right_link 5.9.0

data/lib/clouds/clouds/softlayer.rb

@@ -0,0 +1,91 @@
+#
+# Copyright (c) 2011 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+CONFIG_DRIVE_MOUNTPOINT = File.join(RightScale::Platform.filesystem.spool_dir, name.to_s) if ::RightScale::Platform.linux?
+CONFIG_DRIVE_MOUNTPOINT = File.join(ENV['ProgramW6432'], 'RightScale', 'Mount', 'Softlayer').gsub('/', '\\') if ::RightScale::Platform.windows?
+
+# dependencies.
+metadata_source 'metadata_sources/config_drive_metadata_source'
+metadata_writers 'metadata_writers/dictionary_metadata_writer',
+                 'metadata_writers/ruby_metadata_writer',
+                 'metadata_writers/shell_metadata_writer'
+
+abbreviation :sl
+
+# Parses softlayer user metadata into a hash.
+#
+# === Parameters
+# tree_climber(MetadataTreeClimber):: tree climber
+# data(String):: raw data
+#
+# === Return
+# result(Hash):: Hash-like leaf value
+def create_user_metadata_leaf(tree_climber, data)
+  result = tree_climber.create_branch
+  # REVIEW: This can (and will) raise an exception if the data is malformed or empty. I was putting it in a
+  # begin/rescue/end block, but there doesn't appear to be a logger in scope to report the problem and exit gracefully.
+  #
+  # Also, is it appropriate to be parsing JSON here? Is a specific tree_climber for json more appropriate?
+  #
+  # REVIEWER:
+  # (1) added an in-scope logger (it was always available as option(:logger)) for RightLink v5.8+
+  # (2) catching and logging an exception here is reasonable; added it.
+  # (3) as far as subclassing goes, the cloud definition methodology allows for overriding a few
+  # methods in the existing code base instead of having to create a custom class hierarchy for each
+  # cloud. either approach is supported, but the override philosophy used here seems simpler
+  # (especially for new cloud providers who haven't seen much ruby up till now).
+  parsed_data = nil
+  begin
+    parsed_data = JSON.parse(data.strip)
+  rescue Exception => e
+    logger.error("#{e.class}: #{e.message}")
+  end
+  ::RightScale::CloudUtilities.split_metadata(parsed_data[0], '&', result) unless !parsed_data || parsed_data.length == 0
+  result
+end
+
+# defaults.
+default_option([:user_metadata, :metadata_tree_climber, :create_leaf_override], method(:create_user_metadata_leaf))
+default_option([:metadata_source, :user_metadata_source_file_path], File.join(CONFIG_DRIVE_MOUNTPOINT, 'meta.js'))
+
+default_option([:metadata_source, :config_drive_uuid], "681B-8C5D")
+default_option([:metadata_source, :config_drive_filesystem], ::RightScale::Platform.windows? ? 'FAT' : 'vfat')
+default_option([:metadata_source, :config_drive_label], 'METADATA')
+default_option([:metadata_source, :config_drive_mountpoint],  CONFIG_DRIVE_MOUNTPOINT)
+
+# Updates the given node with cloud metadata details.
+#
+# === Return
+# always true
+def update_details
+  details = {}
+  if ohai = @options[:ohai_node]
+    if platform.windows?
+      details[:public_ip] = ::RightScale::CloudUtilities.ip_for_windows_interface(ohai, 'Local Area Connection 2')
+      details[:private_ip] = ::RightScale::CloudUtilities.ip_for_windows_interface(ohai, 'Local Area Connection')
+    else
+      details[:public_ip] = ::RightScale::CloudUtilities.ip_for_interface(ohai, :eth1)
+      details[:private_ip] = ::RightScale::CloudUtilities.ip_for_interface(ohai, :eth0)
+    end
+  end
+  return details
+end

