kitchen-azurerm 0.14.9 → 0.15.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +94 -32
- data/lib/kitchen/driver/azurerm.rb +38 -2
- data/lib/kitchen/driver/credentials.rb +1 -1
- data/templates/internal.erb +45 -7
- data/templates/public.erb +39 -1
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fd5dbf8c2745c4d63c0d9d415fc93e21f6b7a38f39777447294b9d950da7e64f
|
4
|
+
data.tar.gz: 5c634c00d91ef4e4c6e0700dfe6bf8e6b7f24c853a2f0b04dee901572c51794f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 928c18ee6b38babb9db4e88cb83d15c6da7873bb7ef80e3d5a8e51ad4e5a10bf0f174601c23fea8de6628dc72940e224db43159db9805b97d7d6b1505d3a93fd
|
7
|
+
data.tar.gz: dc530ebb8aee8c00a96cd0855c5fe26393ac77082b9eddaef779b1a7cd43b4c4af29b2641ac55338353f182b7d3a351e0b6ba65053c5a2dba671aaf5b625c75c
|
data/README.md
CHANGED
@@ -83,11 +83,12 @@ suites:
|
|
83
83
|
```
|
84
84
|
|
85
85
|
### Concurrent execution
|
86
|
+
|
86
87
|
Concurrent execution of create/converge/destroy is supported via the --concurrency parameter. Each machine is created in it's own Azure Resource Group so has no shared lifecycle with the other machines in the test run. To take advantage of parallel execution use the following command:
|
87
88
|
|
88
89
|
```kitchen test --concurrency <n>```
|
89
90
|
|
90
|
-
Where
|
91
|
+
Where n is the number of threads to create. Note that any failure (e.g. an AzureOperationError) will cause the whole test to fail, though resources already in creation will continue to be created.
|
91
92
|
|
92
93
|
### .kitchen.yml example 2 - Windows
|
93
94
|
|
@@ -137,7 +138,7 @@ driver:
|
|
137
138
|
location: 'West Europe'
|
138
139
|
machine_size: 'Standard_D1'
|
139
140
|
pre_deployment_template: predeploy.json
|
140
|
-
pre_deployment_parameters:
|
141
|
+
pre_deployment_parameters:
|
141
142
|
test_parameter: 'This is a test.'
|
142
143
|
|
143
144
|
transport:
|
@@ -171,7 +172,7 @@ Example predeploy.json:
|
|
171
172
|
}
|
172
173
|
},
|
173
174
|
"variables": {
|
174
|
-
|
175
|
+
|
175
176
|
},
|
176
177
|
"resources": [
|
177
178
|
{
|
@@ -202,7 +203,6 @@ You can use this capability to create the VM on an existing virtual network and
|
|
202
203
|
|
203
204
|
In this case, the public IP address is not used unless ```public_ip``` is set to ```true```
|
204
205
|
|
205
|
-
|
206
206
|
```yaml
|
207
207
|
---
|
208
208
|
driver:
|
@@ -233,7 +233,7 @@ suites:
|
|
233
233
|
|
234
234
|
### .kitchen.yml example 5 - deploy VM to existing virtual network/subnet (use for ExpressRoute/VPN scenarios) with Private Managed Image
|
235
235
|
|
236
|
-
This example is the same as above, but uses a private managed image to provision the vm.
|
236
|
+
This example is the same as above, but uses a private managed image to provision the vm.
|
237
237
|
|
238
238
|
Note: The image must be available first. On deletion the disk and everything is removed.
|
239
239
|
|
@@ -258,7 +258,6 @@ platforms:
|
|
258
258
|
vnet_id: /subscriptions/b6e7eee9-YOUR-GUID-HERE-03ab624df016/resourceGroups/pendrica-infrastructure/providers/Microsoft.Network/virtualNetworks/pendrica-arm-vnet
|
259
259
|
subnet_id: subnet-10.1.0
|
260
260
|
use_managed_disk: true
|
261
|
-
|
262
261
|
|
263
262
|
suites:
|
264
263
|
- name: default
|
@@ -269,17 +268,16 @@ suites:
|
|
269
268
|
|
270
269
|
### .kitchen.yml example 6 - deploy VM to existing virtual network/subnet (use for ExpressRoute/VPN scenarios) with Private Classic OS Image
|
271
270
|
|
272
|
-
This example a classic Custom VM Image (aka a VHD file) is used. As the Image VHD must be in the same storage account then the disk of the instance, the os disk is created in an existing image account.
