[MTV-1794] Update provider vCenter validation

Signed-off-by: Jeff Puzzo <[email protected]>

Author: jpuzz0

packages/forklift-console-plugin/src/modules/Providers/utils/validators/provider/providerValidator.ts

@@ -27,7 +27,7 @@ export function providerValidator(
       validationError = ovirtProviderValidator(provider);
       break;
     case 'vsphere':
-      validationError = vsphereProviderValidator(provider, subType, secret?.data?.cacert);
+      validationError = vsphereProviderValidator(provider, subType, secret);
       break;
     case 'ova':
       validationError = ovaProviderValidator(provider);

packages/forklift-console-plugin/src/modules/Providers/utils/validators/provider/vsphere/validateVCenterURL.ts

@@ -1,5 +1,7 @@
 import { pki } from 'node-forge';
 
+import { IoK8sApiCoreV1Secret } from '@kubev2v/types';
+
 import { safeBase64Decode } from '../../../helpers';
 import { validateIpv4, validateURL, ValidationMsg } from '../../common';
 
@@ -12,15 +14,15 @@ export const urlMatchesCertFqdn = (urlHostname: string, caCert: string): boolean
       ?.altNames.find((altName) => altName.type === 2)?.value;
     const commonName = cert.subject.attributes.find((attr) => attr.name === 'commonName')?.value;
 
-    return urlHostname === (dnsAltName || commonName);
+    return urlHostname === commonName || urlHostname === dnsAltName;
   } catch (e) {
     console.error('Unable to parse certificate object from PEM.');
   }
 
   return false;
 };
 
-export const validateVCenterURL = (url: string, caCert?: string): ValidationMsg => {
+export const validateVCenterURL = (url: string, secret?: IoK8sApiCoreV1Secret): ValidationMsg => {
   // For a newly opened form where the field is not set yet, set the validation type to default.
   if (url === undefined) {
     return {
@@ -38,6 +40,8 @@ export const validateVCenterURL = (url: string, caCert?: string): ValidationMsg
   const isValidURL = validateURL(trimmedUrl);
   const urlObject = getUrlObject(url);
   const urlHostname = urlObject?.hostname;
+  const insecureSkipVerify = secret?.data?.insecureSkipVerify;
+  const isSecure = !insecureSkipVerify || safeBase64Decode(insecureSkipVerify) === 'false';
 
   if (trimmedUrl === '') {
     return {
@@ -53,18 +57,21 @@ export const validateVCenterURL = (url: string, caCert?: string): ValidationMsg
     };
   }
 
-  if (urlObject?.protocol === 'https:') {
-    if (validateIpv4(urlHostname)) {
+  if (isSecure) {
+    const caCert = secret?.data?.cacert;
+    const isValidIpAddress = validateIpv4(urlHostname);
+
+    if (!isValidIpAddress && caCert && !urlMatchesCertFqdn(urlHostname, caCert)) {
       return {
         type: 'error',
-        msg: 'Invalid URL. The URL must be a fully qualified domain name (FQDN).',
+        msg: 'Invalid URL. The URL must be a fully qualified domain name (FQDN) and match the FQDN in the certificate you uploaded.',
       };
     }
 
-    if (caCert && !urlMatchesCertFqdn(urlHostname, caCert)) {
+    if (isValidIpAddress) {
       return {
-        type: 'error',
-        msg: 'Invalid URL. The URL must be a fully qualified domain name (FQDN) and match the FQDN in the certificate you uploaded.',
+        type: 'warning',
+        msg: 'The URL is not a fully qualified domain name (FQDN). If the certificate does not match the URL, the connection might fail.',
       };
     }
   }

packages/forklift-console-plugin/src/modules/Providers/utils/validators/provider/vsphere/vsphereProviderValidator.ts

