RubyGems - kitchen-azurerm - Versions diffs - 0.14.9 → 0.15.0 - Mend

kitchen-azurerm 0.14.9 → 0.15.0

Files changed (7) hide show

checksums.yaml +4 -4
data/README.md +94 -32
data/lib/kitchen/driver/azurerm.rb +38 -2
data/lib/kitchen/driver/credentials.rb +1 -1
data/templates/internal.erb +45 -7
data/templates/public.erb +39 -1
metadata +6 -6

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0ffc284510dde72d7b781d6069cdd68b7d52b3c5877f5826b99da3e0aa765397
-  data.tar.gz: 38d52dc77c023a9d38dd39857f5f467c053b029d906858f987bcd73b3d2d4d0b
+  metadata.gz: fd5dbf8c2745c4d63c0d9d415fc93e21f6b7a38f39777447294b9d950da7e64f
+  data.tar.gz: 5c634c00d91ef4e4c6e0700dfe6bf8e6b7f24c853a2f0b04dee901572c51794f
 SHA512:
-  metadata.gz: ae129c262879fe31efa2fae2c09177d85ca9b42901f5eb23077547f8cea1864c792490ce5ec76a04427304a74a8a7912333d33ee951b2ce31f35e2b0b02a5bf9
-  data.tar.gz: cec65b9e6683a321ecab5e86b82f0df8b90f51feb8488efc270a0b6e8ce30e02ad517f83e99f8b0b32d0443e860dd75b2ffe00a8a0b28b244c6655a8422b0710
+  metadata.gz: 928c18ee6b38babb9db4e88cb83d15c6da7873bb7ef80e3d5a8e51ad4e5a10bf0f174601c23fea8de6628dc72940e224db43159db9805b97d7d6b1505d3a93fd
+  data.tar.gz: dc530ebb8aee8c00a96cd0855c5fe26393ac77082b9eddaef779b1a7cd43b4c4af29b2641ac55338353f182b7d3a351e0b6ba65053c5a2dba671aaf5b625c75c

data/README.md CHANGED

@@ -83,11 +83,12 @@ suites:
 ```
 ### Concurrent execution
 Concurrent execution of create/converge/destroy is supported via the --concurrency parameter. Each machine is created in it's own Azure Resource Group so has no shared lifecycle with the other machines in the test run. To take advantage of parallel execution use the following command:
 ```kitchen test --concurrency <n>```
-Where <n> is the number of threads to create. Note that any failure (e.g. an AzureOperationError) will cause the whole test to fail, though resources already in creation will continue to be created.
+Where n is the number of threads to create. Note that any failure (e.g. an AzureOperationError) will cause the whole test to fail, though resources already in creation will continue to be created.
 ### .kitchen.yml example 2 - Windows
@@ -137,7 +138,7 @@ driver:
   location: 'West Europe'
   machine_size: 'Standard_D1'
   pre_deployment_template: predeploy.json
-  pre_deployment_parameters:
+  pre_deployment_parameters:
     test_parameter: 'This is a test.'
 transport:
@@ -171,7 +172,7 @@ Example predeploy.json:
       }
   },
   "variables": {
   },
   "resources": [
       {
@@ -202,7 +203,6 @@ You can use this capability to create the VM on an existing virtual network and
 In this case, the public IP address is not used unless ```public_ip``` is set to ```true```
 ```yaml
 ---
 driver:
@@ -233,7 +233,7 @@ suites:
 ### .kitchen.yml example 5 - deploy VM to existing virtual network/subnet (use for ExpressRoute/VPN scenarios) with Private Managed Image
-This example is the same as above, but uses a private managed image to provision the vm.
+This example is the same as above, but uses a private managed image to provision the vm.
 Note: The image must be available first. On deletion the disk and everything is removed.