|
271
|
+
This example a classic Custom VM Image (aka a VHD file) is used. As the Image VHD must be in the same storage account then the disk of the instance, the os disk is created in an existing image account.
|
273
272
|
|
274
273
|
Note: When the resource group ís deleted, the os disk is left in the extsing storage account blob. You must cleanup manually.
|
275
274
|
|
276
|
-
This example will:
|
275
|
+
This example will:
|
277
276
|
|
278
|
-
* use the customized image https://yourstorageaccount.blob.core.windows.net/system/Microsoft.Compute/Images/images/Cent7_P4-osDisk.170dd1b7-7dc3-4496-b248-f47c49f63965.vhd (can be built with packer)
|
279
|
-
* set the disk url of the vm to https://yourstorageaccount.blob.core.windows.net/vhds/osdisk-kitchen-XXXXX.vhd
|
277
|
+
* use the customized image <https://yourstorageaccount.blob.core.windows.net/system/Microsoft.Compute/Images/images/Cent7_P4-osDisk.170dd1b7-7dc3-4496-b248-f47c49f63965.vhd> (can be built with packer)
|
278
|
+
* set the disk url of the vm to <https://yourstorageaccount.blob.core.windows.net/vhds/osdisk-kitchen-XXXXX.vhd>
|
280
279
|
* set the os type to linux
|
281
280
|
|
282
|
-
|
283
281
|
```yaml
|
284
282
|
---
|
285
283
|
driver:
|
@@ -317,7 +315,6 @@ This is the same as above, but uses custom data to customize the instance.
|
|
317
315
|
|
318
316
|
Note: Custom data can be custom data or a file to custom data. Please also note that if you use winrm communication to non-nano windows servers custom data is not supported, as winrm is enabled via custom data.
|
319
317
|
|
320
|
-
|
321
318
|
```yaml
|
322
319
|
---
|
323
320
|
driver:
|
@@ -357,7 +354,7 @@ suites:
|
|
357
354
|
attributes:
|
358
355
|
```
|
359
356
|
|
360
|
-
### .kitchen.yml example 8 - Windows 2016 VM with additional data disks
|
357
|
+
### .kitchen.yml example 8 - Windows 2016 VM with additional data disks
|
361
358
|
|
362
359
|
This example demonstrates how to add 3 additional Managed data disks to a Windows Server 2016 VM. Not supported with legacy (pre-managed disk) storage accounts.
|
363
360
|
|
@@ -410,7 +407,7 @@ driver:
|
|
410
407
|
location: 'West Europe'
|
411
408
|
machine_size: 'Standard_D1'
|
412
409
|
post_deployment_template: postdeploy.json
|
413
|
-
post_deployment_parameters:
|
410
|
+
post_deployment_parameters:
|
414
411
|
test_parameter: 'This is a test.'
|
415
412
|
|
416
413
|
transport:
|
@@ -516,6 +513,36 @@ suites:
|
|
516
513
|
attributes:
|
517
514
|
```
|
518
515
|
|
516
|
+
### .kitchen.yml example 11 - deploy VM with key vault certificate
|
517
|
+
|
518
|
+
This following example introduces ```secret_url```, ```vault_name```, and ```vault_resource_group``` properties under "driver" in the configuration file. You can use this capability to create a VM with a specified key vault certificate.
|
519
|
+
|
520
|
+
```yaml
|
521
|
+
---
|
522
|
+
driver:
|
523
|
+
name: azurerm
|
524
|
+
subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
|
525
|
+
location: 'CentralUS'
|
526
|
+
machine_size: 'Standard_D2s_v3'
|
527
|
+
secret_url: 'https://YOUR-SECRET-PATH'
|
528
|
+
vault_name: 'YOUR-VAULT-NAME'
|
529
|
+
vault_group_name: 'YOUR-VAULT-GROUP-NAME'
|
530
|
+
transport:
|
531
|
+
name: winrm
|
532
|
+
elevated: true
|
533
|
+
provisioner:
|
534
|
+
name: chef_zero
|
535
|
+
platforms:
|
536
|
+
- name: win2012R2-sql2016
|
537
|
+
driver:
|
538
|
+
image_urn: MicrosoftSQLServer:SQL2016SP2-WS2012R2:SQLDEV:latest
|
539
|
+
|
540
|
+
suites:
|
541
|
+
- name: default
|
542
|
+
run_list:
|
543
|
+
- recipe[kitchentesting::default]
|
544
|
+
attributes:
|
545
|
+
```
|
519
546
|
|
520
547
|
## Support for Government and Sovereign Clouds (China and Germany)
|
521
548
|
|
@@ -555,6 +582,7 @@ suites:
|
|
555
582
|
```
|
556
583
|
|
557
584
|
### How to retrieve the image_urn
|
585
|
+
|
558
586
|
You can use the azure (azure-cli) command line tools to interrogate for the Urn. All 4 parts of the Urn must be specified, though the last part can be changed to "latest" to indicate you always wish to provision the latest operating system and patches.
