knife-vcenter 1.0.0

data/lib/sso.rb

@@ -0,0 +1,269 @@
+# Copyright 2014-2017 VMware, Inc.  All Rights Reserved.
+# SPDX-License-Identifier: MIT
+
+require 'savon'
+require 'nokogiri'
+require 'date'
+require 'securerandom'
+
+# A little utility library for VMware SSO.
+# For now, this is not a general purpose library that covers all
+# the interfaces of the SSO service.
+# Specifically, the support is limited to the following:
+# * request bearer token.
+module SSO
+
+    # The XML date format.
+    DATE_FORMAT = "%FT%T.%LZ"
+
+    # The XML namespaces that are required: SOAP, WSDL, et al.
+    NAMESPACES = {
+        "xmlns:S" => "http://schemas.xmlsoap.org/soap/envelope/",
+        "xmlns:wst" => "http://docs.oasis-open.org/ws-sx/ws-trust/200512",
+        "xmlns:u" => "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd",
+        "xmlns:x" => "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
+    }
+
+    # Provides the connection details for the SSO service.
+    class Connection
+
+        attr_accessor :sso_url, :wsdl_url, :username, :password
+
+        # Creates a new instance.
+        def initialize(sso_url, wsdl_url=nil)
+            self.sso_url = sso_url
+            self.wsdl_url = wsdl_url || "#{sso_url}?wsdl"
+        end
+
+        # Login with the given credentials.
+        # Note: this does not invoke a login action, but rather stores the
+        # credentials for use later.
+        def login(username, password)
+            self.username = username
+            self.password = password
+            self # enable builder pattern
+        end
+
+        # Gets (or creates) the Savon client instance.
+        def client
+            # construct and init the client proxy
+            @client ||= Savon.client do |globals|
+                # see: http://savonrb.com/version2/globals.html
+                globals.wsdl wsdl_url
+                globals.endpoint sso_url
+
+                globals.strip_namespaces false
+                globals.env_namespace :S
+
+                # set like this so https connection does not fail
+                # TODO: find an acceptable solution for production
+                globals.ssl_verify_mode :none
+
+                # dev/debug settings
+                # globals.pretty_print_xml ENV['DEBUG_SOAP']
+                # globals.log ENV['DEBUG_SOAP']
+            end
+        end
+
+        # Invokes the request bearer token operation.
+        # @return [SamlToken]
+        def request_bearer_token()
+            rst = RequestSecurityToken.new(client, username, password)
+            rst.invoke()
+            rst.saml_token
+        end
+    end
+
+    # @abstract Base class for invocable service calls.
+    class SoapInvocable
+
+        attr_reader :operation, :client, :response
+
+        # Constructs a new instance.
+        # @param operation [Symbol] the SOAP operation name (in Symbol form)
+        # @param client [Savon::Client] the client
+        def initialize(operation, client)
+            @operation = operation
+            @client = client
+        end
+
+        # Invokes the service call represented by this type.
+        def invoke
+            request = request_xml.to_s
+            puts "request = #{request}" if ENV['DEBUG']
+            @response = client.call(operation, xml:request)
+            puts "response = #{response}" if ENV['DEBUG']
+            self # for chaining with new
+        end
+
+        # Builds the request XML content.
+        def request_xml
+            builder = Builder::XmlMarkup.new()
+            builder.instruct!(:xml, encoding: "UTF-8")
+
+            builder.tag!("S:Envelope", NAMESPACES) do |envelope|
+                if has_header?
+                    envelope.tag!("S:Header") do |header|
+                        header_xml(header)
+                    end
+                end
+                envelope.tag!("S:Body") do |body|
+                    body_xml(body)
+                end
+            end
+            builder.target!
+        end
+
+        def has_header?
+            true
+        end
+
+        # Builds the header portion of the SOAP request.
+        # Specific service operations must override this method.
+        def header_xml(header)
+            raise 'abstract method not implemented!'
+        end
+
+        # Builds the body portion of the SOAP request.
+        # Specific service operations must override this method.
+        def body_xml(body)
+            raise 'abstract method not implemented!'
+        end
+
+        # Gets the response XML content.
+        def response_xml
+            raise 'illegal state: response not set yet' if response.nil?
+            @response_xml ||= Nokogiri::XML(response.to_xml)
+        end
+
+        def response_hash
+            @response_hash ||= response.to_hash
+        end
+    end
+
+    # Encapsulates an issue operation that requests a security token
+    # from the SSO service.
+    class RequestSecurityToken < SoapInvocable
+
+        attr_accessor :request_type, :delegatable
+
+        # Constructs a new instance.
+        def initialize(client, username, password, hours=2)
+            super(:issue, client)
+
+            @username = username
+            @password = password
+            @hours = hours
+
+            #TODO: these things should be configurable, so we can get
+            #non-delegatable tokens, HoK tokens, etc.
