knife-azure 1.6.0 → 1.7.0

data/lib/azure/resource_management/vnet_config.rb

@@ -0,0 +1,254 @@
+#
+# Author:: Aliasgar Batterywala (aliasgar.batterywala@clogeny.com)
+#
+# Copyright:: Copyright (c) 2016 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'ipaddress'
+
+module Azure::ARM
+  module VnetConfig
+
+    ## lists subnets of only a specific virtual network address space ##
+    def subnets_list_for_specific_address_space(address_prefix, subnets_list)
+      list = []
+      address_space = IPAddress(address_prefix)
+      subnets_list.each do |sbn|
+        subnet_address_prefix = IPAddress(sbn.properties.address_prefix)
+
+        ## check if the subnet belongs to this address space or not ##
+        list << sbn if address_space.include? subnet_address_prefix
+      end
+
+      list
+    end
+
+    def get_vnet(resource_group_name, vnet_name)
+      begin
+        network_resource_client.virtual_networks.get(resource_group_name, vnet_name)
+      rescue MsRestAzure::AzureOperationError => error
+        if error.body
+          err_json = JSON.parse(error.response.body)
+          if err_json['error']['code'] == "ResourceNotFound"
+            return false
+          else
+            raise error
+          end
+        end
+      end
+    end
+
+    ## lists all subnets under a virtual network or lists subnets of only a particular address space ##
+    def subnets_list(resource_group_name, vnet_name, address_prefix = nil)
+      list = network_resource_client.subnets.list(resource_group_name, vnet_name).value
+      !address_prefix.nil? && !list.empty? ? subnets_list_for_specific_address_space(address_prefix, list) : list
+    end
+
+    ## single subnet body creation to be added in template ##
+    def subnet(subnet_name, subnet_prefix)
+      {
+        'name'=> subnet_name,
+        'properties'=> {
+          'addressPrefix'=> subnet_prefix
+        }
+      }
+    end
+
+    ## return all the address prefixes under a virtual network ##
+    def vnet_address_spaces(vnet)
+      vnet.properties.address_space.address_prefixes
+    end
+
+    ## return address prefix of a subnet ##
+    def subnet_address_prefix(subnet)
+      subnet.properties.address_prefix
+    end
+
+    ## sort available networks pool in ascending order based on the network's
+    ## IP address to allocate the network for the new subnet to be added in the
+    ## existing virtual network ##
+    def sort_available_networks(available_networks)
+      available_networks.sort_by { |nwrk| nwrk.network.address.split('.').map(&:to_i) }
+    end
+
+    ## sort existing subnets in ascending order based on their cidr prefix or
+    ## netmask to have subnets with larger networks on the top ##
+    def sort_subnets_by_cidr_prefix(subnets)
+      subnets.sort_by { |sbn| [ subnet_address_prefix(sbn).split('/')[1] ].map(&:to_i) }
+    end
+
+    ## sort used networks pool in descending order based on the number of hosts
+    ## it contains, this helps to keep larger networks on top thereby eliminating
+    ## more number of entries in available_networks_pool at a faster pace ##
+    def sort_used_networks_by_hosts_size(used_network)
+      used_network.sort_by { |nwrk| -nwrk.hosts.size }
+    end
+
+    ## return the cidr prefix or netmask of the given subnet ##
+    def subnet_cidr_prefix(subnet)
+      subnet_address_prefix(subnet).split('/')[1].to_i
+    end
+
+    ## method to invoke respective sort methods for the network pools ##
+    def sort_pools(available_networks_pool, used_networks_pool)
+      return sort_available_networks(available_networks_pool), sort_used_networks_by_hosts_size(used_networks_pool)
+    end
+
+    ## when a address space in an existing virtual network is not used at all
+    ## then divide the space into the number of subnets based on the total
+    ## number of hosts that network supports ##
+    def divide_network(address_prefix)
+      network_address = IPAddress(address_prefix)
+      prefix = nil
+
+      case network_address.count
+      when 4097..65536
+        prefix = '20'
+      when 256..4096
+        prefix = '24'
+      end
+
+      ## if the given network is small then do not divide it else divide using
+      ## the prefix value calculated above ##
+      prefix.nil? ? address_prefix : network_address.network.address.concat('/' + prefix)
+    end
+
+    ## check if the available_network is part of the subnet_network or vice-versa ##
+    def in_use_network?(subnet_network, available_network)
+      (subnet_network.include? available_network) ||
+      (available_network.include? subnet_network)
+    end
+
+    ## calculate and return address_prefix for the new subnet to be added in the
+    ## existing virtual network ##
+    def new_subnet_address_prefix(vnet_address_prefix, subnets)
+      if subnets.empty?  ## no subnets exist in the given address space of the virtual network, so divide the network into smaller subnets (based on the network size) and allocate space for the new subnet to be added ##
+        divide_network(vnet_address_prefix)
+      else  ## subnets exist in vnet, calculate new address_prefix for the new subnet based on the space taken by these existing subnets under the given address space of the virtual network ##
+        vnet_network_address = IPAddress(vnet_address_prefix)
+        subnets = sort_subnets_by_cidr_prefix(subnets)
+        available_networks_pool = Array.new
+        used_networks_pool = Array.new
+        subnets.each do |subnet|
+          ## in case the larger network is not divided into smaller subnets but
+          ## divided into only 1 largest subnet of the complete network size ##
+          if vnet_network_address.prefix == subnet_cidr_prefix(subnet)
+            break
+          end
+
+          ## add all the possible subnets (calculated using the current subnet's
+          ## cidr prefix value) into the available_networks_pool ##
+          available_networks_pool.push(
+            vnet_network_address.subnet(subnet_cidr_prefix(subnet))
+          ).flatten!.uniq! { |nwrk| [ nwrk.network.address, nwrk.prefix ].join(':') }
+
+          ## add current subnet into the used_networks_pool ##
+          used_networks_pool.push(
+            IPAddress(subnet_address_prefix(subnet))
+          )
+
+          ## sort both the network pools before trimming the available_networks_pool ##
+          available_networks_pool, used_networks_pool = sort_pools(
+            available_networks_pool, used_networks_pool)
+
+          ## trim the available_networks_pool based on the networks already
+          ## allocated to the existing subnets ##
+          used_networks_pool.each do |subnet_network|
+            available_networks_pool.delete_if {
+              |available_network| in_use_network?(subnet_network, available_network)
+            }
+          end
+
+          ## sort both the network pools after trimming the available_networks_pool ##
+          available_networks_pool, used_networks_pool = sort_pools(
+            available_networks_pool, used_networks_pool)
+        end
+
+        ## space available in the vnet_address_prefix network for the new subnet ##
+        if !available_networks_pool.empty? && available_networks_pool.first.network?
+          available_networks_pool.first.network.address.concat("/" + available_networks_pool.first.prefix.to_s)
+        else  ## space not available in the vnet_address_prefix network for the new subnet ##
+          nil
+        end
+      end
+    end
+
+    ## add new subnet into the existing virtual network ##
+    def add_subnet(subnet_name, vnet_config, subnets)
+      new_subnet_prefix = nil
+      vnet_address_prefix_count = 0
+      vnet_address_space = vnet_config[:addressPrefixes]
+
+      ## search for space in all the address prefixes of the virtual network ##
+      while new_subnet_prefix.nil? && vnet_address_space.length > vnet_address_prefix_count
+        new_subnet_prefix = new_subnet_address_prefix(
+          vnet_address_space[vnet_address_prefix_count],
+          subnets_list_for_specific_address_space(
+            vnet_address_space[vnet_address_prefix_count], subnets
+          )
+        )
+        vnet_address_prefix_count = vnet_address_prefix_count + 1
+      end
+
+      if new_subnet_prefix  ## found space for new subnet ##
+        vnet_config[:subnets].push(
+          subnet(subnet_name, new_subnet_prefix)
+        )
+      else  ## no space available in the virtual network for the new subnet ##
+        raise "Unable to add subnet #{subnet_name} into the virtual network #{vnet_config[:virtualNetworkName]}, no address space available !!!"
+      end
+
+      vnet_config
+    end
+
+    ## virtual network configuration creation for the new vnet creation or to 
+    ## handle existing vnet ##
+    def create_vnet_config(resource_group_name, vnet_name, vnet_subnet_name)
+      raise ArgumentError, 'GatewaySubnet cannot be used as the name for --azure-vnet-subnet-name option. GatewaySubnet can only be used for virtual network gateways.' if vnet_subnet_name == 'GatewaySubnet'
+
+      vnet_config = {}
+      subnets = nil
+      flag = true
+      ## check whether user passed or default named virtual network exist or not ##
+      vnet = get_vnet(resource_group_name, vnet_name)
+      vnet_config[:virtualNetworkName] = vnet_name
+      if vnet  ## handle resources in the existing virtual network ##
+        vnet_config[:addressPrefixes] = vnet_address_spaces(vnet)
+        vnet_config[:subnets] = Array.new
+        subnets = subnets_list(resource_group_name, vnet_name)
+        subnets.each do |subnet|
+          flag = false if subnet.name == vnet_subnet_name  ## given subnet already exist in the virtual network ##
+          ## preserve the existing subnet resources ##
+          vnet_config[:subnets].push(
+            subnet(subnet.name, subnet_address_prefix(subnet))
+          )
+        end if subnets
+      else  ## create config for new vnet ##
+        vnet_config[:addressPrefixes] = [ "10.0.0.0/16" ]
+        vnet_config[:subnets] = Array.new
+        vnet_config[:subnets].push(
+          subnet(vnet_subnet_name, "10.0.0.0/24")
+        )
+        flag = false
+      end
+
+      ## given subnet does not exist, so create new one in the virtual network ##
+      vnet_config = add_subnet(vnet_subnet_name, vnet_config, subnets) if flag
+
+      vnet_config
+    end
+  end
+end

data/lib/azure/resource_management/windows_credentials.rb

@@ -21,11 +21,13 @@
 require 'chef'
 require 'mixlib/shellout'
 require 'ffi'
+require "chef/win32/api"
 
 module Azure::ARM
 
     module ReadCred
 
+      extend Chef::ReservedNames::Win32::API
       extend FFI::Library
 
       ffi_lib 'Advapi32'
@@ -37,36 +39,36 @@ module Azure::ARM
 
       # Ref: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724284(v=vs.85).aspx
       class FILETIME < FFI::Struct
-        layout :dwLowDateTime, :uint32,
-               :dwHighDateTime, :uint32
+        layout :dwLowDateTime, :DWORD,
+               :dwHighDateTime, :DWORD
       end
 
       # Ref: https://msdn.microsoft.com/en-us/library/windows/desktop/aa374790(v=vs.85).aspx
       class CREDENTIAL_ATTRIBUTE < FFI::Struct
-        layout :Keyword, :pointer,
-               :Flags, :uint32,
-               :ValueSize, :uint32,
-               :Value, :pointer
+        layout :Keyword, :LPTSTR,
+               :Flags, :DWORD,
+               :ValueSize, :DWORD,
+               :Value, :LPBYTE
       end
 
       # Ref: https://msdn.microsoft.com/en-us/library/windows/desktop/aa374788(v=vs.85).aspx
       class CREDENTIAL_OBJECT < FFI::Struct
-          layout :Flags, :uint32,
-                 :Type, :uint32,
-                 :TargetName, :pointer,
-                 :Comment, :pointer,
+          layout :Flags, :DWORD,
+                 :Type, :DWORD,
+                 :TargetName, :LPTSTR,
+                 :Comment, :LPTSTR,
                  :LastWritten, FILETIME,
-                 :CredentialBlobSize, :uint32,
-                 :CredentialBlob, :pointer,
-                 :Persist, :uint32,
-                 :AttributeCount, :uint32,
+                 :CredentialBlobSize, :DWORD,
+                 :CredentialBlob, :LPBYTE,
+                 :Persist, :DWORD,
+                 :AttributeCount, :DWORD,
                  :Attributes, CREDENTIAL_ATTRIBUTE,
-                 :TargetAlias, :pointer,
-                 :UserName, :pointer
+                 :TargetAlias, :LPTSTR,
+                 :UserName, :LPTSTR
         end
 
       # Ref: https://msdn.microsoft.com/en-us/library/windows/desktop/aa374804(v=vs.85).aspx
-      attach_function :CredReadW, [:pointer, :uint32, :uint32, :pointer], :bool
+      safe_attach_function :CredReadW, [:LPCTSTR, :DWORD, :DWORD, :pointer], :BOOL
     end
 
 
@@ -76,61 +78,107 @@ module Azure::ARM
       include ReadCred
 
       def token_details_for_windows
-        target = target_name
-
-        if target
-          target_pointer = wstring(target)
-          info_ptr = FFI::MemoryPointer.new(:pointer)
-          cred = CREDENTIAL_OBJECT.new info_ptr
-          cred_result = CredReadW(target_pointer, CRED_TYPE_GENERIC, 0, cred)
-          translated_cred = CREDENTIAL_OBJECT.new(info_ptr.read_pointer)
-
-          target_obj = translated_cred[:TargetName].read_wstring.split("::") if translated_cred[:TargetName].read_wstring
-          cred_blob = translated_cred[:CredentialBlob].get_bytes(0, translated_cred[:CredentialBlobSize]).split("::")
-
-          tokentype = target_obj.select { |obj| obj.include? "tokenType" }
-          user = target_obj.select { |obj| obj.include? "userId" }
-          clientid = target_obj.select { |obj| obj.include? "clientId" }
-          expiry_time = target_obj.select { |obj| obj.include? "expiresOn" }
-          access_token = cred_blob.select { |obj| obj.include? "a:" }
-          refresh_token = cred_blob.select { |obj| obj.include? "r:" }
-
-          credential = {}
-          credential[:tokentype] = tokentype[0].split(":")[1] if tokentype
-          credential[:user] = user[0].split(":")[1] if user
-          credential[:token] = access_token[0].split(":")[1] if access_token
-          credential[:refresh_token] = refresh_token[0].split(":")[1] if refresh_token
-          credential[:clientid] = clientid[0].split(":")[1] if clientid
-          credential[:expiry_time] = expiry_time[0].split("expiresOn:")[1].gsub("\\","") if expiry_time
-        else
-          raise "TargetName Not Found"
+        begin
+          target = target_name
+
+          if target && !target.empty?
+            target_pointer = wstring(target)
+            info_ptr = FFI::MemoryPointer.new(:pointer)
+            cred = CREDENTIAL_OBJECT.new info_ptr
+            cred_result = CredReadW(target_pointer, CRED_TYPE_GENERIC, 0, cred)
+            translated_cred = CREDENTIAL_OBJECT.new(info_ptr.read_pointer)
+
+            target_obj = translated_cred[:TargetName].read_wstring.split("::") if translated_cred[:TargetName].read_wstring
+            cred_blob = translated_cred[:CredentialBlob].get_bytes(0, translated_cred[:CredentialBlobSize]).split("::")
+
+            tokentype = target_obj.select { |obj| obj.include? "tokenType" }
+            user = target_obj.select { |obj| obj.include? "userId" }
+            clientid = target_obj.select { |obj| obj.include? "clientId" }
+            expiry_time = target_obj.select { |obj| obj.include? "expiresOn" }
+            access_token = cred_blob.select { |obj| obj.include? "a:" }
+            refresh_token = cred_blob.select { |obj| obj.include? "r:" }
+
+            credential = {}
+            credential[:tokentype] = tokentype[0].split(":")[1]
+            credential[:user] = user[0].split(":")[1]
+            credential[:token] = access_token[0].split(":")[1]
+            #Todo: refresh_token is not complete currently
+            # target_name method needs to be modified for that
+            credential[:refresh_token] = refresh_token[0].split(":")[1]
+            credential[:clientid] = clientid[0].split(":")[1]
+            credential[:expiry_time] = expiry_time[0].split("expiresOn:")[1].gsub("\\","")
+
+            # Free memory pointed by info_ptr
+            info_ptr.free
+          else
+            raise "TargetName Not Found"
+          end
+          credential
+        rescue => error
+          ui.error("#{error.message}")
+          Chef::Log.debug("#{error.backtrace.join("\n")}")
+          exit
         end
-        credential
       end
 
+      #Todo: For getting the complete refreshToken, both credentials (ending with --0-2 and --1-2) have to be read
       def target_name
-        # cmdkey command is used for accessing windows credential manager
-        xplat_creds_cmd = Mixlib::ShellOut.new("cmdkey /list | findstr AzureXplatCli")
+        # cmdkey command is used for accessing windows credential manager.
+        # Multiple credentials get created in windows credential manager for a single Azure account in xplat-cli
+        # One of them is for common tanent id, which can't be used
+        # Others end with --0-x,--1-x,--2-x etc, where x represents the total no. of credentails across which the token is divided
+        # The one ending with --0-x has the complete accessToken in the credentialBlob.
+        # Refresh Token is split across both credentials (ending with --0-x and --1-x).
+        # Xplat splits the credentials based on the number of bytes of the tokens.
+        # Hence the access token is always found in the one which start with --0-
+        # So selecting the credential on the basis of --0-
+        xplat_creds_cmd = Mixlib::ShellOut.new('cmdkey /list | findstr AzureXplatCli | findstr \--0- | findstr -v common')
         result = xplat_creds_cmd.run_command
+        target_names = []
 
-        target_name = ""
         if result.stdout.empty?
-          raise "Azure Credentials not found. Please run xplat's 'azure login' command"
+          Chef::Log.debug("Unable to find a credential with --0- and falling back to looking for any credential.")
+          xplat_creds_cmd = Mixlib::ShellOut.new('cmdkey /list | findstr AzureXplatCli | findstr -v common')
+          result = xplat_creds_cmd.run_command
+
+          if result.stdout.empty?
+            raise "Azure Credentials not found. Please run xplat's 'azure login' command"
+          else
+            target_names = result.stdout.split("\n")
+          end
+        else
+          target_names = result.stdout.split("\n")
+        end
+
+        # If "azure login" is run for multiple users, there will be multiple credentials
+        # Picking up the latest logged in user's credentials
+        latest_target = latest_credential_target target_names
+        latest_target
+      end
+
+      def latest_credential_target targets
+        case targets.size
+        when 0
+          raise "No Target was found for windows credentials"
+        when 1
+          return targets.first.gsub("Target:","").strip
         else
-          result.stdout.split("\n").each do |target|
-            # Three credentials get created in windows credential manager for xplat-cli
-            # One of them is for common tanent id, which can't be used
-            # Two of them end with --0-2 and --1-2. The one ending with --1-2 doesn't have
-            # accessToken and refreshToken in the credentialBlob.
-            # Selecting the one ending with --0-2
-            if !target.include?("common::") && target.include?("--0-2")
-              target_name = target.gsub("Target:","").strip
-              break
+          latest_target = ""
+          max_expiry_time = Time.new(0)
+
+          # Using expiry_time to determine the latest credential
+          targets.each do |target|
+            target_obj = target.split("::")
+            expiry_time_obj = target_obj.select { |obj| obj.include? "expiresOn" }
+            expiry_time = expiry_time_obj[0].split("expiresOn:")[1].gsub("\\","")
+            if Time.parse(expiry_time) > max_expiry_time
+              latest_target = target
+              max_expiry_time = Time.parse(expiry_time)
             end
           end
-        end
 
-        target_name
+          return latest_target.gsub("Target:","").strip
+        end
       end
     end
 end