search

vmware / vsphere-automation-sdk-python

Python samples, language bindings, and API reference documentation for vSphere, VMC, and NSX-T using the VMware REST API
MIT License
748 stars 312 forks source link

Support communication with vCenter Server via kerberos authenticated proxy sever #389

Open VedaNiks opened 1 year ago

VedaNiks commented 1 year ago

Is your feature request related to a problem? Please describe.

I need to communicate with vCenter Server and all the traffic goes through a kerberos authenticated proxy sever. I am not able to authenticate the proxy server since the requests.session does not support/use 'Proxy-Authorization' header. I am using below code:

import requests
import urllib3
from vmware.vapi.vsphere.client import create_vsphere_client
from requests_kerberos import HTTPKerberosAuth

kerb_auth = HTTPKerberosAuth(force_preemptive=True)
auth_header = kerb_auth.generate_request_header(None, '10.24.129.100', True)
session = requests.session()

# Disable cert verification for demo purpose.
# This is not recommended in a production environment.
session.verify = False
session.proxies = {
    'http': 'http://10.24.129.100:3128',
    'https': 'http://10.24.129.100:3128',
}
session.headers = {
    'Proxy-Authorization': auth_header
}

# Disable the secure connection warning for demo purpose.
# This is not recommended in a production environment.
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

# Connect to a vCenter Server using username and password
vsphere_client = create_vsphere_client(server='VC_IP',
                                       username='administrator@vsphere.local',
                                       password='p@s$w0rD',
                                       session=session)

# List all VMs inside the vCenter Server
print(len(vsphere_client.vcenter.VM.list()))

Even for proxy server with basic authentication, we have to set proxy credentials as below:

session.proxies = {
    'http': 'http://squid_user:p@s$w0rD@10.24.131.215:3128',
    'https': 'http://squid_user:p@s$w0rD@10.24.131.215:3128'
}

Is there a way to connect to vCenter Server via kerberos authenticated proxy server by using VMware automation SDK python project?

Describe the solution you'd like

A way to authenticate proxy server which supports kerberos authentication.

Describe alternatives you've considered

The WAR for this is to directly use vCenter APIs with urllib3 library.

Additional context

No response

VedaNiks commented 1 year ago

@kunal-pmj any ETA for this feature?