kitchen-vcenter 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 3d3bbb3c6bad4d1c38ef1fc4049a0363083e1bd7
+  data.tar.gz: e6e3e44a085fdb28159d4562130b73a860948e42
+SHA512:
+  metadata.gz: 8b96a21adbe30109d9991564f81eded1b0c647366df9631145c678aec30c73d5dd64c45428b4d715845c77ea07184f3b76d83c8cf3185812eb8a0b0e7b116830
+  data.tar.gz: 705e798243b0763f288a7d6938a5b3e1ca9461500c97ccc21c836d48f4ea99d30fe4d3b9fb21eb9aacf02abf699b0e29c3b58995e7c5dd94dd689ede96976b1d

data/CHANGELOG.md

@@ -0,0 +1,13 @@
+# Change Log
+
+## [1.0.0](https://github.com/chef/kitchen-vcenter/tree/1.0.0) (2017-08-10)
+**Merged pull requests:**
+
+- 1.0.0 release [\#4](https://github.com/chef/kitchen-vcenter/pull/4) ([jjasghar](https://github.com/jjasghar))
+- Second walk through [\#3](https://github.com/chef/kitchen-vcenter/pull/3) ([jjasghar](https://github.com/jjasghar))
+- Updated so that the vm\_name is set according to suite and platform. [\#2](https://github.com/chef/kitchen-vcenter/pull/2) ([russellseymour](https://github.com/russellseymour))
+- Prep-for-public release [\#1](https://github.com/chef/kitchen-vcenter/pull/1) ([jjasghar](https://github.com/jjasghar))
+
+
+
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

data/README.md

@@ -0,0 +1,127 @@
+# kitchen-vcenter
+
+[![Gem Version](https://badge.fury.io/rb/kitchen-vcenter.svg)](https://rubygems.org/gems/kitchen-vcenter)
+[![Build Status](https://travis-ci.org/chef/kitchen-vcenter.svg?branch=master)](https://travis-ci.org/chef/kitchen-vcenter)
+[![Dependency Status](https://gemnasium.com/chef/kitchen-vcenter.svg)](https://gemnasium.com/chef/kitchen-vcenter)
+[![Inline docs](http://inch-ci.org/github/chef/kitchen-vcenter.svg?branch=master)](http://inch-ci.org/github/chef/kitchen-vcenter)
+
+This is the official Chef test-kitchen plugin for VMware REST API. This plugin gives kitchen the ability to create, bootstrap, and test VMware vms.
+- Documentation: [https://github.com/chef/kitchen-vcenter/blob/master/README.md](https://github.com/chef/kitchen-vcenter/blob/master/README.md)
+- Source: [https://github.com/chef/kitchen-vcenter/tree/master](https://github.com/chef/kitchen-vcenter/tree/master)
+- Issues: [https://github.com/chef/kitchen-vcenter/issues](https://github.com/chef/knife-vcenter/issues)
+- Slack: sign up: https://code.vmware.com/slack/ slack channel: #chef
+- Mailing list: [https://discourse.chef.io/](https://discourse.chef.io/)
+
+This is a `test-kitchen` plugin that allows interaction with vSphere using the vSphere Automation SDK.
+
+Please refer to the [CHANGELOG](CHANGELOG.md) for version history and known issues.
+
+## Requirements
+
+- Chef 13.0 higher
+- Ruby 2.3.3 or higher
+
+## Installation
+
+Using [ChefDK](https://downloads.chef.io/chef-dk/), simply install the Gem:
+
+```bash
+chef gem install kitchen-vcenter
+```
+
+If you're using bundler, simply add Chef and kitchen-vcenter to your Gemfile:
+
+```ruby
+gem 'chef'
+gem 'kitchen-vcenter'
+```
+
+## Usage
+
+A sample `.kitchen.yml` file, details are below.
+
+```yml
+driver:
+  name: vcenter
+  vcenter_username: <%= ENV['VCENTER_USER'] || "administrator@vsphere.local" %>
+  vcenter_password: <%= ENV['VCENTER_PASSWORD'] || "P@ssw0rd!" %>
+  vcenter_host: vcenter.chef.io
+  vcenter_disable_ssl_verify: true
+  driver_config:
+    targethost: 172.16.20.41
+    datacenter: "Datacenter"
+
+platforms:
+  - name: ubuntu-1604
+    driver_config:
+      template: ubuntu16-template
+  - name: centos-7
+    driver_config:
+      template: centos7-template
+
+```
+
+### Required parameters:
+
+The following parameters should be set in the main `driver_config` section as they are common to all platforms.
+
+ - `vcenter_username` - Name to use when connecting to the vSphere environment
+ - `vcenter_password` - Password associated with the specified user
+ - `vcenter_host` - Host against which logins should be attempted
+ - `vcenter_disable_ssl_verify` - Whether or not to disable SSL verification checks. Good when using self signed certificates. Default: false
+
+The following parameters should be set in the `driver_config` for the individual platform.
