knife-windows 1.3.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +5 -5
- data/.travis.yml +26 -26
- data/CHANGELOG.md +112 -108
- data/DOC_CHANGES.md +14 -14
- data/Gemfile +12 -12
- data/LICENSE +201 -201
- data/README.md +391 -385
- data/RELEASE_NOTES.md +34 -34
- data/Rakefile +21 -21
- data/appveyor.yml +42 -42
- data/ci.gemfile +15 -15
- data/features/knife_help.feature +20 -20
- data/features/support/env.rb +5 -5
- data/knife-windows.gemspec +25 -25
- data/lib/chef/knife/bootstrap/windows-chef-client-msi.erb +233 -247
- data/lib/chef/knife/bootstrap_windows_base.rb +449 -415
- data/lib/chef/knife/bootstrap_windows_ssh.rb +115 -115
- data/lib/chef/knife/bootstrap_windows_winrm.rb +95 -95
- data/lib/chef/knife/core/windows_bootstrap_context.rb +372 -366
- data/lib/chef/knife/knife_windows_base.rb +33 -33
- data/lib/chef/knife/windows_cert_generate.rb +155 -155
- data/lib/chef/knife/windows_cert_install.rb +68 -68
- data/lib/chef/knife/windows_helper.rb +36 -36
- data/lib/chef/knife/windows_listener_create.rb +107 -107
- data/lib/chef/knife/winrm.rb +122 -122
- data/lib/chef/knife/winrm_base.rb +117 -117
- data/lib/chef/knife/winrm_knife_base.rb +305 -303
- data/lib/chef/knife/winrm_session.rb +88 -87
- data/lib/chef/knife/winrm_shared_options.rb +47 -47
- data/lib/chef/knife/wsman_endpoint.rb +44 -44
- data/lib/chef/knife/wsman_test.rb +117 -117
- data/lib/knife-windows/path_helper.rb +234 -234
- data/lib/knife-windows/version.rb +6 -6
- data/spec/assets/win_template_rendered_with_bootstrap_install_command.txt +217 -217
- data/spec/assets/win_template_rendered_with_bootstrap_install_command_on_12_5_client.txt +217 -217
- data/spec/assets/win_template_rendered_without_bootstrap_install_command.txt +329 -329
- data/spec/assets/win_template_rendered_without_bootstrap_install_command_on_12_5_client.txt +329 -329
- data/spec/assets/win_template_unrendered.txt +246 -246
- data/spec/functional/bootstrap_download_spec.rb +241 -234
- data/spec/spec_helper.rb +94 -93
- data/spec/unit/knife/bootstrap_options_spec.rb +155 -155
- data/spec/unit/knife/bootstrap_template_spec.rb +98 -92
- data/spec/unit/knife/bootstrap_windows_winrm_spec.rb +341 -295
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +177 -177
- data/spec/unit/knife/windows_cert_generate_spec.rb +90 -90
- data/spec/unit/knife/windows_cert_install_spec.rb +51 -51
- data/spec/unit/knife/windows_listener_create_spec.rb +76 -76
- data/spec/unit/knife/winrm_session_spec.rb +65 -65
- data/spec/unit/knife/winrm_spec.rb +516 -516
- data/spec/unit/knife/wsman_test_spec.rb +202 -202
- metadata +23 -4
@@ -1,117 +1,117 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Seth Chisamore (<schisamo@
|
3
|
-
# Copyright:: Copyright (c) 2011
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
#
|
18
|
-
|
19
|
-
require 'chef/knife'
|
20
|
-
require 'chef/encrypted_data_bag_item'
|
21
|
-
require 'kconv'