@@ -258,7 +258,6 @@ platforms:
       vnet_id: /subscriptions/b6e7eee9-YOUR-GUID-HERE-03ab624df016/resourceGroups/pendrica-infrastructure/providers/Microsoft.Network/virtualNetworks/pendrica-arm-vnet
       subnet_id: subnet-10.1.0
       use_managed_disk: true
 suites:
   - name: default
@@ -269,17 +268,16 @@ suites:
 ### .kitchen.yml example 6 - deploy VM to existing virtual network/subnet (use for ExpressRoute/VPN scenarios) with Private Classic OS Image
-This example a classic Custom VM Image (aka a VHD file) is used. As the Image VHD must be in the same storage account then the disk of the instance, the os disk is created in an existing image account.
+This example a classic Custom VM Image (aka a VHD file) is used. As the Image VHD must be in the same storage account then the disk of the instance, the os disk is created in an existing image account.
 Note: When the resource group ís deleted, the os disk is left in the extsing storage account blob. You must cleanup manually.
-This example will:
+This example will:
-* use the customized image https://yourstorageaccount.blob.core.windows.net/system/Microsoft.Compute/Images/images/Cent7_P4-osDisk.170dd1b7-7dc3-4496-b248-f47c49f63965.vhd (can be built with packer)
-* set the disk url of the vm to https://yourstorageaccount.blob.core.windows.net/vhds/osdisk-kitchen-XXXXX.vhd
+* use the customized image <https://yourstorageaccount.blob.core.windows.net/system/Microsoft.Compute/Images/images/Cent7_P4-osDisk.170dd1b7-7dc3-4496-b248-f47c49f63965.vhd> (can be built with packer)
+* set the disk url of the vm to <https://yourstorageaccount.blob.core.windows.net/vhds/osdisk-kitchen-XXXXX.vhd>
 * set the os type to linux
 ```yaml
 ---
 driver:
@@ -317,7 +315,6 @@ This is the same as above, but uses custom data to customize the instance.
 Note: Custom data can be custom data or a file to custom data. Please also note that if you use winrm communication to non-nano windows servers custom data is not supported, as winrm is enabled via custom data.
 ```yaml
 ---
 driver:
@@ -357,7 +354,7 @@ suites:
     attributes:
 ```
-### .kitchen.yml example 8 - Windows 2016 VM with additional data disks:
+### .kitchen.yml example 8 - Windows 2016 VM with additional data disks
 This example demonstrates how to add 3 additional Managed data disks to a Windows Server 2016 VM. Not supported with legacy (pre-managed disk) storage accounts.
@@ -410,7 +407,7 @@ driver:
   location: 'West Europe'
   machine_size: 'Standard_D1'
   post_deployment_template: postdeploy.json
-  post_deployment_parameters:
+  post_deployment_parameters:
     test_parameter: 'This is a test.'
 transport:
@@ -516,6 +513,36 @@ suites:
     attributes:
 ```
+### .kitchen.yml example 11 - deploy VM with key vault certificate
+This following example introduces ```secret_url```, ```vault_name```, and ```vault_resource_group``` properties under "driver" in the configuration file. You can use this capability to create a VM with a specified key vault certificate.
+```yaml
+---
+driver:
+  name: azurerm
+  subscription_id: '4801fa9d-YOUR-GUID-HERE-b265ff49ce21'
+  location: 'CentralUS'
+  machine_size: 'Standard_D2s_v3'
+  secret_url: 'https://YOUR-SECRET-PATH'
+  vault_name: 'YOUR-VAULT-NAME'
+  vault_group_name: 'YOUR-VAULT-GROUP-NAME'
+transport:
+  name: winrm
+  elevated: true
+provisioner:
+  name: chef_zero
+platforms:
+  - name: win2012R2-sql2016
+    driver:
+      image_urn: MicrosoftSQLServer:SQL2016SP2-WS2012R2:SQLDEV:latest
+suites:
+  - name: default
+    run_list:
+      - recipe[kitchentesting::default]
+    attributes:
+```
 ## Support for Government and Sovereign Clouds (China and Germany)
@@ -555,6 +582,7 @@ suites:
 ```
 ### How to retrieve the image_urn
 You can use the azure (azure-cli) command line tools to interrogate for the Urn. All 4 parts of the Urn must be specified, though the last part can be changed to "latest" to indicate you always wish to provision the latest operating system and patches.