|
559
587
|
|
560
588
|
```$ azure vm image list "West Europe" Canonical UbuntuServer```
|
@@ -562,7 +590,7 @@ You can use the azure (azure-cli) command line tools to interrogate for the Urn.
|
|
562
590
|
This will return a list like the following, from which you can derive the Urn.
|
563
591
|
*this list has been shortened for readability*
|
564
592
|
|
565
|
-
```
|
593
|
+
```bash
|
566
594
|
data: Publisher Offer Sku Version Location Urn
|
567
595
|
data: --------- ------------ ----------------- --------------- ---------- --------------------------------------------------------
|
568
596
|
data: Canonical UbuntuServer 12.04.5-LTS 12.04.201507301 westeurope Canonical:UbuntuServer:12.04.5-LTS:12.04.201507301
|
@@ -588,23 +616,35 @@ data: Canonical UbuntuServer 15.10-DAILY 15.10.201509220 westeurope
|
|
588
616
|
info: vm image list command OK
|
589
617
|
```
|
590
618
|
|
591
|
-
### Additional parameters that can be specified
|
592
|
-
- Note that the ```driver``` section also takes a ```username``` and ```password``` parameter, the defaults if these are not specified are "azure" and "P2ssw0rd" respectively.
|
593
|
-
- The ```storage_account_type``` parameter defaults to 'Standard_LRS' and allows you to switch to premium storage (e.g. 'Premium_LRS')
|
594
|
-
- The ```enable_boot_diagnostics``` parameter defaults to 'true' and allows you to switch off boot diagnostics in case you are using premium storage.
|
595
|
-
- The optional ```vm_tags``` parameter allows you to define key:value pairs to tag VMs with on creation.
|
596
|
-
- Managed disks are now enabled by default, to use the Storage account set ```use_managed_disks``` (default: true).
|
597
|
-
- The ```image_url``` (unmanaged disks only) parameter can be used to specify a custom vhd (This VHD must be in the same storage account as the disks of the VM, therefore ```existing_storage_account_blob_url``` must also be set and ```use_managed_disks``` must be set to false)
|
598
|
-
- The ```image_id``` (managed disks only) parameter can be used to specify an image by id (managed disk). This works only with managed disks.
|
599
|
-
- The ```existing_storage_account_blob_url``` can be specified to specify an url to an existing storage account (needed for ```image_url```)
|
600
|
-
- The ```custom_data``` parameter can be used to specify custom data to provide to the instance. This can be a file or the data itself. This module handles base64 encoding for you.
|
601
|
-
- The ```os_disk_size_gb``` parameter can be used to specify a custom os disk size.
|
602
|
-
- The ```azure_resource_group_prefix``` and ```azure_resource_group_suffix``` can be used to further disambiguate Azure resource group names created by the driver.
|
603
|
-
- The ```explicit_resource_group_name``` and ```destroy_explicit_resource_group``` (default: "true") parameters can be used in scenarios where you are provided a pre-created Resource Group. Example usage: ```explicit_resource_group_name: kitchen-<%= ENV["USERNAME"] %>```
|
604
|
-
- The ```destroy_resource_group_contents``` (default: "false") parameter can be used when you want to destroy the resources within a resource group without destroying the resource group itself. For example, the following configuration options used in combination would use an existing resource group (or create one if it doesn't exist) and will destroy the contents of the resource group in the ```kitchen destroy``` phase.
|
605
|
-
- The ```use_ephemeral_osdisk``` (default: false) parameter can be used if you wish to use [ephemeral OS disk functionality](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ephemeral-os-disks).
|
619
|
+
### Additional parameters that can be specified
|
606
620
|
|
607
|
-
```
|
621
|
+
* Note that the ```driver``` section also takes a ```username``` and ```password``` parameter, the defaults if these are not specified are "azure" and "P2ssw0rd" respectively.
