chef-provisioning-azurerm 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 42463ec1cf6179ddd12dc6b5187c71e7ff369bfb
-  data.tar.gz: 09e49c85dfc2c180cd4ff3a1f67f47fbf5ac49a2
+  metadata.gz: e48881cce59c913418c7e5a629be6152b42997f8
+  data.tar.gz: 6ee46df17040d68108ca49da6360faab8c2ab568
 SHA512:
-  metadata.gz: 55994c329df15108b24a815e386d9e430d83779508e30e420474a602151674e36bb5aaf529a2c1fb8056668988f29625e949fe00c71654c594e50f853e1b6b84
-  data.tar.gz: ecbfab9b582c27d63c3cace35fbf7350c835e4ddfeb1edb071050b7278a301fa40f879ce9b5225e9f235ce1b9d6bf023a71838521367c78a17a14e5c32c5fed7
+  metadata.gz: bcaa0448d4f51d03cb557870e6778d165f3911a93dc33ca04fee95300b8337c1f35760ff738835ecae82a2f1dad1ba28521cc337a08a242299af6d39fe962969
+  data.tar.gz: 297e1d3b7d1a644206a3d188079b934a1aa53ac25953730fa7a6d0212b78656bc099e37ff746b72f03d317c97288e5f86f242d7ef05962215a4571eceafbf8e0

data/CHANGELOG.md

@@ -1,4 +1,8 @@
 # chef-provisioning-azurerm Changelog
+
+## [0.5.0] - 2017-04-29
+- Support for AzureUSGovernment, AzureChina and AzureGermanyCloud environments (@stuartpreston)
+
 ## [0.4.0] - 2016-10-02
 - BREAKING CHANGE: No longer assume ARM template_source points to a location within the Chef Repo, users must now specify the complete path to the file (@stuartpreston)
 - Removing gem dependency on json, chef-provisioning in attempt to maintain compat with <2.0 versions (@stuartpreston)

data/README.md

@@ -12,7 +12,7 @@ The driver provides a way to deploy Azure Resource Manager templates using Chef
 
 ### Prerequisites
 
-The plugin requires Chef Client 12.2.1 or higher.
+The plugin requires Chef Client 12.5.1 or higher.
 
 ### Installation
 
@@ -22,9 +22,9 @@ This plugin is distributed as a Ruby Gem. To install it, run:
     
 ### Configuration
 
-For the driver to interact with the Microsoft Azure Resource management REST API, a Service Principal needs to be configured with Owner rights against the specific subscription being targeted.  Using an Organization account and related password is no longer supported.  To create a Service Principal and apply the correct permissions, follow the instructions in the article: [Authenticating a service principal with Azure Resource Manager](https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal/#authenticate-service-principal-with-password---azure-cli)   
+For the driver to interact with the Microsoft Azure Resource management REST API, a Service Principal needs to be configured with Contributor rights against the specific subscription being targeted.  Using an Organization account and related password is no longer supported.  To create a Service Principal and apply the correct permissions, follow the instructions in the article: [Create an Azure service principal with Azure CLI 2.0](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?toc=%2fazure%2fazure-resource-manager%2ftoc.json)
 
-You will essentially need 4 parameters from the above article to configure Chef Provisioning: **Subscription ID**, **Client ID**, **Client Secret/Password** and **Tenant ID**.  These can be easily obtained using the azure-cli tools (v0.9.8 or higher) on any platform.
+You will essentially need 4 parametersto configure Chef Provisioning: **Subscription ID**, **Client ID/ID**, **Client Secret/Password** and **Tenant ID/Tenant**.
 