+
+ - `targethost` - Host on which the new virtual machine should be created
+ - `template` - Template or virtual machine to use when cloning the new machine
+ - `datacenter` - Name of the datacenter to use to deploy into
+
+### Optional Parameters
+
+The following optional parameters should be used in the `driver_config` for the platform.
+
+ - `folder` - Folder into which the new machine should be stored. If specified the folder _must_ already exist
+
+## Contributing
+
+For information on contributing to this project see <https://github.com/chef/chef/blob/master/CONTRIBUTING.md>
+
+## Development
+
+* Report issues/questions/feature requests on [GitHub Issues][issues]
+
+Pull requests are very welcome! Make sure your patches are well tested.
+Ideally create a topic branch for every separate change you make. For
+example:
+
+1. Fork the repo
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Run the tests and rubocop, `bundle exec rake spec` and `bundle exec rake rubocop`
+4. Commit your changes (`git commit -am 'Added some feature'`)
+5. Push to the branch (`git push origin my-new-feature`)
+6. Create new Pull Request
+
+
+## License
+
+Author:: Russell Seymour ([rseymour@chef.io](mailto:rseymour@chef.io))
+
+Author:: JJ Asghar ([jj@chef.io](mailto:jj@chef.io))
+
+Copyright:: Copyright (c) 2017 Chef Software, Inc.
+
+License:: Apache License, Version 2.0
+
+```text
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+```

data/lib/base.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+#
+# Author:: Chef Partner Engineering (<partnereng@chef.io>)
+# Copyright:: Copyright (c) 2017 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'logger'
+
+module Base
+  attr_accessor :log
+
+  def self.log
+    @log ||= init_logger
+  end
+
+  def self.init_logger
+    log = Logger.new(STDOUT)
+    log.progname = 'Knife VCenter'
+    log.level = Logger::INFO
+    log
+  end
+end

data/lib/kitchen-vcenter/version.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+#
+# Author:: Chef Partner Engineering (<partnereng@chef.io>)
+# Copyright:: Copyright (c) 2017 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module KitchenVcenter
+  VERSION = '1.0.0'.freeze
+end

data/lib/kitchen/driver/vcenter.rb

@@ -0,0 +1,171 @@
+# frozen_string_literal: true
+#
+# Author:: Chef Partner Engineering (<partnereng@chef.io>)
+# Copyright:: Copyright (c) 2017 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'kitchen'
+require 'rbvmomi'
+require 'sso'
+require 'base'
+require 'lookup_service_helper'
+require 'vapi'
+require 'com/vmware/cis'
+require 'com/vmware/vcenter'
+require 'com/vmware/vcenter/vm'
+require 'support/clone_vm'
+require 'securerandom'
+
+module Kitchen
+  module Driver
+    #
+    # Vcenter
+    #
+    class Vcenter < Kitchen::Driver::Base
+      attr_accessor :connection_options, :ipaddress, :vapi_config, :session_svc, :session_id
+
+      default_config :targethost
+      default_config :folder
+      default_config :template
+      default_config :datacenter
+      default_config :vcenter_username
+      default_config :vcenter_password
+      default_config :vcenter_host
+      default_config :vcenter_disable_ssl_verify, false
+      default_config :poweron, true
+      default_config :vm_name, nil
+
+      def create(state)
+        # If the vm_name has not been set then set it now based on the suite, platform and a random number
+        if config[:vm_name].nil?
+          config[:vm_name] = format('%s-%s-%s', instance.suite.name, instance.platform.name, SecureRandom.hex(4))
+        end
+
+        connect
+
+        # Using the clone class, create a machine for TK
+        # Find the identifier for the targethost to pass to rbvmomi
+        config[:targethost] = get_host(config[:targethost])
+
+        # Same thing needs to happen with the folder name if it has been set
+        config[:folder] = {
+          name: config[:folder],
+          id: get_folder(config[:folder])
+        } unless config[:folder].nil?
+
+        # Create a hash of options that the clone requires
+        options = {
+          name: config[:vm_name],
+          targethost: config[:targethost],
+          poweron: config[:poweron],
+          template: config[:template],
+          datacenter: config[:datacenter],
+          folder: config[:folder]
+        }
+
+        # Create an object from which the clone operation can be called
+        clone_obj = Support::CloneVm.new(connection_options, options)
+        state[:hostname] = clone_obj.clone()
+        state[:vm_name] = config[:vm_name]
+      end
+
+      def destroy(state)
+        return if state[:vm_name].nil?
+        connect
+        vm = get_vm(state[:vm_name])
+
+        vm_obj = Com::Vmware::Vcenter::VM.new(vapi_config)
+
+        # shut the machine down if it is running
+        if vm.power_state.value == "POWERED_ON"
+          power = Com::Vmware::Vcenter::Vm::Power.new(vapi_config)
+          power.stop(vm.vm)
+        end
+
+        # delete the vm
+        vm_obj.delete(vm.vm)
+      end
+
+      private
+
+      def validate_state(state = {})
+
+      end
+
+      def existing_state_value?(state, property)
+        state.key?(property) && !state[property].nil?
