kitchen-azurerm 0.15.1 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '03965a2dd5197abe1ccce35906e33c7ba4dbf996c047b305b1d5b29abb3bc54c'
-  data.tar.gz: 7d46770f6836c397717d6324d3af29bc57d4ce0ce87055decf8b21388aa326c1
+  metadata.gz: c53c5b50e83af16c56722ecbc2baa30b5a28621cc17f4edde82a59b22420812f
+  data.tar.gz: cd39338fdf0d29d39780e93b6a9fc8c27cd955daf59b6fc79f3be56801c7d891
 SHA512:
-  metadata.gz: 97e66a086d8565a6f2d4e7674dce0c527f2563465db2804d2de266b3e5eaf4d08f376704a6291cef68f0374d61803dfbc48a11c8c3704d3aa2fe9e019f975c43
-  data.tar.gz: e63882365344c12bfface30030b4c6b32caf8c786cd39947047085cd40d23e1b8160b87a98c0647b1a41a4b1863de172e850903ce5e2ee81a490b7fc3acc25c8
+  metadata.gz: d62cae11a2fa2a679657fc9c81e6b03547802cd7773f6b801b644388beb09b6fe44de2f0d5f2e9a1601cf3eee92b7a2d86e1f29e7dd86b09e3e6445fdceaebd5
+  data.tar.gz: 8bbccc8d27fef365420257f9a11d89cd8b326cf6e60c97e737c1fe304b14f28ee543793c314e9e638096b606c6ccc64986e7d4db94345d53463981b84eadc931

data/LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2017 Pendrica Ltd.
+   Copyright [yyyy] [name of copyright owner]
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

data/README.md

@@ -1,24 +1,43 @@
 # kitchen-azurerm
 
-[![Gem Version](https://badge.fury.io/rb/kitchen-azurerm.svg)](http://badge.fury.io/rb/kitchen-azurerm) [![Build Status](https://travis-ci.org/test-kitchen/kitchen-azurerm.svg)](https://travis-ci.org/test-kitchen/kitchen-azurerm)
+[![Gem Version](https://badge.fury.io/rb/kitchen-azurerm.svg)](http://badge.fury.io/rb/kitchen-azurerm) ![CI](https://github.com/test-kitchen/kitchen-azurerm/workflows/CI/badge.svg?branch=master)
 
-**kitchen-azurerm** is a driver for the popular test harness [Test Kitchen](http://kitchen.ci) that allows Microsoft Azure resources to be provisioned prior to testing. This driver uses the new Microsoft Azure Resource Management REST API via the [azure-sdk-for-ruby](https://github.com/azure/azure-sdk-for-ruby).
+**kitchen-azurerm** is a driver for the popular test harness [Test Kitchen](http://kitchen.ci) that allows Microsoft Azure resources to be provisioned before testing. This driver uses the new Microsoft Azure Resource Management REST API via the [azure-sdk-for-ruby](https://github.com/azure/azure-sdk-for-ruby).
 
-This version has been tested on Windows, OS/X and Ubuntu. If you encounter a problem on your platform, please raise an issue.
+This version has been tested on Windows, macOS, and Ubuntu. If you encounter a problem on your platform, please raise an issue.
 
 ## Quick-start
 
 ### Installation
 
-This plugin is distributed as a [Ruby Gem](https://rubygems.org/gems/kitchen-azurerm). To install it, run:
+This plugin ships in Chef Workstation out of the box so there is no need to install it when using Chef Workstation[https://downloads.chef.io/products/workstation].
 
-```$ gem install kitchen-azurerm```
+If you're not using Chef Workstation and need to install the plugin as a gem run:
 
-Note if you are running the ChefDK you may need to prefix the command with chef, i.e. ```$ chef gem install kitchen-azurerm```
+```$ gem install kitchen-azurerm```
 
 ### Configuration
 
-For the driver to interact with the Microsoft Azure Resource management REST API, a Service Principal needs to be configured with Contributor rights against the specific subscription being targeted.  Using an Organizational (AAD) account and related password is no longer supported.  To create a Service Principal and apply the correct permissions, you will need to [create and authenticate a service principal](https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal/#authenticate-service-principal-with-password---azure-cli) using the [Azure CLI](https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-install/). Make sure you stay within the section titled 'Authenticate service principal with password - Azure CLI'.
+For the driver to interact with the Microsoft Azure Resource management REST API, a Service Principal needs to be configured with Contributor rights against the specific subscription being targeted. Using an Organizational (AAD) account and related password is no longer supported. To create a Service Principal and apply the correct permissions, you will need to [create an Azure service principal with the Azure CLI](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest#create-a-service-principal) using the [Azure CLI](https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-install/). Make sure you stay within the section titled 'Authenticate service principal with password - Azure CLI'.
+
+If the above is TLDR then try this after `az login` using your target subscription ID and the desired SP name:
+
+```bash
+# Create a Service Principal using the desired subscription id from the command above
+az ad sp create-for-rbac --name="kitchen-azurerm" --role="Contributor" --scopes="/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+
+#Output
+#
+#{
+#  "appId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",    <- Also known as the Client ID
+#  "displayName": "azure-cli-2018-12-12-14-15-39",
+#  "name": "http://azure-cli-2018-12-12-14-15-39",
+#  "password": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+#  "tenant": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+#}
+```
+
+NOTE: Don't forget to save the values from the output -- most importantly the `password`.
 
 You will also need to ensure you have an active Azure subscription (you can get started [for free](https://azure.microsoft.com/en-us/free/) or use your [MSDN Subscription](https://azure.microsoft.com/en-us/pricing/member-offers/msdn-benefits/)).
 
@@ -29,25 +48,34 @@ You are now ready to configure kitchen-azurerm to use the credentials from the s
 3. **Client Secret/Password**: this will be the password you supplied in the command in step 2.
 4. **Tenant ID**: use the command detailed in "Manually provide credentials through Azure CLI" step 1 to get the TenantId.
 
