knife-azure 3.0.0 → 4.0.0

data/lib/azure/service_management/ASM_interface.rb

@@ -1,310 +0,0 @@
-#
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require_relative "../azure_interface"
-require_relative "rest"
-require_relative "connection"
-
-module Azure
-  class ServiceManagement
-    class ASMInterface < AzureInterface
-      include AzureAPI
-
-      attr_accessor :connection
-
-      def initialize(params = {})
-        @rest = Rest.new(params)
-        @connection = Azure::ServiceManagement::Connection.new(@rest)
-        super
-      end
-
-      def list_images
-        connection.images.all
-      end
-
-      def list_servers
-        servers = connection.roles.all
-        cols = ["DNS Name", "VM Name", "Status", "IP Address", "SSH Port", "WinRM Port", "RDP Port"]
-        rows = []
-        servers.each do |server|
-          rows << server.hostedservicename.to_s + ".cloudapp.net" # Info about the DNS name at http://msdn.microsoft.com/en-us/library/ee460806.aspx
-          rows << server.name.to_s
-          rows << begin
-                           state = server.status.to_s.downcase
-                           case state
-                           when "shutting-down", "terminated", "stopping", "stopped"
-                             ui.color(state, :red)
-                           when "pending"
-                             ui.color(state, :yellow)
-                           else
-                             ui.color("ready", :green)
-                           end
-                         end
-          rows << server.publicipaddress.to_s
-          rows << server.sshport.to_s
-          rows << server.winrmport.to_s
-          ports = server.tcpports
-          rows << rdp_port(ports)
-        end
-        display_list(ui, cols, rows)
-      end
-
-      def rdp_port(arr_ports)
-        unless arr_ports
-          return ""
-        end
-
-        if arr_ports.length > 0
-          arr_ports.each do |port|
-            if port["Name"] == "Remote Desktop"
-              return port["PublicPort"]
-            end
-          end
-        end
-        ""
-      end
-
-      def find_server(params = {})
-        server = connection.roles.find(params[:name], params = { azure_dns_name: params[:azure_dns_name] })
-      end
-
-      def delete_server(params = {})
-        server = find_server({ name: params[:name], azure_dns_name: params[:azure_dns_name] })
-
-        unless server
-          puts "\n"
-          ui.error("Server #{params[:name]} does not exist")
-          exit!
-        end
-
-        puts "\n"
-        msg_pair(ui, "DNS Name", server.hostedservicename + ".cloudapp.net")
-        msg_pair(ui, "VM Name", server.name)
-        msg_pair(ui, "Size", server.size)
-        msg_pair(ui, "Public Ip Address", server.publicipaddress)
-        puts "\n"
-
-        begin
-          ui.confirm("Do you really want to delete this server")
-        rescue SystemExit   # Need to handle this as confirming with N/n raises SystemExit exception
-          server = nil      # Cleanup is implicitly performed in other cloud plugins
-          exit!
-        end
-
-        params[:azure_dns_name] = server.hostedservicename
-
-        connection.roles.delete(params)
-
-        puts "\n"
-        ui.warn("Deleted server #{server.name}")
-      end
-
-      def show_server(name)
-        role = connection.roles.find name
-
-        puts ""
-        if role
-          details = []
-          details << ui.color("Role name", :bold, :cyan)
-          details << role.name
-          details << ui.color("Status", :bold, :cyan)
-          details << role.status
-          details << ui.color("Size", :bold, :cyan)
-          details << role.size
-          details << ui.color("Hosted service name", :bold, :cyan)
-          details << role.hostedservicename
-          details << ui.color("Deployment name", :bold, :cyan)
-          details << role.deployname
-          details << ui.color("Host name", :bold, :cyan)
-          details << role.hostname
-          unless role.sshport.nil?
-            details << ui.color("SSH port", :bold, :cyan)
-            details << role.sshport
-          end
-          unless role.winrmport.nil?
-            details << ui.color("WinRM port", :bold, :cyan)
-            details << role.winrmport
-          end
-          details << ui.color("Public IP", :bold, :cyan)
-          details << role.publicipaddress.to_s
-
-          unless role.thumbprint.empty?
