Skip to content

Commit

Permalink
VSphere Priv Check with Warning (#3160)
Browse files Browse the repository at this point in the history
* Revert "Revert "Add vSphere priv check (#2907)" (#3136)"

This reverts commit 3ca04dd.

* Validate vmc privs with warning
  • Loading branch information
jonathanmeier5 authored Aug 25, 2022
1 parent 3a62aee commit c306fed
Show file tree
Hide file tree
Showing 31 changed files with 1,947 additions and 100 deletions.
1 change: 1 addition & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -418,6 +418,7 @@ mocks: ## Generate mocks
${GOPATH}/bin/mockgen -destination=pkg/providers/tinkerbell/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/providers/tinkerbell" ProviderKubectlClient,SSHAuthKeyGenerator
${GOPATH}/bin/mockgen -destination=pkg/providers/cloudstack/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/providers/cloudstack" ProviderCmkClient,ProviderKubectlClient
${GOPATH}/bin/mockgen -destination=pkg/providers/vsphere/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/providers/vsphere" ProviderGovcClient,ProviderKubectlClient,ClusterResourceSetManager
${GOPATH}/bin/mockgen -destination=pkg/govmomi/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/govmomi" VSphereClient,VMOMIAuthorizationManager,VMOMIFinder,VMOMISessionBuilder,VMOMIFinderBuilder,VMOMIAuthorizationManagerBuilder
${GOPATH}/bin/mockgen -destination=pkg/filewriter/mocks/filewriter.go -package=mocks "github.com/aws/eks-anywhere/pkg/filewriter" FileWriter
${GOPATH}/bin/mockgen -destination=pkg/clustermanager/mocks/client_and_networking.go -package=mocks "github.com/aws/eks-anywhere/pkg/clustermanager" ClusterClient,Networking,AwsIamAuth
${GOPATH}/bin/mockgen -destination=pkg/gitops/flux/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/gitops/flux" FluxClient,KubeClient,GitOpsFluxClient,GitClient,Templater
Expand Down
5 changes: 4 additions & 1 deletion controllers/cluster_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
_ "github.com/aws/eks-anywhere/internal/test/envtest"
anywherev1 "github.com/aws/eks-anywhere/pkg/api/v1alpha1"
"github.com/aws/eks-anywhere/pkg/controller/clusters"
"github.com/aws/eks-anywhere/pkg/govmomi"
"github.com/aws/eks-anywhere/pkg/networkutils"
"github.com/aws/eks-anywhere/pkg/providers/vsphere"
"github.com/aws/eks-anywhere/pkg/providers/vsphere/mocks"
Expand All @@ -46,7 +47,9 @@ func newVsphereClusterReconcilerTest(t *testing.T, objs ...runtime.Object) *vsph
cb := fake.NewClientBuilder()
cl := cb.WithRuntimeObjects(objs...).Build()

validator := vsphere.NewValidator(govcClient, &networkutils.DefaultNetClient{})
vcb := govmomi.NewVMOMIClientBuilder()

validator := vsphere.NewValidator(govcClient, &networkutils.DefaultNetClient{}, vcb)
defaulter := vsphere.NewDefaulter(govcClient)