-Using a text editor, open or create the file ```~/.azure/credentials``` and add the following section, noting there is one section per Subscription ID.  **Make sure you save the file with UTF-8 encoding**
+Using a text editor, open or create the file ```~/.azure/credentials``` and add the following section, noting there is one section per Subscription ID. **Make sure you save the file with UTF-8 encoding**
 
 ```ruby
-[abcd1234-YOUR-SUBSCRIPTION-ID-HERE-abcdef123456]
-client_id = "48b9bba3-YOUR-GUID-HERE-90f0b68ce8ba"
+[ADD-YOUR-AZURE-SUBSCRIPTION-ID-HERE-IN-SQUARE-BRACKET]
+client_id = "your-azure-client-id-here"
 client_secret = "your-client-secret-here"
-tenant_id = "9c117323-YOUR-GUID-HERE-9ee430723ba3"
+tenant_id = "your-azure-tenant-id-here"
 ```
 
 If preferred, you may also set the following environment variables, however this would be incompatible with supporting multiple Azure subscriptions.
 
 ```ruby
-AZURE_CLIENT_ID="48b9bba3-YOUR-GUID-HERE-90f0b68ce8ba"
+AZURE_CLIENT_ID="your-azure-client-id-here"
 AZURE_CLIENT_SECRET="your-client-secret-here"
-AZURE_TENANT_ID="9c117323-YOUR-GUID-HERE-9ee430723ba3"
+AZURE_TENANT_ID="your-azure-tenant-id-here"
 ```
 
 Note that the environment variables, if set, take preference over the values in a configuration file.
 
+After adjusting your ```~/.azure/credentials``` file you will need to adjust your ```kitchen.yml``` file to leverage the azurerm driver. Use the following examples to achieve this, then check your configuration with standard kitchen commands. For example,
+
+```bash
+% kitchen list
+Instance            Driver   Provisioner  Verifier  Transport  Last Action    Last Error
+wsus-windows-2019   Azurerm  ChefZero     Inspec    Winrm      <Not Created>  <None>
+wsus-windows-2016   Azurerm  ChefZero     Inspec    Winrm      <Not Created>  <None>
+```
+
 ### .kitchen.yml example 1 - Linux/Ubuntu
 
 Here's an example ```.kitchen.yml``` file that provisions an Ubuntu Server, using Chef Zero as the provisioner and SSH as the transport. Note that if the key does not exist at the specified location, it will be created. Also note that if ```ssh_key``` is supplied, Test Kitchen will use this in preference to any default/configured passwords that are supplied.
@@ -56,7 +84,7 @@ Here's an example ```.kitchen.yml``` file that provisions an Ubuntu Server, usin
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_D1'
 
@@ -71,9 +99,6 @@ platforms:
     driver:
       image_urn: Canonical:UbuntuServer:14.04.4-LTS:latest
       vm_name: trusty-vm
-      vm_tags:
-        ostype: linux
-        distro: ubuntu
 
 suites:
   - name: default
@@ -84,7 +109,7 @@ suites:
 
 ### Concurrent execution
 
-Concurrent execution of create/converge/destroy is supported via the --concurrency parameter. Each machine is created in it's own Azure Resource Group so has no shared lifecycle with the other machines in the test run. To take advantage of parallel execution use the following command:
+Concurrent execution of create/converge/destroy is supported via the --concurrency parameter. Each machine is created in its own Azure Resource Group so it has no shared lifecycle with the other machines in the test run. To take advantage of parallel execution use the following command:
 
 ```kitchen test --concurrency <n>```
 
@@ -98,7 +123,7 @@ Here's a further example ```.kitchen.yml``` file that will provision a Windows S
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_DS2_v2'
 
@@ -113,6 +138,9 @@ platforms:
       resource_group_tags:
         project: 'My Cool Project'
         contact: 'me@somewhere.com'
+      vm_tags:
+        my_tag: its value
+        another_tag: its awesome value
     transport:
       name: winrm
 suites:
@@ -125,16 +153,16 @@ suites:
 ### .kitchen.yml example 3 - "pre-deployment" ARM template
 
 The following example introduces the ```pre_deployment_template``` and ```pre_deployment_parameters``` properties in the configuration file.
-You can use this capability to execute an ARM template containing Azure resources to provision before the system under test is created.  
+You can use this capability to execute an ARM template containing Azure resources to provision before the system under test is created.
 
-In the example the ARM template in the file ```predeploy.json``` would be executed with the parameters that are specified under ```pre_deployment_parameters```.  
+In the example the ARM template in the file ```predeploy.json``` would be executed with the parameters that are specified under ```pre_deployment_parameters```.
 These resources will be created in the same Azure Resource Group as the VM under test, and therefore will be destroyed when you type ```kitchen destroy```.
 
 ```yaml
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_D1'
   pre_deployment_template: predeploy.json
@@ -198,7 +226,7 @@ Example predeploy.json:
 
 ### .kitchen.yml example 4 - deploy VM to existing virtual network/subnet (use for ExpressRoute/VPN scenarios)
 
-The following example introduces the ```vnet_id``` and ```subnet_id``` properties under "driver" in the configuration file.  This can be applied at the top level, or per platform.
+The following example introduces the ```vnet_id``` and ```subnet_id``` properties under "driver" in the configuration file. This can be applied at the top level, or per platform.
 You can use this capability to create the VM on an existing virtual network and subnet created in a different resource group.
 
 In this case, the public IP address is not used unless ```public_ip``` is set to ```true```
@@ -207,7 +235,7 @@ In this case, the public IP address is not used unless ```public_ip``` is set to
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_D1'
 
@@ -241,7 +269,7 @@ Note: The image must be available first. On deletion the disk and everything is
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_D1'
 
@@ -270,7 +298,7 @@ suites:
 
 This example a classic Custom VM Image (aka a VHD file) is used. As the Image VHD must be in the same storage account then the disk of the instance, the os disk is created in an existing image account.
 
-Note: When the resource group ís deleted, the os disk is left in the extsing storage account blob. You must cleanup manually.
+Note: When the resource group ís deleted, the os disk is left in the existing storage account blob. You must clean up manually.
 
 This example will:
 
@@ -282,7 +310,7 @@ This example will:
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_D1'
 
@@ -319,7 +347,7 @@ Note: Custom data can be custom data or a file to custom data. Please also note
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_D1'
 
@@ -358,13 +386,13 @@ suites:
 
 This example demonstrates how to add 3 additional Managed data disks to a Windows Server 2016 VM. Not supported with legacy (pre-managed disk) storage accounts.
 
