diff options
author | Tim Smith <tsmith@chef.io> | 2018-03-22 16:12:32 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-03-22 16:12:32 -0700 |
commit | 24ea105484c6b9c3d337e9b9504c31d38919dab3 (patch) | |
tree | 4c7e35b9b3cfa5d537f5ebc3e71a6c41e7a86efd | |
parent | 98a6ec0eccbbf1a7cde52576f6409d15b1136fc4 (diff) | |
parent | cee8fed38987f280028df9f334583143a78d46b1 (diff) | |
download | chef-24ea105484c6b9c3d337e9b9504c31d38919dab3.tar.gz |
Merge pull request #6981 from chef/adjoin
Add windows_adjoin resource
-rw-r--r-- | lib/chef/resource/windows_ad_join.rb | 90 | ||||
-rw-r--r-- | lib/chef/resources.rb | 1 | ||||
-rw-r--r-- | spec/unit/resource/windows_ad_join.rb | 45 |
3 files changed, 136 insertions, 0 deletions
diff --git a/lib/chef/resource/windows_ad_join.rb b/lib/chef/resource/windows_ad_join.rb new file mode 100644 index 0000000000..b0f66cf2c0 --- /dev/null +++ b/lib/chef/resource/windows_ad_join.rb @@ -0,0 +1,90 @@ +# +# Author:: John Snow (<jsnow@chef.io>) +# Copyright:: 2016-2018, John Snow +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "chef/resource" +require "chef/mixin/powershell_out" + +class Chef + class Resource + class WindowsAdJoin < Chef::Resource + resource_name :windows_ad_join + provides :windows_ad_join + + include Chef::Mixin::PowershellOut + + description "Use the windows_ad_join resource to join a Windows Active Directory domain." + introduced "14.0" + + property :domain_name, String, + description: "The FQDN of the AD domain to join.", + validation_message: "The 'domain_name' property must be a FQDN.", + regex: /.\../, # anything.anything + name_property: true + + property :domain_user, String, + description: "The domain user to use to join the host to the domain.", + required: true + + property :domain_password, String, + description: "The password for the domain user.", + required: true + + property :ou_path, String, + description: "The path to the OU where you would like to place the host." + + property :reboot, Symbol, + equal_to: [:immediate, :delayed, :never], + validation_message: "The reboot property accepts :immediate (reboot as soon as the resource completes), :delayed (reboot once the Chef run completes), and :never (Don't reboot)", + description: "Controls the system reboot behavior post domain joining. Reboot immediately, after the Chef run completes, or never. Note that a reboot is necessary for changes to take effect.", + default: :immediate + + # define this again so we can default it to true. Otherwise failures print the password + property :sensitive, [TrueClass, FalseClass], + default: true + + action :join do + unless on_domain? + cmd = "$pswd = ConvertTo-SecureString \'#{new_resource.domain_password}\' -AsPlainText -Force;" + cmd << "$credential = New-Object System.Management.Automation.PSCredential (\"#{new_resource.domain_user}\",$pswd);" + cmd << "Add-Computer -DomainName #{new_resource.domain_name} -Credential $credential" + cmd << " -OUPath \"#{new_resource.ou_path}\"" if new_resource.ou_path + cmd << " -Force" + + converge_by("join Active Directory domain #{new_resource.domain_name}") do + ps_run = powershell_out(cmd) + raise "Failed to join the domain #{new_resource.domain_name}: #{ps_run.stderr}}" if ps_run.error? + + unless new_resource.reboot == :never + declare_resource(:reboot, "Reboot to join domain #{new_resource.domain_name}") do + action new_resource.reboot + reason "Reboot to join domain #{new_resource.domain_name}" + end + end + end + end + end + + action_class do + def on_domain? + node_domain = powershell_out!("(Get-WmiObject Win32_ComputerSystem).Domain") + raise "Failed to check if the system is joined to the domain #{new_resource.domain_name}: #{node_domain.stderr}}" if node_domain.error? + node_domain.stdout.downcase.strip == new_resource.domain_name.downcase + end + end + end + end +end diff --git a/lib/chef/resources.rb b/lib/chef/resources.rb index a62cb22c8c..e123cc5915 100644 --- a/lib/chef/resources.rb +++ b/lib/chef/resources.rb @@ -114,6 +114,7 @@ require "chef/resource/zypper_repository" require "chef/resource/cab_package" require "chef/resource/powershell_package" require "chef/resource/msu_package" +require "chef/resource/windows_ad_join" require "chef/resource/windows_auto_run" require "chef/resource/windows_feature" require "chef/resource/windows_feature_dism" diff --git a/spec/unit/resource/windows_ad_join.rb b/spec/unit/resource/windows_ad_join.rb new file mode 100644 index 0000000000..7fd02c2021 --- /dev/null +++ b/spec/unit/resource/windows_ad_join.rb @@ -0,0 +1,45 @@ +# +# Copyright:: Copyright 2018, Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" + +describe Chef::Resource::WindowsAdJoin do + let(:resource) { Chef::Resource::WindowsAdJoin.new("example.com") } + + it "sets resource name as :windows_ad_join" do + expect(resource.resource_name).to eql(:windows_ad_join) + end + + it "sets the domain_name as its name" do + expect(resource.domain_name).to eql("example.com") + end + + it "only accepts FQDNs for the domain_name property" do + expect { resource.domain_name "example" }.to raise_error(ArgumentError) + end + + it "sets the default action as :join" do + expect(resource.action).to eql([:join]) + end + + it "accepts :immediate, :delayed, or :never values for 'reboot' property" do + expect { resource.reboot :immediate }.not_to raise_error + expect { resource.reboot :delayed }.not_to raise_error + expect { resource.reboot :never }.not_to raise_error + expect { resource.reboot :nopenope }.to raise_error(ArgumentError) + end +end |