+      end
+
+      def get_host(name)
+        filter = Com::Vmware::Vcenter::Host::FilterSpec.new({names: Set.new([name])})
+        host_obj = Com::Vmware::Vcenter::Host.new(vapi_config)
+        host = host_obj.list
+        host[0].host
+      end
+
+      def get_folder(name)
+        # Create a filter to ensure that only the named folder is returned
+        filter = Com::Vmware::Vcenter::Folder::FilterSpec.new({names: Set.new([name])})
+        # filter.names = name
+        folder_obj = Com::Vmware::Vcenter::Folder.new(vapi_config)
+        folder = folder_obj.list(filter)
+
+        folder[0].folder
+      end
+
+      def get_vm(name)
+        filter = Com::Vmware::Vcenter::VM::FilterSpec.new({names: Set.new([name])})
+        vm_obj = Com::Vmware::Vcenter::VM.new(vapi_config)
+        vm_obj.list(filter)[0]
+      end
+
+      def connect
+        # Configure the connection to vCenter
+        lookup_service_helper = LookupServiceHelper.new(config[:vcenter_host])
+        vapi_urls = lookup_service_helper.find_vapi_urls()
+        vapi_url = vapi_urls.values[0]
+
+        # Create the VAPI config object
+        ssl_options = {}
+        ssl_options[:verify] = config[:vcenter_disable_ssl_verify] ? :none : :peer
+        @vapi_config = VAPI::Bindings::VapiConfig.new(vapi_url, ssl_options)
+
+        # get the SSO url
+        sso_url = lookup_service_helper.find_sso_url()
+        sso = SSO::Connection.new(sso_url).login(config[:vcenter_username], config[:vcenter_password])
+        token = sso.request_bearer_token()
+        vapi_config.set_security_context(
+          VAPI::Security.create_saml_bearer_security_context(token.to_s)
+        )
+
+        # Login and get the session information
+        @session_svc = Com::Vmware::Cis::Session.new(vapi_config)
+        @session_id = session_svc.create()
+        vapi_config.set_security_context(
+          VAPI::Security.create_session_security_context(session_id)
+        )
+
+        # Configure the hash for use when connecting for cloning a machine
+        @connection_options = {
+          user: config[:vcenter_username],
+          password: config[:vcenter_password],
+          insecure: config[:vcenter_disable_ssl_verify] ? true : false,
+          host: config[:vcenter_host],
+        }
+      end
+    end
+  end
+end

data/lib/lookup_service_helper.rb

@@ -0,0 +1,463 @@
+# Copyright 2014-2017 VMware, Inc.  All Rights Reserved.
+# SPDX-License-Identifier: MIT
+
+require 'savon'
+require 'nokogiri'
+require 'base'
+# require 'sample/framework/sample_base'
+
+# Utility class that helps use the lookup service.
+class LookupServiceHelper
+
+    attr_reader :sample, :wsdl_url, :soap_url
+    attr_reader :serviceRegistration
+
+    # Constructs a new instance.
+    # @param sample [SampleBase] the associated sample, which provides access
+    #     to the configuration properties of the sample
+    def initialize(host)
+      
+        @soap_url = format("https://%s/lookupservice/sdk", host)
+        @wsdl_url = format("https://%s/lookupservice/wsdl/lookup.wsdl", host)
+
+    end
+
+    # Connects to the lookup service.
+    def connect
+        rsc = RetrieveServiceContent.new(client).invoke()
+        @serviceRegistration = rsc.get_service_registration()
+        Base.log.info "service registration = #{serviceRegistration}"
+    end
+
+    # Finds the SSO service URL.
+    # In a MxN setup where there are more than one PSC nodes;
+    # This method returns the first SSO service endpoint URL
+    # as returned by the lookup service.
+    #
+    # @return [String] SSO Service endpoint URL.
+    def find_sso_url
+        result = find_service_url(product='com.vmware.cis',
+                                  service='cs.identity',
+                                  endpoint='com.vmware.cis.cs.identity.sso',
+                                  protocol='wsTrust')
+        raise 'SSO URL not found' unless result && result.size > 0
+        return result.values[0]
+    end
+
+    # Finds all the vAPI service endpoint URLs.
+    # In a MxN setup where there are more than one management node;
+    # this method returns more than one URL
+    #
+    # @return [Hash] vapi service endpoint URLs in a dictionary
+    #     where the key is the node_id and the value is the service URL.
+    def find_vapi_urls
+        return find_service_url(product='com.vmware.cis',
+                                service='cs.vapi',
+                                endpoint='com.vmware.vapi.endpoint',
+                                protocol='vapi.json.https.public')
+    end
+
+    # Finds the vapi service endpoint URL of a management node.
+    #
+    # @param node_id [String] The UUID of the management node.
+    # @return [String] vapi service endpoint URL of a management node or
+    #     nil if no vapi endpoint is found.
+    def find_vapi_url(node_id)
+        raise 'node_id is required' if node_id.nil?