-Note the availability of a `format_data_disks` option (default: `false`).  When set to true, a PowerShell script will execute at first boot to initialize and format the disks with an NTFS filesystem.  This option has no effect on Linux machines.
+Note the availability of a `format_data_disks` option (default: `false`). When set to true, a PowerShell script will execute at first boot to initialize and format the disks with an NTFS filesystem. This option does not affect Linux machines.
 
 ```yaml
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_F2s'
 
@@ -394,16 +422,16 @@ suites:
 ### .kitchen.yml example 9 - "post-deployment" ARM template with MSI authentication
 
 The following example introduces the ```post_deployment_template``` and ```post_deployment_parameters``` properties in the configuration file.
-You can use this capability to execute an ARM template containing Azure resources to provision after the system under test is created.  
+You can use this capability to execute an ARM template containing Azure resources to provision after the system under test is created.
 
-In the example the ARM template in the file ```postdeploy.json``` would be executed with the parameters that are specified under ```post_deployment_parameters```.  
+In the example the ARM template in the file ```postdeploy.json``` would be executed with the parameters that are specified under ```post_deployment_parameters```.
 These resources will be created in the same Azure Resource Group as the VM under test, and therefore will be destroyed when you type ```kitchen destroy```.
 
 ```yaml
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_D1'
   post_deployment_template: postdeploy.json
@@ -488,7 +516,7 @@ See the [Managed identities for Azure resources](https://docs.microsoft.com/en-u
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_D1'
 
@@ -521,7 +549,7 @@ This following example introduces ```secret_url```, ```vault_name```, and ```vau
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'CentralUS'
   machine_size: 'Standard_D2s_v3'
   secret_url: 'https://YOUR-SECRET-PATH'
@@ -546,7 +574,7 @@ suites:
 
 ## Support for Government and Sovereign Clouds (China and Germany)
 
-Starting with v0.9.0 this driver has support for Azure Government and Sovereign Clouds via the use of the ```azure_environment``` setting.  Valid Azure environments are ```Azure```, ```AzureUSGovernment```, ```AzureChina``` and ```AzureGermanCloud```
+Starting with v0.9.0 this driver has support for Azure Government and Sovereign Clouds via the use of the ```azure_environment``` setting. Valid Azure environments are ```Azure```, ```AzureUSGovernment```, ```AzureChina``` and ```AzureGermanCloud```
 
 Note that the ```use_managed_disks``` option should be set to false until supported by AzureUSGovernment.
 
