[MTV-1794] Update provider vCenter validation

Signed-off-by: Jeff Puzzo <[email protected]>

Author: jpuzz0

packages/forklift-console-plugin/package.json

@@ -41,7 +41,6 @@
     "jsonpath": "^1.1.1",
     "jsrsasign": "11.1.0",
     "luxon": "^3.5.0",
-    "node-forge": "^1",
     "react": "17.0.2",
     "react-dom": "17.0.2",
     "react-i18next": "^11.14.3",

packages/forklift-console-plugin/src/modules/Providers/utils/validators/provider/providerValidator.ts

@@ -27,7 +27,7 @@ export function providerValidator(
       validationError = ovirtProviderValidator(provider);
       break;
     case 'vsphere':
-      validationError = vsphereProviderValidator(provider, subType, secret?.data?.cacert);
+      validationError = vsphereProviderValidator(provider, subType, secret);
       break;
     case 'ova':
       validationError = ovaProviderValidator(provider);

packages/forklift-console-plugin/src/modules/Providers/utils/validators/provider/vsphere/validateVCenterURL.ts

@@ -1,26 +1,9 @@
-import { pki } from 'node-forge';
+import { IoK8sApiCoreV1Secret } from '@kubev2v/types';
 
 import { safeBase64Decode } from '../../../helpers';
 import { validateIpv4, validateURL, ValidationMsg } from '../../common';
 
-export const urlMatchesCertFqdn = (urlHostname: string, caCert: string): boolean => {
-  try {
-    const decodedCaCert = safeBase64Decode(caCert);
-    const cert = pki.certificateFromPem(decodedCaCert);
-    const dnsAltName = cert.extensions
-      .find((ext) => ext.name === 'subjectAltName')
-      ?.altNames.find((altName) => altName.type === 2)?.value;
-    const commonName = cert.subject.attributes.find((attr) => attr.name === 'commonName')?.value;
-
-    return urlHostname === (dnsAltName || commonName);
-  } catch (e) {
-    console.error('Unable to parse certificate object from PEM.');
-  }
-
-  return false;
-};
-
-export const validateVCenterURL = (url: string, caCert?: string): ValidationMsg => {
+export const validateVCenterURL = (url: string, secret?: IoK8sApiCoreV1Secret): ValidationMsg => {
   // For a newly opened form where the field is not set yet, set the validation type to default.
   if (url === undefined) {
     return {
@@ -38,6 +21,8 @@ export const validateVCenterURL = (url: string, caCert?: string): ValidationMsg
   const isValidURL = validateURL(trimmedUrl);
   const urlObject = getUrlObject(url);
   const urlHostname = urlObject?.hostname;
+  const insecureSkipVerify = secret?.data?.insecureSkipVerify;
+  const isSecure = !insecureSkipVerify || safeBase64Decode(insecureSkipVerify) === 'false';
 
   if (trimmedUrl === '') {
     return {
@@ -53,18 +38,13 @@ export const validateVCenterURL = (url: string, caCert?: string): ValidationMsg
     };
   }
 
-  if (urlObject?.protocol === 'https:') {
-    if (validateIpv4(urlHostname)) {
-      return {
-        type: 'error',
-        msg: 'Invalid URL. The URL must be a fully qualified domain name (FQDN).',
-      };
-    }
+  if (isSecure) {
+    const isValidIpAddress = validateIpv4(urlHostname);
 
-    if (caCert && !urlMatchesCertFqdn(urlHostname, caCert)) {
+    if (isValidIpAddress) {
       return {
-        type: 'error',
-        msg: 'Invalid URL. The URL must be a fully qualified domain name (FQDN) and match the FQDN in the certificate you uploaded.',
+        type: 'warning',
+        msg: 'The URL is not a fully qualified domain name (FQDN). If the certificate does not match the URL, the connection might fail.',
       };
     }
   }

packages/forklift-console-plugin/src/modules/Providers/utils/validators/provider/vsphere/vsphereProviderValidator.ts