reconciler := vspherereconciler.New(
Expand Down
1 change: 1 addition & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,7 @@ require (
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/stmcginnis/gofish v0.12.1-0.20220311113027-6072260f4c8d // indirect
github.com/subosito/gotenv v1.2.0 // indirect
github.com/vmware/govmomi v0.29.0
github.com/xanzy/ssh-agent v0.3.0 // indirect
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.7.0 // indirect
Expand Down
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -1677,6 +1677,8 @@ github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:tw
github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
github.com/vmware/govmomi v0.27.1/go.mod h1:daTuJEcQosNMXYJOeku0qdBJP9SOLLWB3Mqz8THtv6o=
github.com/vmware/govmomi v0.29.0 h1:SHJQ7DUc4fltFZv16znJNGHR1/XhiDK5iKxm2OqwkuU=
github.com/vmware/govmomi v0.29.0/go.mod h1:F7adsVewLNHsW/IIm7ziFURaXDaHEwcc+ym4r3INMdY=
github.com/vmware/vmw-guestinfo v0.0.0-20170707015358-25eff159a728/go.mod h1:x9oS4Wk2s2u4tS29nEaDLdzvuHdB19CvSGJjPgkZJNk=
github.com/vmware/vmw-ovflib v0.0.0-20170608004843-1f217b9dc714/go.mod h1:jiPk45kn7klhByRvUq5i2vo1RtHKBHj+iWGFpxbXuuI=
github.com/xanzy/go-gitlab v0.50.0/go.mod h1:Q+hQhV508bDPoBijv7YjK/Lvlb4PhVhJdKqXVQrUoAE=
Expand Down
209 changes: 209 additions & 0 deletions pkg/config/static/adminPrivs.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,209 @@
[
"Alarm.Acknowledge",
"Alarm.Create",
"Alarm.Delete",
"Alarm.DisableActions",
"Alarm.Edit",
"Alarm.SetStatus",
"Authorization.ModifyPermissions",
"Authorization.ModifyRoles",
"CertificateManagement.Manage",
"Cns.Searchable",
"ComputePolicy.Manage",
"ContentLibrary.AddCertToTrustStore",
"ContentLibrary.AddLibraryItem",
"ContentLibrary.CheckInTemplate",
"ContentLibrary.CheckOutTemplate",
"ContentLibrary.CreateLocalLibrary",
"ContentLibrary.CreateSubscribedLibrary",
"ContentLibrary.DeleteCertFromTrustStore",
"ContentLibrary.DeleteLibraryItem",
"ContentLibrary.DeleteLocalLibrary",
"ContentLibrary.DeleteSubscribedLibrary",
"ContentLibrary.DownloadSession",
"ContentLibrary.EvictLibraryItem",
"ContentLibrary.EvictSubscribedLibrary",
"ContentLibrary.GetConfiguration",
"ContentLibrary.ImportStorage",
"ContentLibrary.ProbeSubscription",
"ContentLibrary.ReadStorage",
"ContentLibrary.SyncLibrary",
"ContentLibrary.SyncLibraryItem",
"ContentLibrary.TypeIntrospection",
"ContentLibrary.UpdateConfiguration",
"ContentLibrary.UpdateLibrary",
"ContentLibrary.UpdateLibraryItem",
"ContentLibrary.UpdateLocalLibrary",
"ContentLibrary.UpdateSession",
"ContentLibrary.UpdateSubscribedLibrary",
"Datastore.AllocateSpace",
"Datastore.Browse",
"Datastore.Config",
"Datastore.DeleteFile",
"Datastore.FileManagement",
"Datastore.UpdateVirtualMachineFiles",
"Datastore.UpdateVirtualMachineMetadata",
"Extension.Register",
"Extension.Unregister",
"Extension.Update",
"Folder.Create",
"Folder.Delete",
"Folder.Move",
"Folder.Rename",
"Global.CancelTask",
"Global.GlobalTag",
"Global.Health",
"Global.LogEvent",
"Global.ManageCustomFields",
"Global.ServiceManagers",
"Global.SetCustomField",
"Global.SystemTag",
"HLM.Manage",
"Host.Hbr.HbrManagement",
"InventoryService.Tagging.AttachTag",
"InventoryService.Tagging.CreateCategory",
"InventoryService.Tagging.CreateTag",
"InventoryService.Tagging.DeleteCategory",
"InventoryService.Tagging.DeleteTag",
"InventoryService.Tagging.EditCategory",
"InventoryService.Tagging.EditTag",
"InventoryService.Tagging.ModifyUsedByForCategory",
"InventoryService.Tagging.ModifyUsedByForTag",
"InventoryService.Tagging.ObjectAttachable",
"Namespaces.Configure",
"Namespaces.SelfServiceManage",
"Network.Assign",
"Resource.ApplyRecommendation",
"Resource.AssignVAppToPool",
"Resource.AssignVMToPool",
"Resource.ColdMigrate",
"Resource.CreatePool",
"Resource.DeletePool",
"Resource.EditPool",
"Resource.HotMigrate",
"Resource.MovePool",
"Resource.QueryVMotion",
"Resource.RenamePool",
"ScheduledTask.Create",
"ScheduledTask.Delete",
"ScheduledTask.Edit",