+        result = find_vapi_urls()
+        raise 'VAPI URLs not found' unless result && result.size > 0
+        return result[node_id]
+    end
+
+    # Finds all the vim service endpoint URLs
+    # In a MxN setup where there are more than one management node;
+    # this method returns more than one URL
+    #
+    # @return [Hash] vim service endpoint URLs in a dictionary where
+    #     the key is the node_id and the value is the service URL.
+    def find_vim_urls
+        return find_service_url(product='com.vmware.cis',
+                                service='vcenterserver',
+                                endpoint='com.vmware.vim',
+                                protocol='vmomi')
+    end
+
+    # Finds the vim service endpoint URL of a management node
+    #
+    # @param node_id [String] The UUID of the management node.
+    # @return [String] vim service endpoint URL of a management node or
+    #     nil if no vim endpoint is found.
+    def find_vim_url(node_id)
+        raise 'node_id is required' if node_id.nil?
+        result = find_vim_urls()
+        raise 'VIM URLs not found' unless result && result.size > 0
+        return result[node_id]
+    end
+
+    # Finds all the spbm service endpoint URLs
+    # In a MxN setup where there are more than one management node;
+    # this method returns more than one URL
+    #
+    # @return [Hash] spbm service endpoint URLs in a dictionary where
+    #     the key is the node_id and the value is the service URL.
+    def find_vim_pbm_urls
+        return find_service_url(product='com.vmware.vim.sms',
+                                service='sms',
+                                endpoint='com.vmware.vim.pbm',
+                                protocol='https')
+    end
+
+    # Finds the spbm service endpoint URL of a management node
+    #
+    # @param node_id [String] The UUID of the management node.
+    # @return [String] spbm service endpoint URL of a management node or
+    #     nil if no spbm endpoint is found.
+    def find_vim_pbm_url(node_id)
+        raise 'node_id is required' if node_id.nil?
+        result = find_vim_pbm_urls()
+        raise 'PBM URLs not found' unless result && result.size > 0
+        return result[node_id]
+    end
+
+    # Get the management node id from the instance name
+    #
+    # @param instance_name [String] The instance name of the management node
+    # @return [String] The UUID of the management node or
+    #     nil is no management node is found by the given instance name
+    def get_mgmt_node_id(instance_name)
+        raise 'instance_name is required' if instance_name.nil?
+        result = find_mgmt_nodes()
+        raise 'Management nodes not found' unless result && result.size > 0
+        return result[instance_name]
+    end
+
+    def get_mgmt_node_instance_name(node_id)
+        raise 'node_id is required' if node_id.nil?
+        result = find_mgmt_nodes()
+        raise 'Management nodes not found' unless result && result.size > 0
+        result.each { |k, v| return k if v == node_id }
+        nil
+    end
+
+    # Finds the instance name and UUID of the management node for M1xN1 or
+    # when the PSC and management services all reside on a single node.
+    def get_default_mgmt_node
+        result = find_mgmt_nodes()
+        raise 'Management nodes not found' unless result && result.size > 0
+        #WHY: raise MultipleManagementNodeException.new if result.size > 1
+        return [result.keys[0], result.values[0]]
+    end
+
+    # Finds all the management nodes
+    #
+    # @return [Hash] management node instance name and node id (UUID) in a dictionary.
+    def find_mgmt_nodes
+        #assert self.serviceRegistration is not None
+        list = List.new(client, 'com.vmware.cis', 'vcenterserver',
+                        'vmomi', 'com.vmware.vim')
+
+        list.invoke()
+        list.get_instance_names()
+    end
+
+    private
+
+    # Finds a service URL with the given attributes.
+    def find_service_url(product, service, endpoint, protocol)
+        #assert serviceRegistration is not None
+        list = List.new(client, product, service, protocol, endpoint)
+
+        list.invoke()
+        list.get_service_endpoints()
+    end
+
+    # Gets or creates the Savon client instance.
+    def client
+        @client ||= Savon.client do |globals|
+            # see: http://savonrb.com/version2/globals.html
+            globals.wsdl wsdl_url
+            globals.endpoint soap_url
+
+            globals.strip_namespaces false
+            globals.env_namespace :S
+
+            # set like this so https connection does not fail
+            # TODO: find an acceptable solution for production
+            globals.ssl_verify_mode :none
+
+            # dev/debug settings
+            # globals.pretty_print_xml ENV['DEBUG_SOAP']
+            # globals.log ENV['DEBUG_SOAP']
+        end
+    end
+end
+
+
+# @abstract Base class for invocable service calls.
+class Invocable
+
+    attr_reader :operation, :client, :response
+
+    # Constructs a new instance.
+    # @param operation [Symbol] the operation name
+    # @param client [Savon::Client] the client
+    def initialize(operation, client)
+        @operation = operation
+        @client = client
+    end
+
+    # Invokes the service call represented by this type.
+    def invoke
+        request = request_xml.to_s
+        Base.log.debug(request)
+        @response = client.call(operation, xml:request)
+        Base.log.debug(response)
+        self # for chaining with new
+    end
+
+    # Builds the request XML content.
+    def request_xml
+        builder = Builder::XmlMarkup.new()
+        builder.instruct!(:xml, encoding: "UTF-8")
+
+        builder.tag!("S:Envelope",
+                     "xmlns:S" => "http://schemas.xmlsoap.org/soap/envelope/") do |envelope|
+            envelope.tag!("S:Body") do |body|
+                body_xml(body)
+            end
+        end
+        builder.target!
+    end
+
+    # Builds the body portion of the request XML content.
+    # Specific service operations must override this method.
+    def body_xml
+        raise 'abstract method not implemented!'
+    end
+
+    # Gets the response XML content.
+    def response_xml
+        raise 'illegal state: response not set yet' if response.nil?
+        @response_xml ||= Nokogiri::XML(response.to_xml)
+    end
+
+    def response_hash
+        @response_hash ||= response.to_hash
+    end
+end
+
+# Encapsulates the list operation of the lookup service.
+class List < Invocable
+
+    # Constructs a new instance.
+    def initialize(client, product, service, protocol, endpoint)
+        super(:list, client)
+
+        @product = product
+        @service = service
+        @protocol = protocol
+        @endpoint = endpoint
+    end
+
+=begin
+    <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
+        <S:Body>
+            <List xmlns="urn:lookup">
+                <_this type="LookupServiceRegistration">ServiceRegistration</_this>
+                <filterCriteria>
+                    <serviceType>
+                        <product>com.vmware.cis</product>
+                        <type>cs.identity</type>
+                    </serviceType>
+                    <endpointType>
+                        <protocol>wsTrust</protocol>
+                        <type>com.vmware.cis.cs.identity.sso</type>
+                    </endpointType>
+                </filterCriteria>
+            </List>
+        </S:Body>
+    </S:Envelope>
+=end
+    def body_xml(body)
+        body.tag!("List", "xmlns" => "urn:lookup") do |list|
+            #TODO: use the copy that was retrieved on startup?
+            list.tag!("_this",
+                      "type" => "LookupServiceRegistration") do |this|
+                this << "ServiceRegistration"
+            end
+            list.tag!("filterCriteria") do |criteria|
+                criteria.tag!("serviceType") do |stype|
+                    stype.tag!("product") do |p|
+                        p << @product
+                    end
+                    stype.tag!("type") do |t|
+                        t << @service
+                    end
+                end
+                criteria.tag!("endpointType") do |etype|
+                    etype.tag!("protocol") do |p|
+                        p << @protocol
+                    end
+                    etype.tag!("type") do |t|
+                        t << @endpoint
+                    end
+                end
+            end
+        end
+    end
+
+    # Gets the service endpoint information from the response.
+    # Support for MxN.
+    # @return [Hash] a hash where the key is NodeId and the Value is a Service URL
+    def get_service_endpoints
+        result = {}
+=begin
+    <ListResponse xmlns="urn:lookup">
+        <returnval>
+            <serviceVersion>2.0</serviceVersion>
+            <vendorNameResourceKey/>
+            <vendorNameDefault/>
+            <vendorProductInfoResourceKey/>
+            <vendorProductInfoDefault/>
+            <serviceEndpoints>
+                <url>https://pa-rdinfra3-vm7-dhcp5583.eng.vmware.com/sts/STSService/vsphere.local</url>
+                <endpointType>
+                    <protocol>wsTrust</protocol>
+                    <type>com.vmware.cis.cs.identity.sso</type>
+                </endpointType>
+                <sslTrust>
+                    ...
+                </sslTrust>
+            </serviceEndpoints>
+            <serviceNameResourceKey/>
+            <serviceNameDefault/>
+            <serviceDescriptionResourceKey/>
+            <serviceDescriptionDefault/>
+            <ownerId>pa-rdinfra3-vm7-dhcp5583.eng.vmware.com@vsphere.local</ownerId>
+            <serviceType>
+                <product>com.vmware.cis</product>
+                <type>cs.identity</type>
+            </serviceType>
+            <nodeId/>
+            <serviceId>6a8a5058-5d3d-4d42-bb5e-383b91c8732e</serviceId>
+            <siteId>default-first-site</siteId>
+        </returnval>
+    </ListResponse>
+=end
+        Base.log.debug "List: response_hash = #{response_hash}"
+        return_val = response_hash[:list_response][:returnval]
+        return_val = [return_val] if return_val.is_a? Hash
+        return_val.each { |entry|
+            #FYI: the node_id is sometimes null, so use the service_id in this case
+            node_id = entry[:node_id] || entry[:service_id]
+            result[node_id] = entry[:service_endpoints][:url]
+        }
+        Base.log.debug "List: result = #{result}"
+        return result
+    end
+
+    def get_instance_names
+        result = {}
+=begin
+        <serviceAttributes>
+            <key>com.vmware.cis.cm.GroupInternalId</key>
+            <value>com.vmware.vim.vcenter</value>
+        </serviceAttributes>
+        <serviceAttributes>
+            <key>com.vmware.cis.cm.ControlScript</key>
+            <value>vmware-vpxd.sh</value>
+        </serviceAttributes>
+        <serviceAttributes>
+            <key>com.vmware.cis.cm.HostId</key>
+            <value>906477a1-24c6-4d48-9e99-55ef962878f7</value>
+        </serviceAttributes>
+        <serviceAttributes>
+            <key>com.vmware.vim.vcenter.instanceName</key>
+            <value>pa-rdinfra3-vm7-dhcp5583.eng.vmware.com</value>
+        </serviceAttributes>
+=end
+        Base.log.debug "List: response_hash = #{response_hash}"
+        return_val = response_hash[:list_response][:returnval]
+        return_val = [return_val] if return_val.is_a? Hash
+        return_val.each { |entry|
+            node_id = entry[:node_id]
+            #TODO: is it possible there be 0 or 1 attrs?  if so, deal with it.
