Merge pull request #233 from chef/sid/set-winrm-ssl-verify

Implemented changes to set winrm_ssl_verify_mode to none for server create
chef · Jul 17, 2015 · 110c8ea · 110c8ea
2 parents ee11f4e + aaf8c72
commit 110c8ea
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 3 deletions.
diff --git a/lib/azure/role.rb b/lib/azure/role.rb
@@ -365,9 +365,9 @@ def setup(params)
                     end
                     xml.WinRM {
                       xml.Listeners {
-                       if params[:ssl_cert_fingerprint]
+                       if params[:winrm_transport] == "ssl" || params[:ssl_cert_fingerprint]
                         xml.Listener {
-                          xml.CertificateThumbprint params[:ssl_cert_fingerprint]
+                          xml.CertificateThumbprint params[:ssl_cert_fingerprint] if params[:ssl_cert_fingerprint]
                           xml.Protocol 'Https'
                         }
                         else

diff --git a/lib/chef/knife/azure_server_create.rb b/lib/chef/knife/azure_server_create.rb
@@ -741,7 +741,6 @@ def bootstrap_for_windows_node(server, fqdn, port)
             bootstrap.config[:auth_timeout] = locate_config_value(:auth_timeout)
             # Todo: we should skip cert generate in case when winrm_ssl_verify_mode=verify_none
             bootstrap.config[:winrm_ssl_verify_mode] = locate_config_value(:winrm_ssl_verify_mode)
-
         elsif locate_config_value(:bootstrap_protocol) == 'ssh'
             bootstrap = Chef::Knife::BootstrapWindowsSsh.new
             bootstrap.config[:ssh_user] = locate_config_value(:ssh_user)
@@ -830,6 +829,11 @@ def validate!
             exit 1
           end
         end
+
+        if locate_config_value(:winrm_transport) == "ssl" && locate_config_value(:thumbprint).nil? && ( locate_config_value(:winrm_ssl_verify_mode).nil? || locate_config_value(:winrm_ssl_verify_mode) == :verify_peer )
+          ui.error("The SSL transport was specified without the --thumbprint option. Specify a thumbprint, or alternatively set the --winrm-ssl-verify-mode option to 'verify_none' to skip verification.")
+          exit 1
+        end
       end
 
       def create_server_def

diff --git a/spec/unit/azure_server_create_spec.rb b/spec/unit/azure_server_create_spec.rb
@@ -147,6 +147,15 @@ def test_params(testxml, chef_config, role_name, host_name)
           expect {@server_instance.run}.to raise_error
         end
       end
+
+      context "when winrm-transport ssl and missing thumbprint" do
+        it "raise error on :winrm_ssl_verify_mode verify_peer" do
+          Chef::Config[:knife][:winrm_transport] = 'ssl'
+          Chef::Config[:knife][:winrm_ssl_verify_mode] = :verify_peer
+          expect(@server_instance.ui).to receive(:error)
+          expect {@server_instance.run}.to raise_error
+        end
+      end
     end
 
     context "timeout parameters" do