diff --git a/lib/chef/knife/ec2_server_create.rb b/lib/chef/knife/ec2_server_create.rb index 6559ce87..861bef5e 100644 --- a/lib/chef/knife/ec2_server_create.rb +++ b/lib/chef/knife/ec2_server_create.rb @@ -931,8 +931,16 @@ def eip_scope end def ssl_config_user_data + user_related_commands = "" + winrm_user = locate_config_value(:winrm_user).split("\\") + if (winrm_user[0] == ".") || (winrm_user[0] == "") ||(winrm_user.length == 1) + user_related_commands = <<-EOH +net user /add #{locate_config_value(:winrm_user).delete('.\\')} #{windows_password}; +net localgroup Administrators /add #{locate_config_value(:winrm_user).delete('.\\')}; + EOH + end <<-EOH - +#{user_related_commands} If (-Not (Get-Service WinRM | Where-Object {$_.status -eq "Running"})) { winrm quickconfig -q } @@ -945,7 +953,7 @@ def ssl_config_user_data $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'" iex $create_listener_cmd -netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=public enable=yes +netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes EOH end diff --git a/spec/unit/ec2_server_create_spec.rb b/spec/unit/ec2_server_create_spec.rb index 297453f8..006ea97a 100644 --- a/spec/unit/ec2_server_create_spec.rb +++ b/spec/unit/ec2_server_create_spec.rb @@ -1523,10 +1523,75 @@ end end + describe 'ssl_config_user_data' do + before do + @knife_ec2_create.config[:winrm_password] = "ec2@123" + end + + context 'For domain user' do + before do + @knife_ec2_create.config[:winrm_user] = "domain\\ec2" + @ssl_config_data = <<-EOH + +If (-Not (Get-Service WinRM | Where-Object {$_.status -eq "Running"})) { + winrm quickconfig -q +} +If (winrm e winrm/config/listener | Select-String -Pattern " Transport = HTTP\\b" -Quiet) { + winrm delete winrm/config/listener?Address=*+Transport=HTTP +} +$vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public-ipv4 +New-SelfSignedCertificate -certstorelocation cert:\\localmachine\\my -dnsname $vm_name +$thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint; +$create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'" +iex $create_listener_cmd + +netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes + + EOH + end + + it 'gets ssl config user data' do + expect(@knife_ec2_create.ssl_config_user_data).to be == @ssl_config_data + end + end + + context 'For local user' do + before do + @knife_ec2_create.config[:winrm_user] = ".\\ec2" + @ssl_config_data = <<-EOH +net user /add ec2 ec2@123; +net localgroup Administrators /add ec2; + +If (-Not (Get-Service WinRM | Where-Object {$_.status -eq "Running"})) { + winrm quickconfig -q +} +If (winrm e winrm/config/listener | Select-String -Pattern " Transport = HTTP\\b" -Quiet) { + winrm delete winrm/config/listener?Address=*+Transport=HTTP +} +$vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public-ipv4 +New-SelfSignedCertificate -certstorelocation cert:\\localmachine\\my -dnsname $vm_name +$thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint; +$create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'" +iex $create_listener_cmd + +netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes + + EOH + + end + + it 'gets ssl config user data' do + expect(@knife_ec2_create.ssl_config_user_data).to be == @ssl_config_data + end + end + end + describe 'ssl_config_data_already_exist?' do before(:each) do @user_user_data = 'user_user_data.ps1' + @knife_ec2_create.config[:winrm_user] = "domain\\ec2" + @knife_ec2_create.config[:winrm_password] = "ec2@123" @knife_ec2_create.config[:aws_user_data] = @user_user_data end @@ -1566,7 +1631,7 @@ $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'" iex $create_listener_cmd -netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=public enable=yes +netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes @@ -1592,6 +1657,8 @@ @knife_ec2_create.config[:ssh_key_name] = "ssh_key_name" @knife_ec2_create.config[:winrm_transport] = "ssl" @knife_ec2_create.config[:create_ssl_listener] = true + @knife_ec2_create.config[:winrm_user] = "domain\\ec2" + @knife_ec2_create.config[:winrm_password] = "ec2@123" end context 'when user_data script provided by user contains only