 Using a text editor, open or create the file ```~/.azure/credentials``` and add the following section:
 
@@ -35,6 +35,8 @@ client_secret = "your-client-secret-here"
 tenant_id = "9c117323-YOUR-GUID-HERE-9ee430723ba3"
 ```
 
+Ensure you save the file as using UTF-8 encoding.
+
 If preferred, you may also set the following environment variables on the "provisioning node", replacing the values with those obtained when you configured the service principal
 
 ```ruby
@@ -49,26 +51,21 @@ Note that the environment variables, if set, take preference over the values in
 
 Unlike a fully-featured **chef-provisioning** driver that fully utilises the **machine**, **machine_batch**, **machine_image** and **load_balancer** resources, the **chef-provisioning-azurerm** driver offers a lightweight way to interact with resources and providers in the Azure Resource Manager framework directly.
 
-To work around the issue of storing chef-provisioning driver info in the Chef server:  
+To work around the issue of storing chef-provisioning driver info in the Chef server:
 - The Chef VM extension will automatically be configured to point at the same Chef server as the provisioning node.  This can be overridden in a recipe by using the following line: ```with_chef_server 'http://your.chef.server.url/yourorg'```
 
-The following resources are provided: 
+The following resources are provided:
 
 - azure_resource_group
 - azure_resource_template
+
+The following resources are _deprecated_ and will be removed in a future version - if you want to provision individual resources in Azure you should consider alternative tooling, such as [Terraform](https://terraform.io)
+
 - azure_storage_account
 - azure_virtual_network
 - azure_network_interface
 - azure_public_ip_address
 
-The following resources are planned (note: these resources may be renamed as they are implemented):
-
-- azure_availability_set
-- azure_load_balancer
-- azure_network_security_group
-- azure_virtual_machine
-- PaaS resources such as TrafficManager, SQL Server etc.
-
 ## Limitations
 - As the nodes self-register, there are no "managed entries" created on the Chef server other than for resources of type Microsoft.Compute.
 - Bootstrap over SSH or WinRM is not implemented
@@ -76,14 +73,14 @@ The following resources are planned (note: these resources may be renamed as the
 - machine, machine_batch, machine_image and load_balancer resources are not implemented
 - Azure resources that can only be created through the Service Management (ASM) API are not implemented
 - The path to the validation keys must be provided within the recipe (i.e. they must be in the chef-repo you are working with)
-- **Local mode** is not currently supported - the Chef VM extensions can only register themselves with a 'real' Chef server.
- 
+- **Local mode** is not supported - Chef VM extensions can only register themselves with a 'real' Chef server.
+
 ## Example Recipe 1 - deployment of Resource Manager template
-The following recipe creates a new Resource Group within your subscription (identified by the GUID on line 2).  It will then execute a resource template by merging the content at the given uri with the parameters specified.
+The following recipe creates a new Resource Group within your subscription (identified by the GUID on line 2).  It will then deploy a resource template by merging the content with the parameters specified.
 
-A ```deployment_template.json``` is required to be copied to ```cookbooks/provision/templates/default/recipes``` - many examples of a Resource Manager deployment template can be found at the [Azure QuickStart Templates Gallery on GitHub](https://github.com/Azure/azure-quickstart-templates).
+An ```azure_deploy.json``` is required to be copied to ```cookbooks/provision/templates/default/recipes``` - many examples of a Resource Manager deployment template can be found at the [Azure QuickStart Templates Gallery on GitHub](https://github.com/Azure/azure-quickstart-templates).
 
-For our example, we'll need the azure_deploy.json from [here](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/101-simple-windows-vm/azuredeploy.json) and copy it to a path in our repo. Make sure you amend the path appropriately. 
+For our example, we'll need the azure_deploy.json from [here](https://github.com/Azure/azure-quickstart-templates/blob/master/101-vm-simple-windows/azuredeploy.json) and copy it to a path in our repo. Make sure you amend the path appropriately.
 