"ScheduledTask.Run",
"Sessions.GlobalMessage",
"Sessions.ValidateSession",
"StorageProfile.Update",
"StorageProfile.View",
"StorageViews.View",
"System.Anonymous",
"System.Read",
"System.View",
"Trust.Manage",
"VApp.ApplicationConfig",
"VApp.AssignResourcePool",
"VApp.AssignVApp",
"VApp.AssignVM",
"VApp.Clone",
"VApp.Create",
"VApp.Delete",
"VApp.Export",
"VApp.ExtractOvfEnvironment",
"VApp.Import",
"VApp.InstanceConfig",
"VApp.ManagedByConfig",
"VApp.Move",
"VApp.PowerOff",
"VApp.PowerOn",
"VApp.Rename",
"VApp.ResourceConfig",
"VApp.Suspend",
"VApp.Unregister",
"VirtualMachine.Config.AddExistingDisk",
"VirtualMachine.Config.AddNewDisk",
"VirtualMachine.Config.AddRemoveDevice",
"VirtualMachine.Config.AdvancedConfig",
"VirtualMachine.Config.Annotation",
"VirtualMachine.Config.CPUCount",
"VirtualMachine.Config.ChangeTracking",
"VirtualMachine.Config.DiskExtend",
"VirtualMachine.Config.DiskLease",
"VirtualMachine.Config.EditDevice",
"VirtualMachine.Config.HostUSBDevice",
"VirtualMachine.Config.ManagedBy",
"VirtualMachine.Config.Memory",
"VirtualMachine.Config.MksControl",
"VirtualMachine.Config.QueryFTCompatibility",
"VirtualMachine.Config.QueryUnownedFiles",
"VirtualMachine.Config.RawDevice",
"VirtualMachine.Config.ReloadFromPath",
"VirtualMachine.Config.RemoveDisk",
"VirtualMachine.Config.Rename",
"VirtualMachine.Config.ResetGuestInfo",
"VirtualMachine.Config.Resource",
"VirtualMachine.Config.Settings",
"VirtualMachine.Config.SwapPlacement",
"VirtualMachine.Config.UpgradeVirtualHardware",
"VirtualMachine.GuestOperations.Execute",
"VirtualMachine.GuestOperations.Modify",
"VirtualMachine.GuestOperations.ModifyAliases",
"VirtualMachine.GuestOperations.Query",
"VirtualMachine.GuestOperations.QueryAliases",
"VirtualMachine.Hbr.ConfigureReplication",
"VirtualMachine.Hbr.MonitorReplication",
"VirtualMachine.Hbr.ReplicaManagement",
"VirtualMachine.Interact.AnswerQuestion",
"VirtualMachine.Interact.Backup",
"VirtualMachine.Interact.ConsoleInteract",
"VirtualMachine.Interact.CreateScreenshot",
"VirtualMachine.Interact.DefragmentAllDisks",
"VirtualMachine.Interact.DeviceConnection",
"VirtualMachine.Interact.DnD",
"VirtualMachine.Interact.GuestControl",
"VirtualMachine.Interact.Pause",
"VirtualMachine.Interact.PowerOff",
"VirtualMachine.Interact.PowerOn",
"VirtualMachine.Interact.PutUsbScanCodes",
"VirtualMachine.Interact.Reset",
"VirtualMachine.Interact.SESparseMaintenance",
"VirtualMachine.Interact.SetCDMedia",
"VirtualMachine.Interact.SetFloppyMedia",
"VirtualMachine.Interact.Suspend",
"VirtualMachine.Interact.ToolsInstall",
"VirtualMachine.Inventory.Create",
"VirtualMachine.Inventory.CreateFromExisting",
"VirtualMachine.Inventory.Delete",
"VirtualMachine.Inventory.Move",
"VirtualMachine.Inventory.Register",
"VirtualMachine.Inventory.Unregister",
"VirtualMachine.Namespace.Event",
"VirtualMachine.Namespace.EventNotify",
"VirtualMachine.Namespace.Management",
"VirtualMachine.Namespace.ModifyContent",
"VirtualMachine.Namespace.Query",
"VirtualMachine.Namespace.ReadContent",
"VirtualMachine.Provisioning.Clone",
"VirtualMachine.Provisioning.CloneTemplate",
"VirtualMachine.Provisioning.CreateTemplateFromVM",
"VirtualMachine.Provisioning.Customize",
"VirtualMachine.Provisioning.DeployTemplate",
"VirtualMachine.Provisioning.DiskRandomAccess",
"VirtualMachine.Provisioning.DiskRandomRead",
"VirtualMachine.Provisioning.FileRandomAccess",
"VirtualMachine.Provisioning.GetVmFiles",
"VirtualMachine.Provisioning.MarkAsTemplate",
"VirtualMachine.Provisioning.MarkAsVM",
"VirtualMachine.Provisioning.ModifyCustSpecs",
"VirtualMachine.Provisioning.PromoteDisks",
"VirtualMachine.Provisioning.PutVmFiles",
"VirtualMachine.Provisioning.ReadCustSpecs",
"VirtualMachine.State.CreateSnapshot",
"VirtualMachine.State.RemoveSnapshot",
"VirtualMachine.State.RenameSnapshot",
"VirtualMachine.State.RevertToSnapshot",
"VirtualMachineClasses.Manage",
"Vsan.Cluster.ShallowRekey",
"vService.CreateDependency",
"vService.DestroyDependency",