@@ -556,7 +584,7 @@ Note that the ```use_managed_disks``` option should be set to false until suppor
 ---
 driver:
   name: azurerm
-  subscription_id: 'abcdabcd-YOUR-GUID-HERE-abcdabcdabcd'
+  subscription_id: 'your-azure-subscription-id-here'
   azure_environment: 'AzureUSGovernment'
   location: 'US Gov Iowa'
   machine_size: 'Standard_D2_v2_Promo'
@@ -616,9 +644,9 @@ data:    Canonical  UbuntuServer  15.10-DAILY        15.10.201509220  westeurope
 info:    vm image list command OK
 ```
 
-### Additional parameters that can be specified
+### Additional parameters that can be specified in your `kitchen.yml` or added to your personal `kitchen.local.yml`
 
-* Note that the ```driver``` section also takes a ```username``` and ```password``` parameter, the defaults if these are not specified are "azure" and "P2ssw0rd" respectively.
+* Note that the ```driver``` section can also take explicit values for ```username``` and ```password```. Otherwise, the default username is "azure" and the password is a randomly generated 24 character password that can be found in your local kitchen state file (typically `.kitchen/<instance-name>.yml`) if you require it for any reason.
 
 * The ```storage_account_type``` parameter defaults to 'Standard_LRS' and allows you to switch to premium storage (e.g. 'Premium_LRS')
 
@@ -626,6 +654,8 @@ info:    vm image list command OK
 
 * The optional ```vm_tags``` parameter allows you to define key:value pairs to tag VMs with on creation.
 
+* The optional ```plan``` parameter allows you to define plan information when creating VMs from Marketplace images. Please refer to [Deploy an image with Marketplace terms](https://aka.ms/azuremarketplaceapideployment) for more details. Not all Marketplace images support programmatic deployment, and support is controlled by the image publisher.
+
 * Managed disks are now enabled by default, to use the Storage account set ```use_managed_disks``` (default: true).
 
 * The ```image_url``` (unmanaged disks only) parameter can be used to specify a custom vhd (This VHD must be in the same storage account as the disks of the VM, therefore ```existing_storage_account_blob_url``` must also be set and ```use_managed_disks``` must be set to false)
@@ -640,7 +670,7 @@ info:    vm image list command OK
 
 * The ```azure_resource_group_prefix``` and ```azure_resource_group_suffix``` can be used to further disambiguate Azure resource group names created by the driver.
 
-* The ```explicit_resource_group_name``` and ```destroy_explicit_resource_group``` (default: "true") parameters can be used in scenarios where you are provided a pre-created Resource Group.  Example usage: ```explicit_resource_group_name: kitchen-<%= ENV["USERNAME"] %>```
+* The ```explicit_resource_group_name``` and ```destroy_explicit_resource_group``` (default: "true") parameters can be used in scenarios where you are provided a pre-created Resource Group. Example usage: ```explicit_resource_group_name: kitchen-<%= ENV["USERNAME"] %>```
 
 * The ```destroy_resource_group_contents``` (default: "false") parameter can be used when you want to destroy the resources within a resource group without destroying the resource group itself. For example, the following configuration options used in combination would use an existing resource group (or create one if it doesn't exist) and will destroy the contents of the resource group in the ```kitchen destroy``` phase.
 
@@ -683,3 +713,25 @@ Contributions to the project are welcome via submitting Pull Requests.
 3. Commit your changes (`git commit -am 'Add some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)
 5. Create a new Pull Request
+
+## Author
+
+Stuart Preston
+
+## License and Copyright
+
+Copyright 2015-2020, Chef Software, Inc.
+
+```
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+```

data/lib/kitchen/driver/azure_credentials.rb

@@ -0,0 +1,136 @@
+require "inifile"
+require "kitchen/logging"
+
+module Kitchen
+  module Driver
+    #
+    # AzureCredentials
+    #
+    class AzureCredentials
+      include Kitchen::Logging
+
+      CONFIG_PATH = "#{ENV["HOME"]}/.azure/credentials".freeze
+
+      #
+      # @return [String]
+      #
+      attr_reader :subscription_id
+
+      #
+      # @return [String]
+      #
+      attr_reader :environment
+
+      #
+      # Creates and initializes a new instance of the Credentials class.
+      #
+      def initialize(subscription_id:, environment: "Azure")
+        @subscription_id = subscription_id
+        @environment = environment
+      end
+
+      #
+      # Retrieves an object containing options and credentials
+      #
+      # @return [Object] Object that can be supplied along with all Azure client requests.
+      #
+      def azure_options
+        options = { tenant_id: tenant_id!,
+                    subscription_id: subscription_id,
+                    credentials: ::MsRest::TokenCredentials.new(token_provider),
+                    active_directory_settings: ad_settings,
+                    base_url: endpoint_settings.resource_manager_endpoint_url }
+        options[:client_id] = client_id if client_id
+        options[:client_secret] = client_secret if client_secret
+        options
+      end
+
+      private
+
+      def logger
+        Kitchen.logger
+      end
+
+      def config_path
+        @config_path ||= File.expand_path(ENV["AZURE_CONFIG_FILE"] || CONFIG_PATH)
+      end
+
+      def credentials
+        @credentials ||= begin
+          if File.file?(config_path)
+            IniFile.load(config_path)
+          else
+            warn "#{config_path} was not found or not accessible. Will attempt to use Managed Identity."
+            {}
+          end
+        end
+      end
+
+      def credentials_property(property)
+        credentials[subscription_id]&.[](property)
+      end
+
+      def tenant_id!
+        tenant_id || raise("Must provide tenant id. Use AZURE_TENANT_ID environment variable or set it in credentials file (#{config_path})")
+      end
+
+      def tenant_id
+        ENV["AZURE_TENANT_ID"] || credentials_property("tenant_id")
+      end
+
+      def client_id
+        ENV["AZURE_CLIENT_ID"] || credentials_property("client_id")
+      end
+
+      def client_secret
+        ENV["AZURE_CLIENT_SECRET"] || credentials_property("client_secret")
+      end
+
+      def token_provider
+        if client_id && client_secret
+          ::MsRestAzure::ApplicationTokenProvider.new(tenant_id, client_id, client_secret, ad_settings)
+        elsif client_id
+          ::MsRestAzure::MSITokenProvider.new(50342, ad_settings, { client_id: client_id })
+        else
+          ::MsRestAzure::MSITokenProvider.new(50342, ad_settings)
+        end
+      end
+
+      #
+      # Retrieves a [MsRestAzure::ActiveDirectoryServiceSettings] object representing the AD settings for the given cloud.
+      #
+      # @return [MsRestAzure::ActiveDirectoryServiceSettings] Settings to be used for subsequent requests
+      #
+      def ad_settings
+        case environment.downcase
+        when "azureusgovernment"
+          ::MsRestAzure::ActiveDirectoryServiceSettings.get_azure_us_government_settings
+        when "azurechina"
+          ::MsRestAzure::ActiveDirectoryServiceSettings.get_azure_china_settings
+        when "azuregermancloud"
+          ::MsRestAzure::ActiveDirectoryServiceSettings.get_azure_german_settings
+        when "azure"
+          ::MsRestAzure::ActiveDirectoryServiceSettings.get_azure_settings
+        end
+      end
+
+      #
+      # Retrieves a [MsRestAzure::AzureEnvironment] object representing endpoint settings for the given cloud.
