kitchen-azurerm 1.3.0 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8f2cefad48dc76f5e168f8409b8ea3e002d07312c8684a719084ffdf1b833550
-  data.tar.gz: 7234c182b57734cd042faaa857a0779aee6bab34aa409f4d9a3b0a7918ef85e5
+  metadata.gz: 51b127c1a7e5d1c197dde573ce77d5e9900fe2297d12e5d8cbcd4d6d1e328ccc
+  data.tar.gz: d59c1a55f910f415a271a4818a8879a16e06dff3192d3d3a64d5ce1c32313e6c
 SHA512:
-  metadata.gz: ea881a871e778781d39573ced02fb2a03ba1bd4c207bddd01ec6e527d85c7efa5d7a1ef378a282216fe14f90831aa284237b2e3bc9bceb6b28f2fb1dc0aa1db5
-  data.tar.gz: c82d8dabb76c54a73b0e0f444a367001a631bd8f2e28d0108fa17e918827e6a8d83463e1170e72c5b6100acc6ea87fa9fc4d4ab44b98842d810c78cc3bac4fab
+  metadata.gz: 1e21e9a0cce3a113f9d6fd9206a9272282eb1d54c637e2c9f5b629a42ccbf144889355d18db7127a7693e088d8056005139cdf142e3232ed70870c72b23db3f0
+  data.tar.gz: '0690d8abddf2c745c7631e463e7479299a0e1e8a83af57caca797e8555a840bc0559c383d7d703b35c7bb7ec4c65b7556a15e95cf2b4582c153f8e45d0dd97e9'

data/README.md

@@ -670,11 +670,11 @@ info:    vm image list command OK
 
 * The ```azure_resource_group_prefix``` and ```azure_resource_group_suffix``` can be used to further disambiguate Azure resource group names created by the driver.
 
-* The ```explicit_resource_group_name``` and ```destroy_explicit_resource_group``` (default: "true") parameters can be used in scenarios where you are provided a pre-created Resource Group. Example usage: ```explicit_resource_group_name: kitchen-<%= ENV["USERNAME"] %>```
+* The ```explicit_resource_group_name``` and ```destroy_explicit_resource_group``` (default: "true") parameters can be used in scenarios where you are provided a pre-created Resource Group. Example usage: ```explicit_resource_group_name: kitchen-<%= ENV["USERNAME"] %>```. The ```destroy_explicit_resource_group``` option can now be used after using the ```destroy_resource_group_contents``` option creates an empty resource group to destroy the resource group previously created.
 
-* The ```destroy_resource_group_contents``` (default: "false") parameter can be used when you want to destroy the resources within a resource group without destroying the resource group itself. For example, the following configuration options used in combination would use an existing resource group (or create one if it doesn't exist) and will destroy the contents of the resource group in the ```kitchen destroy``` phase.
+* The ```destroy_resource_group_contents``` (default: "false") parameter can be used when you want to destroy the resources within a resource group without destroying the resource group itself. For example, the following configuration options used in combination would use an existing resource group (or create one if it doesn't exist) and will destroy the contents of the resource group in the ```kitchen destroy``` phase. If you wish to destroy the empty resource group created after you empty the resource group with this flag you can now set the ```destroy_explicit_resource_group``` to "true" to destroy the empty resource group. 
 
-* The ```destroy_explicit_resource_group_tags``` (default: "true") parameter can be used when you want to remove tags associated with an explicit resource group. The default setting is set to `true` to remain consistent with previous behavior. This should be used in combination with an explicitly named resource group and will be honored during the ```kitchen destroy``` phase.
+* The ```destroy_explicit_resource_group_tags``` (default: "true") parameter can be used when you want to remove tags associated with an explicit resource group. The default setting is set to "true" to remain consistent with previous behavior. This should be used in combination with an ```explicit_resource_group_name``` and will be honored during the ```kitchen destroy``` phase.
 
 ```yaml
 ---
@@ -688,6 +688,8 @@ driver:
 
 * The ```secret_url```, ```vault_name```, and ```vault_resource_group``` parameters can be used to deploy VM with specified key vault certificate.
 
+* The ```use_fqdn_hostname``` (default: "false") parameter can be used to determine how kitchen communicates with the Virtual Machine. When true, Kitchen will use the FQDN that is assigned to the Virtual Machine. When false, kitchen will use the public IP address of the machine. This may overcome issues with Corporate firewalls or VPNs blocking Public IP addresses.
