kitchen-azurerm 0.15.2 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 48df20f4bbd7b6087cfde1ec03770f559f0fbd45e01bc01834e95e95d8f9c3b6
-  data.tar.gz: 6cc4e949b4fbc6bf173664fb4ee5f7aa3eb9bcfa5254c70a6642767c53425ce6
+  metadata.gz: 8615b3c50c7c88dc0167c2b0daebd1c66c1fec9bd05d1c169223c30fc00a7cc2
+  data.tar.gz: 769a0df10ad7af7a1215066955eba46717e16358f83ad176df6954d4f2e43d49
 SHA512:
-  metadata.gz: 71daccd76e78290d7c601b293d3e54c8a9fc4f1fd06a7d754d8dc0ea900c516424d05dbe50d1c5011a52862a5ac8a6f738cb183fd31ca280fe8637cf6fe3ba01
-  data.tar.gz: acadd9d7ea7152cac675428e0203a12d6d79b187d7ae4603be1795edbe3498c7b3ccffec5457f22e864bc1623b203d58ba666f522c3a1f65dd8331cdd70d6c79
+  metadata.gz: 48a2d37a873c8d2b842dc20e0c2e40cc9b349faed29d0c1f9bbc12ccb53097e0df0a06884f29c840b2e2f72a3deef6a0ab2244ef037a9c1aa24397524f756747
+  data.tar.gz: b3538aa314c217566e22a359655aee67eedb88cff3d2ea2f35e17445db4fe5821b57d5beb183f8ec77ac077ed58f88f275fd011fbdaa162a3b17def168c2c99e

data/LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2017 Pendrica Ltd.
+   Copyright [yyyy] [name of copyright owner]
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

data/README.md

@@ -1,24 +1,43 @@
 # kitchen-azurerm
 
-[![Gem Version](https://badge.fury.io/rb/kitchen-azurerm.svg)](http://badge.fury.io/rb/kitchen-azurerm) [![Build Status](https://travis-ci.org/test-kitchen/kitchen-azurerm.svg)](https://travis-ci.org/test-kitchen/kitchen-azurerm)
+[![Gem Version](https://badge.fury.io/rb/kitchen-azurerm.svg)](http://badge.fury.io/rb/kitchen-azurerm) ![CI](https://github.com/test-kitchen/kitchen-azurerm/workflows/CI/badge.svg?branch=master)
 
-**kitchen-azurerm** is a driver for the popular test harness [Test Kitchen](http://kitchen.ci) that allows Microsoft Azure resources to be provisioned prior to testing. This driver uses the new Microsoft Azure Resource Management REST API via the [azure-sdk-for-ruby](https://github.com/azure/azure-sdk-for-ruby).
+**kitchen-azurerm** is a driver for the popular test harness [Test Kitchen](http://kitchen.ci) that allows Microsoft Azure resources to be provisioned before testing. This driver uses the new Microsoft Azure Resource Management REST API via the [azure-sdk-for-ruby](https://github.com/azure/azure-sdk-for-ruby).
 
-This version has been tested on Windows, OS/X and Ubuntu. If you encounter a problem on your platform, please raise an issue.
+This version has been tested on Windows, macOS, and Ubuntu. If you encounter a problem on your platform, please raise an issue.
 
 ## Quick-start
 
 ### Installation
 
-This plugin is distributed as a [Ruby Gem](https://rubygems.org/gems/kitchen-azurerm). To install it, run:
+This plugin ships in Chef Workstation out of the box so there is no need to install it when using Chef Workstation[https://downloads.chef.io/products/workstation].
 
-```$ gem install kitchen-azurerm```
+If you're not using Chef Workstation and need to install the plugin as a gem run:
 
-Note if you are running the ChefDK you may need to prefix the command with chef, i.e. ```$ chef gem install kitchen-azurerm```
+```$ gem install kitchen-azurerm```
 