 ### example1.rb
 
@@ -92,13 +89,13 @@ require 'chef/provisioning/azurerm'
 with_driver 'AzureRM:abcd1234-YOUR-GUID-HERE-abcdef123456'
 
 azure_resource_group 'pendrica-demo' do
-  location 'West US' # optional, default: 'West US'
-  tags businessUnit: 'IT' # optional
+  location 'West US'
+  tags businessUnit: 'IT'
 end
 
 azure_resource_template 'my-deployment' do
   resource_group 'pendrica-demo'
-  template_source 'cookbooks/provision/files/default/azure_deploy.json'
+  template_source "#{Chef::Config[:cookbook_path]}/provision/files/default/azure_deploy.json"
   parameters newStorageAccountName: "mystorageaccount01",
              adminUsername: 'stuart',
              adminPassword: 'P2ssw0rd',
@@ -107,12 +104,13 @@ azure_resource_template 'my-deployment' do
   chef_extension client_type: 'ChefClient',
                  version: '1210.12',
                  runlist: 'role[webserver]'
+                 environment: '_default'
 end
 ```
 
-**Note: If no chef_extension configuration is specified, the ARM template will imported without enabling the Azure Chef VM Extension.**
+**Note: If no chef_extension configuration is specified, the ARM template will be deployed without enabling the Azure Chef VM Extension.**
 
-The Chef Server URL, Validation Client name and Validation Key content are not currently exposed parameters but can be overridden via setting the following Chef::Config parameters (via modifying ```c:\chef\client.rb``` or specifying ```-c path\to\client.rb``` on the ```chef-client``` command line). 
+The Chef Server URL, Validation Client name and Validation Key content are not currently exposed parameters but are either inherited from the running configuration or can be overridden via setting the following Chef::Config parameters (via modifying ```c:\chef\client.rb``` or specifying ```-c path\to\client.rb``` on the ```chef-client``` command line).
 
 ```ruby
 Chef::Config[:chef_server_url]
@@ -120,102 +118,26 @@ Chef::Config[:validation_client_name]
 Chef::Config[:validation_key]
 ```
 
-## Example Recipe 2 - deployment of locally replicated Storage Account
-### example2.rb
+## Support for AzureUSGovernment, AzureChina, AzureGermanCloud environments
+
+The driver will automatically use the correct token provider and management endpoints for the relevant cloud environment.  The default driver format for the Azure public cloud is:
 
 ```ruby
-require 'chef/provisioning/azurerm'
 with_driver 'AzureRM:abcd1234-YOUR-GUID-HERE-abcdef123456'
-
-azure_resource_group 'pendrica-demo' do
-  location 'West US'
-end
-
-azure_storage_account 'mystorageaccount02' do
-  resource_group 'pendrica-demo'
-  location 'West US'
-  account_type 'Standard_LRS'
-end
 ```
- 
-## Example Recipe 3 - deployment of Virtual Network
-This example creates a virtual network named 'myvnet' in the pendrica-demo 
-resource group in the West US region.  This virtual network contains 4 subnets
-in the 10.123.123.0/24 CIDR block.  The specified DNS servers will be used
-used by VMs in this virtual network.
-
-**Note that if dns_servers are not specified, the default azure dns will
-be used.
 
-### example3.rb
+This can be changed to one of the following formats:
 
