kitchen-oci 1.3.1 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e2a70532be3d2bb13fb4f14823c577e28ccf33c126045f35514a6602861ec14e
-  data.tar.gz: 9c6503cc8d90881f673a3360d6686c3fa821b8ba8163214e0b9e01af679810ba
+  metadata.gz: c4dd215b5958470a2f202e142bf34fe8240ffda92b5a055eade44c7e4dc7a209
+  data.tar.gz: 88368ba6aff34472d1f693f926285ec65a442d52f25d2fd86dce82821ee73dd0
 SHA512:
-  metadata.gz: 96886c41404b3d2879148e28190a019838aacdd90a7f05e72cdd86578e61e4980826a640ccc66309d752c2e543fba5ca31615bdee3963d18c6afd4fa7701f6cc
-  data.tar.gz: 9629493a7909ac7d09eaa0e0ad4ec00566cc566db5cdc638a33ae183d4324516c67793e1636216cf956c747a12025d307f5af073714f6a80851243ff834af821
+  metadata.gz: 97d6980612c64c73e3c7ff1962819d6448d7271883c283828401e6f7aca6f497c930c50b946048a2ef5603c2efa1f7cb9142098053c51b9043dabc7910a4aac0
+  data.tar.gz: c5509ac799c5fe2436f29dbbef0ffc1e27a7fdbf157fcba518df2847f50793cd0ec34b892b5e8fc2f9f91a1e84ce5649f0930e24176fbec4b0db4bddbe133f3e

data/CHANGELOG.md

@@ -1,3 +1,5 @@
-## 0.1.0 / Unreleased
+## 1.5.0 Windows support
 
-* Initial release
+- Added cloud-init support.
+- Added support for Windows targets.
+  - Can inject powershell script to set a random password and enable WinRM

data/LICENSE

@@ -1,6 +1,6 @@
-Author:: Stephen Pearson (<stevieweavie@gmail.com>)
+Author:: Stephen Pearson (<stephen.pearson@oracle.com>)
 
-Copyright (C) 2017, Stephen Pearson
+Copyright (C) 2019, Stephen Pearson
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

data/README.md

@@ -60,6 +60,12 @@ These settings are optional:
    - ssh\_keypath, SSH public key, default is ~/.ssh/id\_rsa.pub
    - post\_create\_script, run a script on compute\_instance after deployment
    - proxy\_url, Connect via the specified proxy URL
+   - user\_data, Add user data scripts
+
+Optional settings for WinRM support in Windows:
+
+   - setup\_winrm, Inject Windows powershell to set password and enable WinRM, default false.
+   - winrm\_username, Used to set the WinRM transport username, defaults to 'opc'.
 
 The use\_private\_ip influences whether the public or private IP will be used by Kitchen to connect to the instance.  If it is set to false (the default) then it will connect to the public IP, otherwise it'll use the private IP.
 
@@ -107,6 +113,26 @@ suites:
     attributes:
 ```
 
+## Support for user data scripts and cloud-init
+
+The driver has support for adding user data that can be executed as scripts by cloud-init.  These can either be specified inline or by referencing a file.  Examples:
+
+```
+      user_data:
+        - type: x-shellscript
+          inline: |
+            #!/bin/bash
+            touch /tmp/foo.txt
+          filename: init.sh
+        - type: x-shellscript
+          path: myscript.sh
+          filename: myscript.sh
+```
+
+The `filename` parameter must be specified for each entry, and determines the destination filename for the script.  If the user data is to be read from a file then the `path` parameter should be specified to indicate where the file is to be read from.
+
+The scripts will be encoded into a gzipped, base64 encoded multipart mime message and added as user data when launching the instance.
+
 ## Proxy support
 
 If running Kitchen on a private subnet with no public IPs permitted, it may be necessary to connect to the OCI API via a web proxy.  The proxy URL can either be specified on the command line:
@@ -134,7 +160,67 @@ transport:
   ssh_http_proxy_password: <proxy_password>
 ```
 
