knife-azure 1.8.7 → 1.9.0

data/lib/azure/resource_management/vnet_config.rb

@@ -1,7 +1,7 @@
 #
 # Author:: Aliasgar Batterywala (aliasgar.batterywala@clogeny.com)
 #
-# Copyright:: Copyright (c) 2016 Opscode, Inc.
+# Copyright:: Copyright 2016-2018 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -17,7 +17,7 @@
 # limitations under the License.
 #
 
-require 'ipaddress'
+require "ipaddress"
 
 module Azure::ARM
   module VnetConfig
@@ -37,16 +37,14 @@ module Azure::ARM
     end
 
     def get_vnet(resource_group_name, vnet_name)
-      begin
-        network_resource_client.virtual_networks.get(resource_group_name, vnet_name)
-      rescue MsRestAzure::AzureOperationError => error
-        if error.body
-          err_json = JSON.parse(error.response.body)
-          if err_json['error']['code'] == "ResourceNotFound"
-            return false
-          else
-            raise error
-          end
+      network_resource_client.virtual_networks.get(resource_group_name, vnet_name)
+    rescue MsRestAzure::AzureOperationError => error
+      if error.body
+        err_json = JSON.parse(error.response.body)
+        if err_json["error"]["code"] == "ResourceNotFound"
+          return false
+        else
+          raise error
         end
       end
     end
@@ -60,9 +58,9 @@ module Azure::ARM
     ## single subnet body creation to be added in template ##
     def subnet(subnet_name, subnet_prefix)
       {
-        'name'=> subnet_name,
-        'properties'=> {
-          'addressPrefix'=> subnet_prefix
+        "name" => subnet_name,
+        "properties" => {
+          "addressPrefix" => subnet_prefix
         }
       }
     end
@@ -81,7 +79,7 @@ module Azure::ARM
     ## IP address to allocate the network for the new subnet to be added in the
     ## existing virtual network ##
     def sort_available_networks(available_networks)
-      available_networks.sort_by { |nwrk| nwrk.network.address.split('.').map(&:to_i) }
+      available_networks.sort_by { |nwrk| nwrk.network.address.split(".").map(&:to_i) }
     end
 
     ## sort existing subnets in ascending order based on their cidr prefix or
@@ -99,12 +97,12 @@ module Azure::ARM
 
     ## return the cidr prefix or netmask of the given subnet ##
     def subnet_cidr_prefix(subnet)
-      subnet_address_prefix(subnet).split('/')[1].to_i
+      subnet_address_prefix(subnet).split("/")[1].to_i
     end
 
     ## method to invoke respective sort methods for the network pools ##
     def sort_pools(available_networks_pool, used_networks_pool)
-      return sort_available_networks(available_networks_pool), sort_used_networks_by_hosts_size(used_networks_pool)
+      [sort_available_networks(available_networks_pool), sort_used_networks_by_hosts_size(used_networks_pool)]
     end
 
     ## when a address space in an existing virtual network is not used at all
@@ -116,28 +114,28 @@ module Azure::ARM
 
       case network_address.count
       when 4097..65536
-        prefix = '20'
+        prefix = "20"
       when 256..4096
-        prefix = '24'
+        prefix = "24"
       end
 
       ## if the given network is small then do not divide it else divide using
       ## the prefix value calculated above ##
-      prefix.nil? ? address_prefix : network_address.network.address.concat('/' + prefix)
+      prefix.nil? ? address_prefix : network_address.network.address.concat("/" + prefix)
     end
 
     ## check if the available_network is part of the subnet_network or vice-versa ##
     def in_use_network?(subnet_network, available_network)
       (subnet_network.include? available_network) ||
-      (available_network.include? subnet_network)
+        (available_network.include? subnet_network)
     end
 