 ### Configuration
 
-For the driver to interact with the Microsoft Azure Resource management REST API, a Service Principal needs to be configured with Contributor rights against the specific subscription being targeted.  Using an Organizational (AAD) account and related password is no longer supported.  To create a Service Principal and apply the correct permissions, you will need to [create and authenticate a service principal](https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal/#authenticate-service-principal-with-password---azure-cli) using the [Azure CLI](https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-install/). Make sure you stay within the section titled 'Authenticate service principal with password - Azure CLI'.
+For the driver to interact with the Microsoft Azure Resource management REST API, a Service Principal needs to be configured with Contributor rights against the specific subscription being targeted. Using an Organizational (AAD) account and related password is no longer supported. To create a Service Principal and apply the correct permissions, you will need to [create an Azure service principal with the Azure CLI](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest#create-a-service-principal) using the [Azure CLI](https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-install/). Make sure you stay within the section titled 'Authenticate service principal with password - Azure CLI'.
+
+If the above is TLDR then try this after `az login` using your target subscription ID and the desired SP name:
+
+```bash
+# Create a Service Principal using the desired subscription id from the command above
+az ad sp create-for-rbac --name="kitchen-azurerm" --role="Contributor" --scopes="/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+
+#Output
+#
+#{
+#  "appId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",    <- Also known as the Client ID
+#  "displayName": "azure-cli-2018-12-12-14-15-39",
+#  "name": "http://azure-cli-2018-12-12-14-15-39",
+#  "password": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+#  "tenant": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+#}
+```
+
+NOTE: Don't forget to save the values from the output -- most importantly the `password`.
 
 You will also need to ensure you have an active Azure subscription (you can get started [for free](https://azure.microsoft.com/en-us/free/) or use your [MSDN Subscription](https://azure.microsoft.com/en-us/pricing/member-offers/msdn-benefits/)).
 
@@ -29,25 +48,34 @@ You are now ready to configure kitchen-azurerm to use the credentials from the s
 3. **Client Secret/Password**: this will be the password you supplied in the command in step 2.
 4. **Tenant ID**: use the command detailed in "Manually provide credentials through Azure CLI" step 1 to get the TenantId.
 
-Using a text editor, open or create the file ```~/.azure/credentials``` and add the following section, noting there is one section per Subscription ID.  **Make sure you save the file with UTF-8 encoding**
+Using a text editor, open or create the file ```~/.azure/credentials``` and add the following section, noting there is one section per Subscription ID. **Make sure you save the file with UTF-8 encoding**
 
 ```ruby
-[abcd1234-YOUR-SUBSCRIPTION-ID-HERE-abcdef123456]
-client_id = "48b9bba3-YOUR-GUID-HERE-90f0b68ce8ba"
+[ADD-YOUR-AZURE-SUBSCRIPTION-ID-HERE-IN-SQUARE-BRACKET]
+client_id = "your-azure-client-id-here"
 client_secret = "your-client-secret-here"
-tenant_id = "9c117323-YOUR-GUID-HERE-9ee430723ba3"
+tenant_id = "your-azure-tenant-id-here"
 ```
 
 If preferred, you may also set the following environment variables, however this would be incompatible with supporting multiple Azure subscriptions.
 
 ```ruby
-AZURE_CLIENT_ID="48b9bba3-YOUR-GUID-HERE-90f0b68ce8ba"
+AZURE_CLIENT_ID="your-azure-client-id-here"
 AZURE_CLIENT_SECRET="your-client-secret-here"
-AZURE_TENANT_ID="9c117323-YOUR-GUID-HERE-9ee430723ba3"
+AZURE_TENANT_ID="your-azure-tenant-id-here"
 ```
 
 Note that the environment variables, if set, take preference over the values in a configuration file.
 
+After adjusting your ```~/.azure/credentials``` file you will need to adjust your ```kitchen.yml``` file to leverage the azurerm driver. Use the following examples to achieve this, then check your configuration with standard kitchen commands. For example,
+
+```bash
+% kitchen list
+Instance            Driver   Provisioner  Verifier  Transport  Last Action    Last Error
+wsus-windows-2019   Azurerm  ChefZero     Inspec    Winrm      <Not Created>  <None>
+wsus-windows-2016   Azurerm  ChefZero     Inspec    Winrm      <Not Created>  <None>
+```
+
 ### .kitchen.yml example 1 - Linux/Ubuntu
 
 Here's an example ```.kitchen.yml``` file that provisions an Ubuntu Server, using Chef Zero as the provisioner and SSH as the transport. Note that if the key does not exist at the specified location, it will be created. Also note that if ```ssh_key``` is supplied, Test Kitchen will use this in preference to any default/configured passwords that are supplied.
@@ -56,7 +84,7 @@ Here's an example ```.kitchen.yml``` file that provisions an Ubuntu Server, usin
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_D1'
 
@@ -71,9 +99,6 @@ platforms:
     driver:
       image_urn: Canonical:UbuntuServer:14.04.4-LTS:latest
       vm_name: trusty-vm
-      vm_tags:
-        ostype: linux
-        distro: ubuntu
 
 suites:
   - name: default
@@ -84,7 +109,7 @@ suites:
 