-Created and maintained by Stephen Pearson (<stevieweavie@gmail.com>)
+## Windows Support
+
+When launching Oracle provided Windows images, it may be helpful to allow Kitchen-oci to inject powershell to configure WinRM and to set a randomized password that does not need to be changed on first login.  If the `setup_winrm` parameter is set to true then the following steps will happen:
+
+  - A random password will be generated and stored into the Kitchen state
+  - A powershell script will be generated which sets the password for whatever username is defined in the transport section.
+  - The script, along with any other user data, will be added to the user data and passed to the new instance.
+  - The random password will be injected into the WinRM transport.
+
+Make sure that the transport name is set to `winrm` and that the os\_type in the driver is set to `windows`.  See the following example.
+
+Full example (.kitchen.yml):
+
+```
+---
+driver:
+  name: oci
+
+provisioner:
+  name: chef_zero
+  always_update_cookbooks: true
+
+verifier:
+  name: inspec
+
+platforms:
+  - name: windows
+    os_type: windows
+    driver:
+      # These are mandatory
+      compartment_id: ocid1.compartment.oc1..aaaaaaaa...
+      availability_domain: UhTe:PHX-AD-1
+      image_id: ocid1.image.oc1.phx.aaaaaaaa...
+      shape: VM.Standard2.2
+      subnet_id: ocid1.subnet.oc1.phx.aaaaaaaa...
+
+      # These are optional
+      use_private_ip: false
+      oci_config_file: ~/.oci/config
+      oci_profile_name: DEFAULT
+      ssh_keypath: "/home/<user>/.ssh/id_rsa.pub"
+
+      # This optional, but for Windows only
+      setup_winrm: true
+      winrm_username: opc
+    transport:
+      name: winrm
+
+suites:
+  - name: default
+    run_list:
+      - recipe[my_cookbook::default]
+    verifier:
+      inspec_tests:
+        - test/smoke/default
+    attributes:
+```
+
+## Maintainer
+
+Created and maintained by Stephen Pearson (<stephen.pearson@oracle.com>)
 
 ## License
 

data/kitchen-oci.gemspec

@@ -8,7 +8,7 @@ Gem::Specification.new do |spec|
   spec.name          = 'kitchen-oci'
   spec.version       = Kitchen::Driver::OCI_VERSION
   spec.authors       = ['Stephen Pearson']
-  spec.email         = ['stevieweavie@gmail.com']
+  spec.email         = ['stephen.pearson@oracle.com']
   spec.description   = 'A Test Kitchen Driver for Oracle OCI'
   spec.summary       = spec.description
   spec.homepage      = ''
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'oci', '~> 2.1'
+  spec.add_dependency 'oci', '~> 2.5'
   spec.add_dependency 'test-kitchen'
 
   spec.add_development_dependency 'bundler'

data/lib/kitchen/driver/oci.rb

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
 #
-# Author:: Stephen Pearson (<stevieweavie@gmail.com>)
+# Author:: Stephen Pearson (<stephen.pearson@oracle.com>)
 #
-# Copyright (C) 2017, Stephen Pearson
+# Copyright (C) 2019, Stephen Pearson
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,15 +17,18 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require 'base64'
+require 'erb'
 require 'kitchen'
 require 'oci'
 require 'uri'
+require 'zlib'
 
 module Kitchen
   module Driver
     # Oracle OCI driver for Kitchen.
     #
-    # @author Stephen Pearson <stevieweavie@gmail.com>
+    # @author Stephen Pearson <stephen.pearson@oracle.com>
     class Oci < Kitchen::Driver::Base # rubocop:disable Metrics/ClassLength
       required_config :compartment_id
       required_config :availability_domain
@@ -40,11 +43,26 @@ module Kitchen
       default_config :ssh_keypath, default_keypath
       default_config :post_create_script, nil
       default_config :proxy_url, nil
+      default_config :user_data, []
+      default_config :setup_winrm, false
+      default_config :winrm_user, 'opc'
+
+      def process_windows_options(state)
+        state[:username] = config[:winrm_user] if config[:setup_winrm]
+        if config[:setup_winrm] == true &&
+           config[:password].nil? &&
+           state[:password].nil?
+          state[:password] = random_password
+        end
+        state
+      end
 
       def create(state) # rubocop:disable Metrics/AbcSize
         return if state[:server_id]
 