+      #
+      # @return [MsRestAzure::AzureEnvironment] Settings to be used for subsequent requests
+      #
+      def endpoint_settings
+        case environment.downcase
+        when "azureusgovernment"
+          ::MsRestAzure::AzureEnvironments::AzureUSGovernment
+        when "azurechina"
+          ::MsRestAzure::AzureEnvironments::AzureChinaCloud
+        when "azuregermancloud"
+          ::MsRestAzure::AzureEnvironments::AzureGermanCloud
+        when "azure"
+          ::MsRestAzure::AzureEnvironments::AzureCloud
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/driver/azurerm.rb

@@ -1,5 +1,5 @@
 require "kitchen"
-require_relative "credentials"
+require_relative "azure_credentials"
 require "securerandom"
 require "azure_mgmt_resources"
 require "azure_mgmt_network"
@@ -9,6 +9,7 @@ require "fileutils"
 require "erb"
 require "ostruct"
 require "json"
+require "faraday"
 
 module Kitchen
   module Driver
@@ -17,6 +18,9 @@ module Kitchen
     #
     class Azurerm < Kitchen::Driver::Base
       attr_accessor :resource_management_client
+      attr_accessor :network_management_client
+
+      kitchen_driver_api_version 2
 
       default_config(:azure_resource_group_prefix) do |_config|
         "kitchen-"
@@ -71,7 +75,7 @@ module Kitchen
       end
 
       default_config(:password) do |_config|
-        "P2ssw0rd"
+        SecureRandom.base64(25)
       end
 
       default_config(:vm_name) do |_config|
@@ -130,6 +134,10 @@ module Kitchen
         {}
       end
 
+      default_config(:plan) do |_config|
+        {}
+      end
+
       default_config(:vm_tags) do |_config|
         {}
       end
@@ -190,6 +198,10 @@ module Kitchen
         ENV["AZURE_SUBSCRIPTION_ID"]
       end
 
+      default_config(:azure_api_retries) do |_config|
+        5
+      end
+
       def create(state)
         state = validate_state(state)
         deployment_parameters = {
@@ -199,18 +211,21 @@ module Kitchen
           bootDiagnosticsEnabled: config[:boot_diagnostics_enabled],
           newStorageAccountName: "storage#{state[:uuid]}",
           adminUsername: state[:username],
-          adminPassword: state[:password] || "P2ssw0rd",
           dnsNameForPublicIP: "kitchen-#{state[:uuid]}",
           vmName: state[:vm_name],
           systemAssignedIdentity: config[:system_assigned_identity],
-          userAssignedIdentities: config[:user_assigned_identities],
+          userAssignedIdentities: config[:user_assigned_identities].map { |identity| [identity, {}] }.to_h,
           secretUrl: config[:secret_url],
           vaultName: config[:vault_name],
           vaultResourceGroup: config[:vault_resource_group],
         }
 
+        if instance.transport[:ssh_key].nil?
+          deployment_parameters["adminPassword"] = state[:password]
+        end
+
         if config[:subscription_id].to_s == ""
-          raise "A subscription_id config value was not detected and kitchen-azurerm cannot continue. Please check your .kitchen.yml configuration. Exiting."
+          raise "A subscription_id config value was not detected and kitchen-azurerm cannot continue. Please check your kitchen.yml configuration. Exiting."
         end
 
         if config[:nic_name].to_s == ""
@@ -255,7 +270,8 @@ module Kitchen
           deployment_parameters["imageVersion"] = image_version
         end
 
-        options = Kitchen::Driver::Credentials.new.azure_options_for_subscription(config[:subscription_id], config[:azure_environment])
+        options = Kitchen::Driver::AzureCredentials.new(subscription_id: config[:subscription_id],
+                                                        environment: config[:azure_environment]).azure_options
 
         debug "Azure environment: #{config[:azure_environment]}"
         @resource_management_client = ::Azure::Resources::Profiles::Latest::Mgmt::Client.new(options)
@@ -266,7 +282,7 @@ module Kitchen
         resource_group.tags = config[:resource_group_tags]
         begin
           info "Creating Resource Group: #{state[:azure_resource_group_name]}"
-          resource_management_client.resource_groups.create_or_update(state[:azure_resource_group_name], resource_group)
+          create_resource_group(state[:azure_resource_group_name], resource_group)
         rescue ::MsRestAzure::AzureOperationError => operation_error
           error operation_error.body
           raise operation_error
@@ -277,17 +293,17 @@ module Kitchen
           if File.file?(config[:pre_deployment_template])
             pre_deployment_name = "pre-deploy-#{state[:uuid]}"
             info "Creating deployment: #{pre_deployment_name}"
-            resource_management_client.deployments.begin_create_or_update_async(state[:azure_resource_group_name], pre_deployment_name, pre_deployment(config[:pre_deployment_template], config[:pre_deployment_parameters])).value!
+            create_deployment_async(state[:azure_resource_group_name], pre_deployment_name, pre_deployment(config[:pre_deployment_template], config[:pre_deployment_parameters])).value!
             follow_deployment_until_end_state(state[:azure_resource_group_name], pre_deployment_name)
           end
           deployment_name = "deploy-#{state[:uuid]}"
           info "Creating deployment: #{deployment_name}"
-          resource_management_client.deployments.begin_create_or_update_async(state[:azure_resource_group_name], deployment_name, deployment(deployment_parameters)).value!
+          create_deployment_async(state[:azure_resource_group_name], deployment_name, deployment(deployment_parameters)).value!
           follow_deployment_until_end_state(state[:azure_resource_group_name], deployment_name)
           if File.file?(config[:post_deployment_template])
             post_deployment_name = "post-deploy-#{state[:uuid]}"
             info "Creating deployment: #{post_deployment_name}"
-            resource_management_client.deployments.begin_create_or_update_async(state[:azure_resource_group_name], post_deployment_name, post_deployment(config[:post_deployment_template], config[:post_deployment_parameters])).value!
+            create_deployment_async(state[:azure_resource_group_name], post_deployment_name, post_deployment(config[:post_deployment_template], config[:post_deployment_parameters])).value!
             follow_deployment_until_end_state(state[:azure_resource_group_name], post_deployment_name)
           end
         rescue ::MsRestAzure::AzureOperationError => operation_error
@@ -302,17 +318,16 @@ module Kitchen
           end
         end
 
-        network_management_client = ::Azure::Network::Profiles::Latest::Mgmt::Client.new(options)
+        @network_management_client = ::Azure::Network::Profiles::Latest::Mgmt::Client.new(options)
 
         if config[:vnet_id] == "" || config[:public_ip]
           # Retrieve the public IP from the resource group:
-          result = network_management_client.public_ipaddresses.get(state[:azure_resource_group_name], "publicip")
+          result = get_public_ip(state[:azure_resource_group_name], "publicip")
           info "IP Address is: #{result.ip_address} [#{result.dns_settings.fqdn}]"
           state[:hostname] = result.ip_address
         else
           # Retrieve the internal IP from the resource group:
-          network_interfaces = ::Azure::Network::Profiles::Latest::Mgmt::NetworkInterfaces.new(network_management_client)
-          result = network_interfaces.get(state[:azure_resource_group_name], vmnic.to_s)
+          result = get_network_interface(state[:azure_resource_group_name], vmnic.to_s)