+
 ## Enabling alternative WinRM configurations
 
 * By default on Windows machines, a PowerShell script runs that enables WinRM over the SSL transport, for Basic, Negotiate and CredSSP connections. To supply your own PowerShell script (e.g. to enable HTTP), use the `winrm_powershell_script` parameter. Windows 2008 R2 example:

data/lib/kitchen/driver/azure_credentials.rb

@@ -1,5 +1,6 @@
 require "inifile"
 require "kitchen/logging"
+autoload :MsRest, "ms_rest"
 
 module Kitchen
   module Driver
@@ -60,7 +61,7 @@ module Kitchen
           if File.file?(config_path)
             IniFile.load(config_path)
           else
-            warn "#{config_path} was not found or not accessible. Will attempt to use Managed Identity."
+            warn "#{config_path} was not found or not accessible."
             {}
           end
         end
@@ -71,7 +72,7 @@ module Kitchen
       end
 
       def tenant_id!
-        tenant_id || raise("Must provide tenant id. Use AZURE_TENANT_ID environment variable or set it in credentials file (#{config_path})")
+        tenant_id || warn("(#{config_path}) does not contain tenant_id neither is the AZURE_TENANT_ID environment variable set.")
       end
 
       def tenant_id
@@ -86,13 +87,37 @@ module Kitchen
         ENV["AZURE_CLIENT_SECRET"] || credentials_property("client_secret")
       end
 
+      # Retrieve a token based upon the preferred authentication method.
+      #
+      # @return [::MsRest::TokenProvider] A new token provider object.
       def token_provider
-        if client_id && client_secret
+        # Login with a credentials file or setting the environment variables
+        #
+        # Typically used with a service principal.
+        #
+        # SPN with client_id, client_secret and tenant_id
+        if client_id && client_secret && tenant_id
           ::MsRestAzure::ApplicationTokenProvider.new(tenant_id, client_id, client_secret, ad_settings)
-        elsif client_id
+        # Login with a Managed Service Identity.
+        #
+        # Typically used with a Managed Service Identity when you have a particular object registered in a tenant.
+        #
+        # MSI with client_id and tenant_id (aka User Assigned Identity).
+        elsif client_id && tenant_id
           ::MsRestAzure::MSITokenProvider.new(50342, ad_settings, { client_id: client_id })
-        else
+        # Default approach to inheriting existing object permissions (application or device this code is running on).
+        #
+        # Typically used when you want to inherit the permissions of the system you're running on that are in a tenant.
+        #
+        # MSI with just tenant_id (aka System Assigned Identity).
+        elsif tenant_id
           ::MsRestAzure::MSITokenProvider.new(50342, ad_settings)
+        # Login using the Azure CLI
+        #
+        # Typically used when you want to rely upon `az login` as your preferred authentication method.
+        else
+          warn("Using tenant id set through `az login`.")
+          ::MsRestAzure::AzureCliTokenProvider.new(ad_settings)
         end
       end
 

data/lib/kitchen/driver/azurerm.rb

@@ -1,4 +1,6 @@
 require "kitchen"
+
+autoload :MsRestAzure, "ms_rest_azure"
 require_relative "azure_credentials"
 require "securerandom" unless defined?(SecureRandom)
 module Azure
@@ -17,7 +19,9 @@ module Kitchen
   module Driver
     #
     # Azurerm
+    # Create a new resource group object and set the location and tags attributes then return it.
     #
+    # @return [::Azure::Resources::Profiles::Latest::Mgmt::Models::ResourceGroup] A new resource group object.
     class Azurerm < Kitchen::Driver::Base
       attr_accessor :resource_management_client
       attr_accessor :network_management_client
@@ -208,6 +212,10 @@ module Kitchen
         5
       end
 
+      default_config(:use_fqdn_hostname) do |_config|
+        false
+      end
+
       def create(state)
         state = validate_state(state)
         deployment_parameters = {
@@ -216,7 +224,7 @@ module Kitchen
           storageAccountType: config[:storage_account_type],
           bootDiagnosticsEnabled: config[:boot_diagnostics_enabled],
           newStorageAccountName: "storage#{state[:uuid]}",
-          adminUsername: state[:username],
+          adminUsername: config[:username],
           dnsNameForPublicIP: "kitchen-#{state[:uuid]}",
           vmName: state[:vm_name],
           systemAssignedIdentity: config[:system_assigned_identity],
@@ -227,7 +235,7 @@ module Kitchen
         }
 
         if instance.transport[:ssh_key].nil?
