knife-azure 3.0.6 → 4.0.0

data/lib/azure/service_management/ag.rb

@@ -1,99 +0,0 @@
-#
-# Author:: Jeff Mendoza (jeffmendoza@live.com)
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-module Azure
-  class AGs
-    def initialize(connection)
-      @connection = connection
-    end
-
-    def load
-      @ags ||= begin
-        @ags = {}
-        response = @connection.query_azure("affinitygroups",
-          "get",
-          "",
-          "",
-          true,
-          false)
-        response.css("AffinityGroup").each do |ag|
-          item = AG.new(@connection).parse(ag)
-          @ags[item.name] = item
-        end
-        @ags
-      end
-    end
-
-    def all
-      load.values
-    end
-
-    def exists?(name)
-      load.key?(name)
-    end
-
-    def find(name)
-      load[name]
-    end
-
-    def create(params)
-      ag = AG.new(@connection)
-      ag.create(params)
-    end
-  end
-end
-
-module Azure
-  class AG
-    attr_accessor :name, :label, :description, :location
-
-    def initialize(connection)
-      @connection = connection
-    end
-
-    def parse(image)
-      @name = image.at_css("Name").content
-      @label = image.at_css("Label").content
-      @description = image.at_css("Description").content if
-        image.at_css("Description")
-      @location = image.at_css("Location").content if image.at_css("Location")
-      self
-    end
-
-    def create(params)
-      builder = Nokogiri::XML::Builder.new(encoding: "utf-8") do |xml|
-        xml.CreateAffinityGroup(
-          xmlns: "http://schemas.microsoft.com/windowsazure"
-        ) do
-          xml.Name params[:azure_ag_name]
-          xml.Label Base64.strict_encode64(params[:azure_ag_name])
-          unless params[:azure_ag_desc].nil?
-            xml.Description params[:azure_ag_desc]
-          end
-          xml.Location params[:azure_location]
-        end
-      end
-      @connection.query_azure("affinitygroups",
-        "post",
-        builder.to_xml,
-        "",
-        true,
-        false)
-    end
-  end
-end

data/lib/azure/service_management/certificate.rb

@@ -1,235 +0,0 @@
-#
-# Author:: Mukta Aphale (mukta.aphale@clogeny.com)
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-module Azure
-  class Certificates
-    def initialize(connection)
-      @connection = connection
-    end
-
-    def create(params)
-      certificate = Certificate.new(@connection)
-      certificate.create(params)
-    end
-
-    def add(certificate_data, certificate_password, certificate_format, dns_name)
-      certificate = Certificate.new(@connection)
-      certificate.add_certificate certificate_data, certificate_password, certificate_format, dns_name
-    end
-
-    def create_ssl_certificate(azure_dns_name)
-      cert_params = { output_file: "winrm", key_length: 2048, cert_validity: 24,
-                      azure_dns_name: azure_dns_name }
-      certificate = Certificate.new(@connection)
-      thumbprint = certificate.create_ssl_certificate(cert_params)
-    end
-
-    def get_certificate(dns_name, fingerprint)
-      certificate = Certificate.new(@connection)
-      certificate.get_certificate(dns_name, fingerprint)
-    end
-  end
-end
-
-module Azure
-  class Certificate
-    attr_accessor :connection
-    attr_accessor :cert_data, :fingerprint, :certificate_version
-    def initialize(connection)
-      @connection = connection
-      @certificate_version = 2 # cf. RFC 5280 - to make it a "v3" certificate
-    end
-
-    def create(params)
-      # If RSA private key has been specified, then generate an x 509 certificate from the
-      # public part of the key
-      @cert_data = generate_public_key_certificate_data({ ssh_key: params[:ssh_identity_file],
-                                                          ssh_key_passphrase: params[:identity_file_passphrase] })
-      add_certificate @cert_data, "knifeazure", "pfx", params[:azure_dns_name]
-
-      # Return the fingerprint to be used while adding role
-      @fingerprint
-    end
-
-    def generate_public_key_certificate_data(params)
-      # Generate OpenSSL RSA key from the mentioned ssh key path (and passphrase)
-      key = OpenSSL::PKey::RSA.new(File.read(params[:ssh_key]), params[:ssh_key_passphrase])
-      # Generate X 509 certificate
-      ca = OpenSSL::X509::Certificate.new
-      ca.version = @certificate_version
-      ca.serial = Random.rand(65534) + 1 # 2 digit byte range random number for better security aspect