|
622
|
+
|
623
|
+
* The ```storage_account_type``` parameter defaults to 'Standard_LRS' and allows you to switch to premium storage (e.g. 'Premium_LRS')
|
624
|
+
|
625
|
+
* The ```enable_boot_diagnostics``` parameter defaults to 'true' and allows you to switch off boot diagnostics in case you are using premium storage.
|
626
|
+
|
627
|
+
* The optional ```vm_tags``` parameter allows you to define key:value pairs to tag VMs with on creation.
|
628
|
+
|
629
|
+
* Managed disks are now enabled by default, to use the Storage account set ```use_managed_disks``` (default: true).
|
630
|
+
|
631
|
+
* The ```image_url``` (unmanaged disks only) parameter can be used to specify a custom vhd (This VHD must be in the same storage account as the disks of the VM, therefore ```existing_storage_account_blob_url``` must also be set and ```use_managed_disks``` must be set to false)
|
632
|
+
|
633
|
+
* The ```image_id``` (managed disks only) parameter can be used to specify an image by id (managed disk). This works only with managed disks.
|
634
|
+
|
635
|
+
* The ```existing_storage_account_blob_url``` can be specified to specify an url to an existing storage account (needed for ```image_url```)
|
636
|
+
|
637
|
+
* The ```custom_data``` parameter can be used to specify custom data to provide to the instance. This can be a file or the data itself. This module handles base64 encoding for you.
|
638
|
+
|
639
|
+
* The ```os_disk_size_gb``` parameter can be used to specify a custom os disk size.
|
640
|
+
|
641
|
+
* The ```azure_resource_group_prefix``` and ```azure_resource_group_suffix``` can be used to further disambiguate Azure resource group names created by the driver.
|
642
|
+
|
643
|
+
* The ```explicit_resource_group_name``` and ```destroy_explicit_resource_group``` (default: "true") parameters can be used in scenarios where you are provided a pre-created Resource Group. Example usage: ```explicit_resource_group_name: kitchen-<%= ENV["USERNAME"] %>```
|
644
|
+
|
645
|
+
* The ```destroy_resource_group_contents``` (default: "false") parameter can be used when you want to destroy the resources within a resource group without destroying the resource group itself. For example, the following configuration options used in combination would use an existing resource group (or create one if it doesn't exist) and will destroy the contents of the resource group in the ```kitchen destroy``` phase.
|
646
|
+
|
647
|
+
```yaml
|
608
648
|
---
|
609
649
|
driver:
|
610
650
|
explicit_resource_group_name: stuart-rg-demo-001
|
@@ -612,11 +652,33 @@ driver:
|
|
612
652
|
destroy_resource_group_contents: true
|
613
653
|
```
|
614
654
|
|
655
|
+
* The ```use_ephemeral_osdisk``` (default: false) parameter can be used if you wish to use [ephemeral OS disk functionality](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ephemeral-os-disks).
|
656
|
+
|
657
|
+
* The ```secret_url```, ```vault_name```, and ```vault_resource_group``` parameters can be used to deploy VM with specified key vault certificate.
|
658
|
+
|
659
|
+
## Enabling alternative WinRM configurations
|
660
|
+
|
661
|
+
* By default on Windows machines, a PowerShell script runs that enables WinRM over the SSL transport, for Basic, Negotiate and CredSSP connections. To supply your own PowerShell script (e.g. to enable HTTP), use the `winrm_powershell_script` parameter. Windows 2008 R2 example:
|
662
|
+
|
663
|
+
```yaml
|
664
|
+
platforms:
|
665
|
+
- name: windows2008-r2
|
666
|
+
driver_config:
|
667
|
+
image_urn: MicrosoftWindowsServer:WindowsServer:2008-R2-SP1:latest
|
668
|
+
winrm_powershell_script: |-
|
669
|
+
winrm quickconfig -q
|
670
|
+
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="512"}'
|
671
|
+
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
|
672
|
+
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
|
673
|
+
winrm set winrm/config/service/auth '@{Basic="true"}'
|
674
|
+
|
675
|
+
```
|
676
|
+
|
615
677
|
## Contributing
|
616
678
|
|
617
679
|
Contributions to the project are welcome via submitting Pull Requests.
|
618
680
|
|
619
|
-
1. Fork it ( https://github.com/test-kitchen/kitchen-azurerm/fork )
|
681
|
+
1. Fork it ( <https://github.com/test-kitchen/kitchen-azurerm/fork> )
|
620
682
|
2. Create your feature branch (`git checkout -b my-new-feature`)
|
621
683
|
3. Commit your changes (`git commit -am 'Add some feature'`)
|
622
684
|
4. Push to the branch (`git push origin my-new-feature`)
|
@@ -78,6 +78,10 @@ module Kitchen
|
|
78
78
|
"vm"
|
79
79
|
end
|
80
80
|
|
81
|
+
default_config(:nic_name) do |_config|
|
82
|
+
""
|
83
|
+
end
|
84
|
+
|
81
85
|
default_config(:vnet_id) do |_config|
|
82
86
|
""
|
83
87
|
end
|
@@ -170,6 +174,22 @@ module Kitchen
|
|
170
174
|
10
|
171
175
|
end
|
172
176
|
|
177
|
+
default_config(:secret_url) do |_config|
|
178
|
+
""
|
179
|
+
end
|
180
|
+
|
181
|
+
default_config(:vault_name) do |_config|
|
182
|
+
""
|
183
|
+
end
|
184
|
+
|
185
|
+
default_config(:vault_resource_group) do |_config|
|
186
|
+
""
|
187
|
+
end
|
188
|
+
|
189
|
+
default_config(:subscription_id) do |_config|
|
190
|
+
ENV["AZURE_SUBSCRIPTION_ID"]
|
191
|
+
end
|
192
|
+
|
173
193
|
def create(state)
|
174
194
|
state = validate_state(state)
|
175
195
|
deployment_parameters = {
|
@@ -184,12 +204,22 @@ module Kitchen
|
|
184
204
|
vmName: state[:vm_name],
|
185
205
|
systemAssignedIdentity: config[:system_assigned_identity],
|
186
206
|
userAssignedIdentities: config[:user_assigned_identities],
|
207
|
+
secretUrl: config[:secret_url],
|
208
|
+
vaultName: config[:vault_name],
|
209
|
+
vaultResourceGroup: config[:vault_resource_group],
|
187
210
|
}
|
188
211
|
|
189
212
|
if config[:subscription_id].to_s == ""
|
190
213
|
raise "A subscription_id config value was not detected and kitchen-azurerm cannot continue. Please check your .kitchen.yml configuration. Exiting."
|
191
214
|
end
|
192
215
|
|
216
|
+
if config[:nic_name].to_s == ""
|
217
|
+
vmnic = "nic-#{config[:vm_name]}"
|
218
|
+
else
|
219
|
+
vmnic = config[:nic_name]
|
220
|
+
end
|
221
|
+
deployment_parameters["nicName"] = vmnic.to_s
|
222
|
+
|
193
223
|
if config[:custom_data].to_s != ""
|
194
224
|
deployment_parameters["customData"] = prepared_custom_data
|
195
225
|
end
|
@@ -282,7 +312,7 @@ module Kitchen
|
|
282
312
|
else
|
283
313
|
# Retrieve the internal IP from the resource group:
|
284
314
|
network_interfaces = ::Azure::Network::Profiles::Latest::Mgmt::NetworkInterfaces.new(network_management_client)
|
285
|
-
result = network_interfaces.get(state[:azure_resource_group_name],
|
315
|
+
result = network_interfaces.get(state[:azure_resource_group_name], vmnic.to_s)
|
286
316
|
info "IP Address is: #{result.ip_configurations[0].private_ipaddress}"
|
287
317
|
state[:hostname] = result.ip_configurations[0].private_ipaddress
|
288
318
|
end
|
@@ -306,11 +336,13 @@ module Kitchen
|
|
306
336
|
def azure_resource_group_name
|
307
337
|
formatted_time = Time.now.utc.strftime "%Y%m%dT%H%M%S"
|
308
338
|
return "#{config[:azure_resource_group_prefix]}#{config[:azure_resource_group_name]}-#{formatted_time}#{config[:azure_resource_group_suffix]}" unless config[:explicit_resource_group_name]
|
339
|
+
|
309
340
|
config[:explicit_resource_group_name]
|
310
341
|
end
|
311
342
|
|
312
343
|
def data_disks_for_vm_json
|
313
344
|
return nil if config[:data_disks].nil?
|
345
|
+
|
314
346
|
disks = []
|
315
347
|
|
316
348
|
if config[:use_managed_disks]
|
@@ -481,6 +513,7 @@ module Kitchen
|
|
481
513
|
|
482
514
|
def destroy(state)
|
483
515
|
return if state[:server_id].nil?