-            details << ui.color("Thumbprint", :bold, :cyan)
-            details << role.thumbprint
-          end
-          puts ui.list(details, :columns_across, 2)
-          if role.tcpports.length > 0 || role.udpports.length > 0
-            details.clear
-            details << ui.color("Ports open", :bold, :cyan)
-            details << ui.color("Local port", :bold, :cyan)
-            details << ui.color("IP", :bold, :cyan)
-            details << ui.color("Public port", :bold, :cyan)
-            if role.tcpports.length > 0
-              role.tcpports.each do |port|
-                details << "tcp"
-                details << port["LocalPort"]
-                details << port["Vip"]
-                details << port["PublicPort"]
-              end
-            end
-            if role.udpports.length > 0
-              role.udpports.each do |port|
-                details << "udp"
-                details << port["LocalPort"]
-                details << port["Vip"]
-                details << port["PublicPort"]
-              end
-            end
-            puts ui.list(details, :columns_across, 4)
-          end
-        else
-          puts "No VM found"
-        end
-
-      rescue => error
-        puts "#{error.class} and #{error.message}"
-      end
-
-      def list_internal_lb
-        lbs = connection.lbs.all
-        cols = %w{Name Service Subnet VIP}
-        rows = []
-        lbs.each do |lb|
-          cols.each { |col| rows << lb.send(col.downcase).to_s }
-        end
-        display_list(ui, cols, rows)
-      end
-
-      def create_internal_lb(params = {})
-        connection.lbs.create(params)
-      end
-
-      def list_vnets
-        vnets = connection.vnets.all
-        cols = ["Name", "Affinity Group", "State"]
-        rows = []
-        vnets.each do |vnet|
-          %w{name affinity_group state}.each { |col| rows << vnet.send(col).to_s }
-        end
-        display_list(ui, cols, rows)
-      end
-
-      def create_vnet(params = {})
-        connection.vnets.create(params)
-      end
-
-      def list_affinity_groups
-        affinity_groups = connection.ags.all
-        cols = %w{Name Location Description}
-        rows = []
-        affinity_groups.each do |affinity_group|
-          cols.each { |col| rows << affinity_group.send(col.downcase).to_s }
-        end
-        display_list(ui, cols, rows)
-      end
-
-      def create_affinity_group(params = {})
-        connection.ags.create(params)
-      end
-
-      def create_server(params = {})
-        remove_hosted_service_on_failure = params[:azure_dns_name]
-        if connection.hosts.exists?(params[:azure_dns_name])
-          remove_hosted_service_on_failure = nil
-        end
-
-        # If Storage Account is not specified, check if the geographic location has one to re-use
-        if not params[:azure_storage_account]
-          storage_accts = connection.storageaccounts.all
-          storage = storage_accts.find { |storage_acct| storage_acct.location.to_s == params[:azure_service_location] }
-          unless storage
-            params[:azure_storage_account] = [strip_non_ascii(params[:azure_vm_name]), random_string].join.downcase
-            remove_storage_service_on_failure = params[:azure_storage_account]
-          else
-            remove_storage_service_on_failure = nil
-            params[:azure_storage_account] = storage.name.to_s
-          end
-        else
-          if connection.storageaccounts.exists?(params[:azure_storage_account])
-            remove_storage_service_on_failure = nil
-          else
-            remove_storage_service_on_failure = params[:azure_storage_account]
-          end
-        end
-
-        begin
-          connection.deploys.create(params)
-        rescue Exception => e
-          Chef::Log.error("Failed to create the server -- exception being rescued: #{e}")
-          backtrace_message = "#{e.class}: #{e}\n#{e.backtrace.join("\n")}"
-          Chef::Log.debug("#{backtrace_message}")
-          cleanup_and_exit(remove_hosted_service_on_failure, remove_storage_service_on_failure)
-        end
-      end
-
-      def cleanup_and_exit(remove_hosted_service_on_failure, remove_storage_service_on_failure)
-        Chef::Log.warn("Cleaning up resources...")
-
-        if remove_hosted_service_on_failure
-          ret_val = connection.hosts.delete(remove_hosted_service_on_failure)
-          ret_val.content.empty? ? Chef::Log.warn("Deleted created DNS: #{remove_hosted_service_on_failure}.") : Chef::Log.warn("Deletion failed for created DNS:#{remove_hosted_service_on_failure}. " + ret_val.text)
-        end
-
-        if remove_storage_service_on_failure
-          ret_val = connection.storageaccounts.delete(remove_storage_service_on_failure)
-          ret_val.content.empty? ? Chef::Log.warn("Deleted created Storage Account: #{remove_storage_service_on_failure}.") : Chef::Log.warn("Deletion failed for created Storage Account: #{remove_storage_service_on_failure}. " + ret_val.text)
-        end
-        exit 1
-      end
-
-      def get_role_server(dns_name, vm_name)
-        deploy = connection.deploys.queryDeploy(dns_name)
-        deploy.find_role(vm_name)
-     end
-
-      def get_extension(name, publisher)
-        connection.query_azure("resourceextensions/#{publisher}/#{name}")
-      end
-
-      def deployment_name(dns_name)
-        connection.deploys.get_deploy_name_for_hostedservice(dns_name)
-      end
-
-      def deployment(path)
-        connection.query_azure(path)
-      end
-
-      def valid_image?(name)
-        connection.images.exists?(name)
-      end
-
-      def vm_image?(name)
-        connection.images.is_vm_image(name)
-      end
-
-      def add_extension(name, params = {})
-        ui.info "Started with Chef Extension deployment on the server #{name}..."
-        connection.roles.update(name, params)
-        ui.info "\nSuccessfully deployed Chef Extension on the server #{name}."
-      rescue Exception => e
-        Chef::Log.error("Failed to add extension to the server -- exception being rescued: #{e}")
-        backtrace_message = "#{e.class}: #{e}\n#{e.backtrace.join("\n")}"
-        Chef::Log.debug("#{backtrace_message}")
-      end
-    end
-  end
-end

data/lib/azure/service_management/ag.rb

@@ -1,99 +0,0 @@
-#
-# Author:: Jeff Mendoza (jeffmendoza@live.com)
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-module Azure
-  class AGs
-    def initialize(connection)
-      @connection = connection
-    end
-
-    def load
-      @ags ||= begin
-        @ags = {}
-        response = @connection.query_azure("affinitygroups",
-          "get",
-          "",
-          "",
-          true,
-          false)
-        response.css("AffinityGroup").each do |ag|
-          item = AG.new(@connection).parse(ag)
-          @ags[item.name] = item
-        end
-        @ags
-      end
-    end
-
-    def all
-      load.values
-    end
-
-    def exists?(name)
-      load.key?(name)
-    end
-
-    def find(name)
-      load[name]
-    end
-
-    def create(params)
-      ag = AG.new(@connection)
-      ag.create(params)
-    end
-  end
-end
-
-module Azure
-  class AG
-    attr_accessor :name, :label, :description, :location
-
-    def initialize(connection)
-      @connection = connection
-    end
-
-    def parse(image)
-      @name = image.at_css("Name").content
-      @label = image.at_css("Label").content
-      @description = image.at_css("Description").content if
-        image.at_css("Description")
-      @location = image.at_css("Location").content if image.at_css("Location")
-      self
-    end
-
-    def create(params)
-      builder = Nokogiri::XML::Builder.new(encoding: "utf-8") do |xml|
-        xml.CreateAffinityGroup(
-          xmlns: "http://schemas.microsoft.com/windowsazure"
-        ) do
-          xml.Name params[:azure_ag_name]
-          xml.Label Base64.strict_encode64(params[:azure_ag_name])
-          unless params[:azure_ag_desc].nil?
-            xml.Description params[:azure_ag_desc]
-          end
-          xml.Location params[:azure_location]
-        end
-      end
-      @connection.query_azure("affinitygroups",
-        "post",
-        builder.to_xml,
-        "",
-        true,
-        false)
-    end
-  end
-end

data/lib/azure/service_management/certificate.rb

@@ -1,235 +0,0 @@
-#
-# Author:: Mukta Aphale (mukta.aphale@clogeny.com)
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-module Azure
-  class Certificates
-    def initialize(connection)
-      @connection = connection
-    end
-
-    def create(params)
-      certificate = Certificate.new(@connection)
-      certificate.create(params)
-    end
-
-    def add(certificate_data, certificate_password, certificate_format, dns_name)
-      certificate = Certificate.new(@connection)
-      certificate.add_certificate certificate_data, certificate_password, certificate_format, dns_name
-    end
-
-    def create_ssl_certificate(azure_dns_name)
-      cert_params = { output_file: "winrm", key_length: 2048, cert_validity: 24,
-                      azure_dns_name: azure_dns_name }
-      certificate = Certificate.new(@connection)
-      thumbprint = certificate.create_ssl_certificate(cert_params)
-    end
-
-    def get_certificate(dns_name, fingerprint)
-      certificate = Certificate.new(@connection)
-      certificate.get_certificate(dns_name, fingerprint)
-    end
-  end
-end
-
-module Azure
-  class Certificate
-    attr_accessor :connection
-    attr_accessor :cert_data, :fingerprint, :certificate_version
-    def initialize(connection)
-      @connection = connection
-      @certificate_version = 2 # cf. RFC 5280 - to make it a "v3" certificate
-    end
-
-    def create(params)
-      # If RSA private key has been specified, then generate an x 509 certificate from the
-      # public part of the key
-      @cert_data = generate_public_key_certificate_data({ ssh_key: params[:ssh_identity_file],
-                                                          ssh_key_passphrase: params[:identity_file_passphrase] })
-      add_certificate @cert_data, "knifeazure", "pfx", params[:azure_dns_name]
-
-      # Return the fingerprint to be used while adding role
-      @fingerprint
-    end
-
-    def generate_public_key_certificate_data(params)
-      # Generate OpenSSL RSA key from the mentioned ssh key path (and passphrase)
-      key = OpenSSL::PKey::RSA.new(File.read(params[:ssh_key]), params[:ssh_key_passphrase])
-      # Generate X 509 certificate
-      ca = OpenSSL::X509::Certificate.new
-      ca.version = @certificate_version
-      ca.serial = Random.rand(65534) + 1 # 2 digit byte range random number for better security aspect
-      ca.subject = OpenSSL::X509::Name.parse "/DC=org/DC=knife-plugin/CN=Opscode CA"
-      ca.issuer = ca.subject # root CA's are "self-signed"
-      ca.public_key = key.public_key # Assign the ssh-key's public part to the certificate
-      ca.not_before = Time.now
-      ca.not_after =  ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity
-      ef = OpenSSL::X509::ExtensionFactory.new
-      ef.subject_certificate = ca
-      ef.issuer_certificate = ca
-      ca.add_extension(ef.create_extension("basicConstraints", "CA:TRUE", true))
-      ca.add_extension(ef.create_extension("keyUsage", "keyCertSign, cRLSign", true))
-      ca.add_extension(ef.create_extension("subjectKeyIdentifier", "hash", false))
-      ca.add_extension(ef.create_extension("authorityKeyIdentifier", "keyid:always", false))
-      ca.sign(key, OpenSSL::Digest::SHA256.new)
-      # Generate the SHA1 fingerprint of the der format of the X 509 certificate
-      @fingerprint = OpenSSL::Digest::SHA1.new(ca.to_der)
-      # Create the pfx format of the certificate
-      pfx = OpenSSL::PKCS12.create("knifeazure", "knife-azure-pfx", key, ca)
-      # Encode the pfx format - upload this certificate
-      Base64.strict_encode64(pfx.to_der)
-    end
-
-    def add_certificate(certificate_data, certificate_password, certificate_format, dns_name)
-      # Generate XML to call the API
-      # Add certificate to the hosted service
-      builder = Nokogiri::XML::Builder.new do |xml|
-        xml.CertificateFile("xmlns" => "http://schemas.microsoft.com/windowsazure") do
-          xml.Data certificate_data
-          xml.CertificateFormat certificate_format
-          xml.Password certificate_password
-        end
-      end
-      # Windows Azure API call
-      @connection.query_azure("hostedservices/#{dns_name}/certificates", "post", builder.to_xml)
-
-      # Check if certificate is available else raise error
-      for attempt in 0..4
-        Chef::Log.info "Waiting to get certificate ..."
-        res = get_certificate(dns_name, @fingerprint)
-        break unless res.empty?
-        if attempt == 4
-          raise "The certificate with thumbprint #{fingerprint} was not found."
-        else
-          sleep 5
-        end
-      end
-    end
-
-    def get_certificate(dns_name, fingerprint)
-      @connection.query_azure("hostedservices/#{dns_name}/certificates/sha1-#{fingerprint}", "get").search("Certificate")
-    end
-
-    ########   SSL certificate generation for knife-azure ssl bootstrap ######
-    def create_ssl_certificate(cert_params)
-      file_path = cert_params[:output_file].sub(/\.(\w+)$/, "")
-      path = prompt_for_file_path
-      file_path = File.join(path, file_path) unless path.empty?
-      cert_params[:domain] = prompt_for_domain
-
-      rsa_key = generate_keypair cert_params[:key_length]
-      cert = generate_certificate(rsa_key, cert_params)
-      write_certificate_to_file cert, file_path, rsa_key, cert_params
-      puts "*" * 70
-      puts "Generated Certificates:"
-      puts "- #{file_path}.pfx - PKCS12 format keypair. Contains both the public and private keys, usually used on the server."
-      puts "- #{file_path}.b64 - Base64 encoded PKCS12 keypair. Contains both the public and private keys, for upload to the Azure REST API."
-      puts "- #{file_path}.pem - Base64 encoded public certificate only. Required by the client to connect to the server."
-      puts "Certificate Thumbprint: #{@thumbprint.to_s.upcase}"
-      puts "*" * 70
-
-      config[:ca_trust_file] = file_path + ".pem" if config[:ca_trust_file].nil?
-      cert_data = File.read (file_path + ".b64")
-      add_certificate cert_data, @winrm_cert_passphrase, "pfx", cert_params[:azure_dns_name]
-      @thumbprint
-    end
-
-    def generate_keypair(key_length)
-      OpenSSL::PKey::RSA.new(key_length.to_i)
-    end
-
-    def prompt_for_passphrase
-      passphrase = ""
-      begin
-        print "Passphrases do not match.  Try again.\n" unless passphrase.empty?
-        print "Enter certificate passphrase (empty for no passphrase):"
-        passphrase = STDIN.gets
-        return passphrase.strip if passphrase == "\n"
-
-        print "Enter same passphrase again:"
-        confirm_passphrase = STDIN.gets
-      end until passphrase == confirm_passphrase
-      passphrase.strip
-    end
-
-    def prompt_for_file_path
-      file_path = ""
-      counter = 0
-      begin
-        print "Invalid location! \n" unless file_path.empty?
-        print 'Enter the file path for certificates e.g. C:\Windows (empty for current location):'
-        file_path = STDIN.gets
-        stripped_file_path = file_path.strip
-        return stripped_file_path if file_path == "\n"
-
-        counter += 1
-        exit(1) if counter == 3
-      end until File.directory?(stripped_file_path)
-      stripped_file_path
-    end
-
-    def prompt_for_domain
-      counter = 0
-      begin
-        print "Enter the domain (mandatory):"
-        domain = STDIN.gets
-        domain = domain.strip
-        counter += 1
-        exit(1) if counter == 3
-      end until !domain.empty?
-      domain
-    end
-
-    def generate_certificate(rsa_key, cert_params)
-      @hostname = "*"
-      if cert_params[:domain]
-        @hostname = "*." + cert_params[:domain]
-      end
-
-      # Create a self-signed X509 certificate from the rsa_key (unencrypted)
-      cert = OpenSSL::X509::Certificate.new
-      cert.version = 2
-      cert.serial = Random.rand(65534) + 1 # 2 digit byte range random number for better security aspect
-
-      cert.subject = OpenSSL::X509::Name.parse "/CN=#{@hostname}"
-      cert.issuer = cert.subject
-      cert.public_key = rsa_key.public_key
-      cert.not_before = Time.now
-      cert.not_after = cert.not_before + 2 * 365 * cert_params[:cert_validity].to_i * 60 * 60 # 2 years validity
-      ef = OpenSSL::X509::ExtensionFactory.new
-      ef.subject_certificate = cert
-      ef.issuer_certificate = cert
-      cert.add_extension(ef.create_extension("subjectKeyIdentifier", "hash", false))
-      cert.add_extension(ef.create_extension("authorityKeyIdentifier", "keyid:always", false))
-      cert.add_extension(ef.create_extension("extendedKeyUsage", "1.3.6.1.5.5.7.3.1", false))
-      cert.sign(rsa_key, OpenSSL::Digest::SHA1.new)
-      @thumbprint = OpenSSL::Digest::SHA1.new(cert.to_der)
-      cert
-    end
-
-    def write_certificate_to_file(cert, file_path, rsa_key, cert_params)
-      File.open(file_path + ".pem", "wb") { |f| f.print cert.to_pem }
-      @winrm_cert_passphrase = prompt_for_passphrase unless @winrm_cert_passphrase
-      pfx = OpenSSL::PKCS12.create("#{cert_params[:winrm_cert_passphrase]}", "winrmcert", rsa_key, cert)
-      File.open(file_path + ".pfx", "wb") { |f| f.print pfx.to_der }
-      File.open(file_path + ".b64", "wb") { |f| f.print Base64.strict_encode64(pfx.to_der) }
-    end
-
-    ##########   SSL certificate generation ends ###########
-
-  end
-end