vmware_inventory: do not ignore validate_certs

Python 2.7.9 < does not have the `ssl.SSLContext` attribute. If `validate_certs` is `True`, we cannot validate the SSL connection, and we need to raise an error.
2019-05-30 11:17:14 -04:00 · 2019-05-30 11:17:14 -04:00 · 06c7b87613
commit 06c7b87613
parent d82446652f
1 changed files with 13 additions and 1 deletions
--- a/contrib/inventory/vmware_inventory.py
+++ b/contrib/inventory/vmware_inventory.py
@ -344,10 +344,22 @@ class VMWareInventory(object):
                  'pwd': self.password,
                  'port': int(self.port)}

-        if hasattr(ssl, 'SSLContext') and not self.validate_certs:
+        if self.validate_certs and hasattr(ssl, 'SSLContext'):
+            context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+            context.verify_mode = ssl.CERT_REQUIRED
+            context.check_hostname = True
+            kwargs['sslContext'] = context
+        elif self.validate_certs and not hasattr(ssl, 'SSLContext'):
+            sys.exit('pyVim does not support changing verification mode with python < 2.7.9. Either update '
+                     'python or use validate_certs=false.')
+        elif not self.validate_certs and hasattr(ssl, 'SSLContext'):
            context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
            context.verify_mode = ssl.CERT_NONE
+            context.check_hostname = False
            kwargs['sslContext'] = context
+        elif not self.validate_certs and not hasattr(ssl, 'SSLContext'):
+            # Python 2.7.9 < or RHEL/CentOS 7.4 <
+            pass

        return self._get_instances(kwargs)