 ```$ azure vm image list "West Europe" Canonical UbuntuServer```
@@ -562,7 +590,7 @@ You can use the azure (azure-cli) command line tools to interrogate for the Urn.
 This will return a list like the following, from which you can derive the Urn.
 *this list has been shortened for readability*
-```
+```bash
 data:    Publisher  Offer         Sku                Version          Location    Urn
 data:    ---------  ------------  -----------------  ---------------  ----------  --------------------------------------------------------
 data:    Canonical  UbuntuServer  12.04.5-LTS        12.04.201507301  westeurope  Canonical:UbuntuServer:12.04.5-LTS:12.04.201507301
@@ -588,23 +616,35 @@ data:    Canonical  UbuntuServer  15.10-DAILY        15.10.201509220  westeurope
 info:    vm image list command OK
 ```
-### Additional parameters that can be specified:
-- Note that the ```driver``` section also takes a ```username``` and ```password``` parameter, the defaults if these are not specified are "azure" and "P2ssw0rd" respectively.
-- The ```storage_account_type``` parameter defaults to 'Standard_LRS' and allows you to switch to premium storage (e.g. 'Premium_LRS')
-- The ```enable_boot_diagnostics``` parameter defaults to 'true' and allows you to switch off boot diagnostics in case you are using premium storage.
-- The optional ```vm_tags``` parameter allows you to define key:value pairs to tag VMs with on creation.
-- Managed disks are now enabled by default, to use the Storage account set ```use_managed_disks``` (default: true).
-- The ```image_url``` (unmanaged disks only) parameter can be used to specify a custom vhd (This VHD must be in the same storage account as the disks of the VM, therefore ```existing_storage_account_blob_url``` must also be set and ```use_managed_disks``` must be set to false)
-- The ```image_id``` (managed disks only) parameter can be used to specify an image by id (managed disk). This works only with managed disks.
-- The ```existing_storage_account_blob_url``` can be specified to specify an url to an existing storage account (needed for ```image_url```)
-- The ```custom_data``` parameter can be used to specify custom data to provide to the instance. This can be a file or the data itself. This module handles base64 encoding for you.
-- The ```os_disk_size_gb``` parameter can be used to specify a custom os disk size.
-- The ```azure_resource_group_prefix``` and ```azure_resource_group_suffix``` can be used to further disambiguate Azure resource group names created by the driver.
-- The ```explicit_resource_group_name``` and ```destroy_explicit_resource_group``` (default: "true") parameters can be used in scenarios where you are provided a pre-created Resource Group.  Example usage: ```explicit_resource_group_name: kitchen-<%= ENV["USERNAME"] %>```
-- The ```destroy_resource_group_contents``` (default: "false") parameter can be used when you want to destroy the resources within a resource group without destroying the resource group itself. For example, the following configuration options used in combination would use an existing resource group (or create one if it doesn't exist) and will destroy the contents of the resource group in the ```kitchen destroy``` phase.
-- The ```use_ephemeral_osdisk``` (default: false) parameter can be used if you wish to use [ephemeral OS disk functionality](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ephemeral-os-disks).
+### Additional parameters that can be specified
-```
+* Note that the ```driver``` section also takes a ```username``` and ```password``` parameter, the defaults if these are not specified are "azure" and "P2ssw0rd" respectively.
+* The ```storage_account_type``` parameter defaults to 'Standard_LRS' and allows you to switch to premium storage (e.g. 'Premium_LRS')
+* The ```enable_boot_diagnostics``` parameter defaults to 'true' and allows you to switch off boot diagnostics in case you are using premium storage.
+* The optional ```vm_tags``` parameter allows you to define key:value pairs to tag VMs with on creation.
+* Managed disks are now enabled by default, to use the Storage account set ```use_managed_disks``` (default: true).