 ```ruby
-require 'chef/provisioning/azurerm'
-with_driver 'AzureRM:abcd1234-YOUR-GUID-HERE-abcdef123456'
-
-azure_resource_group 'pendrica-demo' do
-  location 'West US'
-end
-
-azure_virtual_network 'myvnet' do
-  action :create
-  resource_group 'pendrica-demo'
-  location 'West US'
-  address_prefixes ['10.123.123.0/24' ] 
-  subnets [
-  { name: 'infrastructure', address_prefix: '10.123.123.0/28' },
-  { name: 'data', address_prefix: '10.123.123.32/27' },
-  { name: 'app', address_prefix: '10.123.123.64/26' },
-  { name: 'web', address_prefix: '10.123.123.128/25' },
-  ]
-  dns_servers ['10.123.123.5', '10.123.123.6']
-  tags environment: 'test', 
-       owner: 'jsmyth'  
-end
-
-
+with_driver 'AzureUSGovernment:abcd1234-YOUR-GUID-HERE-abcdef123456'
 ```
 
-## Example Recipe 4 - deployment of Network Interface
-This example creates a network interface named mynic2 on  the 'web' subnet of a virtual network named 'myvnet'.  
-
-### example4.rb
-
 ```ruby
-azure_network_interface 'mynic2' do
-  action :create
-  resource_group 'pendrica-demo'
-  location 'West US'
-  virtual_network 'myvnet'
-  subnet 'web' 
-end
+with_driver 'AzureChina:abcd1234-YOUR-GUID-HERE-abcdef123456'
 ```
 
-## Example Recipe 5 - deployment of Network Interface with a private static address and a public IP
-This example creates a network interface named mynic on the 'web' subnet of a virtual network named 'myvnet'.  This interface
-has a statically assigned IP address and dns servers, as well as a dynamically assigned Public IP address.
-
-### example5.rb
-
 ```ruby
-azure_network_interface 'mynic' do
-  action :create
-  resource_group 'pendrica-demo'
-  location 'West US'
-  virtual_network 'myvnet'
-  subnet 'web' 
-  private_ip_allocation_method 'static'
-  private_ip_address '10.123.123.250'
-  dns_servers ['10.123.123.5', '10.123.123.6']
-  public_ip 'mynic-pip' do
-    public_ip_allocation_method 'dynamic'
-    domain_name_label 'mydnsname'
-    idle_timeout_in_minutes 15
-    tags environment: 'test', 
-        owner: 'jsmyth'  
-  end
-end
-
+with_driver 'AzureGermanCloud:abcd1234-YOUR-GUID-HERE-abcdef123456'
 ```
 
 ## Contributing

data/lib/chef/provisioning/azurerm/azure_provider.rb

@@ -13,33 +13,48 @@ class Chef
         end
 
         def resource_management_client
-          credentials = Credentials.new.azure_credentials_for_subscription(new_resource.subscription_id)
-          client = Azure::ARM::Resources::ResourceManagementClient.new(credentials)
+          credentials = Credentials.new.azure_credentials_for_subscription(new_resource.subscription_id, new_resource.driver_name)
+          client = Azure::ARM::Resources::ResourceManagementClient.new(credentials, resource_manager_endpoint_url(new_resource.driver_name))
           client.subscription_id = new_resource.subscription_id
           client
         end
 
         def storage_management_client
-          credentials = Credentials.new.azure_credentials_for_subscription(new_resource.subscription_id)
-          client = Azure::ARM::Storage::StorageManagementClient.new(credentials)
+          credentials = Credentials.new.azure_credentials_for_subscription(new_resource.subscription_id, new_resource.driver_name)
+          client = Azure::ARM::Storage::StorageManagementClient.new(credentials, resource_manager_endpoint_url(new_resource.driver_name))
           client.subscription_id = new_resource.subscription_id
           client
         end
 
         def compute_management_client
-          credentials = Credentials.new.azure_credentials_for_subscription(new_resource.subscription_id)
-          client = Azure::ARM::Compute::ComputeManagementClient.new(credentials)
+          credentials = Credentials.new.azure_credentials_for_subscription(new_resource.subscription_id, new_resource.driver_name)
+          client = Azure::ARM::Compute::ComputeManagementClient.new(credentials, resource_manager_endpoint_url(new_resource.driver_name))
           client.subscription_id = new_resource.subscription_id
           client
         end
 
         def network_management_client
-          credentials = Credentials.new.azure_credentials_for_subscription(new_resource.subscription_id)
-          client = Azure::ARM::Network::NetworkResourceProviderClient.new(credentials)