           info "IP Address is: #{result.ip_configurations[0].private_ipaddress}"
           state[:hostname] = result.ip_configurations[0].private_ipaddress
         end
@@ -475,7 +490,7 @@ module Kitchen
         until end_provisioning_state_reached
           list_outstanding_deployment_operations(resource_group, deployment_name)
           sleep config[:deployment_sleep]
-          deployment_provisioning_state = deployment_state(resource_group, deployment_name)
+          deployment_provisioning_state = get_deployment_state(resource_group, deployment_name)
           end_provisioning_state_reached = end_provisioning_states.split(",").include?(deployment_provisioning_state)
         end
         info "Resource Template deployment reached end state of '#{deployment_provisioning_state}'."
@@ -483,7 +498,7 @@ module Kitchen
       end
 
       def show_failed_operations(resource_group, deployment_name)
-        failed_operations = resource_management_client.deployment_operations.list(resource_group, deployment_name)
+        failed_operations = list_deployment_operations(resource_group, deployment_name)
         failed_operations.each do |val|
           resource_code = val.properties.status_code
           raise val.properties.status_message.inspect.to_s if resource_code != "OK"
@@ -492,7 +507,7 @@ module Kitchen
 
       def list_outstanding_deployment_operations(resource_group, deployment_name)
         end_operation_states = "Failed,Succeeded"
-        deployment_operations = resource_management_client.deployment_operations.list(resource_group, deployment_name)
+        deployment_operations = list_deployment_operations(resource_group, deployment_name)
         deployment_operations.each do |val|
           resource_provisioning_state = val.properties.provisioning_state
           unless val.properties.target_resource.nil?
@@ -506,22 +521,18 @@ module Kitchen
         end
       end
 
-      def deployment_state(resource_group, deployment_name)
-        deployments = resource_management_client.deployments.get(resource_group, deployment_name)
-        deployments.properties.provisioning_state
-      end
-
       def destroy(state)
         return if state[:server_id].nil?
 
-        options = Kitchen::Driver::Credentials.new.azure_options_for_subscription(state[:subscription_id], state[:azure_environment])
+        options = Kitchen::Driver::AzureCredentials.new(subscription_id: state[:subscription_id],
+                                                        environment: state[:azure_environment]).azure_options
         @resource_management_client = ::Azure::Resources::Profiles::Latest::Mgmt::Client.new(options)
         if config[:destroy_resource_group_contents] == true
           info "Destroying individual resources within the Resource Group."
           empty_deployment_name = "empty-deploy-#{state[:uuid]}"
           begin
             info "Creating deployment: #{empty_deployment_name}"
-            resource_management_client.deployments.begin_create_or_update_async(state[:azure_resource_group_name], empty_deployment_name, empty_deployment).value!
+            create_deployment_async(state[:azure_resource_group_name], empty_deployment_name, empty_deployment).value!
             follow_deployment_until_end_state(state[:azure_resource_group_name], empty_deployment_name)
           rescue ::MsRestAzure::AzureOperationError => operation_error
             error operation_error.body
@@ -536,7 +547,7 @@ module Kitchen
         info "Azure environment: #{state[:azure_environment]}"
         begin
           info "Destroying Resource Group: #{state[:azure_resource_group_name]}"
-          resource_management_client.resource_groups.begin_delete(state[:azure_resource_group_name])
+          delete_resource_group_async(state[:azure_resource_group_name])
           info "Destroy operation accepted and will continue in the background."
         rescue ::MsRestAzure::AzureOperationError => operation_error
           error operation_error.body
@@ -638,13 +649,25 @@ module Kitchen
 
       def virtual_machine_deployment_template
         if config[:vnet_id] == ""
-          virtual_machine_deployment_template_file("public.erb", vm_tags: vm_tag_string(config[:vm_tags]), use_managed_disks: config[:use_managed_disks], image_url: config[:image_url], existing_storage_account_blob_url: config[:existing_storage_account_blob_url], image_id: config[:image_id], existing_storage_account_container: config[:existing_storage_account_container], custom_data: config[:custom_data], os_disk_size_gb: config[:os_disk_size_gb], data_disks_for_vm_json: data_disks_for_vm_json, use_ephemeral_osdisk: config[:use_ephemeral_osdisk])
+          virtual_machine_deployment_template_file("public.erb", vm_tags: vm_tag_string(config[:vm_tags]), use_managed_disks: config[:use_managed_disks], image_url: config[:image_url], existing_storage_account_blob_url: config[:existing_storage_account_blob_url], image_id: config[:image_id], existing_storage_account_container: config[:existing_storage_account_container], custom_data: config[:custom_data], os_disk_size_gb: config[:os_disk_size_gb], data_disks_for_vm_json: data_disks_for_vm_json, use_ephemeral_osdisk: config[:use_ephemeral_osdisk], ssh_key: instance.transport[:ssh_key], plan_json: plan_json)
         else
           info "Using custom vnet: #{config[:vnet_id]}"
-          virtual_machine_deployment_template_file("internal.erb", vnet_id: config[:vnet_id], subnet_id: config[:subnet_id], public_ip: config[:public_ip], vm_tags: vm_tag_string(config[:vm_tags]), use_managed_disks: config[:use_managed_disks], image_url: config[:image_url], existing_storage_account_blob_url: config[:existing_storage_account_blob_url], image_id: config[:image_id], existing_storage_account_container: config[:existing_storage_account_container], custom_data: config[:custom_data], os_disk_size_gb: config[:os_disk_size_gb], data_disks_for_vm_json: data_disks_for_vm_json, use_ephemeral_osdisk: config[:use_ephemeral_osdisk])
+          virtual_machine_deployment_template_file("internal.erb", vnet_id: config[:vnet_id], subnet_id: config[:subnet_id], public_ip: config[:public_ip], vm_tags: vm_tag_string(config[:vm_tags]), use_managed_disks: config[:use_managed_disks], image_url: config[:image_url], existing_storage_account_blob_url: config[:existing_storage_account_blob_url], image_id: config[:image_id], existing_storage_account_container: config[:existing_storage_account_container], custom_data: config[:custom_data], os_disk_size_gb: config[:os_disk_size_gb], data_disks_for_vm_json: data_disks_for_vm_json, use_ephemeral_osdisk: config[:use_ephemeral_osdisk], ssh_key: instance.transport[:ssh_key], plan_json: plan_json)
         end
       end
 
+      def plan_json
+        return nil if config[:plan].empty?
+
+        plan = {}
+        plan["name"] = config[:plan][:name]                    if config[:plan][:name]
+        plan["product"] = config[:plan][:product]              if config[:plan][:product]
+        plan["promotionCode"] = config[:plan][:promotion_code] if config[:plan][:promotion_code]
+        plan["publisher"] = config[:plan][:publisher]          if config[:plan][:publisher]
+
+        plan.to_json
+      end
+
       def virtual_machine_deployment_template_file(template_file, data = {})
         template = File.read(File.expand_path(File.join(__dir__, "../../../templates", template_file)))
         render_binding = OpenStruct.new(data)
@@ -676,6 +699,118 @@ module Kitchen
           end
         end
       end
+
+      private