 ### Concurrent execution
 
-Concurrent execution of create/converge/destroy is supported via the --concurrency parameter. Each machine is created in it's own Azure Resource Group so has no shared lifecycle with the other machines in the test run. To take advantage of parallel execution use the following command:
+Concurrent execution of create/converge/destroy is supported via the --concurrency parameter. Each machine is created in its own Azure Resource Group so it has no shared lifecycle with the other machines in the test run. To take advantage of parallel execution use the following command:
 
 ```kitchen test --concurrency <n>```
 
@@ -98,7 +123,7 @@ Here's a further example ```.kitchen.yml``` file that will provision a Windows S
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_DS2_v2'
 
@@ -113,6 +138,9 @@ platforms:
       resource_group_tags:
         project: 'My Cool Project'
         contact: 'me@somewhere.com'
+      vm_tags:
+        my_tag: its value
+        another_tag: its awesome value
     transport:
       name: winrm
 suites:
@@ -125,16 +153,16 @@ suites:
 ### .kitchen.yml example 3 - "pre-deployment" ARM template
 
 The following example introduces the ```pre_deployment_template``` and ```pre_deployment_parameters``` properties in the configuration file.
-You can use this capability to execute an ARM template containing Azure resources to provision before the system under test is created.  
+You can use this capability to execute an ARM template containing Azure resources to provision before the system under test is created.
 
-In the example the ARM template in the file ```predeploy.json``` would be executed with the parameters that are specified under ```pre_deployment_parameters```.  
+In the example the ARM template in the file ```predeploy.json``` would be executed with the parameters that are specified under ```pre_deployment_parameters```.
 These resources will be created in the same Azure Resource Group as the VM under test, and therefore will be destroyed when you type ```kitchen destroy```.
 
 ```yaml
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_D1'
   pre_deployment_template: predeploy.json
@@ -198,7 +226,7 @@ Example predeploy.json:
 
 ### .kitchen.yml example 4 - deploy VM to existing virtual network/subnet (use for ExpressRoute/VPN scenarios)
 
-The following example introduces the ```vnet_id``` and ```subnet_id``` properties under "driver" in the configuration file.  This can be applied at the top level, or per platform.
+The following example introduces the ```vnet_id``` and ```subnet_id``` properties under "driver" in the configuration file. This can be applied at the top level, or per platform.
 You can use this capability to create the VM on an existing virtual network and subnet created in a different resource group.
 
 In this case, the public IP address is not used unless ```public_ip``` is set to ```true```
@@ -207,7 +235,7 @@ In this case, the public IP address is not used unless ```public_ip``` is set to
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_D1'
 
@@ -241,7 +269,7 @@ Note: The image must be available first. On deletion the disk and everything is
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_D1'
 
@@ -270,7 +298,7 @@ suites:
 
 This example a classic Custom VM Image (aka a VHD file) is used. As the Image VHD must be in the same storage account then the disk of the instance, the os disk is created in an existing image account.
 
-Note: When the resource group ís deleted, the os disk is left in the extsing storage account blob. You must cleanup manually.
+Note: When the resource group ís deleted, the os disk is left in the existing storage account blob. You must clean up manually.
 
 This example will:
 
@@ -282,7 +310,7 @@ This example will:
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_D1'
 
@@ -319,7 +347,7 @@ Note: Custom data can be custom data or a file to custom data. Please also note
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_D1'
 
@@ -358,13 +386,13 @@ suites:
 
 This example demonstrates how to add 3 additional Managed data disks to a Windows Server 2016 VM. Not supported with legacy (pre-managed disk) storage accounts.
 
-Note the availability of a `format_data_disks` option (default: `false`).  When set to true, a PowerShell script will execute at first boot to initialize and format the disks with an NTFS filesystem.  This option has no effect on Linux machines.
+Note the availability of a `format_data_disks` option (default: `false`). When set to true, a PowerShell script will execute at first boot to initialize and format the disks with an NTFS filesystem. This option does not affect Linux machines.
 
 ```yaml
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_F2s'
 
@@ -394,16 +422,16 @@ suites:
 ### .kitchen.yml example 9 - "post-deployment" ARM template with MSI authentication
 
 The following example introduces the ```post_deployment_template``` and ```post_deployment_parameters``` properties in the configuration file.
-You can use this capability to execute an ARM template containing Azure resources to provision after the system under test is created.  
+You can use this capability to execute an ARM template containing Azure resources to provision after the system under test is created.
 
-In the example the ARM template in the file ```postdeploy.json``` would be executed with the parameters that are specified under ```post_deployment_parameters```.  
+In the example the ARM template in the file ```postdeploy.json``` would be executed with the parameters that are specified under ```post_deployment_parameters```.
 These resources will be created in the same Azure Resource Group as the VM under test, and therefore will be destroyed when you type ```kitchen destroy```.
 