data/lib/clouds/metadata_formatter.rb

@@ -0,0 +1,108 @@
+#
+# Copyright (c) 2010-2011 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+module RightScale
+
+  # Abstracts a formatter which maps one kind of metadata output to another.
+  class MetadataFormatter
+
+    # RS_ is reserved for use by RightScale and should be avoided by users
+    # passing non-RightScale metadata to instances.
+    RS_METADATA_PREFIX = 'RS_'
+
+    attr_accessor :formatted_path_prefix, :format_metadata_override
+
+    # Initializer.
+    #
+    # === Parameters
+    # options[:formatted_path_prefix](String):: default prefix for formatted metadata keys
+    # options[:format_metadata_override](Proc(formatter, metadata):: format_metadata override or nil
+    def initialize(options = {})
+      # options
+      @formatted_path_prefix = options[:formatted_path_prefix] || RS_METADATA_PREFIX
+
+      # overrides
+      @format_metadata_override = options[:format_metadata_override]
+    end
+
+    # Formats metadata such that any hierarchical details flattened into simple
+    # key names.
+    #
+    # === Parameters
+    # tree_metadata(Hash):: tree of raw metadata
+    #
+    # === Returns
+    # flat_metadata(Hash):: flattened metadata
+    def format_metadata(metadata)
+      return @format_metadata_override.call(self, metadata) if @format_metadata_override
+      return recursive_flatten_metadata(metadata)
+    end
+
+    protected
+
+    # Recursively flattens metadata.
+    #
+    # === Parameters
+    # tree_metadata(Hash):: metadata to flatten
+    # flat_metadata(Hash):: flattened metadata or {}
+    # metadata_path(Array):: array of metadata path elements or []
+    # path_index(int):: path array index to update or 0
+    #
+    # === Returns
+    # flat_metadata(Hash):: flattened metadata
+    def recursive_flatten_metadata(tree_metadata, flat_metadata = {}, metadata_path = [], path_index = 0)
+      unless tree_metadata.empty?
+        tree_metadata.each do |key, value|
+          metadata_path[path_index] = key
+          if value.respond_to?(:has_key?)
+            recursive_flatten_metadata(value, flat_metadata, metadata_path, path_index + 1)
+          else
+            flat_path = flatten_metadata_path(metadata_path)
+            flat_metadata[flat_path] = value
+          end
+        end
+        metadata_path.pop
+        raise "Unexpected path" unless metadata_path.size == path_index
+      end
+      return flat_metadata
+    end
+
+    # Flattens a sequence of metadata keys into a simple key string
+    # distinguishing the path to a value stored at some depth in a tree of
+    # metadata.
+    #
+    # === Parameters
+    # metadata_path(Array):: array of metadata path elements
+    #
+    # === Returns
+    # flat_path(String):: flattened path
+    def flatten_metadata_path(metadata_path)
+      flat_path = metadata_path.join('_').gsub(/[\W,\/]/, '_').upcase
+      if @formatted_path_prefix && !(flat_path.start_with?(RS_METADATA_PREFIX) || flat_path.start_with?(@formatted_path_prefix))
+        return @formatted_path_prefix + flat_path
+      end
+      return flat_path
+    end
+
+  end  # MetadataFormatter
+
+end  # RightScale