+* The ```image_url``` (unmanaged disks only) parameter can be used to specify a custom vhd (This VHD must be in the same storage account as the disks of the VM, therefore ```existing_storage_account_blob_url``` must also be set and ```use_managed_disks``` must be set to false)
+* The ```image_id``` (managed disks only) parameter can be used to specify an image by id (managed disk). This works only with managed disks.
+* The ```existing_storage_account_blob_url``` can be specified to specify an url to an existing storage account (needed for ```image_url```)
+* The ```custom_data``` parameter can be used to specify custom data to provide to the instance. This can be a file or the data itself. This module handles base64 encoding for you.
+* The ```os_disk_size_gb``` parameter can be used to specify a custom os disk size.
+* The ```azure_resource_group_prefix``` and ```azure_resource_group_suffix``` can be used to further disambiguate Azure resource group names created by the driver.
+* The ```explicit_resource_group_name``` and ```destroy_explicit_resource_group``` (default: "true") parameters can be used in scenarios where you are provided a pre-created Resource Group.  Example usage: ```explicit_resource_group_name: kitchen-<%= ENV["USERNAME"] %>```
+* The ```destroy_resource_group_contents``` (default: "false") parameter can be used when you want to destroy the resources within a resource group without destroying the resource group itself. For example, the following configuration options used in combination would use an existing resource group (or create one if it doesn't exist) and will destroy the contents of the resource group in the ```kitchen destroy``` phase.
+```yaml
 ---
 driver:
   explicit_resource_group_name: stuart-rg-demo-001
@@ -612,11 +652,33 @@ driver:
   destroy_resource_group_contents: true
 ```
+* The ```use_ephemeral_osdisk``` (default: false) parameter can be used if you wish to use [ephemeral OS disk functionality](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ephemeral-os-disks).
+* The ```secret_url```, ```vault_name```, and ```vault_resource_group``` parameters can be used to deploy VM with specified key vault certificate.
+## Enabling alternative WinRM configurations
+* By default on Windows machines, a PowerShell script runs that enables WinRM over the SSL transport, for Basic, Negotiate and CredSSP connections. To supply your own PowerShell script (e.g. to enable HTTP), use the `winrm_powershell_script` parameter. Windows 2008 R2 example:
+```yaml
+platforms:
+  - name: windows2008-r2
+    driver_config:
+      image_urn: MicrosoftWindowsServer:WindowsServer:2008-R2-SP1:latest
+      winrm_powershell_script: |-
+        winrm quickconfig -q
+        winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="512"}'
+        winrm set winrm/config '@{MaxTimeoutms="1800000"}'
+        winrm set winrm/config/service '@{AllowUnencrypted="true"}'
+        winrm set winrm/config/service/auth '@{Basic="true"}'
+```
 ## Contributing
 Contributions to the project are welcome via submitting Pull Requests.
-1. Fork it ( https://github.com/test-kitchen/kitchen-azurerm/fork )
+1. Fork it ( <https://github.com/test-kitchen/kitchen-azurerm/fork> )
 2. Create your feature branch (`git checkout -b my-new-feature`)
 3. Commit your changes (`git commit -am 'Add some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)

data/lib/kitchen/driver/azurerm.rb CHANGED

@@ -78,6 +78,10 @@ module Kitchen
         "vm"
       end
+      default_config(:nic_name) do |_config|
+        ""
+      end
       default_config(:vnet_id) do |_config|
         ""
       end
@@ -170,6 +174,22 @@ module Kitchen
         10
       end
+      default_config(:secret_url) do |_config|
+        ""
+      end
+      default_config(:vault_name) do |_config|
+        ""
+      end
+      default_config(:vault_resource_group) do |_config|
+        ""
+      end
+      default_config(:subscription_id) do |_config|
+        ENV["AZURE_SUBSCRIPTION_ID"]
+      end
       def create(state)
         state = validate_state(state)
         deployment_parameters = {
@@ -184,12 +204,22 @@ module Kitchen
           vmName: state[:vm_name],
           systemAssignedIdentity: config[:system_assigned_identity],
           userAssignedIdentities: config[:user_assigned_identities],
+          secretUrl: config[:secret_url],
+          vaultName: config[:vault_name],
+          vaultResourceGroup: config[:vault_resource_group],
         }
         if config[:subscription_id].to_s == ""
           raise "A subscription_id config value was not detected and kitchen-azurerm cannot continue. Please check your .kitchen.yml configuration. Exiting."
         end
+        if config[:nic_name].to_s == ""
+          vmnic = "nic-#{config[:vm_name]}"
+        else
+          vmnic = config[:nic_name]
+        end
+        deployment_parameters["nicName"] = vmnic.to_s
         if config[:custom_data].to_s != ""
           deployment_parameters["customData"] = prepared_custom_data
         end
@@ -282,7 +312,7 @@ module Kitchen
         else
           # Retrieve the internal IP from the resource group:
           network_interfaces = ::Azure::Network::Profiles::Latest::Mgmt::NetworkInterfaces.new(network_management_client)
-          result = network_interfaces.get(state[:azure_resource_group_name], "nic")
+          result = network_interfaces.get(state[:azure_resource_group_name], vmnic.to_s)
           info "IP Address is: #{result.ip_configurations[0].private_ipaddress}"
           state[:hostname] = result.ip_configurations[0].private_ipaddress
         end
@@ -306,11 +336,13 @@ module Kitchen
       def azure_resource_group_name
         formatted_time = Time.now.utc.strftime "%Y%m%dT%H%M%S"
         return "#{config[:azure_resource_group_prefix]}#{config[:azure_resource_group_name]}-#{formatted_time}#{config[:azure_resource_group_suffix]}" unless config[:explicit_resource_group_name]
         config[:explicit_resource_group_name]
       end
       def data_disks_for_vm_json
         return nil if config[:data_disks].nil?
         disks = []
         if config[:use_managed_disks]
@@ -481,6 +513,7 @@ module Kitchen
       def destroy(state)
         return if state[:server_id].nil?
         options = Kitchen::Driver::Credentials.new.azure_options_for_subscription(state[:subscription_id], state[:azure_environment])
         @resource_management_client = ::Azure::Resources::Profiles::Latest::Mgmt::Client.new(options)
         if config[:destroy_resource_group_contents] == true
@@ -521,6 +554,7 @@ module Kitchen
   $cert = New-SelfSignedCertificate -DnsName $env:COMPUTERNAME -CertStoreLocation Cert:\\LocalMachine\\My
   $config = '@{CertificateThumbprint="' + $cert.Thumbprint + '"}'
   winrm create winrm/config/listener?Address=*+Transport=HTTPS $config
+  winrm create winrm/config/Listener?Address=*+Transport=HTTP
   winrm set winrm/config/service/auth '@{Basic="true";Kerberos="false";Negotiate="true";Certificate="false";CredSSP="true"}'
   New-NetFirewallRule -DisplayName "Windows Remote Management (HTTPS-In)" -Name "Windows Remote Management (HTTPS-In)" -Profile Any -LocalPort 5986 -Protocol TCP
   winrm set winrm/config/service '@{AllowUnencrypted="true"}'
@@ -530,6 +564,7 @@ module Kitchen
       def format_data_disks_powershell_script
         return unless config[:format_data_disks]
         info "Data disks will be initialized and formatted NTFS automatically." unless config[:data_disks].nil?
         config[:format_data_disks_powershell_script] ||
           <<-PS1
@@ -596,7 +631,7 @@ module Kitchen
               componentName: "Microsoft-Windows-Shell-Setup",
               settingName: "AutoLogon",
               content: "[concat('<AutoLogon><Password><Value>', parameters('adminPassword'), '</Value></Password><Enabled>true</Enabled><LogonCount>1</LogonCount><Username>', parameters('adminUserName'), '</Username></AutoLogon>')]",
-            }
+            },
           ],
         }
       end
@@ -632,6 +667,7 @@ module Kitchen
       def prepared_custom_data
         # If user_data is a file reference, lets read it as such
         return nil if config[:custom_data].nil?
         @custom_data ||= begin
           if File.file?(config[:custom_data])
             Base64.strict_encode64(File.read(config[:custom_data]))

data/lib/kitchen/driver/credentials.rb CHANGED

@@ -6,7 +6,7 @@ module Kitchen
     # Credentials
     #
     class Credentials
-      CONFIG_PATH = "#{ENV['HOME']}/.azure/credentials".freeze
+      CONFIG_PATH = "#{ENV["HOME"]}/.azure/credentials".freeze
       #
       # Creates and initializes a new instance of the Credentials class.

data/templates/internal.erb CHANGED

@@ -48,6 +48,24 @@
             }
         },
         <%- end -%>
+        "secretUrl": {
+            "type": "string",
+            "metadata": {
+                "description": "Secret vault certificate URL"
+            }
+        },
+        "vaultName" : {
+            "type": "string",
+            "metadata": {
+                "description": "Name of key vault where certificate is located."
+            }
+        },
+        "vaultResourceGroup": {
+            "type": "string",
+            "metadata": {
+                "description": "Resource group name where key vault is located."
+            }
+        },
         <%- unless custom_data.empty? -%>
         "customData": {
             "type": "string",
@@ -136,6 +154,13 @@
                 "description": "The vm name created inside of the resource group."
             }
         },
+        "nicName": {
+            "type": "string",
+            "defaultValue": "nic",
+            "metadata": {
+                "description": "The nic name created inside of the resource group."
+            }
+        },
         "storageAccountType": {
             "type": "string",
             "defaultValue": "Standard_LRS",
@@ -168,7 +193,7 @@
     "variables": {
         "location": "[parameters('location')]",
         "OSDiskName": "osdisk",
-        "nicName": "nic",
+        "nicName": "[parameters('nicName')]",
         "addressPrefix": "10.0.0.0/16",
         "subnetName": "<%= subnet_id %>",
         "subnetPrefix": "10.0.0.0/24",
@@ -181,12 +206,12 @@
         "vmIdentityType": "[if(parameters('systemAssignedIdentity'), if(empty(parameters('userAssignedIdentities')), 'SystemAssigned', 'SystemAssigned, UserAssigned'), if(empty(parameters('userAssignedIdentities')), 'None', 'UserAssigned'))]",
         "virtualNetworkName": "vnet",
         "vnetID": "<%= vnet_id %>",
-        "subnetRef": "[concat(variables('vnetID'),'/subnets/',variables('subnetName'))]"
+        "subnetRef": "[concat(variables('vnetID'),'/subnets/',variables('subnetName'))]"
     },
     "resources": [
         {
             "apiVersion": "2017-05-10",
-            "name": "pid-18d63047-6cdf-4f34-beed-62f01fc73fc2",
+            "name": "pid-18d63047-6cdf-4f34-beed-62f01fc73fc2",
             "type": "Microsoft.Resources/deployments",
             "properties": {
                 "mode": "Incremental",
@@ -267,7 +292,7 @@
             "type": "Microsoft.Compute/virtualMachines",
             "name": "[variables('vmName')]",
             "location": "[variables('location')]",
-            "dependsOn": [
+            "dependsOn": [
                 <%- unless use_managed_disks -%>
                 <%- if existing_storage_account_blob_url.empty? -%>
                 "[concat('Microsoft.Storage/storageAccounts/', parameters('newStorageAccountName'))]",
@@ -284,6 +309,19 @@
                     <%- unless custom_data.empty? -%>
                     "customData": "[parameters('customData')]",
                     <%- end -%>
+                    <%- unless secretUrl.to_s.empty? && vaultName.to_s.empty? && vaultResourceGroup.to_s.empty? -%>
+                    "secret": [
+                        "sourceVault": {
+                            "id": "[resourceId(parameters('vaultResourceGroup'), 'Microsoft,KeyVault/vaults', parameters('vaultName'))]"
+                        },
+                        "vaultCertificates": [
+                            {
+                                "certificateUrl": "[parameters('secretUrl')]",
+                                "certificateStore": "My"
+                            }
+                        ]
+                    ],
+                    <%- end -%>
                     "adminUsername": "[parameters('adminUsername')]",
                     "adminPassword": "[parameters('adminPassword')]"
                 },
@@ -310,7 +348,7 @@
                     }
                     <%- elsif use_managed_disks -%>
                     "osDisk": {
-                        "name": "osdisk",
+                        "name": "[concat('disk-', parameters('vmName'))]",
                         <%- unless os_disk_size_gb.to_s.empty? -%>
                         "diskSizeGB": "[parameters('osDiskSizeGB')]",
                         <%- end -%>
@@ -318,7 +356,7 @@
                     }
                     <%- else -%>
                     "osDisk": {
-                        "name": "osdisk",
+                        "name": "[concat('disk-', parameters('vmName'))]",
                         <%- unless os_disk_size_gb.to_s.empty? -%>
                         "diskSizeGB": "[parameters('osDiskSizeGB')]",
                         <%- end -%>
@@ -344,7 +382,7 @@
                     }
                     <%- end -%>
                     <%- unless data_disks_for_vm_json.nil? -%>
-                      ,"dataDisks":
+                      ,"dataDisks":
                           <%= data_disks_for_vm_json %>
                     <%- end -%>
                 },

data/templates/public.erb CHANGED

@@ -48,6 +48,24 @@
             }
         },
         <%- end -%>
+        "secretUrl": {
+            "type": "string",
+            "metadata": {
+                "description": "Secret vault certificate URL"
+            }
+        },
+        "vaultName" : {
+            "type": "string",
+            "metadata": {
+                "description": "Name of key vault where certificate is located."
+            }
+        },
+        "vaultResourceGroup": {
+            "type": "string",
+            "metadata": {
+                "description": "Resource group name where key vault is located."
+            }
+        },
         <%- unless custom_data.empty? -%>
         "customData": {
             "type": "string",
@@ -136,6 +154,13 @@
                 "description": "The vm name created inside of the resource group."
             }
         },
+        "nicName": {
+            "type": "string",
+            "defaultValue": "nic",
+            "metadata": {
+                "description": "The nic name created inside of the resource group."
+            }
+        },
         "storageAccountType": {
             "type": "string",
             "defaultValue": "Standard_LRS",
@@ -168,7 +193,7 @@
     "variables": {
         "location": "[parameters('location')]",
         "OSDiskName": "osdisk",
-        "nicName": "nic",
+        "nicName": "[parameters('nicName')]",
         "addressPrefix": "10.0.0.0/16",
         "subnetName": "Subnet",
         "subnetPrefix": "10.0.0.0/24",
@@ -303,6 +328,19 @@
                     <%- unless custom_data.empty? -%>
                     "customData": "[parameters('customData')]",
                     <%- end -%>
+                    <%- unless secretUrl.to_s.empty? && vaultName.to_s.empty? && vaultResourceGroup.to_s.empty? -%>
+                    "secret": [
+                        "sourceVault": {
+                            "id": "[resourceId(parameters('vaultResourceGroup'), 'Microsoft,KeyVault/vaults', parameters('vaultName'))]"
+                        },
+                        "vaultCertificates": [
+                            {
+                                "certificateUrl": "[parameters('secretUrl')]",
+                                "certificateStore": "My"
+                            }
+                        ]
+                    ],
+                    <%- end -%>
                     "adminUsername": "[parameters('adminUsername')]",
                     "adminPassword": "[parameters('adminPassword')]"
                 },

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kitchen-azurerm
 version: !ruby/object:Gem::Version
-  version: 0.14.9
+  version: 0.15.0
 platform: ruby
 authors:
 - Stuart Preston
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-07-30 00:00:00.000000000 Z
+date: 2019-11-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: azure_mgmt_network
@@ -77,9 +77,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.0.0
-    - - "~>"
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -87,9 +87,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.0.0
-    - - "~>"
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement