knife-windows 1.3.0 → 1.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +5 -5
- data/.travis.yml +26 -26
- data/CHANGELOG.md +112 -108
- data/DOC_CHANGES.md +14 -14
- data/Gemfile +12 -12
- data/LICENSE +201 -201
- data/README.md +391 -385
- data/RELEASE_NOTES.md +34 -34
- data/Rakefile +21 -21
- data/appveyor.yml +42 -42
- data/ci.gemfile +15 -15
- data/features/knife_help.feature +20 -20
- data/features/support/env.rb +5 -5
- data/knife-windows.gemspec +25 -25
- data/lib/chef/knife/bootstrap/windows-chef-client-msi.erb +233 -247
- data/lib/chef/knife/bootstrap_windows_base.rb +449 -415
- data/lib/chef/knife/bootstrap_windows_ssh.rb +115 -115
- data/lib/chef/knife/bootstrap_windows_winrm.rb +95 -95
- data/lib/chef/knife/core/windows_bootstrap_context.rb +372 -366
- data/lib/chef/knife/knife_windows_base.rb +33 -33
- data/lib/chef/knife/windows_cert_generate.rb +155 -155
- data/lib/chef/knife/windows_cert_install.rb +68 -68
- data/lib/chef/knife/windows_helper.rb +36 -36
- data/lib/chef/knife/windows_listener_create.rb +107 -107
- data/lib/chef/knife/winrm.rb +122 -122
- data/lib/chef/knife/winrm_base.rb +117 -117
- data/lib/chef/knife/winrm_knife_base.rb +305 -303
- data/lib/chef/knife/winrm_session.rb +88 -87
- data/lib/chef/knife/winrm_shared_options.rb +47 -47
- data/lib/chef/knife/wsman_endpoint.rb +44 -44
- data/lib/chef/knife/wsman_test.rb +117 -117
- data/lib/knife-windows/path_helper.rb +234 -234
- data/lib/knife-windows/version.rb +6 -6
- data/spec/assets/win_template_rendered_with_bootstrap_install_command.txt +217 -217
- data/spec/assets/win_template_rendered_with_bootstrap_install_command_on_12_5_client.txt +217 -217
- data/spec/assets/win_template_rendered_without_bootstrap_install_command.txt +329 -329
- data/spec/assets/win_template_rendered_without_bootstrap_install_command_on_12_5_client.txt +329 -329
- data/spec/assets/win_template_unrendered.txt +246 -246
- data/spec/functional/bootstrap_download_spec.rb +241 -234
- data/spec/spec_helper.rb +94 -93
- data/spec/unit/knife/bootstrap_options_spec.rb +155 -155
- data/spec/unit/knife/bootstrap_template_spec.rb +98 -92
- data/spec/unit/knife/bootstrap_windows_winrm_spec.rb +341 -295
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +177 -177
- data/spec/unit/knife/windows_cert_generate_spec.rb +90 -90
- data/spec/unit/knife/windows_cert_install_spec.rb +51 -51
- data/spec/unit/knife/windows_listener_create_spec.rb +76 -76
- data/spec/unit/knife/winrm_session_spec.rb +65 -65
- data/spec/unit/knife/winrm_spec.rb +516 -516
- data/spec/unit/knife/wsman_test_spec.rb +202 -202
- metadata +23 -4
|
@@ -1,117 +1,117 @@
|
|
|
1
|
-
#
|
|
2
|
-
# Author:: Seth Chisamore (<schisamo@
|
|
3
|
-
# Copyright:: Copyright (c) 2011
|
|
4
|
-
# License:: Apache License, Version 2.0
|
|
5
|
-
#
|
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
7
|
-
# you may not use this file except in compliance with the License.
|
|
8
|
-
# You may obtain a copy of the License at
|
|
9
|
-
#
|
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
|
11
|
-
#
|
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
15
|
-
# See the License for the specific language governing permissions and
|
|
16
|
-
# limitations under the License.
|
|
17
|
-
#
|
|
18
|
-
|
|
19
|
-
require 'chef/knife'
|
|
20
|
-
require 'chef/encrypted_data_bag_item'
|
|
21
|
-
require 'kconv'