+          credentials = Credentials.new.azure_credentials_for_subscription(new_resource.subscription_id, new_resource.driver_name)
+          client = Azure::ARM::Network::NetworkResourceProviderClient.new(credentials, resource_manager_endpoint_url(new_resource.driver_name))
           client.subscription_id = new_resource.subscription_id
           client
         end
 
+        def resource_manager_endpoint_url(azure_environment)
+          case azure_environment.downcase
+          when 'azureusgovernment'
+            MsRestAzure::AzureEnvironments::AzureUSGovernment.resource_manager_endpoint_url
+          when 'azurechina'
+            MsRestAzure::AzureEnvironments::AzureChina.resource_manager_endpoint_url
+          when 'azuregermancloud'
+            MsRestAzure::AzureEnvironments::AzureGermanCloud.resource_manager_endpoint_url
+          when 'azurerm'
+            MsRestAzure::AzureEnvironments::Azure.resource_manager_endpoint_url
+          when 'azure'
+            MsRestAzure::AzureEnvironments::Azure.resource_manager_endpoint_url
+          end
+        end
+
         def try_azure_operation(description, silently_continue_on_error = false)
           begin
             result = yield

data/lib/chef/provisioning/azurerm/credentials.rb

@@ -15,14 +15,35 @@ class Chef
           end
         end
 
-        def azure_credentials_for_subscription(subscription_id)
+        def azure_credentials_for_subscription(subscription_id, azure_environment)
           tenant_id = ENV['AZURE_TENANT_ID'] || @credentials[subscription_id]['tenant_id']
           client_id = ENV['AZURE_CLIENT_ID'] || @credentials[subscription_id]['client_id']
           client_secret = ENV['AZURE_CLIENT_SECRET'] || @credentials[subscription_id]['client_secret']
-          token_provider = MsRestAzure::ApplicationTokenProvider.new(tenant_id, client_id, client_secret)
+          token_provider = MsRestAzure::ApplicationTokenProvider.new(tenant_id, client_id, client_secret, settings_for_azure_environment(azure_environment))
           MsRest::TokenCredentials.new(token_provider)
         end
 
+        #
+        # Retrieves a [MsRestAzure::ActiveDirectoryServiceSettings] object representing the settings for the given cloud.
+        # @param azure_environment [String] The Azure environment to retrieve settings for.
+        #
+        # @return [MsRestAzure::ActiveDirectoryServiceSettings] Settings to be used for subsequent requests
+        #
+        def settings_for_azure_environment(azure_environment)
+          case azure_environment.downcase
+          when 'azureusgovernment'
+            ::MsRestAzure::ActiveDirectoryServiceSettings.get_azure_us_government_settings
+          when 'azurechina'
+            ::MsRestAzure::ActiveDirectoryServiceSettings.get_azure_china_settings
+          when 'azuregermancloud'
+            ::MsRestAzure::ActiveDirectoryServiceSettings.get_azure_germany_settings
+          when 'azurerm'
+            ::MsRestAzure::ActiveDirectoryServiceSettings.get_azure_settings
+          when 'azure'
+            ::MsRestAzure::ActiveDirectoryServiceSettings.get_azure_settings
+          end
+        end
+
         def self.singleton
           @credentials ||= Credentials.new
         end

data/lib/chef/provisioning/azurerm/version.rb

@@ -1,7 +1,7 @@
 class Chef
   module Provisioning
     module AzureRM
-      VERSION = '0.4.0'.freeze
+      VERSION = '0.5.0'.freeze
     end
   end
 end

metadata

@@ -1,43 +1,55 @@
 --- !ruby/object:Gem::Specification
 name: chef-provisioning-azurerm
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Stuart Preston
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-11-17 00:00:00.000000000 Z
+date: 2017-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '12'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 13.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '12'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 13.0.0
 - !ruby/object:Gem::Dependency
   name: chef-provisioning
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.3.0
 - !ruby/object:Gem::Dependency
   name: azure_mgmt_resources
   requirement: !ruby/object:Gem::Requirement
@@ -195,7 +207,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.7
+rubygems_version: 2.6.10
 signing_key: 
 specification_version: 4
 summary: Chef Provisioner for the Azure Resource Management (ARM) REST API.