|
516
|
+
|
484
517
|
options = Kitchen::Driver::Credentials.new.azure_options_for_subscription(state[:subscription_id], state[:azure_environment])
|
485
518
|
@resource_management_client = ::Azure::Resources::Profiles::Latest::Mgmt::Client.new(options)
|
486
519
|
if config[:destroy_resource_group_contents] == true
|
@@ -521,6 +554,7 @@ module Kitchen
|
|
521
554
|
$cert = New-SelfSignedCertificate -DnsName $env:COMPUTERNAME -CertStoreLocation Cert:\\LocalMachine\\My
|
522
555
|
$config = '@{CertificateThumbprint="' + $cert.Thumbprint + '"}'
|
523
556
|
winrm create winrm/config/listener?Address=*+Transport=HTTPS $config
|
557
|
+
winrm create winrm/config/Listener?Address=*+Transport=HTTP
|
524
558
|
winrm set winrm/config/service/auth '@{Basic="true";Kerberos="false";Negotiate="true";Certificate="false";CredSSP="true"}'
|
525
559
|
New-NetFirewallRule -DisplayName "Windows Remote Management (HTTPS-In)" -Name "Windows Remote Management (HTTPS-In)" -Profile Any -LocalPort 5986 -Protocol TCP
|
526
560
|
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
|
@@ -530,6 +564,7 @@ module Kitchen
|
|
530
564
|
|
531
565
|
def format_data_disks_powershell_script
|
532
566
|
return unless config[:format_data_disks]
|
567
|
+
|
533
568
|
info "Data disks will be initialized and formatted NTFS automatically." unless config[:data_disks].nil?
|
534
569
|
config[:format_data_disks_powershell_script] ||
|
535
570
|
<<-PS1
|
@@ -596,7 +631,7 @@ module Kitchen
|
|
596
631
|
componentName: "Microsoft-Windows-Shell-Setup",
|
597
632
|
settingName: "AutoLogon",
|
598
633
|
content: "[concat('<AutoLogon><Password><Value>', parameters('adminPassword'), '</Value></Password><Enabled>true</Enabled><LogonCount>1</LogonCount><Username>', parameters('adminUserName'), '</Username></AutoLogon>')]",
|
599
|
-
}
|
634
|
+
},
|
600
635
|
],
|
601
636
|
}
|
602
637
|
end
|
@@ -632,6 +667,7 @@ module Kitchen
|
|
632
667
|
def prepared_custom_data
|
633
668
|
# If user_data is a file reference, lets read it as such
|
634
669
|
return nil if config[:custom_data].nil?
|
670
|
+
|
635
671
|
@custom_data ||= begin
|
636
672
|
if File.file?(config[:custom_data])
|
637
673
|
Base64.strict_encode64(File.read(config[:custom_data]))
|
data/templates/internal.erb
CHANGED
@@ -48,6 +48,24 @@
|
|
48
48
|
}
|
49
49
|
},
|
50
50
|
<%- end -%>
|
51
|
+
"secretUrl": {
|
52
|
+
"type": "string",
|
53
|
+
"metadata": {
|
54
|
+
"description": "Secret vault certificate URL"
|
55
|
+
}
|
56
|
+
},
|
57
|
+
"vaultName" : {
|
58
|
+
"type": "string",
|
59
|
+
"metadata": {
|
60
|
+
"description": "Name of key vault where certificate is located."
|
61
|
+
}
|
62
|
+
},
|
63
|
+
"vaultResourceGroup": {
|
64
|
+
"type": "string",
|
65
|
+
"metadata": {
|
66
|
+
"description": "Resource group name where key vault is located."
|
67
|
+
}
|
68
|
+
},
|
51
69
|
<%- unless custom_data.empty? -%>
|
52
70
|
"customData": {
|
53
71
|
"type": "string",
|
@@ -136,6 +154,13 @@
|
|
136
154
|
"description": "The vm name created inside of the resource group."
|
137
155
|
}
|
138
156
|
},
|
157
|
+
"nicName": {
|
158
|
+
"type": "string",
|
159
|
+
"defaultValue": "nic",
|
160
|
+
"metadata": {
|
161
|
+
"description": "The nic name created inside of the resource group."
|
162
|
+
}
|
163
|
+
},
|
139
164
|
"storageAccountType": {
|
140
165
|
"type": "string",
|
141
166
|
"defaultValue": "Standard_LRS",
|
@@ -168,7 +193,7 @@
|
|
168
193
|
"variables": {
|
169
194
|
"location": "[parameters('location')]",
|
170
195
|
"OSDiskName": "osdisk",
|
171
|
-
"nicName": "
|
196
|
+
"nicName": "[parameters('nicName')]",
|
172
197
|
"addressPrefix": "10.0.0.0/16",
|
173
198
|
"subnetName": "<%= subnet_id %>",
|
174
199
|
"subnetPrefix": "10.0.0.0/24",
|
@@ -181,12 +206,12 @@
|
|
181
206
|
"vmIdentityType": "[if(parameters('systemAssignedIdentity'), if(empty(parameters('userAssignedIdentities')), 'SystemAssigned', 'SystemAssigned, UserAssigned'), if(empty(parameters('userAssignedIdentities')), 'None', 'UserAssigned'))]",
|
182
207
|
"virtualNetworkName": "vnet",
|
183
208
|
"vnetID": "<%= vnet_id %>",
|
184
|
-
"subnetRef": "[concat(variables('vnetID'),'/subnets/',variables('subnetName'))]"
|
209
|
+
"subnetRef": "[concat(variables('vnetID'),'/subnets/',variables('subnetName'))]"
|
185
210
|
},
|
186
211
|
"resources": [
|
187
212
|
{
|
188
213
|
"apiVersion": "2017-05-10",
|
189
|
-
"name": "pid-18d63047-6cdf-4f34-beed-62f01fc73fc2",
|
214
|
+
"name": "pid-18d63047-6cdf-4f34-beed-62f01fc73fc2",
|
190
215
|
"type": "Microsoft.Resources/deployments",
|
191
216
|
"properties": {
|
192
217
|
"mode": "Incremental",
|
@@ -267,7 +292,7 @@
|
|
267
292
|
"type": "Microsoft.Compute/virtualMachines",
|
268
293
|
"name": "[variables('vmName')]",
|
269
294
|
"location": "[variables('location')]",
|
270
|
-
"dependsOn": [
|
295
|
+
"dependsOn": [
|
271
296
|
<%- unless use_managed_disks -%>
|
272
297
|
<%- if existing_storage_account_blob_url.empty? -%>
|
273
298
|
"[concat('Microsoft.Storage/storageAccounts/', parameters('newStorageAccountName'))]",
|
@@ -284,6 +309,19 @@
|
|
284
309
|
<%- unless custom_data.empty? -%>
|
285
310
|
"customData": "[parameters('customData')]",
|
286
311
|
<%- end -%>
|
312
|
+
<%- unless secretUrl.to_s.empty? && vaultName.to_s.empty? && vaultResourceGroup.to_s.empty? -%>
|
313
|
+
"secret": [
|
314
|
+
"sourceVault": {
|
315
|
+
"id": "[resourceId(parameters('vaultResourceGroup'), 'Microsoft,KeyVault/vaults', parameters('vaultName'))]"
|
316
|
+
},
|
317
|
+
"vaultCertificates": [
|
318
|
+
{
|
319
|
+
"certificateUrl": "[parameters('secretUrl')]",
|
320
|
+
"certificateStore": "My"
|
321
|
+
}
|
322
|
+
]
|
323
|
+
],
|
324
|
+
<%- end -%>
|
287
325
|
"adminUsername": "[parameters('adminUsername')]",
|
288
326
|
"adminPassword": "[parameters('adminPassword')]"
|
289
327
|
},
|
@@ -310,7 +348,7 @@
|
|
310
348
|
}
|
311
349
|
<%- elsif use_managed_disks -%>
|
312
350
|
"osDisk": {
|
313
|
-
"name": "
|
351
|
+
"name": "[concat('disk-', parameters('vmName'))]",
|
314
352
|
<%- unless os_disk_size_gb.to_s.empty? -%>
|
315
353
|
"diskSizeGB": "[parameters('osDiskSizeGB')]",
|
316
354
|
<%- end -%>
|
@@ -318,7 +356,7 @@
|
|
318
356
|
}
|
319
357
|
<%- else -%>
|
320
358
|
"osDisk": {
|
321
|
-
"name": "
|
359
|
+
"name": "[concat('disk-', parameters('vmName'))]",
|
322
360
|
<%- unless os_disk_size_gb.to_s.empty? -%>
|
323
361
|
"diskSizeGB": "[parameters('osDiskSizeGB')]",
|
324
362
|
<%- end -%>
|
@@ -344,7 +382,7 @@
|
|
344
382
|
}
|
345
383
|
<%- end -%>
|
346
384
|
<%- unless data_disks_for_vm_json.nil? -%>
|
347
|
-
,"dataDisks":
|
385
|
+
,"dataDisks":
|
348
386
|
<%= data_disks_for_vm_json %>
|
349
387
|
<%- end -%>
|
350
388
|
},
|
data/templates/public.erb
CHANGED
@@ -48,6 +48,24 @@
|
|
48
48
|
}
|
49
49
|
},
|
50
50
|
<%- end -%>
|
51
|
+
"secretUrl": {
|
52
|
+
"type": "string",
|
53
|
+
"metadata": {
|
54
|
+
"description": "Secret vault certificate URL"
|
55
|
+
}
|
56
|
+
},
|
57
|
+
"vaultName" : {
|
58
|
+
"type": "string",
|
59
|
+
"metadata": {
|
60
|
+
"description": "Name of key vault where certificate is located."