@@ -1,4 +1,5 @@
 import { V1beta1Provider } from '@kubev2v/types';
+import { IoK8sApiCoreV1Secret } from '@kubev2v/types';
 
 import { validateK8sName, validateURL, ValidationMsg } from '../../common';
 import { SecretSubType } from '../secretValidator';
@@ -9,7 +10,7 @@ import { validateVDDKImage } from './validateVDDKImage';
 export function vsphereProviderValidator(
   provider: V1beta1Provider,
   subType?: SecretSubType,
-  caCert?: string,
+  secret?: IoK8sApiCoreV1Secret,
 ): ValidationMsg {
   const name = provider?.metadata?.name;
   const url = provider?.spec?.url || '';
@@ -23,9 +24,7 @@ export function vsphereProviderValidator(
   }
 
   if (
-    subType === 'vcenter' && caCert
-      ? validateVCenterURL(url, caCert).type === 'error'
-      : !validateURL(url)
+    subType === 'vcenter' ? validateVCenterURL(url, secret).type === 'error' : !validateURL(url)
   ) {
     return { type: 'error', msg: 'invalid URL' };
   }

packages/forklift-console-plugin/src/modules/Providers/views/create/components/EditProvider.tsx

@@ -73,7 +73,7 @@ export const EditProvider: React.FC<ProvidersCreateFormProps> = ({
             <>
               <VCenterProviderCreateForm
                 provider={newProvider}
-                caCert={newSecret.data.cacert}
+                secret={newSecret}
                 onChange={onNewProviderChange}
               />
 

packages/forklift-console-plugin/src/modules/Providers/views/create/components/VCenterProviderCreateForm.tsx

@@ -8,19 +8,19 @@ import {
 import { useForkliftTranslation } from 'src/utils/i18n';
 
 import { FormGroupWithHelpText } from '@kubev2v/common';
-import { V1beta1Provider } from '@kubev2v/types';
+import { IoK8sApiCoreV1Secret, V1beta1Provider } from '@kubev2v/types';
 import { Alert, Checkbox, Form, Popover, Radio, TextInput } from '@patternfly/react-core';
 import HelpIcon from '@patternfly/react-icons/dist/esm/icons/help-icon';
 
 export interface VCenterProviderCreateFormProps {
   provider: V1beta1Provider;
-  caCert: string;
+  secret: IoK8sApiCoreV1Secret;
   onChange: (newValue: V1beta1Provider) => void;
 }
 
 export const VCenterProviderCreateForm: React.FC<VCenterProviderCreateFormProps> = ({
   provider,
-  caCert,
+  secret,
   onChange,
 }) => {
   const { t } = useForkliftTranslation();
@@ -33,7 +33,7 @@ export const VCenterProviderCreateForm: React.FC<VCenterProviderCreateFormProps>
 
   const initialState = {
     validation: {
-      url: validateVCenterURL(url, caCert),
+      url: validateVCenterURL(url, secret),
       vddkInitImage: validateVDDKImage(vddkInitImage),
     },
   };
@@ -42,9 +42,9 @@ export const VCenterProviderCreateForm: React.FC<VCenterProviderCreateFormProps>
   useEffect(() => {
     dispatch({
       type: 'SET_FIELD_VALIDATED',
-      payload: { field: 'url', validationState: validateVCenterURL(url, caCert) },
+      payload: { field: 'url', validationState: validateVCenterURL(url, secret) },
     });
-  }, [caCert]);
+  }, [secret]);
 
   const reducer = (state, action) => {
     switch (action.type) {
@@ -127,14 +127,14 @@ export const VCenterProviderCreateForm: React.FC<VCenterProviderCreateFormProps>
 
       if (id === 'url') {
         // Validate URL - VCenter of ESXi
-        const validationState = validateVCenterURL(trimmedValue, caCert);
+        const validationState = validateVCenterURL(trimmedValue, secret);
 
         dispatch({ type: 'SET_FIELD_VALIDATED', payload: { field: 'url', validationState } });
 
         onChange({ ...provider, spec: { ...provider.spec, url: trimmedValue } });
       }
     },
-    [provider, caCert],
+    [provider, secret],
   );
 
   const onClick: (event: React.MouseEvent<HTMLButtonElement, MouseEvent>) => void = (event) => {