-      ca.subject = OpenSSL::X509::Name.parse "/DC=org/DC=knife-plugin/CN=Opscode CA"
-      ca.issuer = ca.subject # root CA's are "self-signed"
-      ca.public_key = key.public_key # Assign the ssh-key's public part to the certificate
-      ca.not_before = Time.now
-      ca.not_after =  ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity
-      ef = OpenSSL::X509::ExtensionFactory.new
-      ef.subject_certificate = ca
-      ef.issuer_certificate = ca
-      ca.add_extension(ef.create_extension("basicConstraints", "CA:TRUE", true))
-      ca.add_extension(ef.create_extension("keyUsage", "keyCertSign, cRLSign", true))
-      ca.add_extension(ef.create_extension("subjectKeyIdentifier", "hash", false))
-      ca.add_extension(ef.create_extension("authorityKeyIdentifier", "keyid:always", false))
-      ca.sign(key, OpenSSL::Digest.new("SHA256"))
-      # Generate the SHA1 fingerprint of the der format of the X 509 certificate
-      @fingerprint = OpenSSL::Digest::SHA1.new(ca.to_der)
-      # Create the pfx format of the certificate
-      pfx = OpenSSL::PKCS12.create("knifeazure", "knife-azure-pfx", key, ca)
-      # Encode the pfx format - upload this certificate
-      Base64.strict_encode64(pfx.to_der)
-    end
-
-    def add_certificate(certificate_data, certificate_password, certificate_format, dns_name)
-      # Generate XML to call the API
-      # Add certificate to the hosted service
-      builder = Nokogiri::XML::Builder.new do |xml|
-        xml.CertificateFile("xmlns" => "http://schemas.microsoft.com/windowsazure") do
-          xml.Data certificate_data
-          xml.CertificateFormat certificate_format
-          xml.Password certificate_password
-        end
-      end
-      # Windows Azure API call
-      @connection.query_azure("hostedservices/#{dns_name}/certificates", "post", builder.to_xml)
-
-      # Check if certificate is available else raise error
-      for attempt in 0..4
-        Chef::Log.info "Waiting to get certificate ..."
-        res = get_certificate(dns_name, @fingerprint)
-        break unless res.empty?
-        if attempt == 4
-          raise "The certificate with thumbprint #{fingerprint} was not found."
-        else
-          sleep 5
-        end
-      end
-    end
-
-    def get_certificate(dns_name, fingerprint)
-      @connection.query_azure("hostedservices/#{dns_name}/certificates/sha1-#{fingerprint}", "get").search("Certificate")
-    end
-
-    ########   SSL certificate generation for knife-azure ssl bootstrap ######
-    def create_ssl_certificate(cert_params)
-      file_path = cert_params[:output_file].sub(/\.(\w+)$/, "")
-      path = prompt_for_file_path
-      file_path = File.join(path, file_path) unless path.empty?
-      cert_params[:domain] = prompt_for_domain
-
-      rsa_key = generate_keypair cert_params[:key_length]
-      cert = generate_certificate(rsa_key, cert_params)
-      write_certificate_to_file cert, file_path, rsa_key, cert_params
-      puts "*" * 70
-      puts "Generated Certificates:"
-      puts "- #{file_path}.pfx - PKCS12 format keypair. Contains both the public and private keys, usually used on the server."
-      puts "- #{file_path}.b64 - Base64 encoded PKCS12 keypair. Contains both the public and private keys, for upload to the Azure REST API."
-      puts "- #{file_path}.pem - Base64 encoded public certificate only. Required by the client to connect to the server."
-      puts "Certificate Thumbprint: #{@thumbprint.to_s.upcase}"
-      puts "*" * 70
-
-      config[:ca_trust_file] = file_path + ".pem" if config[:ca_trust_file].nil?
-      cert_data = File.read (file_path + ".b64")
-      add_certificate cert_data, @winrm_cert_passphrase, "pfx", cert_params[:azure_dns_name]
-      @thumbprint
-    end
-
-    def generate_keypair(key_length)
-      OpenSSL::PKey::RSA.new(key_length.to_i)
-    end
-
-    def prompt_for_passphrase
-      passphrase = ""
-      begin
-        print "Passphrases do not match.  Try again.\n" unless passphrase.empty?
-        print "Enter certificate passphrase (empty for no passphrase):"
-        passphrase = STDIN.gets
-        return passphrase.strip if passphrase == "\n"
-
-        print "Enter same passphrase again:"
-        confirm_passphrase = STDIN.gets
-      end until passphrase == confirm_passphrase
-      passphrase.strip
-    end
-
-    def prompt_for_file_path
-      file_path = ""
-      counter = 0
-      begin
-        print "Invalid location! \n" unless file_path.empty?
-        print 'Enter the file path for certificates e.g. C:\Windows (empty for current location):'
-        file_path = STDIN.gets
-        stripped_file_path = file_path.strip
-        return stripped_file_path if file_path == "\n"
-
-        counter += 1
-        exit(1) if counter == 3
-      end until File.directory?(stripped_file_path)
-      stripped_file_path
-    end
-
-    def prompt_for_domain
-      counter = 0
-      begin
-        print "Enter the domain (mandatory):"
-        domain = STDIN.gets
-        domain = domain.strip
-        counter += 1
-        exit(1) if counter == 3
-      end until !domain.empty?
-      domain
-    end
-
-    def generate_certificate(rsa_key, cert_params)
-      @hostname = "*"
-      if cert_params[:domain]
-        @hostname = "*." + cert_params[:domain]
-      end
-
-      # Create a self-signed X509 certificate from the rsa_key (unencrypted)
-      cert = OpenSSL::X509::Certificate.new
-      cert.version = 2
-      cert.serial = Random.rand(65534) + 1 # 2 digit byte range random number for better security aspect
-
-      cert.subject = OpenSSL::X509::Name.parse "/CN=#{@hostname}"
-      cert.issuer = cert.subject
-      cert.public_key = rsa_key.public_key
-      cert.not_before = Time.now
-      cert.not_after = cert.not_before + 2 * 365 * cert_params[:cert_validity].to_i * 60 * 60 # 2 years validity
-      ef = OpenSSL::X509::ExtensionFactory.new
-      ef.subject_certificate = cert
-      ef.issuer_certificate = cert
-      cert.add_extension(ef.create_extension("subjectKeyIdentifier", "hash", false))
-      cert.add_extension(ef.create_extension("authorityKeyIdentifier", "keyid:always", false))
-      cert.add_extension(ef.create_extension("extendedKeyUsage", "1.3.6.1.5.5.7.3.1", false))
-      cert.sign(rsa_key, OpenSSL::Digest.new("SHA1"))
-      @thumbprint = OpenSSL::Digest::SHA1.new(cert.to_der)
-      cert
-    end
-
-    def write_certificate_to_file(cert, file_path, rsa_key, cert_params)
-      File.open(file_path + ".pem", "wb") { |f| f.print cert.to_pem }
-      @winrm_cert_passphrase = prompt_for_passphrase unless @winrm_cert_passphrase
-      pfx = OpenSSL::PKCS12.create("#{cert_params[:winrm_cert_passphrase]}", "winrmcert", rsa_key, cert)
-      File.open(file_path + ".pfx", "wb") { |f| f.print pfx.to_der }
-      File.open(file_path + ".b64", "wb") { |f| f.print Base64.strict_encode64(pfx.to_der) }
-    end
-
-    ##########   SSL certificate generation ends ###########
-
-  end
-end

data/lib/azure/service_management/connection.rb

@@ -1,102 +0,0 @@
-#
-# Author:: Barry Davis (barryd@jetstreamsoftware.com)
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require_relative "image"
-require_relative "role"
-require_relative "deploy"
-require_relative "host"
-require_relative "loadbalancer"
-require_relative "vnet"
-require_relative "utility"
-require_relative "ag"
-require_relative "storageaccount"
-require_relative "certificate"
-require_relative "disk"
-
-module Azure
-  class ServiceManagement
-    class Connection
-      include AzureUtility
-      attr_accessor :hosts, :rest, :images, :deploys, :roles,
-        :disks, :storageaccounts, :certificates, :ags, :vnets, :lbs
-      def initialize(rest)
-        @images = Images.new(self)
-        @roles = Roles.new(self)
-        @deploys = Deploys.new(self)
-        @hosts = Hosts.new(self)
-        @rest = rest
-        @lbs = Loadbalancer.new(self)
-        @vnets = Vnets.new(self)
-        @ags = AGs.new(self)
-        @storageaccounts = StorageAccounts.new(self)
-        @certificates = Certificates.new(self)
-        @disks = Disks.new(self)
-      end
-
-      def query_azure(service_name,
-        verb = "get",
-        body = "",
-        params = "",
-        wait = true,
-        services = true,
-        content_type = nil)
-        Chef::Log.info "calling " + verb + " " + service_name + (wait ? " synchronously" : " asynchronously")
-        Chef::Log.debug body unless body == ""
-        response = @rest.query_azure(service_name, verb, body, params, services, content_type)
-        if response.code.to_i == 200
-          ret_val = Nokogiri::XML response.body
-        elsif !wait && response.code.to_i == 202
-          Chef::Log.debug "Request accepted in asynchronous mode"
-          ret_val = Nokogiri::XML response.body
-        elsif response.code.to_i >= 201 && response.code.to_i <= 299
-          ret_val = wait_for_completion
-        else
-          if response.body
-            ret_val = Nokogiri::XML response.body
-            Chef::Log.debug ret_val.to_xml
-            error_code, error_message = error_from_response_xml(ret_val)
-            Chef::Log.debug error_code + " : " + error_message if error_code.length > 0
-          else
-            Chef::Log.warn "http error: " + response.code
-          end
-        end
-        ret_val
-      end
-
-      def wait_for_completion
-        status = "InProgress"
-        Chef::Log.info "Waiting while status returns InProgress"
-        while status == "InProgress"
-          response = @rest.query_for_completion
-          ret_val = Nokogiri::XML response.body
-          status = xml_content(ret_val, "Status")
-          if status == "InProgress"
-            print "."
-            sleep(0.5)
-          elsif status == "Succeeded"
-            Chef::Log.debug "not InProgress : " + ret_val.to_xml
-          else
-            error_code, error_message = error_from_response_xml(ret_val)
-            Chef::Log.debug status + error_code + " : " + error_message if error_code.length > 0
-          end
-        end
-        ret_val
-      end
-    end
-  end
-end

data/lib/azure/service_management/deploy.rb

@@ -1,221 +0,0 @@
-#
-# Author:: Barry Davis (barryd@jetstreamsoftware.com)
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-module Azure
-  class Deploys
-    include AzureUtility
-    def initialize(connection)
-      @connection = connection
-    end
-
-    # force_load should be true when there is something in local cache and we want to reload
-    # first call is always load.
-    def load(force_load = false)
-      unless @deploys || force_load
-        @deploys = begin
-          deploys = []
-          hosts = @connection.hosts.all
-          hosts.each do |host|
-            deploy = Deploy.new(@connection)
-            deploy.retrieve(host.name)
-            if deploy.name
-              host.add_deploy(deploy)
-              deploys << deploy
-            end
-          end
-          deploys
-        end
-      end
-      @deploys
-    end
-
-    def all
-      load
-    end
-
-    # TODO - Current knife-azure plug-in seems to have assumption that single hostedservice
-    # will always have one deployment (production). see Deploy#retrieve below
-    def get_deploy_name_for_hostedservice(hostedservicename)
-      host = @connection.hosts.find(hostedservicename)
-      if host && host.deploys.length > 0
-        host.deploys[0].name
-      else
-        nil
-      end
-    end
-
-    def create(params)
-      if params[:azure_connect_to_existing_dns]
-        unless @connection.hosts.exists?(params[:azure_dns_name])
-          Chef::Log.fatal "The specified Azure DNS Name does not exist."
-          exit 1
-        end
-      else
-        ret_val = @connection.hosts.create(params)
-        error_code, error_message = error_from_response_xml(ret_val)
-        if error_code.length > 0
-          Chef::Log.fatal "Unable to create DNS:" + error_code + " : " + error_message
-          exit 1
-        end
-      end
-      unless @connection.storageaccounts.exists?(params[:azure_storage_account])
-        @connection.storageaccounts.create(params)
-      end
-      if params[:ssh_identity_file]
-        params[:fingerprint] = @connection.certificates.create(params)
-      end
-      if params[:cert_path]
-        cert_data = File.read (params[:cert_path])
-        @connection.certificates.add cert_data, params[:cert_password], "pfx", params[:azure_dns_name]
-      elsif params[:winrm_ssl]
-        # TODO: generate certificates for ssl listener
-      end
-
-      params["deploy_name"] = get_deploy_name_for_hostedservice(params[:azure_dns_name])
-
-      if !params["deploy_name"].nil?
-        role = Role.new(@connection)
-        roleXML = role.setup(params)
-        ret_val = role.create(params, roleXML)
-      else
-        params["deploy_name"] = params[:azure_dns_name]
-        deploy = Deploy.new(@connection)
-        deployXML = deploy.setup(params)
-        ret_val = deploy.create(params, deployXML)
-      end
-      error_code, error_message = error_from_response_xml(ret_val)
-      if error_code.length > 0
-        Chef::Log.debug(ret_val.to_s)
-        raise Chef::Log.fatal "Unable to create role:" + error_code + " : " + error_message
-      end
-      @connection.roles.find_in_hosted_service(params[:azure_vm_name], params[:azure_dns_name])
-    end
-
-    def delete(rolename); end
-
-    def queryDeploy(hostedservicename)
-      deploy = Deploy.new(@connection)
-      deploy.retrieve(hostedservicename)
-      deploy
-    end
-  end
-
-  class Deploy
-    include AzureUtility
-    attr_accessor :connection, :name, :status, :url, :hostedservicename, :input_endpoints, :loadbalancers
-
-    def initialize(connection)
-      @connection = connection
-    end
-
-    def retrieve(hostedservicename)
-      @hostedservicename = hostedservicename
-      deployXML = @connection.query_azure("hostedservices/#{hostedservicename}/deploymentslots/Production")
-      if deployXML.at_css("Deployment Name") != nil
-        @name = xml_content(deployXML, "Deployment Name")
-        @status = xml_content(deployXML, "Deployment Status")
-        @url = xml_content(deployXML, "Deployment Url")
-        @roles = {}
-        rolesXML = deployXML.css("Deployment RoleInstanceList RoleInstance")
-        rolesListXML = deployXML.css("Deployment RoleList Role")
-        rolesXML.zip(rolesListXML).each do |roleXML, roleListXML|
-          role = Role.new(@connection)
-          role.parse(roleXML, hostedservicename, @name)
-          if role.publicipaddress.to_s.empty?
-            role.publicipaddress = xml_content(deployXML, "VirtualIPs VirtualIP Address")
-          end
-          role.parse_role_list_xml(roleListXML)
-          @roles[role.name] = role
-        end
-        @input_endpoints = []
-        endpointsXML = deployXML.css("InputEndpoint")
-        endpointsXML.each do |endpointXML|
-          @input_endpoints << parse_endpoint(endpointXML)
-        end
-        @loadbalancers = {}
-        lbsXML = deployXML.css("Deployment LoadBalancers LoadBalancer")
-        lbsXML.each do |lbXML|
-          loadbalancer = Loadbalancer.new(@connection)
-          loadbalancer.parse(lbXML, hostedservicename)
-          @loadbalancers[loadbalancer.name] = loadbalancer
-        end
-      end
-    end
-
-    def setup(params)
-      role = Role.new(@connection)
-      roleXML = role.setup(params)
-      builder = Nokogiri::XML::Builder.new do |xml|
-        xml.Deployment(
-          "xmlns" => "http://schemas.microsoft.com/windowsazure",
-          "xmlns:i" => "http://www.w3.org/2001/XMLSchema-instance"
-        ) do
-          xml.Name params["deploy_name"]
-          xml.DeploymentSlot "Production"
-          xml.Label Base64.encode64(params["deploy_name"]).strip
-          xml.RoleList { xml.Role("i:type" => "PersistentVMRole") }
-          if params[:azure_network_name]
-            xml.VirtualNetworkName params[:azure_network_name]
-          end
-        end
-      end
-      builder.doc.at_css("Role") << roleXML.at_css("PersistentVMRole").children.to_s
-      builder.doc
-    end
-
-    def create(params, deployXML)
-      servicecall = "hostedservices/#{params[:azure_dns_name]}/deployments"
-      @connection.query_azure(servicecall, "post", deployXML.to_xml)
-    end
-
-    # This parses endpoints from a RoleList-Role-InputEndpoint, NOT a RoleInstanceList-RoleInstance-InstanceEndpoint
-    # Refactor: make this an object rather than a hash..?
-    def parse_endpoint(inputendpoint_xml)
-      hash = {}
-      %w{LoadBalancedEndpointSetName LocalPort Name Port Protocol EnableDirectServerReturn LoadBalancerName IdleTimeoutInMinutes}.each do |key|
-        hash[key] = xml_content(inputendpoint_xml, key, nil)
-      end
-      # Protocol could be in there twice... If we have two, pick the second one as the first is for the probe.
-      if inputendpoint_xml.css("Protocol").count > 1
-        hash["Protocol"] = inputendpoint_xml.css("Protocol")[1].content
-      end
-      probe = inputendpoint_xml.css("LoadBalancerProbe")
-      if probe
-        hash["LoadBalancerProbe"] = {}
-        %w{Path Port Protocol IntervalInSeconds TimeoutInSeconds}.each do |key|
-          hash["LoadBalancerProbe"][key] = xml_content(probe, key, nil)
-        end
-      end
-      hash
-    end
-
-    def roles
-      @roles.values if @roles
-    end
-
-    # just delete from local cache
-    def delete_role_if_present(role)
-      @roles.delete(role.name) if @roles
-    end
-
-    def find_role(name)
-      @roles[name] if @roles
-    end
-
-  end
-end