|
61
|
+
}
|
62
|
+
},
|
63
|
+
"vaultResourceGroup": {
|
64
|
+
"type": "string",
|
65
|
+
"metadata": {
|
66
|
+
"description": "Resource group name where key vault is located."
|
67
|
+
}
|
68
|
+
},
|
51
69
|
<%- unless custom_data.empty? -%>
|
52
70
|
"customData": {
|
53
71
|
"type": "string",
|
@@ -136,6 +154,13 @@
|
|
136
154
|
"description": "The vm name created inside of the resource group."
|
137
155
|
}
|
138
156
|
},
|
157
|
+
"nicName": {
|
158
|
+
"type": "string",
|
159
|
+
"defaultValue": "nic",
|
160
|
+
"metadata": {
|
161
|
+
"description": "The nic name created inside of the resource group."
|
162
|
+
}
|
163
|
+
},
|
139
164
|
"storageAccountType": {
|
140
165
|
"type": "string",
|
141
166
|
"defaultValue": "Standard_LRS",
|
@@ -168,7 +193,7 @@
|
|
168
193
|
"variables": {
|
169
194
|
"location": "[parameters('location')]",
|
170
195
|
"OSDiskName": "osdisk",
|
171
|
-
"nicName": "
|
196
|
+
"nicName": "[parameters('nicName')]",
|
172
197
|
"addressPrefix": "10.0.0.0/16",
|
173
198
|
"subnetName": "Subnet",
|
174
199
|
"subnetPrefix": "10.0.0.0/24",
|
@@ -303,6 +328,19 @@
|
|
303
328
|
<%- unless custom_data.empty? -%>
|
304
329
|
"customData": "[parameters('customData')]",
|
305
330
|
<%- end -%>
|
331
|
+
<%- unless secretUrl.to_s.empty? && vaultName.to_s.empty? && vaultResourceGroup.to_s.empty? -%>
|
332
|
+
"secret": [
|
333
|
+
"sourceVault": {
|
334
|
+
"id": "[resourceId(parameters('vaultResourceGroup'), 'Microsoft,KeyVault/vaults', parameters('vaultName'))]"
|
335
|
+
},
|
336
|
+
"vaultCertificates": [
|
337
|
+
{
|
338
|
+
"certificateUrl": "[parameters('secretUrl')]",
|
339
|
+
"certificateStore": "My"
|
340
|
+
}
|
341
|
+
]
|
342
|
+
],
|
343
|
+
<%- end -%>
|
306
344
|
"adminUsername": "[parameters('adminUsername')]",
|
307
345
|
"adminPassword": "[parameters('adminPassword')]"
|
308
346
|
},
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kitchen-azurerm
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.15.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Stuart Preston
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-11-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: azure_mgmt_network
|
@@ -77,9 +77,9 @@ dependencies:
|
|
77
77
|
- - ">="
|
78
78
|
- !ruby/object:Gem::Version
|
79
79
|
version: 1.0.0
|
80
|
-
- - "
|
80
|
+
- - "<"
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version: '
|
82
|
+
version: '3'
|
83
83
|
type: :runtime
|
84
84
|
prerelease: false
|
85
85
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -87,9 +87,9 @@ dependencies:
|
|
87
87
|
- - ">="
|
88
88
|
- !ruby/object:Gem::Version
|
89
89
|
version: 1.0.0
|
90
|
-
- - "
|
90
|
+
- - "<"
|
91
91
|
- !ruby/object:Gem::Version
|
92
|
-
version: '
|
92
|
+
version: '3'
|
93
93
|
- !ruby/object:Gem::Dependency
|
94
94
|
name: bundler
|
95
95
|
requirement: !ruby/object:Gem::Requirement
|