data/lib/clouds/metadata_provider.rb

@@ -0,0 +1,128 @@
+#
+# Copyright (c) 2011 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require File.normalize_path(File.join(File.dirname(__FILE__), 'metadata_provider'))
+
+module RightScale
+
+  # Abstracts a metadata provider which implements recursive tree building and
+  # relies on an external fetcher object
+  class MetadataProvider
+
+    attr_accessor :metadata_source, :metadata_tree_climber, :raw_metadata_writer
+
+    def initialize(options = {})
+      @metadata_source = options[:metadata_source]
+      @metadata_tree_climber = options[:metadata_tree_climber]
+      @raw_metadata_writer = options[:raw_metadata_writer]
+      @build_metadata_override = options[:build_metadata_override]
+      @query_override = options[:query_override]
+    end
+
+    # Queries cloud-specific instance metadata in an implementation-specific
+    # manner. The resulting tree of metadata is built using the given Hash-like
+    # class.
+    #
+    # === Return
+    # tree_metadata(Hash|String):: tree of metadata or leaf value or nil
+    #  depending on options
+    #
+    # === Raises
+    # RightScale::MetadataSource::QueryFailed:: on failure to query metadata
+    def build_metadata
+      return @build_metadata_override.call(self) if @build_metadata_override
+      @root_path = @metadata_tree_climber.root_path
+      recursive_build_metadata(@root_path)
+    ensure
+      @root_path = nil
+    end
+
+    protected
+
+    # Queries the given path for metadata using the responder. The metadata is
+    # then (recursively) processed according to the tree surgeon's analysis and
+    # the metadata tree (or else flat data) is filled and returned.
+    #
+    # === Parameters
+    # path(String):: path to metadata
+    #
+    # === Return
+    # tree_metadata(Hash|String):: tree of metadata or raw value depending on
+    #  options
+    def recursive_build_metadata(path)
+      # query
+      query_result = query(path)
+
+      # climb, if arboreal
+      if @metadata_tree_climber.has_children?(path, query_result)
+        metadata = @metadata_tree_climber.create_branch
+        child_names = @metadata_tree_climber.child_names(path, query_result)
+        child_names.each do |child_name|
+          if key = @metadata_tree_climber.branch_key(child_name)
+            branch_path = @metadata_source.append_branch_name(path, child_name)
+            metadata[key] = recursive_build_metadata(branch_path)
+          elsif key = @metadata_tree_climber.leaf_key(child_name)
+            leaf_path = @metadata_source.append_leaf_name(path, child_name)
+            query_result = @metadata_source.query(leaf_path)
+            write_raw_leaf_query_result(leaf_path, query_result)
+            metadata[key] = @metadata_tree_climber.create_leaf(leaf_path, query_result)
+          end
+        end
+        return metadata
+      end
+
+      # the only leaf.
+      write_raw_leaf_query_result(path, query_result)
+      return @metadata_tree_climber.create_leaf(path, query_result)
+    end
+
+    # Executes a query on the source using the given path.
+    #
+    # === Parameters
+    # path(String):: path to metadata
+    #
+    # === Return
+    # result(Object):: any kind of metadata
+    def query(path)
+      return @query_override.call(self, path) if @query_override
+      return @metadata_source.query(path)
+    end
+
+    # Writes raw responses to query writer, if given
+    #
+    # === Parameters
+    # path(String):: path to metadata
+    # query_result(String):: raw query result
+    #
+    # === Return
+    # always true
+    def write_raw_leaf_query_result(path, query_result)
+      if @raw_metadata_writer
+        subpath = (path.length > @root_path.length) ? path[@root_path.length..-1] : nil
+        @raw_metadata_writer.write(query_result, subpath)
+      end
+      true
+    end
+
+  end
+
+end

data/lib/clouds/metadata_source.rb

@@ -0,0 +1,87 @@
+#
+# Copyright (c) 2011 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+module RightScale
+
+  # Interface for a metadata source.
+  class MetadataSource
+
+    # exceptions.
+    class QueryFailed < Exception; end
+
+    attr_reader :logger
+
+    def initialize(options)
+      raise ArgumentError, "options[:logger] is required" unless @logger = options[:logger]
+    end
+
+    # Appends a branch name to the given path.
+    #
+    # === Parameters
+    # path(String):: metadata path
+    # branch_name(String):: branch name to append
+    #
+    # === Return
+    # result(String):: updated path
+    def append_branch_name(path, branch_name)
+      # remove anything after equals.
+      branch_name = branch_name.gsub(/\=.*$/, '')
+      branch_name = "#{branch_name}/" unless '/' == branch_name[-1..-1]
+      return append_leaf_name(path, branch_name)
+    end
+
+    # Appends a leaf name to the given path.
+    #
+    # === Parameters
+    # path(String):: metadata path
+    # leaf_name(String):: leaf name to append
+    #
+    # === Return
+    # result(String):: updated path
+    def append_leaf_name(path, leaf_name)
+      path = "#{path}/" unless '/' == path[-1..-1]
+      return "#{path}#{URI.escape(leaf_name)}"
+    end
+
+    # Queries for metadata using the given path.
+    #
+    # === Parameters
+    # path(String):: metadata path
+    #
+    # === Return
+    # metadata(String):: query result or empty
+    #
+    # === Raises
+    # QueryFailed:: on any failure to query
+    def query(path)
+      raise NotImplementedError
+    end
+
+    # Releases any resources used to query metadata. Must be called before
+    # releasing source.
+    def finish
+      raise NotImplementedError
+    end
+
+  end
+
+end