     ## calculate and return address_prefix for the new subnet to be added in the
     ## existing virtual network ##
     def new_subnet_address_prefix(vnet_address_prefix, subnets)
-      if subnets.empty?  ## no subnets exist in the given address space of the virtual network, so divide the network into smaller subnets (based on the network size) and allocate space for the new subnet to be added ##
+      if subnets.empty? ## no subnets exist in the given address space of the virtual network, so divide the network into smaller subnets (based on the network size) and allocate space for the new subnet to be added ##
         divide_network(vnet_address_prefix)
-      else  ## subnets exist in vnet, calculate new address_prefix for the new subnet based on the space taken by these existing subnets under the given address space of the virtual network ##
+      else ## subnets exist in vnet, calculate new address_prefix for the new subnet based on the space taken by these existing subnets under the given address space of the virtual network ##
         vnet_network_address = IPAddress(vnet_address_prefix)
         subnets = sort_subnets_by_cidr_prefix(subnets)
         available_networks_pool = Array.new
@@ -153,7 +151,7 @@ module Azure::ARM
           ## cidr prefix value) into the available_networks_pool ##
           available_networks_pool.push(
             vnet_network_address.subnet(subnet_cidr_prefix(subnet))
-          ).flatten!.uniq! { |nwrk| [ nwrk.network.address, nwrk.prefix ].join(':') }
+          ).flatten!.uniq! { |nwrk| [ nwrk.network.address, nwrk.prefix ].join(":") }
 
           ## add current subnet into the used_networks_pool ##
           used_networks_pool.push(
@@ -167,9 +165,9 @@ module Azure::ARM
           ## trim the available_networks_pool based on the networks already
           ## allocated to the existing subnets ##
           used_networks_pool.each do |subnet_network|
-            available_networks_pool.delete_if {
-              |available_network| in_use_network?(subnet_network, available_network)
-            }
+            available_networks_pool.delete_if do |available_network|
+              in_use_network?(subnet_network, available_network)
+            end
           end
 
           ## sort both the network pools after trimming the available_networks_pool ##
@@ -180,7 +178,7 @@ module Azure::ARM
         ## space available in the vnet_address_prefix network for the new subnet ##
         if !available_networks_pool.empty? && available_networks_pool.first.network?
           available_networks_pool.first.network.address.concat("/" + available_networks_pool.first.prefix.to_s)
-        else  ## space not available in the vnet_address_prefix network for the new subnet ##
+        else ## space not available in the vnet_address_prefix network for the new subnet ##
           nil
         end
       end
@@ -200,24 +198,24 @@ module Azure::ARM
             vnet_address_space[vnet_address_prefix_count], subnets
           )
         )
-        vnet_address_prefix_count = vnet_address_prefix_count + 1
+        vnet_address_prefix_count += 1
       end
 
-      if new_subnet_prefix  ## found space for new subnet ##
+      if new_subnet_prefix ## found space for new subnet ##
         vnet_config[:subnets].push(
           subnet(subnet_name, new_subnet_prefix)
         )
-      else  ## no space available in the virtual network for the new subnet ##
+      else ## no space available in the virtual network for the new subnet ##
         raise "Unable to add subnet #{subnet_name} into the virtual network #{vnet_config[:virtualNetworkName]}, no address space available !!!"
       end
 
       vnet_config
     end
 
-    ## virtual network configuration creation for the new vnet creation or to 
+    ## virtual network configuration creation for the new vnet creation or to
     ## handle existing vnet ##
     def create_vnet_config(resource_group_name, vnet_name, vnet_subnet_name)
-      raise ArgumentError, 'GatewaySubnet cannot be used as the name for --azure-vnet-subnet-name option. GatewaySubnet can only be used for virtual network gateways.' if vnet_subnet_name == 'GatewaySubnet'
+      raise ArgumentError, "GatewaySubnet cannot be used as the name for --azure-vnet-subnet-name option. GatewaySubnet can only be used for virtual network gateways." if vnet_subnet_name == "GatewaySubnet"
 