+            attrs = entry[:service_attributes]
+            Base.log.debug "List: attrs=#{attrs}"
+            attrs.each { |attr|
+                if attr[:key] == 'com.vmware.vim.vcenter.instanceName'
+                    result[attr[:value]] = node_id
+                end
+            }
+        }
+        Base.log.debug "List: result = #{result}"
+        return result
+    end
+end
+
+# Encapsulates the RetrieveServiceContent operation of the lookup service.
+class RetrieveServiceContent < Invocable
+
+    # Constructs a new instance.
+    def initialize(client)
+        super(:retrieve_service_content, client)
+    end
+
+=begin
+    <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
+        <S:Body>
+            <RetrieveServiceContent xmlns="urn:lookup">
+                <_this type="LookupServiceInstance">ServiceInstance</_this>
+            </RetrieveServiceContent>
+        </S:Body>
+    </S:Envelope>
+=end
+    def body_xml(body)
+        body.tag!("RetrieveServiceContent", "xmlns" => "urn:lookup") do |rsc|
+            rsc.tag!("_this", "type" => "LookupServiceInstance") do |this|
+                this << "ServiceInstance"
+            end
+        end
+    end
+
+=begin
+    ...
+        <RetrieveServiceContentResponse xmlns="urn:lookup">
+            <returnval>
+                <lookupService type="LookupLookupService">lookupService</lookupService>
+                <serviceRegistration type="LookupServiceRegistration">ServiceRegistration</serviceRegistration>
+                <deploymentInformationService type="LookupDeploymentInformationService">deploymentInformationService</deploymentInformationService>
+                <l10n type="LookupL10n">l10n</l10n>
+            </returnval>
+        </RetrieveServiceContentResponse>
+    ...
+=end
+    def get_service_registration
+        Base.log.debug "RetrieveServiceContent: response_hash = #{response_hash}"
+        return_val = response_hash[:retrieve_service_content_response][:returnval]
+        result = return_val[:service_registration]
+        Base.log.debug "RetrieveServiceContent: result = #{result}"
+        result
+    end
+end
+
+class MultipleManagementNodeException < Exception
+end
+
+# main: quick self tester
+if __FILE__ == $0
+    Base.log.level = Logger::DEBUG if ENV['DEBUG']
+    sample = SelfTestSample.new
+    sample.ls_ip = ARGV[0] || '10.67.245.207'
+    #MXN: sample.ls_ip = '10.160.42.83'
+    #MXN: sample.ls_ip = '10.160.35.191'
+    #MAYBE: sample.main() # for arg parsing
+    ls_helper = LookupServiceHelper.new(sample)
+    ls_helper.connect()
+    puts '***************************************'
+    puts "SSO URL: #{ls_helper.find_sso_url()}"
+    puts "VAPI URL: #{ls_helper.find_vapi_urls()}"
+    puts "VIM URL: #{ls_helper.find_vim_urls()}"
+    puts "PBM URL: #{ls_helper.find_vim_pbm_urls()}"
+    puts "Mgmt Nodes: #{ls_helper.find_mgmt_nodes()}"
+end

data/lib/sso.rb

@@ -0,0 +1,269 @@
+# Copyright 2014-2017 VMware, Inc.  All Rights Reserved.
+# SPDX-License-Identifier: MIT
+
+require 'savon'
+require 'nokogiri'
+require 'date'
+require 'securerandom'
+
+# A little utility library for VMware SSO.
+# For now, this is not a general purpose library that covers all
+# the interfaces of the SSO service.
+# Specifically, the support is limited to the following:
+# * request bearer token.
+module SSO
+
+    # The XML date format.
+    DATE_FORMAT = "%FT%T.%LZ"
+
+    # The XML namespaces that are required: SOAP, WSDL, et al.
+    NAMESPACES = {
+        "xmlns:S" => "http://schemas.xmlsoap.org/soap/envelope/",
+        "xmlns:wst" => "http://docs.oasis-open.org/ws-sx/ws-trust/200512",
+        "xmlns:u" => "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd",
+        "xmlns:x" => "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
+    }
+
+    # Provides the connection details for the SSO service.