|
22
|
-
|
23
|
-
class Chef
|
24
|
-
class Knife
|
25
|
-
module WinrmBase
|
26
|
-
|
27
|
-
# It includes supported WinRM authentication protocol.
|
28
|
-
WINRM_AUTH_PROTOCOL_LIST ||= %w{basic negotiate kerberos}
|
29
|
-
|
30
|
-
# :nodoc:
|
31
|
-
# Would prefer to do this in a rational way, but can't be done b/c of
|
32
|
-
# Mixlib::CLI's design :(
|
33
|
-
def self.included(includer)
|
34
|
-
includer.class_eval do
|
35
|
-
|
36
|
-
deps do
|
37
|
-
require 'readline'
|
38
|
-
require 'chef/json_compat'
|
39
|
-
end
|
40
|
-
|
41
|
-
option :winrm_user,
|
42
|
-
:short => "-x USERNAME",
|
43
|
-
:long => "--winrm-user USERNAME",
|
44
|
-
:description => "The WinRM username",
|
45
|
-
:default => "Administrator",
|
46
|
-
:proc => Proc.new { |key| Chef::Config[:knife][:winrm_user] = key }
|
47
|
-
|
48
|
-
option :winrm_password,
|
49
|
-
:short => "-P PASSWORD",
|
50
|
-
:long => "--winrm-password PASSWORD",
|
51
|
-
:description => "The WinRM password",
|
52
|
-
:proc => Proc.new { |key| Chef::Config[:knife][:winrm_password] = key }
|
53
|
-
|
54
|
-
option :winrm_transport,
|
55
|
-
:short => "-t TRANSPORT",
|
56
|
-
:long => "--winrm-transport TRANSPORT",
|
57
|
-
:description => "The WinRM transport type. valid choices are [ssl, plaintext]",
|
58
|
-
:default => 'plaintext',
|
59
|
-
:proc => Proc.new { |transport| Chef::Config[:knife][:winrm_port] = '5986' if transport == 'ssl'
|
60
|
-
Chef::Config[:knife][:winrm_transport] = transport }
|
61
|
-
|
62
|
-
option :winrm_port,
|
63
|
-
:short => "-p PORT",
|
64
|
-
:long => "--winrm-port PORT",
|
65
|
-
:description => "The WinRM port, by default this is '5985' for 'plaintext' and '5986' for 'ssl' winrm transport",
|
66
|
-
:default => '5985',
|
67
|
-
:proc => Proc.new { |key| Chef::Config[:knife][:winrm_port] = key }
|
68
|
-
|
69
|
-
option :kerberos_keytab_file,
|
70
|
-
:short => "-T KEYTAB_FILE",
|
71
|
-
:long => "--keytab-file KEYTAB_FILE",
|
72
|
-
:description => "The Kerberos keytab file used for authentication",
|
73
|
-
:proc => Proc.new { |keytab| Chef::Config[:knife][:kerberos_keytab_file] = keytab }
|
74
|
-
|
75
|
-
option :kerberos_realm,
|
76
|
-
:short => "-R KERBEROS_REALM",
|
77
|
-
:long => "--kerberos-realm KERBEROS_REALM",
|
78
|
-
:description => "The Kerberos realm used for authentication",
|
79
|
-
:proc => Proc.new { |realm| Chef::Config[:knife][:kerberos_realm] = realm }
|
80
|
-
|
81
|
-
option :kerberos_service,
|
82
|
-
:short => "-S KERBEROS_SERVICE",
|
83
|
-
:long => "--kerberos-service KERBEROS_SERVICE",
|
84
|
-
:description => "The Kerberos service used for authentication",
|
85
|
-
:proc => Proc.new { |service| Chef::Config[:knife][:kerberos_service] = service }
|
86
|
-
|
87
|
-
option :ca_trust_file,
|
88
|
-
:short => "-f CA_TRUST_FILE",
|
89
|
-
:long => "--ca-trust-file CA_TRUST_FILE",
|
90
|
-
:description => "The Certificate Authority (CA) trust file used for SSL transport",
|
91