+            @request_type = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"
+            @delegatable = true
+        end
+
+        def now
+            @now ||= Time.now.utc.to_datetime
+        end
+
+        def created
+            @created ||= now.strftime(DATE_FORMAT)
+        end
+
+        def future
+            @future ||= now + (2/24.0) #days (for DateTime math)
+        end
+
+        def expires
+            @expires ||= future.strftime(DATE_FORMAT)
+        end
+
+        # Builds the header XML for the SOAP request.
+        def header_xml(header)
+            id = "uuid-" + SecureRandom.uuid
+
+            #header.tag!("x:Security", "x:mustUnderstand" => "1") do |security|
+            header.tag!("x:Security") do |security|
+                security.tag!("u:Timestamp", "u:Id" => "_0") do |timestamp|
+                    timestamp.tag!("u:Created") do |element|
+                        element << created
+                    end
+                    timestamp.tag!("u:Expires") do |element|
+                        element << expires
+                    end
+                end
+                security.tag!("x:UsernameToken", "u:Id" => id) do |utoken|
+                    utoken.tag!("x:Username") do |element|
+                        element << @username
+                    end
+                    utoken.tag!("x:Password") do |element|
+                        element << @password
+                    end
+                end
+            end
+        end
+
+        # Builds the body XML for the SOAP request.
+        def body_xml(body)
+            body.tag!("wst:RequestSecurityToken") do |rst|
+                rst.tag!("wst:RequestType") do |element|
+                    element << request_type
+                end
+                rst.tag!("wst:Delegatable") do |element|
+                    element << delegatable.to_s
+                end
+=begin
+                #TODO: we don't seem to need this, but I'm leaving this
+                #here for now as a reminder.
+                rst.tag!("wst:Lifetime") do |lifetime|
+                    lifetime.tag!("u:Created") do |element|
+                        element << created
+                    end
+                    lifetime.tag!("u:Expires") do |element|
+                        element << expires
+                    end
+                end
+=end
+            end
+        end
+
+        # Gets the saml_token from the SOAP response body.
+        # @return [SamlToken] the requested SAML token
+        def saml_token
+            assertion = response_xml.at_xpath('//saml2:Assertion',
+                    'saml2' => 'urn:oasis:names:tc:SAML:2.0:assertion')
+            SamlToken.new(assertion)
+        end
+    end
+
+    # Holds a SAML token.
+    class SamlToken
+        attr_reader :xml
+
+        # Creates a new instance.
+        def initialize(xml)
+            @xml = xml
+        end
+
+        #TODO: add some getters for interesting content
+
+        def to_s
+            esc_token = xml.to_xml(:indent => 0, :encoding => 'UTF-8')
+            esc_token = esc_token.gsub(/\n/, '')
+            esc_token
+        end
+    end
+end
+
+# main: quick self tester
+if __FILE__ == $0
+    cloudvm_ip = ARGV[0]
+    cloudvm_ip ||= "10.20.17.0"
+    #cloudvm_ip ||= "10.67.245.207"
+    sso_url = "https://#{cloudvm_ip}/sts/STSService/vsphere.local"
+    wsdl_url = "#{sso_url}?wsdl"
+    sso = SSO::Connection.new(sso_url, wsdl_url)
+    #sso.login("administrator@vsphere.local", "Admin!23")
+    sso.login("root", "vmware")
+    token = sso.request_bearer_token
+    puts token.to_s
+end

data/lib/support/clone_vm.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+#
+# Author:: Chef Partner Engineering (<partnereng@chef.io>)
+# Copyright:: Copyright (c) 2017 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'rbvmomi'
+
+class Support
+  class CloneVm
+    attr_reader :vim, :options
+
+    def initialize(conn_opts, options)
+      @options = options
+
+      # Connect to vSphere
+      @vim ||= RbVmomi::VIM.connect conn_opts
+    end
+
+    def clone
+
+      # set the datacenter name
+      dc = vim.serviceInstance.find_datacenter(options[:datacenter])
+      src_vm = dc.find_vm(options[:template])
+      hosts = dc.hostFolder.children
+
+      # Specify where the machine is going to be created
+      relocate_spec = RbVmomi::VIM.VirtualMachineRelocateSpec
+      relocate_spec.host = options[:targethost]
+      relocate_spec.pool = hosts.first.resourcePool
+
+      clone_spec = RbVmomi::VIM.VirtualMachineCloneSpec(location: relocate_spec,
+                                                        powerOn: options[:poweron],
+                                                        template: false)
+
+      # Set the folder to use
+      dest_folder = options[:folder].nil? ? src_vm.parent : options[:folder][:id]
+
+      puts "Cloning the template to create the new machine..."