|
|
22
|
-
|
|
23
|
-
class Chef
|
|
24
|
-
class Knife
|
|
25
|
-
module WinrmBase
|
|
26
|
-
|
|
27
|
-
# It includes supported WinRM authentication protocol.
|
|
28
|
-
WINRM_AUTH_PROTOCOL_LIST ||= %w{basic negotiate kerberos}
|
|
29
|
-
|
|
30
|
-
# :nodoc:
|
|
31
|
-
# Would prefer to do this in a rational way, but can't be done b/c of
|
|
32
|
-
# Mixlib::CLI's design :(
|
|
33
|
-
def self.included(includer)
|
|
34
|
-
includer.class_eval do
|
|
35
|
-
|
|
36
|
-
deps do
|
|
37
|
-
require 'readline'
|
|
38
|
-
require 'chef/json_compat'
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
option :winrm_user,
|
|
42
|
-
:short => "-x USERNAME",
|
|
43
|
-
:long => "--winrm-user USERNAME",
|
|
44
|
-
:description => "The WinRM username",
|
|
45
|
-
:default => "Administrator",
|
|
46
|
-
:proc => Proc.new { |key| Chef::Config[:knife][:winrm_user] = key }
|
|
47
|
-
|
|
48
|
-
option :winrm_password,
|
|
49
|
-
:short => "-P PASSWORD",
|
|
50
|
-
:long => "--winrm-password PASSWORD",
|
|
51
|
-
:description => "The WinRM password",
|
|
52
|
-
:proc => Proc.new { |key| Chef::Config[:knife][:winrm_password] = key }
|
|
53
|
-
|
|
54
|
-
option :winrm_transport,
|
|
55
|
-
:short => "-t TRANSPORT",
|
|
56
|
-
:long => "--winrm-transport TRANSPORT",
|
|
57
|
-
:description => "The WinRM transport type. valid choices are [ssl, plaintext]",
|
|
58
|
-
:default => 'plaintext',
|
|
59
|
-
:proc => Proc.new { |transport| Chef::Config[:knife][:winrm_port] = '5986' if transport == 'ssl'
|
|
60
|
-
Chef::Config[:knife][:winrm_transport] = transport }
|
|
61
|
-
|
|
62
|
-
option :winrm_port,
|
|
63
|
-
:short => "-p PORT",
|
|
64
|
-
:long => "--winrm-port PORT",
|
|
65
|
-
:description => "The WinRM port, by default this is '5985' for 'plaintext' and '5986' for 'ssl' winrm transport",
|
|
66
|
-
:default => '5985',
|
|
67
|
-
:proc => Proc.new { |key| Chef::Config[:knife][:winrm_port] = key }
|
|
68
|
-
|
|
69
|
-
option :kerberos_keytab_file,
|
|
70
|
-
:short => "-T KEYTAB_FILE",
|
|
71
|
-
:long => "--keytab-file KEYTAB_FILE",
|
|
72
|
-
:description => "The Kerberos keytab file used for authentication",
|
|
73
|
-
:proc => Proc.new { |keytab| Chef::Config[:knife][:kerberos_keytab_file] = keytab }
|
|
74
|
-
|
|
75
|
-
option :kerberos_realm,
|
|
76
|
-
:short => "-R KERBEROS_REALM",
|
|
77
|
-
:long => "--kerberos-realm KERBEROS_REALM",
|
|
78
|
-
:description => "The Kerberos realm used for authentication",
|
|
79
|
-
:proc => Proc.new { |realm| Chef::Config[:knife][:kerberos_realm] = realm }
|
|
80
|
-
|
|
81
|
-
option :kerberos_service,
|
|
82
|
-
:short => "-S KERBEROS_SERVICE",
|
|
83
|
-
:long => "--kerberos-service KERBEROS_SERVICE",
|
|
84
|
-
:description => "The Kerberos service used for authentication",
|
|
85
|
-
:proc => Proc.new { |service| Chef::Config[:knife][:kerberos_service] = service }
|
|
86
|
-
|
|
87
|
-
option :ca_trust_file,
|
|
88
|
-
:short => "-f CA_TRUST_FILE",
|
|
89
|
-
:long => "--ca-trust-file CA_TRUST_FILE",
|
|
90
|
-
:description => "The Certificate Authority (CA) trust file used for SSL transport",
|
|
91
|
-
:proc => Proc.new { |trust| Chef::Config[:knife][:ca_trust_file] = trust }
|
|
92
|
-
|
|
93
|
-
option :winrm_ssl_verify_mode,
|
|
94
|
-