|
-
:proc => Proc.new { |trust| Chef::Config[:knife][:ca_trust_file] = trust }
|
92
|
-
|
93
|
-
option :winrm_ssl_verify_mode,
|
94
|
-
:long => "--winrm-ssl-verify-mode SSL_VERIFY_MODE",
|
95
|
-
:description => "The WinRM peer verification mode. Valid choices are [verify_peer, verify_none]",
|
96
|
-
:default => :verify_peer,
|
97
|
-
:proc => Proc.new { |verify_mode| verify_mode.to_sym }
|
98
|
-
|
99
|
-
option :ssl_peer_fingerprint,
|
100
|
-
:long => "--ssl-peer-fingerprint FINGERPRINT",
|
101
|
-
:description => "ssl Cert Fingerprint to bypass normal cert chain checks"
|
102
|
-
|
103
|
-
option :winrm_authentication_protocol,
|
104
|
-
:long => "--winrm-authentication-protocol AUTHENTICATION_PROTOCOL",
|
105
|
-
:description => "The authentication protocol used during WinRM communication. The supported protocols are #{WINRM_AUTH_PROTOCOL_LIST.join(',')}. Default is 'negotiate'.",
|
106
|
-
:default => "negotiate",
|
107
|
-
:proc => Proc.new { |protocol| Chef::Config[:knife][:winrm_authentication_protocol] = protocol }
|
108
|
-
|
109
|
-
option :session_timeout,
|
110
|
-
:long => "--session-timeout Minutes",
|
111
|
-
:description => "The timeout for the client for the maximum length of the WinRM session",
|
112
|
-
:default => 30
|
113
|
-
end
|
114
|
-
end
|
115
|
-
end
|
116
|
-
end
|
117
|
-
end
|
1
|
+
#
|
2
|
+
# Author:: Seth Chisamore (<schisamo@chef.io>)
|
3
|
+
# Copyright:: Copyright (c) 2011-2016 Chef Software, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require 'chef/knife'
|
20
|
+
require 'chef/encrypted_data_bag_item'
|
21
|
+
require 'kconv'
|
22
|
+
|
23
|
+
class Chef
|
24
|
+
class Knife
|
25
|
+
module WinrmBase
|
26
|
+
|
27
|
+
# It includes supported WinRM authentication protocol.
|
28
|
+
WINRM_AUTH_PROTOCOL_LIST ||= %w{basic negotiate kerberos}
|
29
|
+
|
30
|
+
# :nodoc:
|
31
|
+
# Would prefer to do this in a rational way, but can't be done b/c of
|
32
|
+
# Mixlib::CLI's design :(
|
33
|
+
def self.included(includer)
|
34
|
+
includer.class_eval do
|
35
|
+
|
36
|
+
deps do
|
37
|
+
require 'readline'
|
38
|
+
require 'chef/json_compat'
|
39
|
+
end
|
40
|
+
|
41
|
+
option :winrm_user,
|
42
|
+
:short => "-x USERNAME",
|
43
|
+
:long => "--winrm-user USERNAME",
|
44
|
+
:description => "The WinRM username",
|
45
|
+
:default => "Administrator",
|
46
|
+
:proc => Proc.new { |key| Chef::Config[:knife][:winrm_user] = key }
|
47
|
+
|
48
|
+
option :winrm_password,
|
49
|
+
:short => "-P PASSWORD",
|
50
|
+
:long => "--winrm-password PASSWORD",
|
51
|
+
:description => "The WinRM password",
|
52
|
+
:proc => Proc.new { |key| Chef::Config[:knife][:winrm_password] = key }
|
53
|
+
|
54
|
+
option :winrm_transport,
|
55
|
+
:short => "-t TRANSPORT",
|
56
|
+
:long => "--winrm-transport TRANSPORT",
|
57
|
+
:description => "The WinRM transport type. valid choices are [ssl, plaintext]",
|
58
|
+
:default => 'plaintext',
|
59
|
+