+      task = src_vm.CloneVM_Task(folder: dest_folder, name: options[:name], spec: clone_spec)
+      # TODO: it would be nice to have dots to tell you it's working here
+      task.wait_for_completion
+
+
+      # get the IP address of the machine for bootstrapping
+      # machine name is based on the path, e.g. that includes the folder
+      name = options[:folder].nil? ? options[:name] : format("%s/%s", options[:folder][:name], options[:name])
+      new_vm = dc.find_vm(name)
+
+      if new_vm.nil?
+        puts format("Unable to find machine: %s", name)
+      else
+        puts 'Waiting for network interfaces to become available...'
+        sleep 2 while new_vm.guest.net.empty? || !new_vm.guest.ipAddress
+        new_vm.guest.net[0].ipConfig.ipAddress.detect do |addr|
+          addr.origin != 'linklayer'
+        end.ipAddress
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+#
+# Author:: Chef Partner Engineering (<partnereng@chef.io>)
+# Copyright:: Copyright (c) 2017 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#

data/spec/unit/vcenter_vm_list_spec.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+#
+# Author:: Chef Partner Engineering (<partnereng@chef.io>)
+# Copyright:: Copyright (c) 2017 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+require 'chef/knife/vcenter_vm_list'
+require 'support/shared_examples_for_command'
+
+class PowerStatus < BasicObject
+  attr_reader :value
+  def initialize(state)
+    @value = state
+  end
+end
+
+describe Chef::Knife::Cloud::VcenterVmList do
+  it_behaves_like Chef::Knife::Cloud::Command, Chef::Knife::Cloud::VcenterVmList.new
+
+  subject { described_class.new }
+
+  describe '#format_power_status' do
+    context 'when the power is "POWERED_ON"' do
+      it 'displays with green' do
+        expect(subject.ui).to receive(:color).with('POWERED_ON', :green)
+        subject.format_power_status(PowerStatus.new('POWERED_ON'))
+      end
+    end
+
+    context 'when the power is "POWERED_OFF"' do
+      it 'displays with red' do
+        expect(subject.ui).to receive(:color).with('POWERED_OFF', :red)
+        subject.format_power_status(PowerStatus.new('POWERED_OFF'))
+      end
+    end
+
+    context 'when the power is "SUSPENDED"' do
+      it 'displays with red' do
+        expect(subject.ui).to receive(:color).with('SUSPENDED', :yellow)
+        subject.format_power_status(PowerStatus.new('SUSPENDED'))
+      end      
+    end    
+  end
+
+  describe '#format_memory_value' do
+    context 'when the memory value is 8192' do
+      it 'displays as 8,192' do
+        expect(subject.ui).to receive(:text).with('8,192')
+        subject.format_memory_value(8192)
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,257 @@
+--- !ruby/object:Gem::Specification
+name: knife-vcenter
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Chef Partner Engineering
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-08-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: chef
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12'
+- !ruby/object:Gem::Dependency
+  name: knife-cloud
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: rb-readline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: rbvmomi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: savon
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.11'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.11'
+- !ruby/object:Gem::Dependency
+  name: vsphere-automation-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: debase
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: github_changelog_generator
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.35'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.35'
+- !ruby/object:Gem::Dependency
+  name: ruby-debug-ide
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+description: Knife plugin to VMware vCenter.
+email:
+- partnereng@chef.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/ISSUE_TEMPLATE.md"
+- ".github/PULL_REQUEST_TEMPLATE.md"
+- ".gitignore"
+- ".rubocop.yml"
+- ".travis.yml"
+- CHANGELOG.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- knife-vcenter.gemspec
+- lib/base.rb
+- lib/chef/knife/cloud/vcenter_service.rb
+- lib/chef/knife/cloud/vcenter_service_helpers.rb
+- lib/chef/knife/cloud/vcenter_service_options.rb
+- lib/chef/knife/vcenter_cluster_list.rb
+- lib/chef/knife/vcenter_datacenter_list.rb
+- lib/chef/knife/vcenter_host_list.rb
+- lib/chef/knife/vcenter_vm_clone.rb
+- lib/chef/knife/vcenter_vm_create.rb
+- lib/chef/knife/vcenter_vm_delete.rb
+- lib/chef/knife/vcenter_vm_list.rb
+- lib/chef/knife/vcenter_vm_show.rb
+- lib/knife-vcenter/version.rb
+- lib/lookup_service_helper.rb
+- lib/sso.rb
+- lib/support/clone_vm.rb
+- spec/spec_helper.rb
+- spec/unit/vcenter_vm_list_spec.rb
+homepage: https://github.com/chef/knife-vcenter
+licenses:
+- Apache 2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.11
+signing_key: 
+specification_version: 4
+summary: Knife plugin to VMware vCenter.
+test_files:
+- spec/spec_helper.rb
+- spec/unit/vcenter_vm_list_spec.rb