data/lib/clouds/metadata_sources/certificate_metadata_source.rb

@@ -0,0 +1,207 @@
+#
+# Copyright (c) 2012 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'tmpdir'
+require 'openssl'
+require 'base64'
+
+module RightScale
+
+  module MetadataSources
+
+    # Provides metadata by reading a dictionary file on disk.
+    class CertificateMetadataSource < MetadataSource
+
+      # definitions for querying kinds of metadata by a simple path.
+      DEFAULT_CLOUD_METADATA_ROOT_PATH = "cloud_metadata"
+      DEFAULT_USER_METADATA_ROOT_PATH = "user_metadata"
+
+      attr_accessor :cloud_metadata_cert_store, :cloud_metadata_cert_issuer
+      attr_accessor :user_metadata_cert_store, :user_metadata_cert_issuer
+
+      def initialize(options)
+        super(options)
+        raise ArgumentError.new("options[:cloud_metadata_root_path] is required") unless @cloud_metadata_root_path = options[:cloud_metadata_root_path]
+        raise ArgumentError.new("options[:user_metadata_root_path] is required") unless @user_metadata_root_path = options[:user_metadata_root_path]
+
+        @cloud_metadata_cert_store = options[:cloud_metadata_cert_store]
+        @cloud_metadata_cert_issuer = options[:cloud_metadata_cert_issuer]
+
+        @user_metadata_cert_store = options[:user_metadata_cert_store]
+        @user_metadata_cert_issuer = options[:user_metadata_cert_issuer]
+      end
+
+      # Queries for metadata using the given path.
+      #
+      # === Parameters
+      # path(String):: metadata path
+      #
+      # === Return
+      # metadata(String):: query result or empty
+      #
+      # === Raises
+      # QueryFailed:: on any failure to query
+      def query(path)
+        result = ""
+        if path == @cloud_metadata_root_path
+          result = read_cert(@cloud_metadata_cert_store, @cloud_metadata_cert_issuer) if @cloud_metadata_cert_store && @cloud_metadata_cert_issuer
+        elsif path == @user_metadata_root_path
+          result = read_cert(@user_metadata_cert_store, @user_metadata_cert_issuer) if @user_metadata_cert_store && @user_metadata_cert_issuer
+        else
+          raise QueryFailed.new("Unknown path: #{path}")
+        end
+        result
+      rescue QueryFailed
+        raise
+      rescue Exception => e
+        raise QueryFailed.new(e.message)
+      end
+
+      # Nothing to do.
+      def finish
+        true
+      end
+
+      protected
+
+      def read_cert(cert_store, cert_issuer)
+        if ::RightScale::Platform.windows?
+          read_cert_windows(cert_store, cert_issuer)
+        else
+          read_cert_linux(cert_store, cert_issuer)
+        end
+      end
+
+      def read_cert_linux(cert_store, cert_issuer)
+        begin
+          data = File.read(cert_store)
+          cert = OpenSSL::X509::Certificate.new(data)
+
+          certificate_issuer = cert.issuer.to_s.split("/").sort
+          certificate_issuer.shift
+          raise QueryFailed.new("Certificate issuer does not match.") unless certificate_issuer == cert_issuer.split(", ").sort
+          raise QueryFailed.new("Unexpected certificate subject format: #{cert.subject.to_s}") unless cert.subject.to_s[1..3] == "CN="
+
+          result = Base64.decode64(cert.subject.to_s[4..-1].gsub('x0A',''))
+        rescue Exception => e
+          raise QueryFailed.new("Failed to retrieve metadata from cert given as \"#{cert_issuer}\" under \"#{cert_store}\"")
+        end
+
+        return result
+      end
+
+      READ_CERT_POWERSHELL_SCRIPT = <<EOF
+# stop and fail script when a command fails.
+$ErrorActionPreference = "Stop"
+
+try
+{
+  # requires Win2008+