       vnet_config = {}
       subnets = nil
@@ -225,18 +223,20 @@ module Azure::ARM
       ## check whether user passed or default named virtual network exist or not ##
       vnet = get_vnet(resource_group_name, vnet_name)
       vnet_config[:virtualNetworkName] = vnet_name
-      if vnet  ## handle resources in the existing virtual network ##
+      if vnet ## handle resources in the existing virtual network ##
         vnet_config[:addressPrefixes] = vnet_address_spaces(vnet)
         vnet_config[:subnets] = Array.new
         subnets = subnets_list(resource_group_name, vnet_name)
-        subnets.each do |subnet|
-          flag = false if subnet.name == vnet_subnet_name  ## given subnet already exist in the virtual network ##
-          ## preserve the existing subnet resources ##
-          vnet_config[:subnets].push(
-            subnet(subnet.name, subnet_address_prefix(subnet))
-          )
-        end if subnets
-      else  ## create config for new vnet ##
+        if subnets
+          subnets.each do |subnet|
+            flag = false if subnet.name == vnet_subnet_name ## given subnet already exist in the virtual network ##
+            ## preserve the existing subnet resources ##
+            vnet_config[:subnets].push(
+              subnet(subnet.name, subnet_address_prefix(subnet))
+            )
+          end
+        end
+      else ## create config for new vnet ##
         vnet_config[:addressPrefixes] = [ "10.0.0.0/16" ]
         vnet_config[:subnets] = Array.new
         vnet_config[:subnets].push(