:proc => Proc.new { |transport| Chef::Config[:knife][:winrm_port] = '5986' if transport == 'ssl'
|
60
|
+
Chef::Config[:knife][:winrm_transport] = transport }
|
61
|
+
|
62
|
+
option :winrm_port,
|
63
|
+
:short => "-p PORT",
|
64
|
+
:long => "--winrm-port PORT",
|
65
|
+
:description => "The WinRM port, by default this is '5985' for 'plaintext' and '5986' for 'ssl' winrm transport",
|
66
|
+
:default => '5985',
|
67
|
+
:proc => Proc.new { |key| Chef::Config[:knife][:winrm_port] = key }
|
68
|
+
|
69
|
+
option :kerberos_keytab_file,
|
70
|
+
:short => "-T KEYTAB_FILE",
|
71
|
+
:long => "--keytab-file KEYTAB_FILE",
|
72
|
+
:description => "The Kerberos keytab file used for authentication",
|
73
|
+
:proc => Proc.new { |keytab| Chef::Config[:knife][:kerberos_keytab_file] = keytab }
|
74
|
+
|
75
|
+
option :kerberos_realm,
|
76
|
+
:short => "-R KERBEROS_REALM",
|
77
|
+
:long => "--kerberos-realm KERBEROS_REALM",
|
78
|
+
:description => "The Kerberos realm used for authentication",
|
79
|
+
:proc => Proc.new { |realm| Chef::Config[:knife][:kerberos_realm] = realm }
|
80
|
+
|
81
|
+
option :kerberos_service,
|
82
|
+
:short => "-S KERBEROS_SERVICE",
|
83
|
+
:long => "--kerberos-service KERBEROS_SERVICE",
|
84
|
+
:description => "The Kerberos service used for authentication",
|
85
|
+
:proc => Proc.new { |service| Chef::Config[:knife][:kerberos_service] = service }
|
86
|
+
|
87
|
+
option :ca_trust_file,
|
88
|
+
:short => "-f CA_TRUST_FILE",
|
89
|
+
:long => "--ca-trust-file CA_TRUST_FILE",
|
90
|
+
:description => "The Certificate Authority (CA) trust file used for SSL transport",
|
91
|
+
:proc => Proc.new { |trust| Chef::Config[:knife][:ca_trust_file] = trust }
|
92
|
+
|
93
|
+
option :winrm_ssl_verify_mode,
|
94
|
+
:long => "--winrm-ssl-verify-mode SSL_VERIFY_MODE",
|
95
|
+
:description => "The WinRM peer verification mode. Valid choices are [verify_peer, verify_none]",
|
96
|
+
:default => :verify_peer,
|
97
|
+
:proc => Proc.new { |verify_mode| verify_mode.to_sym }
|
98
|
+
|
99
|
+
option :ssl_peer_fingerprint,
|
100
|
+
:long => "--ssl-peer-fingerprint FINGERPRINT",
|
101
|
+
:description => "ssl Cert Fingerprint to bypass normal cert chain checks"
|
102
|
+
|
103
|
+
option :winrm_authentication_protocol,
|
104
|
+
:long => "--winrm-authentication-protocol AUTHENTICATION_PROTOCOL",
|
105
|
+
:description => "The authentication protocol used during WinRM communication. The supported protocols are #{WINRM_AUTH_PROTOCOL_LIST.join(',')}. Default is 'negotiate'.",
|
106
|
+
:default => "negotiate",
|
107
|
+
:proc => Proc.new { |protocol| Chef::Config[:knife][:winrm_authentication_protocol] = protocol }
|
108
|
+
|
109
|
+
option :session_timeout,
|
110
|
+
:long => "--session-timeout Minutes",
|
111
|
+
:description => "The timeout for the client for the maximum length of the WinRM session",
|
112
|
+
:default => 30
|
113
|
+
end
|
114
|
+
end
|
115
|
+
end
|
116
|
+
end
|
117
|
+
end
|