+    class Connection
+
+        attr_accessor :sso_url, :wsdl_url, :username, :password
+
+        # Creates a new instance.
+        def initialize(sso_url, wsdl_url=nil)
+            self.sso_url = sso_url
+            self.wsdl_url = wsdl_url || "#{sso_url}?wsdl"
+        end
+
+        # Login with the given credentials.
+        # Note: this does not invoke a login action, but rather stores the
+        # credentials for use later.
+        def login(username, password)
+            self.username = username
+            self.password = password
+            self # enable builder pattern
+        end
+
+        # Gets (or creates) the Savon client instance.
+        def client
+            # construct and init the client proxy
+            @client ||= Savon.client do |globals|
+                # see: http://savonrb.com/version2/globals.html
+                globals.wsdl wsdl_url
+                globals.endpoint sso_url
+
+                globals.strip_namespaces false
+                globals.env_namespace :S
+
+                # set like this so https connection does not fail
+                # TODO: find an acceptable solution for production
+                globals.ssl_verify_mode :none
+
+                # dev/debug settings
+                # globals.pretty_print_xml ENV['DEBUG_SOAP']
+                # globals.log ENV['DEBUG_SOAP']
+            end
+        end
+
+        # Invokes the request bearer token operation.
+        # @return [SamlToken]
+        def request_bearer_token()
+            rst = RequestSecurityToken.new(client, username, password)
+            rst.invoke()
+            rst.saml_token
+        end
+    end
+
+    # @abstract Base class for invocable service calls.
+    class SoapInvocable
+
+        attr_reader :operation, :client, :response
+
+        # Constructs a new instance.
+        # @param operation [Symbol] the SOAP operation name (in Symbol form)
+        # @param client [Savon::Client] the client
+        def initialize(operation, client)
+            @operation = operation
+            @client = client
+        end
+
+        # Invokes the service call represented by this type.
+        def invoke
+            request = request_xml.to_s
+            puts "request = #{request}" if ENV['DEBUG']
+            @response = client.call(operation, xml:request)
+            puts "response = #{response}" if ENV['DEBUG']
+            self # for chaining with new
+        end
+
+        # Builds the request XML content.
+        def request_xml
+            builder = Builder::XmlMarkup.new()
+            builder.instruct!(:xml, encoding: "UTF-8")
+
+            builder.tag!("S:Envelope", NAMESPACES) do |envelope|
+                if has_header?
+                    envelope.tag!("S:Header") do |header|
+                        header_xml(header)
+                    end
+                end
+                envelope.tag!("S:Body") do |body|
+                    body_xml(body)
+                end
+            end
+            builder.target!
+        end
+
+        def has_header?
+            true
+        end
+
+        # Builds the header portion of the SOAP request.
+        # Specific service operations must override this method.
+        def header_xml(header)
+            raise 'abstract method not implemented!'
+        end
+
+        # Builds the body portion of the SOAP request.
+        # Specific service operations must override this method.
+        def body_xml(body)
+            raise 'abstract method not implemented!'
+        end
+
+        # Gets the response XML content.
+        def response_xml
+            raise 'illegal state: response not set yet' if response.nil?
+            @response_xml ||= Nokogiri::XML(response.to_xml)
+        end
+
+        def response_hash
+            @response_hash ||= response.to_hash
+        end
+    end
+
+    # Encapsulates an issue operation that requests a security token
+    # from the SSO service.
+    class RequestSecurityToken < SoapInvocable
+
+        attr_accessor :request_type, :delegatable
+
+        # Constructs a new instance.
+        def initialize(client, username, password, hours=2)
+            super(:issue, client)
+
+            @username = username
+            @password = password
+            @hours = hours
+
+            #TODO: these things should be configurable, so we can get
+            #non-delegatable tokens, HoK tokens, etc.
+            @request_type = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"
+            @delegatable = true
+        end
+
+        def now
+            @now ||= Time.now.utc.to_datetime
+        end
+
+        def created
+            @created ||= now.strftime(DATE_FORMAT)
+        end
+
+        def future
+            @future ||= now + (2/24.0) #days (for DateTime math)
+        end
+
+        def expires
+            @expires ||= future.strftime(DATE_FORMAT)
+        end
+
+        # Builds the header XML for the SOAP request.
+        def header_xml(header)
+            id = "uuid-" + SecureRandom.uuid
+
+            #header.tag!("x:Security", "x:mustUnderstand" => "1") do |security|
+            header.tag!("x:Security") do |security|
+                security.tag!("u:Timestamp", "u:Id" => "_0") do |timestamp|
+                    timestamp.tag!("u:Created") do |element|
+                        element << created
+                    end
+                    timestamp.tag!("u:Expires") do |element|
+                        element << expires
+                    end
+                end
+                security.tag!("x:UsernameToken", "u:Id" => id) do |utoken|
+                    utoken.tag!("x:Username") do |element|
+                        element << @username
+                    end
+                    utoken.tag!("x:Password") do |element|
+                        element << @password
+                    end
+                end
+            end
+        end
+
+        # Builds the body XML for the SOAP request.