+
+      #
+      # Wrapper methods for the Azure API calls to retry the calls when getting timeouts.
+      #
+
+      def create_resource_group(resource_group_name, resource_group)
+        retries = config[:azure_api_retries]
+        begin
+          resource_management_client.resource_groups.create_or_update(resource_group_name, resource_group)
+        rescue Faraday::TimeoutError, Faraday::ClientError => exception
+          send_exception_message(exception, "while creating resource group '#{resource_group_name}'. #{retries} retries left.")
+          raise if retries == 0
+
+          retries -= 1
+          retry
+        end
+      end
+
+      def create_deployment_async(resource_group, deployment_name, deployment)
+        retries = config[:azure_api_retries]
+        begin
+          resource_management_client.deployments.begin_create_or_update_async(resource_group, deployment_name, deployment)
+        rescue Faraday::TimeoutError, Faraday::ClientError => exception
+          send_exception_message(exception, "while sending deployment creation request for deployment '#{deployment_name}'. #{retries} retries left.")
+          raise if retries == 0
+
+          retries -= 1
+          retry
+        end
+      end
+
+      def get_public_ip(resource_group_name, public_ip_name)
+        retries = config[:azure_api_retries]
+        begin
+          network_management_client.public_ipaddresses.get(resource_group_name, public_ip_name)
+        rescue Faraday::TimeoutError, Faraday::ClientError => exception
+          send_exception_message(exception, "while fetching public ip '#{public_ip_name}' for resource group '#{resource_group_name}'. #{retries} retries left.")
+          raise if retries == 0
+
+          retries -= 1
+          retry
+        end
+      end
+
+      def get_network_interface(resource_group_name, network_interface_name)
+        retries = config[:azure_api_retries]
+        begin
+          network_interfaces = ::Azure::Network::Profiles::Latest::Mgmt::NetworkInterfaces.new(network_management_client)
+          network_interfaces.get(resource_group_name, network_interface_name)
+        rescue Faraday::TimeoutError, Faraday::ClientError => exception
+          send_exception_message(exception, "while fetching network interface '#{network_interface_name}' for resource group '#{resource_group_name}'. #{retries} retries left.")
+          raise if retries == 0
+
+          retries -= 1
+          retry
+        end
+      end
+
+      def list_deployment_operations(resource_group, deployment_name)
+        retries = config[:azure_api_retries]
+        begin
+          resource_management_client.deployment_operations.list(resource_group, deployment_name)
+        rescue Faraday::TimeoutError, Faraday::ClientError => exception
+          send_exception_message(exception, "while listing deployment operations for deployment '#{deployment_name}'. #{retries} retries left.")
+          raise if retries == 0
+
+          retries -= 1
+          retry
+        end
+      end
+
+      def get_deployment_state(resource_group, deployment_name)
+        retries = config[:azure_api_retries]
+        begin
+          deployments = resource_management_client.deployments.get(resource_group, deployment_name)
+          deployments.properties.provisioning_state
+        rescue Faraday::TimeoutError, Faraday::ClientError => exception
+          send_exception_message(exception, "while retrieving state for deployment '#{deployment_name}'. #{retries} retries left.")
+          raise if retries == 0
+
+          retries -= 1
+          retry
+        end
+      end
+
+      def delete_resource_group_async(resource_group_name)
+        retries = config[:azure_api_retries]
+        begin
+          resource_management_client.resource_groups.begin_delete(resource_group_name)
+        rescue Faraday::TimeoutError, Faraday::ClientError => exception
+          send_exception_message(exception, "while sending resource group deletion request for '#{resource_group_name}'. #{retries} retries left.")
+          raise if retries == 0
+
+          retries -= 1
+          retry
+        end
+      end
+
+      def send_exception_message(exception, message)
+        if exception.is_a?(Faraday::TimeoutError)
+          header = "Timed out"
+        elsif exception.is_a?(Faraday::ClientError)
+          header = "Connection reset by peer"
+        else
+          # Unhandled exception, return early
+          info "Unrecognized exception type."
+          return
+        end
+        info "#{header} #{message}"
+      end
     end
   end
 end

data/templates/internal.erb

@@ -26,12 +26,14 @@
                 "description": "User name for the Virtual Machine."
             }
         },
+        <%- if ssh_key.nil? -%>
         "adminPassword": {
             "type": "securestring",
             "metadata": {
                 "description": "Password for the Virtual Machine."
             }
         },
+        <%- end -%>
         "dnsNameForPublicIP": {
             "type": "string",
             "metadata": {
@@ -176,10 +178,10 @@
             }
         },
         "userAssignedIdentities": {
-            "type": "array",
-            "defaultValue": [],
+            "type": "object",
+            "defaultValue": {},
             "metadata": {
-                "description": "A list of resource IDs for user identities to associate with the Virtual Machine, or empty to disable user assigned identities."
+                "description": "An object whose keys are resource IDs for user identities to associate with the Virtual Machine and whose values are empty objects, or empty to disable user assigned identities."
             }
         },
         "bootDiagnosticsEnabled": {
@@ -322,8 +324,10 @@
                         ]
                     ],
                     <%- end -%>
-                    "adminUsername": "[parameters('adminUsername')]",
-                    "adminPassword": "[parameters('adminPassword')]"
+                    <%- if ssh_key.nil? -%>
+                    "adminPassword": "[parameters('adminPassword')]",
+                    <%- end -%>
+                    "adminUsername": "[parameters('adminUsername')]"
                 },
                 "storageProfile": {
                     <%- if image_url.empty? and image_id.empty? -%>
@@ -406,9 +410,12 @@
                     <%- end -%>
                 }
             },
+            <%- unless plan_json.nil? -%>
+            "plan": <%= plan_json %>,
+            <%- end -%>
             "identity": {
                 "type": "[variables('vmIdentityType')]",
-                "identityIds": "[if(empty(parameters('userAssignedIdentities')), json('null'), parameters('userAssignedIdentities'))]"
+                "userAssignedIdentities": "[if(empty(parameters('userAssignedIdentities')), json('null'), parameters('userAssignedIdentities'))]"
             },
             "tags": {
                 <%= vm_tags unless vm_tags.empty? %>

data/templates/public.erb

@@ -26,12 +26,14 @@
                 "description": "User name for the Virtual Machine."
             }
         },
+        <%- if ssh_key.nil? -%>
         "adminPassword": {
             "type": "securestring",
             "metadata": {
                 "description": "Password for the Virtual Machine."
             }
         },
+        <%- end -%>
         "dnsNameForPublicIP": {
             "type": "string",
             "metadata": {
@@ -176,10 +178,10 @@
             }
         },
         "userAssignedIdentities": {
-            "type": "array",
-            "defaultValue": [],
+            "type": "object",
+            "defaultValue": {},
             "metadata": {
-                "description": "A list of resource IDs for user identities to associate with the Virtual Machine, or empty to disable user assigned identities."
+                "description": "An object whose keys are resource IDs for user identities to associate with the Virtual Machine and whose values are empty objects, or empty to disable user assigned identities."
             }
         },
         "bootDiagnosticsEnabled": {
@@ -341,8 +343,10 @@
                         ]
                     ],
                     <%- end -%>
-                    "adminUsername": "[parameters('adminUsername')]",
-                    "adminPassword": "[parameters('adminPassword')]"
+                    <%- if ssh_key.nil? -%>
+                    "adminPassword": "[parameters('adminPassword')]",
+                    <%- end -%>
+                    "adminUsername": "[parameters('adminUsername')]"
                 },
                 "storageProfile": {
                     <%- if image_url.empty? and image_id.empty? -%>
@@ -425,9 +429,12 @@
                     <%- end -%>
                 }
             },
+            <%- unless plan_json.nil? -%>
+            "plan": <%= plan_json %>,
+            <%- end -%>
             "identity": {
                 "type": "[variables('vmIdentityType')]",
-                "identityIds": "[if(empty(parameters('userAssignedIdentities')), json('null'), parameters('userAssignedIdentities'))]"
+                "userAssignedIdentities": "[if(empty(parameters('userAssignedIdentities')), json('null'), parameters('userAssignedIdentities'))]"
             },
             "tags": {
                 <%= vm_tags unless vm_tags.empty? %>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kitchen-azurerm
 version: !ruby/object:Gem::Version
-  version: 0.15.1
+  version: 1.1.0
 platform: ruby
 authors:
 - Stuart Preston
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-01-15 00:00:00.000000000 Z
+date: 2020-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: azure_mgmt_network
@@ -54,22 +54,22 @@ dependencies:
   name: inifile
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 3.0.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 3.0.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: sshkey
   requirement: !ruby/object:Gem::Requirement
@@ -91,19 +91,25 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3'
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: test-kitchen
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
+        version: '1.20'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.20'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -132,6 +138,62 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: rspec-mocks
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: rspec-expectations
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.0
 description: Test Kitchen driver for the Microsoft Azure Resource Manager (ARM) API
 email:
 - stuart@chef.io
@@ -141,8 +203,8 @@ extra_rdoc_files: []
 files:
 - LICENSE
 - README.md
+- lib/kitchen/driver/azure_credentials.rb
 - lib/kitchen/driver/azurerm.rb
-- lib/kitchen/driver/credentials.rb
 - templates/empty.erb
 - templates/internal.erb
 - templates/public.erb
@@ -150,7 +212,7 @@ homepage: https://github.com/test-kitchen/kitchen-azurerm
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -165,8 +227,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Test Kitchen driver for Azure Resource Manager.
 test_files: []

data/lib/kitchen/driver/credentials.rb

@@ -1,90 +0,0 @@
-require "inifile"
-
-module Kitchen
-  module Driver
-    #
-    # Credentials
-    #
-    class Credentials
-      CONFIG_PATH = "#{ENV["HOME"]}/.azure/credentials".freeze
-
-      #
-      # Creates and initializes a new instance of the Credentials class.
-      #
-      def initialize
-        config_file = ENV["AZURE_CONFIG_FILE"] || File.expand_path(CONFIG_PATH)
-        if File.file?(config_file)
-          @credentials = IniFile.load(File.expand_path(config_file))
-        else
-          warn "#{CONFIG_PATH} was not found or not accessible."
-        end
-      end
-
-      #
-      # Retrieves an object containing options and credentials for the given
-      # subscription_id and azure_environment.
-      #
-      # @param subscription_id [String] The subscription_id to retrieve a token for
-      # @param azure_environment [String] The azure_environment to use
-      #
-      # @return [Object] Object that can be supplied along with all Azure client requests.
-      #
-      def azure_options_for_subscription(subscription_id, azure_environment = "Azure")
-        tenant_id = ENV["AZURE_TENANT_ID"] || @credentials[subscription_id]["tenant_id"]
-        client_id = ENV["AZURE_CLIENT_ID"] || @credentials[subscription_id]["client_id"]
-        client_secret = ENV["AZURE_CLIENT_SECRET"] || @credentials[subscription_id]["client_secret"]
-        token_provider = ::MsRestAzure::ApplicationTokenProvider.new(tenant_id, client_id, client_secret, ad_settings_for_azure_environment(azure_environment))
-        options = { tenant_id: tenant_id,
-                    client_id: client_id,
-                    client_secret: client_secret,
-                    subscription_id: subscription_id,
-                    credentials: ::MsRest::TokenCredentials.new(token_provider),
-                    active_directory_settings: ad_settings_for_azure_environment(azure_environment),
-                    base_url: endpoint_settings_for_azure_environment(azure_environment).resource_manager_endpoint_url }
-        options
-      end
-
-      #
-      # Retrieves a [MsRestAzure::ActiveDirectoryServiceSettings] object representing the AD settings for the given cloud.
-      # @param azure_environment [String] The Azure environment to retrieve settings for.
-      #
-      # @return [MsRestAzure::ActiveDirectoryServiceSettings] Settings to be used for subsequent requests
-      #
-      def ad_settings_for_azure_environment(azure_environment)
-        case azure_environment.downcase
-        when "azureusgovernment"
-          ::MsRestAzure::ActiveDirectoryServiceSettings.get_azure_us_government_settings
-        when "azurechina"
-          ::MsRestAzure::ActiveDirectoryServiceSettings.get_azure_china_settings
-        when "azuregermancloud"
-          ::MsRestAzure::ActiveDirectoryServiceSettings.get_azure_german_settings
-        when "azure"
-          ::MsRestAzure::ActiveDirectoryServiceSettings.get_azure_settings
-        end
-      end
-
-      #
-      # Retrieves a [MsRestAzure::AzureEnvironment] object representing endpoint settings for the given cloud.
-      # @param azure_environment [String] The Azure environment to retrieve settings for.
-      #
-      # @return [MsRestAzure::AzureEnvironment] Settings to be used for subsequent requests
-      #
-      def endpoint_settings_for_azure_environment(azure_environment)
-        case azure_environment.downcase
-        when "azureusgovernment"
-          ::MsRestAzure::AzureEnvironments::AzureUSGovernment
-        when "azurechina"
-          ::MsRestAzure::AzureEnvironments::AzureChinaCloud
-        when "azuregermancloud"
-          ::MsRestAzure::AzureEnvironments::AzureGermanCloud
-        when "azure"
-          ::MsRestAzure::AzureEnvironments::AzureCloud
-        end
-      end
-
-      def self.singleton
-        @credentials ||= Credentials.new
-      end
-    end
-  end
-end