@@ -1,4 +1,5 @@
 import { V1beta1Provider } from '@kubev2v/types';
+import { IoK8sApiCoreV1Secret } from '@kubev2v/types';
 
 import { validateK8sName, validateURL, ValidationMsg } from '../../common';
 import { SecretSubType } from '../secretValidator';
@@ -9,7 +10,7 @@ import { validateVDDKImage } from './validateVDDKImage';
 export function vsphereProviderValidator(
   provider: V1beta1Provider,
   subType?: SecretSubType,
-  caCert?: string,
+  secret?: IoK8sApiCoreV1Secret,
 ): ValidationMsg {
   const name = provider?.metadata?.name;
   const url = provider?.spec?.url || '';
@@ -23,9 +24,7 @@ export function vsphereProviderValidator(
   }
 
   if (
-    subType === 'vcenter' && caCert
-      ? validateVCenterURL(url, caCert).type === 'error'
-      : !validateURL(url)
+    subType === 'vcenter' ? validateVCenterURL(url, secret).type === 'error' : !validateURL(url)
   ) {
     return { type: 'error', msg: 'invalid URL' };
   }

packages/forklift-console-plugin/src/modules/Providers/views/create/components/EditProvider.tsx

@@ -73,7 +73,7 @@ export const EditProvider: React.FC<ProvidersCreateFormProps> = ({
             <>
               <VCenterProviderCreateForm
                 provider={newProvider}
-                caCert={newSecret.data.cacert}
+                secret={newSecret}
                 onChange={onNewProviderChange}
               />
 

packages/forklift-console-plugin/src/modules/Providers/views/create/components/VCenterProviderCreateForm.tsx

@@ -8,19 +8,19 @@ import {
 import { useForkliftTranslation } from 'src/utils/i18n';
 
 import { FormGroupWithHelpText } from '@kubev2v/common';
-import { V1beta1Provider } from '@kubev2v/types';
+import { IoK8sApiCoreV1Secret, V1beta1Provider } from '@kubev2v/types';
 import { Alert, Checkbox, Form, Popover, Radio, TextInput } from '@patternfly/react-core';
 import HelpIcon from '@patternfly/react-icons/dist/esm/icons/help-icon';
 
 export interface VCenterProviderCreateFormProps {
   provider: V1beta1Provider;
-  caCert: string;
+  secret: IoK8sApiCoreV1Secret;
   onChange: (newValue: V1beta1Provider) => void;
 }
 
 export const VCenterProviderCreateForm: React.FC<VCenterProviderCreateFormProps> = ({
   provider,
-  caCert,
+  secret,
   onChange,
 }) => {
   const { t } = useForkliftTranslation();
@@ -33,7 +33,7 @@ export const VCenterProviderCreateForm: React.FC<VCenterProviderCreateFormProps>
 
   const initialState = {
     validation: {
-      url: validateVCenterURL(url, caCert),
+      url: validateVCenterURL(url, secret),
       vddkInitImage: validateVDDKImage(vddkInitImage),
     },
   };
@@ -42,9 +42,9 @@ export const VCenterProviderCreateForm: React.FC<VCenterProviderCreateFormProps>
   useEffect(() => {
     dispatch({
       type: 'SET_FIELD_VALIDATED',
-      payload: { field: 'url', validationState: validateVCenterURL(url, caCert) },
+      payload: { field: 'url', validationState: validateVCenterURL(url, secret) },
     });
-  }, [caCert]);
+  }, [secret]);
 
   const reducer = (state, action) => {
     switch (action.type) {
@@ -127,14 +127,14 @@ export const VCenterProviderCreateForm: React.FC<VCenterProviderCreateFormProps>
 
       if (id === 'url') {
         // Validate URL - VCenter of ESXi
-        const validationState = validateVCenterURL(trimmedValue, caCert);
+        const validationState = validateVCenterURL(trimmedValue, secret);
 
         dispatch({ type: 'SET_FIELD_VALIDATED', payload: { field: 'url', validationState } });
 
         onChange({ ...provider, spec: { ...provider.spec, url: trimmedValue } });
       }
     },
-    [provider, caCert],
+    [provider, secret],
   );
 
   const onClick: (event: React.MouseEvent<HTMLButtonElement, MouseEvent>) => void = (event) => {