 ```yaml
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_D1'
   post_deployment_template: postdeploy.json
@@ -488,7 +516,7 @@ See the [Managed identities for Azure resources](https://docs.microsoft.com/en-u
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'West Europe'
   machine_size: 'Standard_D1'
 
@@ -521,7 +549,7 @@ This following example introduces ```secret_url```, ```vault_name```, and ```vau
 ---
 driver:
   name: azurerm
-  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  subscription_id: 'your-azure-subscription-id-here'
   location: 'CentralUS'
   machine_size: 'Standard_D2s_v3'
   secret_url: 'https://YOUR-SECRET-PATH'
@@ -546,7 +574,7 @@ suites:
 
 ## Support for Government and Sovereign Clouds (China and Germany)
 
-Starting with v0.9.0 this driver has support for Azure Government and Sovereign Clouds via the use of the ```azure_environment``` setting.  Valid Azure environments are ```Azure```, ```AzureUSGovernment```, ```AzureChina``` and ```AzureGermanCloud```
+Starting with v0.9.0 this driver has support for Azure Government and Sovereign Clouds via the use of the ```azure_environment``` setting. Valid Azure environments are ```Azure```, ```AzureUSGovernment```, ```AzureChina``` and ```AzureGermanCloud```
 
 Note that the ```use_managed_disks``` option should be set to false until supported by AzureUSGovernment.
 
@@ -556,7 +584,7 @@ Note that the ```use_managed_disks``` option should be set to false until suppor
 ---
 driver:
   name: azurerm
-  subscription_id: 'abcdabcd-YOUR-GUID-HERE-abcdabcdabcd'
+  subscription_id: 'your-azure-subscription-id-here'
   azure_environment: 'AzureUSGovernment'
   location: 'US Gov Iowa'
   machine_size: 'Standard_D2_v2_Promo'
@@ -616,9 +644,9 @@ data:    Canonical  UbuntuServer  15.10-DAILY        15.10.201509220  westeurope
 info:    vm image list command OK
 ```
 
-### Additional parameters that can be specified
+### Additional parameters that can be specified in your `kitchen.yml` or added to your personal `kitchen.local.yml`
 
-* Note that the ```driver``` section can also takes a ```username``` and ```password```. The default username is "azure" and the password is a randomly generated 12 character password that can be found in your local kitchen state file (typically .kitchen/<instance-name>.yml) if you require it for any reason.
+* Note that the ```driver``` section can also take explicit values for ```username``` and ```password```. Otherwise, the default username is "azure" and the password is a randomly generated 24 character password that can be found in your local kitchen state file (typically `.kitchen/<instance-name>.yml`) if you require it for any reason.
 
 * The ```storage_account_type``` parameter defaults to 'Standard_LRS' and allows you to switch to premium storage (e.g. 'Premium_LRS')
 
@@ -626,6 +654,8 @@ info:    vm image list command OK
 
 * The optional ```vm_tags``` parameter allows you to define key:value pairs to tag VMs with on creation.
 
+* The optional ```plan``` parameter allows you to define plan information when creating VMs from Marketplace images. Please refer to [Deploy an image with Marketplace terms](https://aka.ms/azuremarketplaceapideployment) for more details. Not all Marketplace images support programmatic deployment, and support is controlled by the image publisher.
+
 * Managed disks are now enabled by default, to use the Storage account set ```use_managed_disks``` (default: true).
 
 * The ```image_url``` (unmanaged disks only) parameter can be used to specify a custom vhd (This VHD must be in the same storage account as the disks of the VM, therefore ```existing_storage_account_blob_url``` must also be set and ```use_managed_disks``` must be set to false)
@@ -640,10 +670,12 @@ info:    vm image list command OK
 
 * The ```azure_resource_group_prefix``` and ```azure_resource_group_suffix``` can be used to further disambiguate Azure resource group names created by the driver.
 
-* The ```explicit_resource_group_name``` and ```destroy_explicit_resource_group``` (default: "true") parameters can be used in scenarios where you are provided a pre-created Resource Group.  Example usage: ```explicit_resource_group_name: kitchen-<%= ENV["USERNAME"] %>```
+* The ```explicit_resource_group_name``` and ```destroy_explicit_resource_group``` (default: "true") parameters can be used in scenarios where you are provided a pre-created Resource Group. Example usage: ```explicit_resource_group_name: kitchen-<%= ENV["USERNAME"] %>```
 
 * The ```destroy_resource_group_contents``` (default: "false") parameter can be used when you want to destroy the resources within a resource group without destroying the resource group itself. For example, the following configuration options used in combination would use an existing resource group (or create one if it doesn't exist) and will destroy the contents of the resource group in the ```kitchen destroy``` phase.
 
+* The ```destroy_explicit_resource_group_tags``` (default: "true") parameter can be used when you want to remove tags associated with an explicit resource group. The default setting is set to `true` to remain consistent with previous behavior. This should be used in combination with an explicitly named resource group and will be honored during the ```kitchen destroy``` phase.
+
 ```yaml
 ---
 driver:
@@ -683,3 +715,25 @@ Contributions to the project are welcome via submitting Pull Requests.
 3. Commit your changes (`git commit -am 'Add some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)
 5. Create a new Pull Request
+
+## Author
+
+Stuart Preston
+
+## License and Copyright
+
+Copyright 2015-2020, Chef Software, Inc.
+
+```
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+```