data/lib/azure/resource_management/windows_credentials.rb

@@ -1,184 +1,181 @@
-#
-# Author:: Nimisha Sharad (nimisha.sharad@clogeny.com)
-# Copyright:: Copyright (c) 2015-2016 Opscode, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-# XPLAT stores the access token and other information in windows credential manager.
-# Using FFI to call CredRead function
-require 'chef'
-require 'mixlib/shellout'
-require 'ffi'
-require "chef/win32/api"
-
-module Azure::ARM
-
-    module ReadCred
-
-      extend Chef::ReservedNames::Win32::API
-      extend FFI::Library
-
-      ffi_lib 'Advapi32'
-
-      CRED_TYPE_GENERIC = 1
-      CRED_TYPE_DOMAIN_PASSWORD = 2
-      CRED_TYPE_DOMAIN_CERTIFICATE = 3
-      CRED_TYPE_DOMAIN_VISIBLE_PASSWORD = 4
-
-      # Ref: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724284(v=vs.85).aspx
-      class FILETIME < FFI::Struct
-        layout :dwLowDateTime, :DWORD,
-               :dwHighDateTime, :DWORD
-      end
-
-      # Ref: https://msdn.microsoft.com/en-us/library/windows/desktop/aa374790(v=vs.85).aspx
-      class CREDENTIAL_ATTRIBUTE < FFI::Struct
-        layout :Keyword, :LPTSTR,
-               :Flags, :DWORD,
-               :ValueSize, :DWORD,
-               :Value, :LPBYTE
-      end
-
-      # Ref: https://msdn.microsoft.com/en-us/library/windows/desktop/aa374788(v=vs.85).aspx
-      class CREDENTIAL_OBJECT < FFI::Struct
-          layout :Flags, :DWORD,
-                 :Type, :DWORD,
-                 :TargetName, :LPTSTR,
-                 :Comment, :LPTSTR,
-                 :LastWritten, FILETIME,
-                 :CredentialBlobSize, :DWORD,
-                 :CredentialBlob, :LPBYTE,
-                 :Persist, :DWORD,
-                 :AttributeCount, :DWORD,
-                 :Attributes, CREDENTIAL_ATTRIBUTE,
-                 :TargetAlias, :LPTSTR,
-                 :UserName, :LPTSTR
-        end
-
-      # Ref: https://msdn.microsoft.com/en-us/library/windows/desktop/aa374804(v=vs.85).aspx
-      safe_attach_function :CredReadW, [:LPCTSTR, :DWORD, :DWORD, :pointer], :BOOL
-    end
-
-
-    module WindowsCredentials
-
-      include Chef::Mixin::WideString
-      include ReadCred
-
-      def token_details_from_WCM
-        begin
-          target = target_name
-
-          if target && !target.empty?
-            target_pointer = wstring(target)
-            info_ptr = FFI::MemoryPointer.new(:pointer)
-            cred = CREDENTIAL_OBJECT.new info_ptr
-            cred_result = CredReadW(target_pointer, CRED_TYPE_GENERIC, 0, cred)
-            translated_cred = CREDENTIAL_OBJECT.new(info_ptr.read_pointer)
-
-            target_obj = translated_cred[:TargetName].read_wstring.split("::") if translated_cred[:TargetName].read_wstring
-            cred_blob = translated_cred[:CredentialBlob].get_bytes(0, translated_cred[:CredentialBlobSize]).split("::")
-
-            tokentype = target_obj.select { |obj| obj.include? "tokenType" }
-            user = target_obj.select { |obj| obj.include? "userId" }
-            clientid = target_obj.select { |obj| obj.include? "clientId" }
-            expiry_time = target_obj.select { |obj| obj.include? "expiresOn" }
-            access_token = cred_blob.select { |obj| obj.include? "a:" }
-            refresh_token = cred_blob.select { |obj| obj.include? "r:" }
-
-            credential = {}
-            credential[:tokentype] = tokentype[0].split(":")[1]
-            credential[:user] = user[0].split(":")[1]
-            credential[:token] = access_token[0].split(":")[1]
-            #Todo: refresh_token is not complete currently
-            # target_name method needs to be modified for that
-            credential[:refresh_token] = refresh_token[0].split(":")[1]
-            credential[:clientid] = clientid[0].split(":")[1]
-            credential[:expiry_time] = expiry_time[0].split("expiresOn:")[1].gsub("\\","")
-
-            # Free memory pointed by info_ptr
-            info_ptr.free
-          else
-            raise "TargetName Not Found"
-          end
-          credential
-        rescue => error
-          ui.error("#{error.message}")
-          Chef::Log.debug("#{error.backtrace.join("\n")}")
-          exit
-        end
-      end
-
-      #Todo: For getting the complete refreshToken, both credentials (ending with --0-2 and --1-2) have to be read
-      def target_name
-        # cmdkey command is used for accessing windows credential manager.
-        # Multiple credentials get created in windows credential manager for a single Azure account in xplat-cli
-        # One of them is for common tanent id, which can't be used
-        # Others end with --0-x,--1-x,--2-x etc, where x represents the total no. of credentails across which the token is divided
-        # The one ending with --0-x has the complete accessToken in the credentialBlob.
-        # Refresh Token is split across both credentials (ending with --0-x and --1-x).
-        # Xplat splits the credentials based on the number of bytes of the tokens.
-        # Hence the access token is always found in the one which start with --0-
-        # So selecting the credential on the basis of --0-
-        xplat_creds_cmd = Mixlib::ShellOut.new('cmdkey /list | findstr AzureXplatCli | findstr \--0- | findstr -v common')
-        result = xplat_creds_cmd.run_command
-        target_names = []
-
-        if result.stdout.empty?
-          Chef::Log.debug("Unable to find a credential with --0- and falling back to looking for any credential.")
-          xplat_creds_cmd = Mixlib::ShellOut.new('cmdkey /list | findstr AzureXplatCli | findstr -v common')
-          result = xplat_creds_cmd.run_command
-
-          if result.stdout.empty?
-            raise "Azure Credentials not found. Please run xplat's 'azure login' command"
-          else
-            target_names = result.stdout.split("\n")
-          end
-        else
-          target_names = result.stdout.split("\n")
-        end
-
-        # If "azure login" is run for multiple users, there will be multiple credentials
-        # Picking up the latest logged in user's credentials
-        latest_target = latest_credential_target target_names
-        latest_target
-      end
-
-      def latest_credential_target targets
-        case targets.size
-        when 0
-          raise "No Target was found for windows credentials"
-        when 1
-          return targets.first.gsub("Target:","").strip
-        else
-          latest_target = ""
-          max_expiry_time = Time.new(0)
-
-          # Using expiry_time to determine the latest credential
-          targets.each do |target|
-            target_obj = target.split("::")
-            expiry_time_obj = target_obj.select { |obj| obj.include? "expiresOn" }
-            expiry_time = expiry_time_obj[0].split("expiresOn:")[1].gsub("\\","")
-            if Time.parse(expiry_time) > max_expiry_time
-              latest_target = target
-              max_expiry_time = Time.parse(expiry_time)
-            end
-          end
-
-          return latest_target.gsub("Target:","").strip
-        end
-      end
-    end
-end
+#
+# Author:: Nimisha Sharad (nimisha.sharad@clogeny.com)
+# Copyright:: Copyright 2015-2018 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# XPLAT stores the access token and other information in windows credential manager.
+# Using FFI to call CredRead function
+require "chef"
+require "mixlib/shellout"
+require "ffi"
+require "chef/win32/api"
+
+module Azure::ARM
+
+  module ReadCred
+
+    extend Chef::ReservedNames::Win32::API
+    extend FFI::Library
+
+    ffi_lib "Advapi32"
+
+    CRED_TYPE_GENERIC = 1
+    CRED_TYPE_DOMAIN_PASSWORD = 2
+    CRED_TYPE_DOMAIN_CERTIFICATE = 3
+    CRED_TYPE_DOMAIN_VISIBLE_PASSWORD = 4
+
+    # Ref: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724284(v=vs.85).aspx
+    class FILETIME < FFI::Struct
+      layout :dwLowDateTime, :DWORD,
+             :dwHighDateTime, :DWORD
+    end
+
+    # Ref: https://msdn.microsoft.com/en-us/library/windows/desktop/aa374790(v=vs.85).aspx
+    class CREDENTIAL_ATTRIBUTE < FFI::Struct
+      layout :Keyword, :LPTSTR,
+             :Flags, :DWORD,
+             :ValueSize, :DWORD,
+             :Value, :LPBYTE
+    end
+
+    # Ref: https://msdn.microsoft.com/en-us/library/windows/desktop/aa374788(v=vs.85).aspx
+    class CREDENTIAL_OBJECT < FFI::Struct
+      layout :Flags, :DWORD,
+             :Type, :DWORD,
+             :TargetName, :LPTSTR,
+             :Comment, :LPTSTR,
+             :LastWritten, FILETIME,
+             :CredentialBlobSize, :DWORD,
+             :CredentialBlob, :LPBYTE,
+             :Persist, :DWORD,
+             :AttributeCount, :DWORD,
+             :Attributes, CREDENTIAL_ATTRIBUTE,
+             :TargetAlias, :LPTSTR,
+             :UserName, :LPTSTR
+      end
+
+    # Ref: https://msdn.microsoft.com/en-us/library/windows/desktop/aa374804(v=vs.85).aspx
+    safe_attach_function :CredReadW, [:LPCTSTR, :DWORD, :DWORD, :pointer], :BOOL
+  end
+
+  module WindowsCredentials
+
+    include Chef::Mixin::WideString
+    include ReadCred
+
+    def token_details_from_WCM
+      target = target_name
+
+      if target && !target.empty?
+        target_pointer = wstring(target)
+        info_ptr = FFI::MemoryPointer.new(:pointer)
+        cred = CREDENTIAL_OBJECT.new info_ptr
+        cred_result = CredReadW(target_pointer, CRED_TYPE_GENERIC, 0, cred)
+        translated_cred = CREDENTIAL_OBJECT.new(info_ptr.read_pointer)
+
+        target_obj = translated_cred[:TargetName].read_wstring.split("::") if translated_cred[:TargetName].read_wstring
+        cred_blob = translated_cred[:CredentialBlob].get_bytes(0, translated_cred[:CredentialBlobSize]).split("::")
+
+        tokentype = target_obj.select { |obj| obj.include? "tokenType" }
+        user = target_obj.select { |obj| obj.include? "userId" }
+        clientid = target_obj.select { |obj| obj.include? "clientId" }
+        expiry_time = target_obj.select { |obj| obj.include? "expiresOn" }
+        access_token = cred_blob.select { |obj| obj.include? "a:" }
+        refresh_token = cred_blob.select { |obj| obj.include? "r:" }
+
+        credential = {}
+        credential[:tokentype] = tokentype[0].split(":")[1]
+        credential[:user] = user[0].split(":")[1]
+        credential[:token] = access_token[0].split(":")[1]
+        #Todo: refresh_token is not complete currently
+        # target_name method needs to be modified for that
+        credential[:refresh_token] = refresh_token[0].split(":")[1]
+        credential[:clientid] = clientid[0].split(":")[1]
+        credential[:expiry_time] = expiry_time[0].split("expiresOn:")[1].delete("\\")
+
+        # Free memory pointed by info_ptr
+        info_ptr.free
+      else
+        raise "TargetName Not Found"
+      end
+      credential
+    rescue => error
+      ui.error("#{error.message}")
+      Chef::Log.debug("#{error.backtrace.join("\n")}")
+      exit
+    end
+
+    #Todo: For getting the complete refreshToken, both credentials (ending with --0-2 and --1-2) have to be read
+    def target_name
+      # cmdkey command is used for accessing windows credential manager.
+      # Multiple credentials get created in windows credential manager for a single Azure account in xplat-cli
+      # One of them is for common tanent id, which can't be used
+      # Others end with --0-x,--1-x,--2-x etc, where x represents the total no. of credentails across which the token is divided
+      # The one ending with --0-x has the complete accessToken in the credentialBlob.
+      # Refresh Token is split across both credentials (ending with --0-x and --1-x).
+      # Xplat splits the credentials based on the number of bytes of the tokens.
+      # Hence the access token is always found in the one which start with --0-
+      # So selecting the credential on the basis of --0-
+      xplat_creds_cmd = Mixlib::ShellOut.new('cmdkey /list | findstr AzureXplatCli | findstr \--0- | findstr -v common')
+      result = xplat_creds_cmd.run_command
+      target_names = []
+
+      if result.stdout.empty?
+        Chef::Log.debug("Unable to find a credential with --0- and falling back to looking for any credential.")
+        xplat_creds_cmd = Mixlib::ShellOut.new("cmdkey /list | findstr AzureXplatCli | findstr -v common")
+        result = xplat_creds_cmd.run_command
+
+        if result.stdout.empty?
+          raise "Azure Credentials not found. Please run xplat's 'azure login' command"
+        else
+          target_names = result.stdout.split("\n")
+        end
+      else
+        target_names = result.stdout.split("\n")
+      end
+
+      # If "azure login" is run for multiple users, there will be multiple credentials
+      # Picking up the latest logged in user's credentials
+      latest_target = latest_credential_target target_names
+      latest_target
+    end
+
+    def latest_credential_target(targets)
+      case targets.size
+      when 0
+        raise "No Target was found for windows credentials"
+      when 1
+        targets.first.gsub("Target:", "").strip
+      else
+        latest_target = ""
+        max_expiry_time = Time.new(0)
+
+        # Using expiry_time to determine the latest credential
+        targets.each do |target|
+          target_obj = target.split("::")
+          expiry_time_obj = target_obj.select { |obj| obj.include? "expiresOn" }
+          expiry_time = expiry_time_obj[0].split("expiresOn:")[1].delete("\\")
+          if Time.parse(expiry_time) > max_expiry_time
+            latest_target = target
+            max_expiry_time = Time.parse(expiry_time)
+          end
+        end
+
+        latest_target.gsub("Target:", "").strip
+      end
+    end
+  end
+end