first attempt at supporting NTLM authentication in Terraform
This commit is contained in:
parent
d8b9337c08
commit
852a74c49d
|
@ -62,6 +62,9 @@ func (c *Communicator) Connect(o terraform.UIOutput) error {
|
||||||
|
|
||||||
params := winrm.DefaultParameters
|
params := winrm.DefaultParameters
|
||||||
params.Timeout = formatDuration(c.Timeout())
|
params.Timeout = formatDuration(c.Timeout())
|
||||||
|
if c.connInfo.NTLM == true {
|
||||||
|
params.TransportDecorator = func() winrm.Transporter { return &winrm.ClientNTLM{} }
|
||||||
|
}
|
||||||
|
|
||||||
client, err := winrm.NewClientWithParameters(
|
client, err := winrm.NewClientWithParameters(
|
||||||
c.endpoint, c.connInfo.User, c.connInfo.Password, params)
|
c.endpoint, c.connInfo.User, c.connInfo.Password, params)
|
||||||
|
@ -78,6 +81,7 @@ func (c *Communicator) Connect(o terraform.UIOutput) error {
|
||||||
" Password: %t\n"+
|
" Password: %t\n"+
|
||||||
" HTTPS: %t\n"+
|
" HTTPS: %t\n"+
|
||||||
" Insecure: %t\n"+
|
" Insecure: %t\n"+
|
||||||
|
" NTLM: %t\n"+
|
||||||
" CACert: %t",
|
" CACert: %t",
|
||||||
c.connInfo.Host,
|
c.connInfo.Host,
|
||||||
c.connInfo.Port,
|
c.connInfo.Port,
|
||||||
|
@ -85,6 +89,7 @@ func (c *Communicator) Connect(o terraform.UIOutput) error {
|
||||||
c.connInfo.Password != "",
|
c.connInfo.Password != "",
|
||||||
c.connInfo.HTTPS,
|
c.connInfo.HTTPS,
|
||||||
c.connInfo.Insecure,
|
c.connInfo.Insecure,
|
||||||
|
c.connInfo.NTLM,
|
||||||
c.connInfo.CACert != "",
|
c.connInfo.CACert != "",
|
||||||
))
|
))
|
||||||
}
|
}
|
||||||
|
@ -209,6 +214,7 @@ func (c *Communicator) newCopyClient() (*winrmcp.Winrmcp, error) {
|
||||||
},
|
},
|
||||||
Https: c.connInfo.HTTPS,
|
Https: c.connInfo.HTTPS,
|
||||||
Insecure: c.connInfo.Insecure,
|
Insecure: c.connInfo.Insecure,
|
||||||
|
TransportDecorator: c.client.TransportDecorator,
|
||||||
OperationTimeout: c.Timeout(),
|
OperationTimeout: c.Timeout(),
|
||||||
MaxOperationsPerShell: 15, // lowest common denominator
|
MaxOperationsPerShell: 15, // lowest common denominator
|
||||||
}
|
}
|
||||||
|
|
|
@ -37,6 +37,7 @@ type connectionInfo struct {
|
||||||
Port int
|
Port int
|
||||||
HTTPS bool
|
HTTPS bool
|
||||||
Insecure bool
|
Insecure bool
|
||||||
|
NTLM bool `mapstructure:"use_ntlm"`
|
||||||
CACert string `mapstructure:"cacert"`
|
CACert string `mapstructure:"cacert"`
|
||||||
Timeout string
|
Timeout string
|
||||||
ScriptPath string `mapstructure:"script_path"`
|
ScriptPath string `mapstructure:"script_path"`
|
||||||
|
|
|
@ -157,6 +157,7 @@ func (n *EvalValidateProvisioner) validateConnConfig(connConfig *ResourceConfig)
|
||||||
// For type=winrm only (enforced in winrm communicator)
|
// For type=winrm only (enforced in winrm communicator)
|
||||||
HTTPS interface{} `mapstructure:"https"`
|
HTTPS interface{} `mapstructure:"https"`
|
||||||
Insecure interface{} `mapstructure:"insecure"`
|
Insecure interface{} `mapstructure:"insecure"`
|
||||||
|
NTLM interface{} `mapstructure:"use_ntlm"`
|
||||||
CACert interface{} `mapstructure:"cacert"`
|
CACert interface{} `mapstructure:"cacert"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -92,6 +92,8 @@ provisioner "file" {
|
||||||
|
|
||||||
* `insecure` - Set to `true` to not validate the HTTPS certificate chain.
|
* `insecure` - Set to `true` to not validate the HTTPS certificate chain.
|
||||||
|
|
||||||
|
* `use_ntlm` - Set to `true` to use NTLM authentication, rather than default (basic authentication), removing the requirement for basic authentication to be enabled within the target guest. Further reading for remote connection authentication can be found [here](https://msdn.microsoft.com/en-us/library/aa384295(v=vs.85).aspx).
|
||||||
|
|
||||||
* `cacert` - The CA certificate to validate against.
|
* `cacert` - The CA certificate to validate against.
|
||||||
|
|
||||||
<a id="bastion"></a>
|
<a id="bastion"></a>
|
||||||
|
|
Loading…
Reference in New Issue