data/lib/kitchen/driver/azure_credentials.rb

@@ -1,4 +1,5 @@
 require "inifile"
+require "kitchen/logging"
 
 module Kitchen
   module Driver
@@ -6,6 +7,8 @@ module Kitchen
     # AzureCredentials
     #
     class AzureCredentials
+      include Kitchen::Logging
+
       CONFIG_PATH = "#{ENV["HOME"]}/.azure/credentials".freeze
 
       #
@@ -24,12 +27,6 @@ module Kitchen
       def initialize(subscription_id:, environment: "Azure")
         @subscription_id = subscription_id
         @environment = environment
-        config_file = ENV["AZURE_CONFIG_FILE"] || File.expand_path(CONFIG_PATH)
-        if File.file?(config_file)
-          @credentials = IniFile.load(File.expand_path(config_file))
-        else
-          warn "#{CONFIG_PATH} was not found or not accessible."
-        end
       end
 
       #
@@ -38,33 +35,65 @@ module Kitchen
       # @return [Object] Object that can be supplied along with all Azure client requests.
       #
       def azure_options
-        options = { tenant_id: tenant_id,
-                    client_id: client_id,
-                    client_secret: client_secret,
+        options = { tenant_id: tenant_id!,
                     subscription_id: subscription_id,
                     credentials: ::MsRest::TokenCredentials.new(token_provider),
                     active_directory_settings: ad_settings,
                     base_url: endpoint_settings.resource_manager_endpoint_url }
-
+        options[:client_id] = client_id if client_id
+        options[:client_secret] = client_secret if client_secret
         options
       end
 
       private
 
+      def logger
+        Kitchen.logger
+      end
+
+      def config_path
+        @config_path ||= File.expand_path(ENV["AZURE_CONFIG_FILE"] || CONFIG_PATH)
+      end
+
+      def credentials
+        @credentials ||= begin
+          if File.file?(config_path)
+            IniFile.load(config_path)
+          else
+            warn "#{config_path} was not found or not accessible. Will attempt to use Managed Identity."
+            {}
+          end
+        end
+      end
+
+      def credentials_property(property)
+        credentials[subscription_id]&.[](property)
+      end
+
+      def tenant_id!
+        tenant_id || raise("Must provide tenant id. Use AZURE_TENANT_ID environment variable or set it in credentials file (#{config_path})")
+      end
+
       def tenant_id
-        ENV["AZURE_TENANT_ID"] || @credentials[subscription_id]["tenant_id"]
+        ENV["AZURE_TENANT_ID"] || credentials_property("tenant_id")
       end
 
       def client_id
-        ENV["AZURE_CLIENT_ID"] || @credentials[subscription_id]["client_id"]
+        ENV["AZURE_CLIENT_ID"] || credentials_property("client_id")
       end
 
       def client_secret
-        ENV["AZURE_CLIENT_SECRET"] || @credentials[subscription_id]["client_secret"]
+        ENV["AZURE_CLIENT_SECRET"] || credentials_property("client_secret")
       end
 
       def token_provider
-        ::MsRestAzure::ApplicationTokenProvider.new(tenant_id, client_id, client_secret, ad_settings)
+        if client_id && client_secret
+          ::MsRestAzure::ApplicationTokenProvider.new(tenant_id, client_id, client_secret, ad_settings)
+        elsif client_id
+          ::MsRestAzure::MSITokenProvider.new(50342, ad_settings, { client_id: client_id })
+        else
+          ::MsRestAzure::MSITokenProvider.new(50342, ad_settings)
+        end
       end
 
       #

data/lib/kitchen/driver/azurerm.rb

@@ -1,15 +1,15 @@
 require "kitchen"
 require_relative "azure_credentials"
-require "securerandom"
+require "securerandom" unless defined?(SecureRandom)
 require "azure_mgmt_resources"
 require "azure_mgmt_network"
-require "base64"
+require "base64" unless defined?(Base64)
 require "sshkey"
-require "fileutils"
-require "erb"
-require "ostruct"
-require "json"
-require "faraday"
+require "fileutils" unless defined?(FileUtils)
+require "erb" unless defined?(Erb)
+require "ostruct" unless defined?(OpenStruct)
+require "json" unless defined?(JSON)
+require "faraday" unless defined?(Faraday)
 
 module Kitchen
   module Driver
@@ -20,6 +20,8 @@ module Kitchen
       attr_accessor :resource_management_client
       attr_accessor :network_management_client
 
+      kitchen_driver_api_version 2
+
       default_config(:azure_resource_group_prefix) do |_config|
         "kitchen-"
       end
@@ -73,7 +75,7 @@ module Kitchen
       end
 
       default_config(:password) do |_config|
-        SecureRandom.base64(12)
+        SecureRandom.base64(25)
       end
 
       default_config(:vm_name) do |_config|
@@ -132,6 +134,10 @@ module Kitchen
         {}
       end
 
+      default_config(:plan) do |_config|
+        {}
+      end
+
       default_config(:vm_tags) do |_config|
         {}
       end
@@ -168,6 +174,10 @@ module Kitchen
         true
       end
 
+      default_config(:destroy_explicit_resource_group_tags) do |_config|
+        true
+      end
+
       default_config(:destroy_resource_group_contents) do |_config|
         false
       end
@@ -208,7 +218,7 @@ module Kitchen
           dnsNameForPublicIP: "kitchen-#{state[:uuid]}",
           vmName: state[:vm_name],
           systemAssignedIdentity: config[:system_assigned_identity],
-          userAssignedIdentities: config[:user_assigned_identities],
+          userAssignedIdentities: config[:user_assigned_identities].map { |identity| [identity, {}] }.to_h,
           secretUrl: config[:secret_url],
           vaultName: config[:vault_name],
           vaultResourceGroup: config[:vault_resource_group],
@@ -219,7 +229,7 @@ module Kitchen
         end
 
         if config[:subscription_id].to_s == ""
-          raise "A subscription_id config value was not detected and kitchen-azurerm cannot continue. Please check your .kitchen.yml configuration. Exiting."
+          raise "A subscription_id config value was not detected and kitchen-azurerm cannot continue. Please check your kitchen.yml configuration. Exiting."
         end
 
         if config[:nic_name].to_s == ""
@@ -271,12 +281,9 @@ module Kitchen
         @resource_management_client = ::Azure::Resources::Profiles::Latest::Mgmt::Client.new(options)
 
         # Create Resource Group
-        resource_group = ::Azure::Resources::Profiles::Latest::Mgmt::Models::ResourceGroup.new
-        resource_group.location = config[:location]
-        resource_group.tags = config[:resource_group_tags]
         begin
           info "Creating Resource Group: #{state[:azure_resource_group_name]}"
-          create_resource_group(state[:azure_resource_group_name], resource_group)
+          create_resource_group(state[:azure_resource_group_name], get_resource_group)
         rescue ::MsRestAzure::AzureOperationError => operation_error
           error operation_error.body
           raise operation_error
@@ -528,6 +535,35 @@ module Kitchen
             info "Creating deployment: #{empty_deployment_name}"
             create_deployment_async(state[:azure_resource_group_name], empty_deployment_name, empty_deployment).value!
             follow_deployment_until_end_state(state[:azure_resource_group_name], empty_deployment_name)
+
+            # Maintain tags on the resource group
+            if config[:destroy_explicit_resource_group_tags] == false
+              warn 'The "destroy_explicit_resource_group_tags" setting value is set to "false". The tags on the resource group will NOT be removed.'
+              # NOTE: We are using the internal wrapper function create_resource_group() which wraps the API
+              # method of create_or_update().
+              begin
+                create_resource_group(state[:azure_resource_group_name], get_resource_group)
+              rescue ::MsRestAzure::AzureOperationError => operation_error
+                error operation_error.body
+                raise operation_error
+              end
+            end
+
+            # Corner case where we want to use kitchen to remove the tags
+            if config[:destroy_explicit_resource_group_tags] == true
+              warn 'The "destroy_explicit_resource_group_tags" setting value is set to "true". The tags on the resource group will be removed.'
+              # NOTE: We are using the internal wrapper function create_resource_group() which wraps the API
+              # method of create_or_update().
+              resource_group = get_resource_group
+              resource_group.tags = {}
+              begin
+                create_resource_group(state[:azure_resource_group_name], resource_group)
+              rescue ::MsRestAzure::AzureOperationError => operation_error
+                error operation_error.body
+                raise operation_error
+              end
+            end
+
           rescue ::MsRestAzure::AzureOperationError => operation_error
             error operation_error.body
             raise operation_error
@@ -643,13 +679,25 @@ module Kitchen
 
       def virtual_machine_deployment_template
         if config[:vnet_id] == ""
-          virtual_machine_deployment_template_file("public.erb", vm_tags: vm_tag_string(config[:vm_tags]), use_managed_disks: config[:use_managed_disks], image_url: config[:image_url], existing_storage_account_blob_url: config[:existing_storage_account_blob_url], image_id: config[:image_id], existing_storage_account_container: config[:existing_storage_account_container], custom_data: config[:custom_data], os_disk_size_gb: config[:os_disk_size_gb], data_disks_for_vm_json: data_disks_for_vm_json, use_ephemeral_osdisk: config[:use_ephemeral_osdisk], ssh_key: instance.transport[:ssh_key])
+          virtual_machine_deployment_template_file("public.erb", vm_tags: vm_tag_string(config[:vm_tags]), use_managed_disks: config[:use_managed_disks], image_url: config[:image_url], existing_storage_account_blob_url: config[:existing_storage_account_blob_url], image_id: config[:image_id], existing_storage_account_container: config[:existing_storage_account_container], custom_data: config[:custom_data], os_disk_size_gb: config[:os_disk_size_gb], data_disks_for_vm_json: data_disks_for_vm_json, use_ephemeral_osdisk: config[:use_ephemeral_osdisk], ssh_key: instance.transport[:ssh_key], plan_json: plan_json)
         else
           info "Using custom vnet: #{config[:vnet_id]}"
-          virtual_machine_deployment_template_file("internal.erb", vnet_id: config[:vnet_id], subnet_id: config[:subnet_id], public_ip: config[:public_ip], vm_tags: vm_tag_string(config[:vm_tags]), use_managed_disks: config[:use_managed_disks], image_url: config[:image_url], existing_storage_account_blob_url: config[:existing_storage_account_blob_url], image_id: config[:image_id], existing_storage_account_container: config[:existing_storage_account_container], custom_data: config[:custom_data], os_disk_size_gb: config[:os_disk_size_gb], data_disks_for_vm_json: data_disks_for_vm_json, use_ephemeral_osdisk: config[:use_ephemeral_osdisk], ssh_key: instance.transport[:ssh_key])
+          virtual_machine_deployment_template_file("internal.erb", vnet_id: config[:vnet_id], subnet_id: config[:subnet_id], public_ip: config[:public_ip], vm_tags: vm_tag_string(config[:vm_tags]), use_managed_disks: config[:use_managed_disks], image_url: config[:image_url], existing_storage_account_blob_url: config[:existing_storage_account_blob_url], image_id: config[:image_id], existing_storage_account_container: config[:existing_storage_account_container], custom_data: config[:custom_data], os_disk_size_gb: config[:os_disk_size_gb], data_disks_for_vm_json: data_disks_for_vm_json, use_ephemeral_osdisk: config[:use_ephemeral_osdisk], ssh_key: instance.transport[:ssh_key], plan_json: plan_json)
         end
       end
 