-        instance_id = launch_instance
+        state = process_windows_options(state)
+
+        instance_id = launch_instance(state)
         state[:server_id] = instance_id
         state[:hostname] = instance_ip(instance_id)
 
@@ -93,6 +111,7 @@ module Kitchen
       def api_proxy
         prx = proxy_config
         return nil unless prx
+
         if prx.user
           OCI::ApiClientProxySettings.new(prx.host, prx.port, prx.user,
                                           prx.password)
@@ -118,8 +137,8 @@ module Kitchen
         generic_api(OCI::Core::VirtualNetworkClient)
       end
 
-      def launch_instance
-        request = compute_instance_request
+      def launch_instance(state)
+        request = compute_instance_request(state)
 
         response = comp_api.launch_instance(request)
         instance_id = response.data.id
@@ -135,7 +154,9 @@ module Kitchen
           config[:compartment_id],
           instance_id: instance_id
         ).data
+
         raise 'Could not find any VNIC attachments' unless att.any?
+
         att
       end
 
@@ -179,22 +200,95 @@ module Kitchen
         )
       end
 
-      def compute_instance_request # rubocop:disable Metrics/AbcSize
-        hostname = random_hostname(instance.name)
+      def winrm_ps1(state)
+        filename = File.join(__dir__, %w[.. .. .. tpl setup_winrm.ps1.erb])
+        tpl = ERB.new(File.read(filename))
+        tpl.result(binding)
+      end
+
+      def read_part(part)
+        if part[:path]
+          content = File.read part[:path]
+        elsif part[:inline]
+          content = part[:inline]
+        else
+          raise 'Invalid user data'
+        end
+        content.split("\n")
+      end
+
+      def mime_parts(boundary) # rubocop:disable Metrics/AbcSize
+        msg = []
+        config[:user_data].each do |m|
+          msg << "--#{boundary}"
+          msg << "Content-Disposition: attachment; filename=\"#{m[:filename]}\""
+          msg << 'Content-Transfer-Encoding: 7bit'
+          msg << "Content-Type: text/#{m[:type]}" << 'Mime-Version: 1.0' << ''
+          msg << read_part(m) << ''
+        end
+        msg << "--#{boundary}--"
+        msg
+      end
+
+      def user_data
+        boundary = "MIMEBOUNDARY_#{random_string(20)}"
+        msg = ["Content-Type: multipart/mixed; boundary=\"#{boundary}\"",
+               'MIME-Version: 1.0', '']
+        msg += mime_parts(boundary)
+        txt = msg.join("\n") + "\n"
+        gzip = Zlib::GzipWriter.new(StringIO.new)
+        gzip << txt
+        Base64.encode64(gzip.close.string).delete("\n")
+      end
+
+      def inject_powershell(state)
+        data = winrm_ps1(state)
+        config[:user_data] ||= []
+        config[:user_data] << {
+          type: 'x-shellscript',
+          inline: data,
+          filename: 'setup_winrm.ps1'
+        }
+      end
+
+      def base_oci_launch_details
         request = OCI::Core::Models::LaunchInstanceDetails.new
+        hostname = random_hostname(instance.name)
         request.availability_domain = config[:availability_domain]
         request.compartment_id = config[:compartment_id]
         request.display_name = hostname
         request.source_details = instance_source_details
         request.shape = config[:shape]
         request.create_vnic_details = create_vnic_details(hostname)
-        request.metadata = { 'ssh_authorized_keys' => pubkey }
+        request
+      end
+
+      def compute_instance_request(state)
+        request = base_oci_launch_details
+
+        inject_powershell(state) if config[:setup_winrm] == true
+
+        metadata = {}
+        metadata.store('ssh_authorized_keys', pubkey)
+        data = user_data
+        metadata.store('user_data', data) if config[:user_data].any?
+        request.metadata = metadata
         request
       end
 