:long => "--winrm-ssl-verify-mode SSL_VERIFY_MODE",
|
|
95
|
-
:description => "The WinRM peer verification mode. Valid choices are [verify_peer, verify_none]",
|
|
96
|
-
:default => :verify_peer,
|
|
97
|
-
:proc => Proc.new { |verify_mode| verify_mode.to_sym }
|
|
98
|
-
|
|
99
|
-
option :ssl_peer_fingerprint,
|
|
100
|
-
:long => "--ssl-peer-fingerprint FINGERPRINT",
|
|
101
|
-
:description => "ssl Cert Fingerprint to bypass normal cert chain checks"
|
|
102
|
-
|
|
103
|
-
option :winrm_authentication_protocol,
|
|
104
|
-
:long => "--winrm-authentication-protocol AUTHENTICATION_PROTOCOL",
|
|
105
|
-
:description => "The authentication protocol used during WinRM communication. The supported protocols are #{WINRM_AUTH_PROTOCOL_LIST.join(',')}. Default is 'negotiate'.",
|
|
106
|
-
:default => "negotiate",
|
|
107
|
-
:proc => Proc.new { |protocol| Chef::Config[:knife][:winrm_authentication_protocol] = protocol }
|
|
108
|
-
|
|
109
|
-
option :session_timeout,
|
|
110
|
-
:long => "--session-timeout Minutes",
|
|
111
|
-
:description => "The timeout for the client for the maximum length of the WinRM session",
|
|
112
|
-
:default => 30
|
|
113
|
-
end
|
|
114
|
-
end
|
|
115
|
-
end
|
|
116
|
-
end
|
|
117
|
-
end
|
|
1
|
+
#
|
|
2
|
+
# Author:: Seth Chisamore (<schisamo@chef.io>)
|
|
3
|
+
# Copyright:: Copyright (c) 2011-2016 Chef Software, Inc.
|
|
4
|
+
# License:: Apache License, Version 2.0
|
|
5
|
+
#
|
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
7
|
+
# you may not use this file except in compliance with the License.
|
|
8
|
+
# You may obtain a copy of the License at
|
|
9
|
+
#
|
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
|
11
|
+
#
|
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
15
|
+
# See the License for the specific language governing permissions and
|
|
16
|
+
# limitations under the License.
|
|
17
|
+
#
|
|
18
|
+
|
|
19
|
+
require 'chef/knife'
|
|
20
|
+
require 'chef/encrypted_data_bag_item'
|
|
21
|
+
require 'kconv'
|
|
22
|
+
|
|
23
|
+
class Chef
|
|
24
|
+
class Knife
|
|
25
|
+
module WinrmBase
|
|
26
|
+
|
|
27
|
+
# It includes supported WinRM authentication protocol.
|
|
28
|
+
WINRM_AUTH_PROTOCOL_LIST ||= %w{basic negotiate kerberos}
|
|
29
|
+
|
|
30
|
+
# :nodoc:
|
|
31
|
+
# Would prefer to do this in a rational way, but can't be done b/c of
|
|
32
|
+
# Mixlib::CLI's design :(
|
|
33
|
+
def self.included(includer)
|
|
34
|
+
includer.class_eval do
|
|
35
|
+
|
|
36
|
+
deps do
|
|
37
|
+
require 'readline'
|
|
38
|
+
require 'chef/json_compat'
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
option :winrm_user,
|
|
42
|
+
:short => "-x USERNAME",
|
|
43
|
+
:long => "--winrm-user USERNAME",
|
|
44
|
+
:description => "The WinRM username",
|
|
45
|
+
:default => "Administrator",
|
|
46
|
+
:proc => Proc.new { |key| Chef::Config[:knife][:winrm_user] = key }
|
|
47
|
+
|
|
48
|
+
option :winrm_password,
|
|
49
|
+
:short => "-P PASSWORD",
|
|
50
|
+
:long => "--winrm-password PASSWORD",
|
|
51
|
+
:description => "The WinRM password",
|
|
52
|
+
:proc => Proc.new { |key| Chef::Config[:knife][:winrm_password] = key }
|
|
53
|
+
|
|
54
|
+
option :winrm_transport,
|
|
55
|
+
:short => "-t TRANSPORT",
|
|
56
|
+