+        def body_xml(body)
+            body.tag!("wst:RequestSecurityToken") do |rst|
+                rst.tag!("wst:RequestType") do |element|
+                    element << request_type
+                end
+                rst.tag!("wst:Delegatable") do |element|
+                    element << delegatable.to_s
+                end
+=begin
+                #TODO: we don't seem to need this, but I'm leaving this
+                #here for now as a reminder.
+                rst.tag!("wst:Lifetime") do |lifetime|
+                    lifetime.tag!("u:Created") do |element|
+                        element << created
+                    end
+                    lifetime.tag!("u:Expires") do |element|
+                        element << expires
+                    end
+                end
+=end
+            end
+        end
+
+        # Gets the saml_token from the SOAP response body.
+        # @return [SamlToken] the requested SAML token
+        def saml_token
+            assertion = response_xml.at_xpath('//saml2:Assertion',
+                    'saml2' => 'urn:oasis:names:tc:SAML:2.0:assertion')
+            SamlToken.new(assertion)
+        end
+    end
+
+    # Holds a SAML token.
+    class SamlToken
+        attr_reader :xml
+
+        # Creates a new instance.
+        def initialize(xml)
+            @xml = xml
+        end
+
+        #TODO: add some getters for interesting content
+
+        def to_s
+            esc_token = xml.to_xml(:indent => 0, :encoding => 'UTF-8')
+            esc_token = esc_token.gsub(/\n/, '')
+            esc_token
+        end
+    end
+end
+
+# main: quick self tester
+if __FILE__ == $0
+    cloudvm_ip = ARGV[0]
+    cloudvm_ip ||= "10.20.17.0"
+    #cloudvm_ip ||= "10.67.245.207"
+    sso_url = "https://#{cloudvm_ip}/sts/STSService/vsphere.local"
+    wsdl_url = "#{sso_url}?wsdl"
+    sso = SSO::Connection.new(sso_url, wsdl_url)
+    #sso.login("administrator@vsphere.local", "Admin!23")
+    sso.login("root", "vmware")
+    token = sso.request_bearer_token
+    puts token.to_s
+end

data/lib/support/clone_vm.rb

@@ -0,0 +1,53 @@
+require 'rbvmomi'
+
+class Support
+  class CloneVm
+    attr_reader :vim, :options
+
+    def initialize(conn_opts, options)
+      @options = options
+
+      # Connect to vSphere
+      @vim ||= RbVmomi::VIM.connect conn_opts
+    end
+
+    def clone
+
+      # set the datacenter name
+      dc = vim.serviceInstance.find_datacenter(options[:datacenter])
+      src_vm = dc.find_vm(options[:template])
+      hosts = dc.hostFolder.children
+
+      # Specify where the machine is going to be created
+      relocate_spec = RbVmomi::VIM.VirtualMachineRelocateSpec
+      relocate_spec.host = options[:targethost]
+      relocate_spec.pool = hosts.first.resourcePool
+
+      clone_spec = RbVmomi::VIM.VirtualMachineCloneSpec(location: relocate_spec,
+                                                  powerOn: options[:poweron],
+                                                  template: false)
+
+      # Set the folder to use
+      dest_folder = options[:folder].nil? ? src_vm.parent : options[:folder][:id]
+
+      puts "Cloning the template #{options[:template]} to create the VM..."
+      task = src_vm.CloneVM_Task(folder: dest_folder, name: options[:name], spec: clone_spec)
+      task.wait_for_completion
+
+      # get the IP address of the machine for bootstrapping
+      # machine name is based on the path, e.g. that includes the folder
+      name = options[:folder].nil? ? options[:name] : format("%s/%s", options[:folder][:name], options[:name])
+      new_vm = dc.find_vm(name)
+
+      if new_vm.nil?
+        puts format("Unable to find machine: %s", name)
+      else
+        puts 'Waiting for network interfaces to become available...'
+        sleep 2 while new_vm.guest.net.empty? || !new_vm.guest.ipAddress
+        new_vm.guest.net[0].ipConfig.ipAddress.detect do |addr|
+          addr.origin != 'linklayer'
+        end.ipAddress
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,164 @@
+--- !ruby/object:Gem::Specification
+name: kitchen-vcenter
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Russell Seymour
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-08-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: test-kitchen
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: vsphere-automation-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+- !ruby/object:Gem::Dependency
+  name: rbvmomi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: savon
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.11'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.11'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: github_changelog_generator
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+description: Test Kitchen driver for VMware vCenter using SDK
+email:
+- russell@chef.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- README.md
+- lib/base.rb
+- lib/kitchen-vcenter/version.rb
+- lib/kitchen/driver/vcenter.rb
+- lib/lookup_service_helper.rb
+- lib/sso.rb
+- lib/support/clone_vm.rb
+homepage: https://github.com/chef/kitchen-vcenter
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.11
+signing_key: 
+specification_version: 4
+summary: Test Kitchen driver for VMare vCenter
+test_files: []