urlHostname: string, caCert: string): boolean => {
-  try {
-    const decodedCaCert = safeBase64Decode(caCert);
-    const cert = pki.certificateFromPem(decodedCaCert);
-    const dnsAltName = cert.extensions
-      .find((ext) => ext.name === 'subjectAltName')
-      ?.altNames.find((altName) => altName.type === 2)?.value;
-    const commonName = cert.subject.attributes.find((attr) => attr.name === 'commonName')?.value;
-
-    return urlHostname === (dnsAltName || commonName);
-  } catch (e) {
-    console.error('Unable to parse certificate object from PEM.');
-  }
-
-  return false;
-};
-
-export const validateVCenterURL = (url: string, caCert?: string): ValidationMsg => {
+export const validateVCenterURL = (
+  url: string | number,
+  insecureSkipVerify?: string,
+): ValidationMsg => {
   // For a newly opened form where the field is not set yet, set the validation type to default.
   if (url === undefined) {
     return {
@@ -38,6 +22,7 @@ export const validateVCenterURL = (url: string, caCert?: string): ValidationMsg
   const isValidURL = validateURL(trimmedUrl);
   const urlObject = getUrlObject(url);
   const urlHostname = urlObject?.hostname;
+  const isSecure = !insecureSkipVerify || safeBase64Decode(insecureSkipVerify) === 'false';
 
   if (trimmedUrl === '') {
     return {
@@ -53,18 +38,13 @@ export const validateVCenterURL = (url: string, caCert?: string): ValidationMsg
     };
   }
 
-  if (urlObject?.protocol === 'https:') {
-    if (validateIpv4(urlHostname)) {
-      return {
-        type: 'error',
-        msg: 'Invalid URL. The URL must be a fully qualified domain name (FQDN).',
-      };
-    }
+  if (isSecure) {
+    const isValidIpAddress = validateIpv4(urlHostname);
 
-    if (caCert && !urlMatchesCertFqdn(urlHostname, caCert)) {
+    if (isValidIpAddress) {
       return {
-        type: 'error',
-        msg: 'Invalid URL. The URL must be a fully qualified domain name (FQDN) and match the FQDN in the certificate you uploaded.',
+        type: 'warning',
+        msg: 'The URL is not a fully qualified domain name (FQDN). If the certificate is not skipped and does not match the URL, the connection might fail.',
       };
     }
   }

packages/forklift-console-plugin/src/modules/Providers/utils/validators/provider/vsphere/vsphereProviderValidator.ts

@@ -1,4 +1,5 @@
 import { V1beta1Provider } from '@kubev2v/types';
+import { IoK8sApiCoreV1Secret } from '@kubev2v/types';
 
 import { validateK8sName, validateURL, ValidationMsg } from '../../common';
 import { SecretSubType } from '../secretValidator';
@@ -9,7 +10,7 @@ import { validateVDDKImage } from './validateVDDKImage';
 export function vsphereProviderValidator(
   provider: V1beta1Provider,
   subType?: SecretSubType,
-  caCert?: string,
+  secret?: IoK8sApiCoreV1Secret,
 ): ValidationMsg {
   const name = provider?.metadata?.name;
   const url = provider?.spec?.url || '';
@@ -23,8 +24,8 @@ export function vsphereProviderValidator(
   }
 
   if (
-    subType === 'vcenter' && caCert
-      ? validateVCenterURL(url, caCert).type === 'error'
+    subType === 'vcenter'
+      ? validateVCenterURL(url, secret?.data?.insecureSkipVerify).type === 'error'
       : !validateURL(url)
   ) {
     return { type: 'error', msg: 'invalid URL' };

packages/forklift-console-plugin/src/modules/Providers/views/create/components/EditProvider.tsx

@@ -73,7 +73,7 @@ export const EditProvider: React.FC<ProvidersCreateFormProps> = ({
             <>
               <VCenterProviderCreateForm
                 provider={newProvider}
-                caCert={newSecret.data.cacert}
+                secret={newSecret}
                 onChange={onNewProviderChange}
               />
 

packages/forklift-console-plugin/src/modules/Providers/views/create/components/VCenterProviderCreateForm.tsx

@@ -8,19 +8,19 @@ import {
 import { useForkliftTranslation } from 'src/utils/i18n';
 
 import { FormGroupWithHelpText } from '@kubev2v/common';
-import { V1beta1Provider } from '@kubev2v/types';
+import { IoK8sApiCoreV1Secret, V1beta1Provider } from '@kubev2v/types';
 import { Alert, Checkbox, Form, Popover, Radio, TextInput } from '@patternfly/react-core';
 import HelpIcon from '@patternfly/react-icons/dist/esm/icons/help-icon';
 
 export interface VCenterProviderCreateFormProps {
   provider: V1beta1Provider;
-  caCert: string;
+  secret: IoK8sApiCoreV1Secret;
   onChange: (newValue: V1beta1Provider) => void;
 }
 
 export const VCenterProviderCreateForm: React.FC<VCenterProviderCreateFormProps> = ({
   provider,
-  caCert,
+  secret,
   onChange,
 }) => {
   const { t } = useForkliftTranslation();
@@ -33,7 +33,7 @@ export const VCenterProviderCreateForm: React.FC<VCenterProviderCreateFormProps>
 
   const initialState = {
     validation: {
-      url: validateVCenterURL(url, caCert),
+      url: validateVCenterURL(url, secret?.data?.insecureSkipVerify),
       vddkInitImage: validateVDDKImage(vddkInitImage),
     },
   };
@@ -42,9 +42,12 @@ export const VCenterProviderCreateForm: React.FC<VCenterProviderCreateFormProps>
   useEffect(() => {
     dispatch({
       type: 'SET_FIELD_VALIDATED',
-      payload: { field: 'url', validationState: validateVCenterURL(url, caCert) },
+      payload: {
+        field: 'url',
+        validationState: validateVCenterURL(url, secret?.data?.insecureSkipVerify),
+      },
     });
-  }, [caCert]);
+  }, [secret]);
 
   const reducer = (state, action) => {
     switch (action.type) {
@@ -127,14 +130,14 @@ export const VCenterProviderCreateForm: React.FC<VCenterProviderCreateFormProps>
 
       if (id === 'url') {
         // Validate URL - VCenter of ESXi
-        const validationState = validateVCenterURL(trimmedValue, caCert);
+        const validationState = validateVCenterURL(trimmedValue, secret?.data?.insecureSkipVerify);
 
         dispatch({ type: 'SET_FIELD_VALIDATED', payload: { field: 'url', validationState } });
 
         onChange({ ...provider, spec: { ...provider.spec, url: trimmedValue } });
       }
     },
-    [provider, caCert],
+    [provider, secret],
   );
 
   const onClick: (event: React.MouseEvent<HTMLButtonElement, MouseEvent>) => void = (event) => {

packages/forklift-console-plugin/src/modules/Providers/views/details/components/DetailsSection/components/URLDetailsItem.tsx

@@ -2,6 +2,9 @@ import React from 'react';
 import { EditProviderURLModal, useModal } from 'src/modules/Providers/modals';
 import { useForkliftTranslation } from 'src/utils/i18n';
 
+import { IoK8sApiCoreV1Secret } from '@kubev2v/types';
+import { useK8sWatchResource } from '@openshift-console/dynamic-plugin-sdk';
+
 import { DetailsItem } from '../../../../../utils';
 
 import { ProviderDetailsItemProps } from './ProviderDetailsItem';
@@ -15,6 +18,13 @@ export const URLDetailsItem: React.FC<ProviderDetailsItemProps> = ({
   const { t } = useForkliftTranslation();
   const { showModal } = useModal();
 
+  const [secret] = useK8sWatchResource<IoK8sApiCoreV1Secret>({
+    groupVersionKind: { version: 'v1', kind: 'Secret' },
+    namespaced: true,
+    namespace: provider?.spec?.secret?.namespace,
+    name: provider?.spec?.secret?.name,
+  });
+
   const defaultMoreInfoLink =
     'https://docs.redhat.com/en/documentation/migration_toolkit_for_virtualization/2.7/html-single/installing_and_using_the_migration_toolkit_for_virtualization/index#adding-source-providers';
   const defaultHelpContent =
@@ -31,7 +41,13 @@ export const URLDetailsItem: React.FC<ProviderDetailsItemProps> = ({
       onEdit={
         canPatch &&
         provider?.spec?.url &&
-        (() => showModal(<EditProviderURLModal resource={provider} />))
+        (() =>
+          showModal(
+            <EditProviderURLModal
+              resource={provider}
+              insecureSkipVerify={secret?.data?.insecureSkipVerify}
+            />,
+          ))
       }
     />
   );