:long => "--winrm-transport TRANSPORT",
|
|
57
|
+
:description => "The WinRM transport type. valid choices are [ssl, plaintext]",
|
|
58
|
+
:default => 'plaintext',
|
|
59
|
+
:proc => Proc.new { |transport| Chef::Config[:knife][:winrm_port] = '5986' if transport == 'ssl'
|
|
60
|
+
Chef::Config[:knife][:winrm_transport] = transport }
|
|
61
|
+
|
|
62
|
+
option :winrm_port,
|
|
63
|
+
:short => "-p PORT",
|
|
64
|
+
:long => "--winrm-port PORT",
|
|
65
|
+
:description => "The WinRM port, by default this is '5985' for 'plaintext' and '5986' for 'ssl' winrm transport",
|
|
66
|
+
:default => '5985',
|
|
67
|
+
:proc => Proc.new { |key| Chef::Config[:knife][:winrm_port] = key }
|
|
68
|
+
|
|
69
|
+
option :kerberos_keytab_file,
|
|
70
|
+
:short => "-T KEYTAB_FILE",
|
|
71
|
+
:long => "--keytab-file KEYTAB_FILE",
|
|
72
|
+
:description => "The Kerberos keytab file used for authentication",
|
|
73
|
+
:proc => Proc.new { |keytab| Chef::Config[:knife][:kerberos_keytab_file] = keytab }
|
|
74
|
+
|
|
75
|
+
option :kerberos_realm,
|
|
76
|
+
:short => "-R KERBEROS_REALM",
|
|
77
|
+
:long => "--kerberos-realm KERBEROS_REALM",
|
|
78
|
+
:description => "The Kerberos realm used for authentication",
|
|
79
|
+
:proc => Proc.new { |realm| Chef::Config[:knife][:kerberos_realm] = realm }
|
|
80
|
+
|
|
81
|
+
option :kerberos_service,
|
|
82
|
+
:short => "-S KERBEROS_SERVICE",
|
|
83
|
+
:long => "--kerberos-service KERBEROS_SERVICE",
|
|
84
|
+
:description => "The Kerberos service used for authentication",
|
|
85
|
+
:proc => Proc.new { |service| Chef::Config[:knife][:kerberos_service] = service }
|
|
86
|
+
|
|
87
|
+
option :ca_trust_file,
|
|
88
|
+
:short => "-f CA_TRUST_FILE",
|
|
89
|
+
:long => "--ca-trust-file CA_TRUST_FILE",
|
|
90
|
+
:description => "The Certificate Authority (CA) trust file used for SSL transport",
|
|
91
|
+
:proc => Proc.new { |trust| Chef::Config[:knife][:ca_trust_file] = trust }
|
|
92
|
+
|
|
93
|
+
option :winrm_ssl_verify_mode,
|
|
94
|
+
:long => "--winrm-ssl-verify-mode SSL_VERIFY_MODE",
|
|
95
|
+
:description => "The WinRM peer verification mode. Valid choices are [verify_peer, verify_none]",
|
|
96
|
+
:default => :verify_peer,
|
|
97
|
+
:proc => Proc.new { |verify_mode| verify_mode.to_sym }
|
|
98
|
+
|
|
99
|
+
option :ssl_peer_fingerprint,
|
|
100
|
+
:long => "--ssl-peer-fingerprint FINGERPRINT",
|
|
101
|
+
:description => "ssl Cert Fingerprint to bypass normal cert chain checks"
|
|
102
|
+
|
|
103
|
+
option :winrm_authentication_protocol,
|
|
104
|
+
:long => "--winrm-authentication-protocol AUTHENTICATION_PROTOCOL",
|
|
105
|
+
:description => "The authentication protocol used during WinRM communication. The supported protocols are #{WINRM_AUTH_PROTOCOL_LIST.join(',')}. Default is 'negotiate'.",
|
|
106
|
+
:default => "negotiate",
|
|
107
|
+
:proc => Proc.new { |protocol| Chef::Config[:knife][:winrm_authentication_protocol] = protocol }
|
|
108
|
+
|
|
109
|
+
option :session_timeout,
|
|
110
|
+
:long => "--session-timeout Minutes",
|
|
111
|
+
:description => "The timeout for the client for the maximum length of the WinRM session",
|
|
112
|
+
:default => 30
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
end
|
|
116
|
+
end
|
|
117
|
+
end
|