-          deployment_parameters["adminPassword"] = state[:password]
+          deployment_parameters[:adminPassword] = config[:password]
         end
 
         if config[:subscription_id].to_s == ""
@@ -303,6 +311,9 @@ module Kitchen
           info "Creating deployment: #{deployment_name}"
           create_deployment_async(state[:azure_resource_group_name], deployment_name, deployment(deployment_parameters)).value!
           follow_deployment_until_end_state(state[:azure_resource_group_name], deployment_name)
+          state[:username] = deployment_parameters[:adminUsername] unless existing_state_value?(state, :username)
+          state[:password] = deployment_parameters[:adminPassword] unless existing_state_value?(state, :password) && instance.transport[:ssh_key].nil?
+
           if File.file?(config[:post_deployment_template])
             post_deployment_name = "post-deploy-#{state[:uuid]}"
             info "Creating deployment: #{post_deployment_name}"
@@ -328,6 +339,10 @@ module Kitchen
           result = get_public_ip(state[:azure_resource_group_name], "publicip")
           info "IP Address is: #{result.ip_address} [#{result.dns_settings.fqdn}]"
           state[:hostname] = result.ip_address
+          if config[:use_fqdn_hostname]
+            info "Using FQDN to communicate instead of IP"
+            state[:hostname] = result.dns_settings.fqdn
+          end
         else
           # Retrieve the internal IP from the resource group:
           result = get_network_interface(state[:azure_resource_group_name], vmnic.to_s)
@@ -336,15 +351,24 @@ module Kitchen
         end
       end
 
+      # Return a True of False if the state is already stored for a particular property.
+      #
+      # @param [Hash] Hash of existing state values.
+      # @param [String] A property to check
+      # @return [Boolean]
       def existing_state_value?(state, property)
         state.key?(property) && !state[property].nil?
       end
 
+      # Leverage existing state values or bring state into existence from a configuration file.
+      #
+      # @param [Hash] Existing Hash of state values.
+      # @return [Hash] Updated Hash of state values.
       def validate_state(state = {})
         state[:uuid] = SecureRandom.hex(8) unless existing_state_value?(state, :uuid)
         state[:server_id] = "vm#{state[:uuid]}" unless existing_state_value?(state, :server_id)
         state[:azure_resource_group_name] = azure_resource_group_name unless existing_state_value?(state, :azure_resource_group_name)
-        %i{subscription_id username password vm_name azure_environment use_managed_disks}.each do |config_element|
+        %i{subscription_id vm_name azure_environment use_managed_disks}.each do |config_element|
           state[config_element] = config[config_element] unless existing_state_value?(state, config_element)
         end
         state.delete(:password) unless instance.transport[:ssh_key].nil?
@@ -525,11 +549,38 @@ module Kitchen
       end
 
       def destroy(state)
-        return if state[:server_id].nil?
+        # TODO: We have some not so fun state issues we need to clean up
+        state[:azure_environment] = config[:azure_environment] unless state[:azure_environment]
+        state[:subscription_id] = config[:subscription_id] unless state[:subscription_id]
 
+        # Setup our authentication components for the SDK
         options = Kitchen::Driver::AzureCredentials.new(subscription_id: state[:subscription_id],
-                                                        environment: state[:azure_environment]).azure_options
+          environment: state[:azure_environment]).azure_options
         @resource_management_client = ::Azure::Resources::Profiles::Latest::Mgmt::Client.new(options)
+
+        # If we don't have any instances, let's check to see if the user wants to delete a resource group and if so let's delete!
+        if state[:server_id].nil? && state[:azure_resource_group_name].nil? && !config[:explicit_resource_group_name].nil? && config[:destroy_explicit_resource_group]
+          if resource_group_exists?(config[:explicit_resource_group_name])
+            info "This instance doesn't exist but you asked to delete the resource group."
+            begin
+              info "Destroying Resource Group: #{config[:explicit_resource_group_name]}"
+              delete_resource_group_async(config[:explicit_resource_group_name])
+              info "Destroy operation accepted and will continue in the background."
+              return
+            rescue ::MsRestAzure::AzureOperationError => operation_error
+              error operation_error.body
+              raise operation_error
+            end
+          end
+        end
+
+        # Our working environment
+        info "Azure environment: #{state[:azure_environment]}"
+
+        # Skip if we don't have any instances
+        return if state[:server_id].nil?
+
+        # Destroy resource group contents
         if config[:destroy_resource_group_contents] == true
           info "Destroying individual resources within the Resource Group."
           empty_deployment_name = "empty-deploy-#{state[:uuid]}"
@@ -538,32 +589,20 @@ module Kitchen
             create_deployment_async(state[:azure_resource_group_name], empty_deployment_name, empty_deployment).value!
             follow_deployment_until_end_state(state[:azure_resource_group_name], empty_deployment_name)
 
-            # Maintain tags on the resource group
-            if config[:destroy_explicit_resource_group_tags] == false
-              warn 'The "destroy_explicit_resource_group_tags" setting value is set to "false". The tags on the resource group will NOT be removed.'