       def random_hostname(prefix)
-        randstr = Array.new(6) { ('a'..'z').to_a.sample }.join
-        "#{prefix}-#{randstr}"
+        "#{prefix}-#{random_string(6)}"
+      end
+
+      def random_password # rubocop:disable Metrics/AbcSize
+        (Array.new(5) { %w[! " # & ( ) * + , - . /].sample } +
+         Array.new(5) { ('a'..'z').to_a.sample } +
+         Array.new(5) { ('A'..'Z').to_a.sample } +
+         Array.new(5) { ('0'..'9').to_a.sample }).shuffle.join
+      end
+
+      def random_string(length)
+        Array.new(length) { ('a'..'z').to_a.sample }.join
       end
     end
   end

data/lib/kitchen/driver/oci_version.rb

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
 #
-# Author:: Stephen Pearson (<stevieweavie@gmail.com>)
+# Author:: Stephen Pearson (<stephen.pearson@oracle.com>)
 #
-# Copyright (C) 2017, Stephen Pearson
+# Copyright (C) 2019, Stephen Pearson
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,6 +20,6 @@
 module Kitchen
   module Driver
     # Version string for Oracle OCI Kitchen driver
-    OCI_VERSION = '1.3.1'
+    OCI_VERSION = '1.5.0'
   end
 end

data/tpl/setup_winrm.ps1.erb

@@ -0,0 +1,25 @@
+#ps1_sysnative
+
+Write-Output "Setting <%= state[:username] %> password"
+net user <%= state[:username] %> '<%= state[:password] %>'
+
+Write-Output "Configuring WinRM"
+Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP" -RemoteAddress Any
+winrm set winrm/config/service '@{AllowUnencrypted="true"}'
+winrm quickconfig -quiet
+Enable-PSRemoting -Force
+
+winrm set winrm/config/client/auth '@{Basic="true"}'
+winrm set winrm/config/service/auth '@{Basic="true"}'
+winrm set winrm/config/service '@{AllowUnencrypted="true"}'
+winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'
+winrm set winrm/config '@{MaxTimeoutms="1800000"}'
+
+netsh advfirewall firewall add rule name="WinRM HTTP" protocol=TCP dir=in profile=any localport=5985 remoteip=any localip=any action=allow
+netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in profile=any localport=5986 remoteip=any localip=any action=allow
+
+net stop winrm
+sc.exe config winrm start=auto
+net start winrm
+
+Write-Output "Configured WinRM"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kitchen-oci
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.5.0
 platform: ruby
 authors:
 - Stephen Pearson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-05-25 00:00:00.000000000 Z
+date: 2019-03-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: oci
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '2.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '2.5'
 - !ruby/object:Gem::Dependency
   name: test-kitchen
   requirement: !ruby/object:Gem::Requirement
@@ -110,7 +110,7 @@ dependencies:
         version: '0'
 description: A Test Kitchen Driver for Oracle OCI
 email:
-- stevieweavie@gmail.com
+- stephen.pearson@oracle.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -126,6 +126,7 @@ files:
 - kitchen-oci.gemspec
 - lib/kitchen/driver/oci.rb
 - lib/kitchen/driver/oci_version.rb
+- tpl/setup_winrm.ps1.erb
 homepage: ''
 licenses:
 - Apache-2.0
@@ -145,8 +146,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.1
 signing_key: 
 specification_version: 4
 summary: A Test Kitchen Driver for Oracle OCI