+      def plan_json
+        return nil if config[:plan].empty?
+
+        plan = {}
+        plan["name"] = config[:plan][:name]                    if config[:plan][:name]
+        plan["product"] = config[:plan][:product]              if config[:plan][:product]
+        plan["promotionCode"] = config[:plan][:promotion_code] if config[:plan][:promotion_code]
+        plan["publisher"] = config[:plan][:publisher]          if config[:plan][:publisher]
+
+        plan.to_json
+      end
+
       def virtual_machine_deployment_template_file(template_file, data = {})
         template = File.read(File.expand_path(File.join(__dir__, "../../../templates", template_file)))
         render_binding = OpenStruct.new(data)
@@ -688,6 +736,16 @@ module Kitchen
       # Wrapper methods for the Azure API calls to retry the calls when getting timeouts.
       #
 
+      # Create a new resource group object and set the location and tags attributes then return it.
+      #
+      # @return [::Azure::Resources::Profiles::Latest::Mgmt::Models::ResourceGroup] A new resource group object.
+      def get_resource_group
+        resource_group = ::Azure::Resources::Profiles::Latest::Mgmt::Models::ResourceGroup.new
+        resource_group.location = config[:location]
+        resource_group.tags = config[:resource_group_tags]
+        resource_group
+      end
+
       def create_resource_group(resource_group_name, resource_group)
         retries = config[:azure_api_retries]
         begin

data/templates/internal.erb

@@ -178,10 +178,10 @@
             }
         },
         "userAssignedIdentities": {
-            "type": "array",
-            "defaultValue": [],
+            "type": "object",
+            "defaultValue": {},
             "metadata": {
-                "description": "A list of resource IDs for user identities to associate with the Virtual Machine, or empty to disable user assigned identities."
+                "description": "An object whose keys are resource IDs for user identities to associate with the Virtual Machine and whose values are empty objects, or empty to disable user assigned identities."
             }
         },
         "bootDiagnosticsEnabled": {
@@ -410,9 +410,12 @@
                     <%- end -%>
                 }
             },
+            <%- unless plan_json.nil? -%>
+            "plan": <%= plan_json %>,
+            <%- end -%>
             "identity": {
                 "type": "[variables('vmIdentityType')]",
-                "identityIds": "[if(empty(parameters('userAssignedIdentities')), json('null'), parameters('userAssignedIdentities'))]"
+                "userAssignedIdentities": "[if(empty(parameters('userAssignedIdentities')), json('null'), parameters('userAssignedIdentities'))]"
             },
             "tags": {
                 <%= vm_tags unless vm_tags.empty? %>

data/templates/public.erb

@@ -178,10 +178,10 @@
             }
         },
         "userAssignedIdentities": {
-            "type": "array",
-            "defaultValue": [],
+            "type": "object",
+            "defaultValue": {},
             "metadata": {
-                "description": "A list of resource IDs for user identities to associate with the Virtual Machine, or empty to disable user assigned identities."
+                "description": "An object whose keys are resource IDs for user identities to associate with the Virtual Machine and whose values are empty objects, or empty to disable user assigned identities."
             }
         },
         "bootDiagnosticsEnabled": {
@@ -429,9 +429,12 @@
                     <%- end -%>
                 }
             },
+            <%- unless plan_json.nil? -%>
+            "plan": <%= plan_json %>,
+            <%- end -%>
             "identity": {
                 "type": "[variables('vmIdentityType')]",
-                "identityIds": "[if(empty(parameters('userAssignedIdentities')), json('null'), parameters('userAssignedIdentities'))]"
+                "userAssignedIdentities": "[if(empty(parameters('userAssignedIdentities')), json('null'), parameters('userAssignedIdentities'))]"
             },
             "tags": {
                 <%= vm_tags unless vm_tags.empty? %>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kitchen-azurerm
 version: !ruby/object:Gem::Version
-  version: 0.15.2
+  version: 1.2.0
 platform: ruby
 authors:
 - Stuart Preston
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-23 00:00:00.000000000 Z
+date: 2020-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: azure_mgmt_network
@@ -91,19 +91,25 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3'
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: test-kitchen
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
+        version: '1.20'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.20'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -122,16 +128,72 @@ dependencies:
   name: chefstyle
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.2.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.2.1
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: rspec-mocks
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: rspec-expectations
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.0
 description: Test Kitchen driver for the Microsoft Azure Resource Manager (ARM) API
 email:
 - stuart@chef.io
@@ -150,7 +212,7 @@ homepage: https://github.com/test-kitchen/kitchen-azurerm
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -166,7 +228,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.1.2
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Test Kitchen driver for Azure Resource Manager.
 test_files: []