-              # NOTE: We are using the internal wrapper function create_resource_group() which wraps the API
-              # method of create_or_update().
-              begin
-                create_resource_group(state[:azure_resource_group_name], get_resource_group)
-              rescue ::MsRestAzure::AzureOperationError => operation_error
-                error operation_error.body
-                raise operation_error
-              end
-            end
-
-            # Corner case where we want to use kitchen to remove the tags
-            if config[:destroy_explicit_resource_group_tags] == true
-              warn 'The "destroy_explicit_resource_group_tags" setting value is set to "true". The tags on the resource group will be removed.'
-              # NOTE: We are using the internal wrapper function create_resource_group() which wraps the API
-              # method of create_or_update().
+            # NOTE: We are using the internal wrapper function create_resource_group() which wraps the API
+            # method of create_or_update()
+            begin
+              # Maintain tags on the resource group
+              create_resource_group(state[:azure_resource_group_name], get_resource_group) unless config[:destroy_explicit_resource_group_tags] == true
+              warn 'The "destroy_explicit_resource_group_tags" setting value is set to "false". The tags on the resource group will NOT be removed.' unless config[:destroy_explicit_resource_group_tags] == true
+              # Corner case where we want to use kitchen to remove the tags
               resource_group = get_resource_group
               resource_group.tags = {}
-              begin
-                create_resource_group(state[:azure_resource_group_name], resource_group)
-              rescue ::MsRestAzure::AzureOperationError => operation_error
-                error operation_error.body
-                raise operation_error
-              end
+              create_resource_group(state[:azure_resource_group_name], resource_group) unless config[:destroy_explicit_resource_group_tags] == false
+              warn 'The "destroy_explicit_resource_group_tags" setting value is set to "true". The tags on the resource group will be removed.' unless config[:destroy_explicit_resource_group_tags] == false
+            rescue ::MsRestAzure::AzureOperationError => operation_error
+              error operation_error.body
+              raise operation_error
             end
 
           rescue ::MsRestAzure::AzureOperationError => operation_error
@@ -571,20 +610,27 @@ module Kitchen
             raise operation_error
           end
         end
+
+        # Do not remove the explicitly named resource group
         if config[:destroy_explicit_resource_group] == false && !config[:explicit_resource_group_name].nil?
           warn 'The "destroy_explicit_resource_group" setting value is set to "false". The resource group will not be deleted.'
           warn 'Remember to manually destroy resources, or set "destroy_resource_group_contents: true" to save costs!' unless config[:destroy_resource_group_contents] == true
-          return
+          return state
         end
-        info "Azure environment: #{state[:azure_environment]}"
+
+        # Destroy the world
         begin
           info "Destroying Resource Group: #{state[:azure_resource_group_name]}"
           delete_resource_group_async(state[:azure_resource_group_name])
           info "Destroy operation accepted and will continue in the background."
+          # Remove resource group name from driver state
+          state.delete(:azure_resource_group_name)
         rescue ::MsRestAzure::AzureOperationError => operation_error
           error operation_error.body
           raise operation_error
         end
+
+        # Clear state of components
         state.delete(:server_id)
         state.delete(:hostname)
         state.delete(:username)
@@ -748,6 +794,26 @@ module Kitchen
         resource_group
       end
 
+      # Checks whether a resource group exists.
+      #
+      # @param resource_group_name [String] The name of the resource group to check.
+      # The name is case insensitive.
+      #
+      # @return [Boolean] operation results.
+      #
+      def resource_group_exists?(resource_group_name)
+        retries = config[:azure_api_retries]
+        begin
+          resource_management_client.resource_groups.check_existence(resource_group_name)
+        rescue Faraday::TimeoutError, Faraday::ClientError => exception
+          send_exception_message(exception, "while checking if resource group '#{resource_group_name}' exists. #{retries} retries left.")
+          raise if retries == 0
+
+          retries -= 1
+          retry
+        end
+      end
+
       def create_resource_group(resource_group_name, resource_group)
         retries = config[:azure_api_retries]
         begin

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kitchen-azurerm
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.4.0
 platform: ruby
 authors:
 - Stuart Preston
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-09 00:00:00.000000000 Z
+date: 2020-09-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: azure_mgmt_network
@@ -130,14 +130,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.2.1
+        version: 1.4.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.2.1
+        version: 1.4.2
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement