first attempt at supporting NTLM authentication in Terraform
This commit is contained in:
parent
d8b9337c08
commit
852a74c49d
|
@ -62,6 +62,9 @@ func (c *Communicator) Connect(o terraform.UIOutput) error {
|
|||
|
||||
params := winrm.DefaultParameters
|
||||
params.Timeout = formatDuration(c.Timeout())
|
||||
if c.connInfo.NTLM == true {
|
||||
params.TransportDecorator = func() winrm.Transporter { return &winrm.ClientNTLM{} }
|
||||
}
|
||||
|
||||
client, err := winrm.NewClientWithParameters(
|
||||
c.endpoint, c.connInfo.User, c.connInfo.Password, params)
|
||||
|
@ -78,6 +81,7 @@ func (c *Communicator) Connect(o terraform.UIOutput) error {
|
|||
" Password: %t\n"+
|
||||
" HTTPS: %t\n"+
|
||||
" Insecure: %t\n"+
|
||||
" NTLM: %t\n"+
|
||||
" CACert: %t",
|
||||
c.connInfo.Host,
|
||||
c.connInfo.Port,
|
||||
|
@ -85,6 +89,7 @@ func (c *Communicator) Connect(o terraform.UIOutput) error {
|
|||
c.connInfo.Password != "",
|
||||
c.connInfo.HTTPS,
|
||||
c.connInfo.Insecure,
|
||||
c.connInfo.NTLM,
|
||||
c.connInfo.CACert != "",
|
||||
))
|
||||
}
|
||||
|
@ -209,6 +214,7 @@ func (c *Communicator) newCopyClient() (*winrmcp.Winrmcp, error) {
|
|||
},
|
||||
Https: c.connInfo.HTTPS,
|
||||
Insecure: c.connInfo.Insecure,
|
||||
TransportDecorator: c.client.TransportDecorator,
|
||||
OperationTimeout: c.Timeout(),
|
||||
MaxOperationsPerShell: 15, // lowest common denominator
|
||||
}
|
||||
|
|
|
@ -37,6 +37,7 @@ type connectionInfo struct {
|
|||
Port int
|
||||
HTTPS bool
|
||||
Insecure bool
|
||||
NTLM bool `mapstructure:"use_ntlm"`
|
||||
CACert string `mapstructure:"cacert"`
|
||||
Timeout string
|
||||
ScriptPath string `mapstructure:"script_path"`
|
||||
|
|
|
@ -157,6 +157,7 @@ func (n *EvalValidateProvisioner) validateConnConfig(connConfig *ResourceConfig)
|
|||
// For type=winrm only (enforced in winrm communicator)
|
||||
HTTPS interface{} `mapstructure:"https"`
|
||||
Insecure interface{} `mapstructure:"insecure"`
|
||||
NTLM interface{} `mapstructure:"use_ntlm"`
|
||||
CACert interface{} `mapstructure:"cacert"`
|
||||
}
|
||||
|
||||
|
|
|
@ -92,6 +92,8 @@ provisioner "file" {
|
|||
|
||||
* `insecure` - Set to `true` to not validate the HTTPS certificate chain.
|
||||
|
||||
* `use_ntlm` - Set to `true` to use NTLM authentication, rather than default (basic authentication), removing the requirement for basic authentication to be enabled within the target guest. Further reading for remote connection authentication can be found [here](https://msdn.microsoft.com/en-us/library/aa384295(v=vs.85).aspx).
|
||||
|
||||
* `cacert` - The CA certificate to validate against.
|
||||
|
||||
<a id="bastion"></a>
|
||||
|
|
Loading…
Reference in New Issue