Merge pull request #6981 from chef/adjoin

Add windows_adjoin resource

3 files changed, 136 insertions, 0 deletions

diff --git a/lib/chef/resource/windows_ad_join.rb b/lib/chef/resource/windows_ad_join.rb
new file mode 100644
index 0000000000..b0f66cf2c0
--- /dev/null
+++ b/lib/chef/resource/windows_ad_join.rb
@@ -0,0 +1,90 @@
+#
+# Author:: John Snow (<jsnow@chef.io>)
+# Copyright:: 2016-2018, John Snow
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef/resource"
+require "chef/mixin/powershell_out"
+
+class Chef
+  class Resource
+    class WindowsAdJoin < Chef::Resource
+      resource_name :windows_ad_join
+      provides :windows_ad_join
+
+      include Chef::Mixin::PowershellOut
+
+      description "Use the windows_ad_join resource to join a Windows Active Directory domain."
+      introduced "14.0"
+
+      property :domain_name, String,
+               description: "The FQDN of the AD domain to join.",
+               validation_message: "The 'domain_name' property must be a FQDN.",
+               regex: /.\../, # anything.anything
+               name_property: true
+
+      property :domain_user, String,
+               description: "The domain user to use to join the host to the domain.",
+               required: true
+
+      property :domain_password, String,
+               description: "The password for the domain user.",
+               required: true
+
+      property :ou_path, String,
+               description: "The path to the OU where you would like to place the host."
+
+      property :reboot, Symbol,
+               equal_to: [:immediate, :delayed, :never],
+               validation_message: "The reboot property accepts :immediate (reboot as soon as the resource completes), :delayed (reboot once the Chef run completes), and :never (Don't reboot)",
+               description: "Controls the system reboot behavior post domain joining. Reboot immediately, after the Chef run completes, or never. Note that a reboot is necessary for changes to take effect.",
+               default: :immediate
+
+      # define this again so we can default it to true. Otherwise failures print the password
+      property :sensitive, [TrueClass, FalseClass],
+               default: true
+
+      action :join do
+        unless on_domain?
+          cmd = "$pswd = ConvertTo-SecureString \'#{new_resource.domain_password}\' -AsPlainText -Force;"
+          cmd << "$credential = New-Object System.Management.Automation.PSCredential (\"#{new_resource.domain_user}\",$pswd);"
+          cmd << "Add-Computer -DomainName #{new_resource.domain_name} -Credential $credential"
+          cmd << " -OUPath \"#{new_resource.ou_path}\"" if new_resource.ou_path
+          cmd << " -Force"
+
+          converge_by("join Active Directory domain #{new_resource.domain_name}") do
+            ps_run = powershell_out(cmd)
+            raise "Failed to join the domain #{new_resource.domain_name}: #{ps_run.stderr}}" if ps_run.error?
+
+            unless new_resource.reboot == :never
+              declare_resource(:reboot, "Reboot to join domain #{new_resource.domain_name}") do
+                action new_resource.reboot
+                reason "Reboot to join domain #{new_resource.domain_name}"
+              end
+            end
+          end
+        end
+      end
+
+      action_class do
+        def on_domain?
+          node_domain = powershell_out!("(Get-WmiObject Win32_ComputerSystem).Domain")
+          raise "Failed to check if the system is joined to the domain #{new_resource.domain_name}: #{node_domain.stderr}}" if node_domain.error?
+          node_domain.stdout.downcase.strip == new_resource.domain_name.downcase
+        end
+      end
+    end
+  end
+end
diff --git a/lib/chef/resources.rb b/lib/chef/resources.rb
index a62cb22c8c..e123cc5915 100644
--- a/lib/chef/resources.rb
+++ b/lib/chef/resources.rb
@@ -114,6 +114,7 @@ require "chef/resource/zypper_repository"
 require "chef/resource/cab_package"
 require "chef/resource/powershell_package"
 require "chef/resource/msu_package"
+require "chef/resource/windows_ad_join"
 require "chef/resource/windows_auto_run"
 require "chef/resource/windows_feature"
 require "chef/resource/windows_feature_dism"
diff --git a/spec/unit/resource/windows_ad_join.rb b/spec/unit/resource/windows_ad_join.rb
new file mode 100644
index 0000000000..7fd02c2021
--- /dev/null
+++ b/spec/unit/resource/windows_ad_join.rb
@@ -0,0 +1,45 @@
+#
+# Copyright:: Copyright 2018, Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+
+describe Chef::Resource::WindowsAdJoin do
+  let(:resource) { Chef::Resource::WindowsAdJoin.new("example.com") }
+
+  it "sets resource name as :windows_ad_join" do
+    expect(resource.resource_name).to eql(:windows_ad_join)
+  end
+
+  it "sets the domain_name as its name" do
+    expect(resource.domain_name).to eql("example.com")
+  end
+
+  it "only accepts FQDNs for the domain_name property" do
+    expect { resource.domain_name "example" }.to raise_error(ArgumentError)
+  end
+
+  it "sets the default action as :join" do
+    expect(resource.action).to eql([:join])
+  end
+
+  it "accepts :immediate, :delayed, or :never values for 'reboot' property" do
+    expect { resource.reboot :immediate }.not_to raise_error
+    expect { resource.reboot :delayed }.not_to raise_error
+    expect { resource.reboot :never }.not_to raise_error
+    expect { resource.reboot :nopenope }.to raise_error(ArgumentError)
+  end
+end