+  if ([Int32]::Parse((Get-WmiObject Win32_OperatingSystem).Version.split('.')[0]) -lt 6)
+  {
+    throw "This version of Windows is not supported."
+  }
+
+  # check arguments.
+  if ($args.length -lt 3)
+  {
+    write-output "Usage: read_cert <cert store> <cert issuer> <output file>"
+    exit 101
+  }
+  $CERT_STORE = $args[0]
+  $CERT_ISSUER = $args[1]
+  $OUTPUT_FILE_PATH = $args[2]
+
+  # normalizes a Distinguished Name (DN) to ensure that parts appear in a consistent order in
+  # the DN string for comparison purposes. in Active Directory, DN parts are strictly ordered
+  # to make a full path to an object but other use cases (cert issuer, etc.) may not be as strict.
+  function NormalizeDN($dn)
+  {
+    [string]::join(',', ($dn.split(',') | foreach-object { $_.trim() } | sort-object))
+  }
+
+  # attempt to cert given by issuer (distinguished name) in the given cert store. select the most
+  # recently issued cert matching the given issuer by sorting certs in descending 'not before'
+  # order (i.e. last issued) and selecting first in the sorted array.
+  $compare = NormalizeDN($CERT_ISSUER)
+  $certs = @() + (get-item "$CERT_STORE\\*" | where-object { $compare -eq (NormalizeDN($_.issuer)) } | sort-object -Property notbefore -Descending)
+  $cert = $certs[0]
+  if ($NULL -eq $cert)
+  {
+    throw "Unable to find certificate matching ""$CERT_ISSUER"" under ""$CERT_STORE""."
+  }
+
+  # assumes that metadata is encoded in base-64 binary as .subject field of cert
+  # in form 'CN=<base-64 metadata string>'. if we don't match this pattern,
+  # then just bail out.
+  $encodedMetadata = $cert.subject
+  if (-not ($encodedMetadata.startsWith('CN=')))
+  {
+    throw "Unexpected cert subject format ""$encodedMetadata"""
+  }
+  # note that the base-64 string may or may not have double-quotes around it.
+  # not sure how double-quotes get inserted into the middle of the CN= phrase
+  # on Linux side (and not in Windows test), but life is a mystery.
+  $encodedMetadata = ($encodedMetadata.substring(3, $encodedMetadata.length - 3)).trim('"')
+  $decodedMetadata = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encodedMetadata)))
+  $decodedMetadata | Out-File -Encoding ASCII $OUTPUT_FILE_PATH
+}
+catch
+{
+  $ErrorActionPreference = "Continue"
+  write-error $_
+  exit 100
+}
+
+exit 0
+EOF
+
+      def read_cert_windows(cert_store, cert_issuer)
+        result = ''
+        Dir.mktmpdir do |dir|
+          script_file_path = ::File.normalize_path(::File.join(dir, 'read_cert.ps1'))
+          output_file_path = ::File.normalize_path(::File.join(dir, 'output.txt'))
+          ::File.open(script_file_path, "w") { |f| f.write READ_CERT_POWERSHELL_SCRIPT }
+          cmd = ::RightScale::Platform.shell.format_shell_command(script_file_path, cert_store, cert_issuer, output_file_path)
+          result = `#{cmd}`
+          if $?.success?
+            if ::File.file?(output_file_path)
+              result = ::File.read(output_file_path)
+            else
+              result = result.to_s.strip
+              result = "No data was read from cert given as \"#{cert_issuer}\" under \"#{cert_store}\"." if result.empty?
+              raise QueryFailed.new(result)
+            end
+          else
+            result = result.to_s.strip
+            result = "Failed to retrieve metadata from cert given as \"#{cert_issuer}\" under \"#{cert_store}\"." if result.empty?
+            raise QueryFailed.new(result)
+          end
+        end
+        return result
+      end
+
+    end  # CertificateMetadataSource
+
+  end  # MetadataSources
+
+end  # RightScale