"vService.ReconfigureDependency",
"vService.UpdateDependency",
"vSphereDataProtection.Protection",
"vSphereDataProtection.Recovery"
]
6 changes: 6 additions & 0 deletions pkg/config/static/cnsDatastorePrivs.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
[
"Datastore.FileManagement",
"System.Anonymous",
"System.Read",
"System.View"
]
5 changes: 5 additions & 0 deletions pkg/config/static/cnsHostConfigStorage.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
[
"System.Anonymous",
"System.Read",
"System.View"
]
5 changes: 5 additions & 0 deletions pkg/config/static/cnsSearchAndSpbmPrivs.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
[
"System.Anonymous",
"System.Read",
"System.View"
]
7 changes: 7 additions & 0 deletions pkg/config/static/cnsVmPrivs.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
[
"VirtualMachine.Config.AddExistingDisk",
"VirtualMachine.Config.AddRemoveDevice",
"System.Anonymous",
"System.Read",
"System.View"
]
58 changes: 58 additions & 0 deletions pkg/config/static/eksUserPrivs.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
[
"ContentLibrary.AddLibraryItem",
"ContentLibrary.CheckInTemplate",
"ContentLibrary.CheckOutTemplate",
"ContentLibrary.CreateLocalLibrary",
"Datastore.AllocateSpace",
"Datastore.Browse",
"Datastore.FileManagement",
"Folder.Create",
"InventoryService.Tagging.AttachTag",
"InventoryService.Tagging.CreateCategory",
"InventoryService.Tagging.CreateTag",
"InventoryService.Tagging.DeleteCategory",
"InventoryService.Tagging.DeleteTag",
"InventoryService.Tagging.EditCategory",
"InventoryService.Tagging.EditTag",
"InventoryService.Tagging.ModifyUsedByForCategory",
"InventoryService.Tagging.ModifyUsedByForTag",
"InventoryService.Tagging.ObjectAttachable",
"Network.Assign",
"Resource.AssignVMToPool",
"ScheduledTask.Create",
"ScheduledTask.Delete",
"ScheduledTask.Edit",
"ScheduledTask.Run",
"StorageProfile.View",
"StorageViews.View",
"System.Anonymous",
"System.Read",
"System.View",
"VApp.Import",
"VirtualMachine.Config.AddExistingDisk",
"VirtualMachine.Config.AddNewDisk",
"VirtualMachine.Config.AddRemoveDevice",
"VirtualMachine.Config.AdvancedConfig",
"VirtualMachine.Config.CPUCount",
"VirtualMachine.Config.DiskExtend",
"VirtualMachine.Config.EditDevice",
"VirtualMachine.Config.Memory",
"VirtualMachine.Config.RawDevice",
"VirtualMachine.Config.RemoveDisk",
"VirtualMachine.Config.Settings",
"VirtualMachine.Interact.PowerOff",
"VirtualMachine.Interact.PowerOn",
"VirtualMachine.Inventory.Create",
"VirtualMachine.Inventory.CreateFromExisting",
"VirtualMachine.Inventory.Delete",
"VirtualMachine.Provisioning.Clone",
"VirtualMachine.Provisioning.CloneTemplate",
"VirtualMachine.Provisioning.CreateTemplateFromVM",
"VirtualMachine.Provisioning.Customize",
"VirtualMachine.Provisioning.DeployTemplate",
"VirtualMachine.Provisioning.MarkAsTemplate",
"VirtualMachine.Provisioning.ReadCustSpecs",
"VirtualMachine.State.CreateSnapshot",
"VirtualMachine.State.RemoveSnapshot",
"VirtualMachine.State.RevertToSnapshot"
]
19 changes: 19 additions & 0 deletions pkg/config/static/globalPrivs.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
[
"ContentLibrary.AddLibraryItem",
"ContentLibrary.CheckInTemplate",
"ContentLibrary.CheckOutTemplate",
"ContentLibrary.CreateLocalLibrary",
"InventoryService.Tagging.AttachTag",
"InventoryService.Tagging.CreateCategory",
"InventoryService.Tagging.CreateTag",
"InventoryService.Tagging.DeleteCategory",
"InventoryService.Tagging.DeleteTag",
"InventoryService.Tagging.EditCategory",
"InventoryService.Tagging.EditTag",
"InventoryService.Tagging.ModifyUsedByForCategory",
"InventoryService.Tagging.ModifyUsedByForTag",
"InventoryService.Tagging.ObjectAttachable",
"System.Anonymous",
"System.Read",
"System.View"
]
5 changes: 5 additions & 0 deletions pkg/config/static/readOnlyPrivs.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
[
"System.Anonymous",
"System.Read",
"System.View"
]
Loading

0 comments on commit c306fed

Please sign in to comment.