From b83028325c166a28eea8c87eeb2d11fcaab1342d Mon Sep 17 00:00:00 2001
From: Maria Ntalla <mntalla@pivotal.io>
Date: Wed, 6 Jun 2018 14:26:46 +0100
Subject: [PATCH] Introduce thumbprints per vcenter

---
 .../providers/vsphere/vclib/connection.go     |  1 +
 .../providers/vsphere/vsphere.go              |  7 +++
 .../providers/vsphere/vsphere_test.go         | 56 ++++++++++++++++++-
 3 files changed, 62 insertions(+), 2 deletions(-)

diff --git a/pkg/cloudprovider/providers/vsphere/vclib/connection.go b/pkg/cloudprovider/providers/vsphere/vclib/connection.go
index d8166377ffc..e56aaa41b16 100644
--- a/pkg/cloudprovider/providers/vsphere/vclib/connection.go
+++ b/pkg/cloudprovider/providers/vsphere/vclib/connection.go
@@ -43,6 +43,7 @@ type VSphereConnection struct {
 	Hostname          string
 	Port              string
 	CACert            string
+	Thumbprint        string
 	Insecure          bool
 	RoundTripperCount uint
 	credentialsLock   sync.Mutex
diff --git a/pkg/cloudprovider/providers/vsphere/vsphere.go b/pkg/cloudprovider/providers/vsphere/vsphere.go
index af1408a4eed..a8490555ba8 100644
--- a/pkg/cloudprovider/providers/vsphere/vsphere.go
+++ b/pkg/cloudprovider/providers/vsphere/vsphere.go
@@ -103,6 +103,8 @@ type VirtualCenterConfig struct {
 	Datacenters string `gcfg:"datacenters"`
 	// Soap round tripper count (retries = RoundTripper - 1)
 	RoundTripperCount uint `gcfg:"soap-roundtrip-count"`
+	// Thumbprint of the VCenter's certificate thumbprint
+	Thumbprint string `gcfg:"thumbprint"`
 }
 
 // Structure that represents the content of vsphere.conf file.
@@ -124,6 +126,8 @@ type VSphereConfig struct {
 		// Specifies the path to a CA certificate in PEM format. Optional; if not
 		// configured, the system's CA certificates will be used.
 		CAFile string `gcfg:"ca-file"`
+		// Thumbprint of the VCenter's certificate thumbprint
+		Thumbprint string `gcfg:"thumbprint"`
 		// Datacenter in which VMs are located.
 		// Deprecated. Use "datacenters" instead.
 		Datacenter string `gcfg:"datacenter"`
@@ -337,6 +341,7 @@ func populateVsphereInstanceMap(cfg *VSphereConfig) (map[string]*VSphereInstance
 			VCenterPort:       cfg.Global.VCenterPort,
 			Datacenters:       cfg.Global.Datacenter,
 			RoundTripperCount: cfg.Global.RoundTripperCount,
+			Thumbprint:        cfg.Global.Thumbprint,
 		}
 
 		// Note: If secrets info is provided username and password will be populated
@@ -349,6 +354,7 @@ func populateVsphereInstanceMap(cfg *VSphereConfig) (map[string]*VSphereInstance
 			RoundTripperCount: vcConfig.RoundTripperCount,
 			Port:              vcConfig.VCenterPort,
 			CACert:            cfg.Global.CAFile,
+			Thumbprint:        cfg.Global.Thumbprint,
 		}
 
 		vsphereIns := VSphereInstance{
@@ -422,6 +428,7 @@ func populateVsphereInstanceMap(cfg *VSphereConfig) (map[string]*VSphereInstance
 				Insecure:          cfg.Global.InsecureFlag,
 				RoundTripperCount: vcConfig.RoundTripperCount,
 				Port:              vcConfig.VCenterPort,
+				Thumbprint:        vcConfig.Thumbprint,
 			}
 			vsphereIns := VSphereInstance{
 				conn: &vSphereConn,
diff --git a/pkg/cloudprovider/providers/vsphere/vsphere_test.go b/pkg/cloudprovider/providers/vsphere/vsphere_test.go
index e2b391fddd4..85d48caea00 100644
--- a/pkg/cloudprovider/providers/vsphere/vsphere_test.go
+++ b/pkg/cloudprovider/providers/vsphere/vsphere_test.go
@@ -430,6 +430,7 @@ func TestSecretVSphereConfig(t *testing.T) {
 		expectedUsername         string
 		expectedPassword         string
 		expectedError            error
+		expectedThumbprints      map[string]string
 	}{
 		{
 			testName: "Username and password with old configuration",
@@ -599,6 +600,47 @@ func TestSecretVSphereConfig(t *testing.T) {
 			expectedIsSecretProvided: true,
 			expectedError:            nil,
 		},
+		{
+			testName: "virtual centers with a thumbprint",
+			conf: `[Global]
+			server = global
+			user = user
+			password = password
+			datacenter = us-west
+			thumbprint = "thumbprint:global"
+			working-dir = kubernetes
+			`,
+			expectedUsername: username,
+			expectedPassword: password,
+			expectedError:    nil,
+			expectedThumbprints: map[string]string{
+				"global": "thumbprint:global",
+			},
+		},
+		{
+			testName: "Multiple virtual centers with different thumbprints",
+			conf: `[Global]
+			user = user
+			password = password
+			datacenter = us-west
+			[VirtualCenter "0.0.0.0"]
+			thumbprint = thumbprint:0
+			[VirtualCenter "no_thumbprint"]
+			[VirtualCenter "1.1.1.1"]
+			thumbprint = thumbprint:1
+			[Workspace]
+			server = 0.0.0.0
+			datacenter = us-west
+			folder = kubernetes
+			`,
+			expectedUsername: username,
+			expectedPassword: password,
+			expectedError:    nil,
+			expectedThumbprints: map[string]string{
+				"0.0.0.0": "thumbprint:0",
+				"1.1.1.1": "thumbprint:1",
+			},
+		},
 	}
 
 	for _, testcase := range testcases {
@@ -628,9 +670,19 @@ func TestSecretVSphereConfig(t *testing.T) {
 					t.Fatalf("Expected password %s doesn't match actual password %s in config %s. error: %s",
 						testcase.expectedPassword, vsInstance.conn.Password, testcase.conf, err)
 				}
-
 			}
 		}
-
+		for instanceName, expectedThumbprint := range testcase.expectedThumbprints {
+			instanceConfig, ok := vs.vsphereInstanceMap[instanceName]
+			if !ok {
+				t.Fatalf("Could not find configuration for instance %s", instanceName)
+			}
+			if actualThumbprint := instanceConfig.conn.Thumbprint; actualThumbprint != expectedThumbprint {
+				t.Fatalf(
+					"Expected thumbprint for instance '%s' to be '%s', got '%s'",
+					instanceName, expectedThumbprint, actualThumbprint,
+				)
+			}
+		}
 	}
 }