Add support for CustomizationSpec encryptionKey

agrare · Dec 4, 2024 · d4968a8 · d4968a8
1 parent 0cec6f2
commit d4968a8
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 7 deletions.
diff --git a/app/models/manageiq/providers/vmware/infra_manager/provision/customization.rb b/app/models/manageiq/providers/vmware/infra_manager/provision/customization.rb
@@ -22,6 +22,8 @@ def build_customization_spec
 
     spec = VimHash.new("CustomizationSpec") if spec.nil?
 
+    spec.encryptionKey = encryption_key if encrypt_passwords?
+
     # Create customization spec based on platform
     case source.platform
     when 'linux', 'windows'
@@ -219,6 +221,16 @@ def load_customization_spec(custom_spec_name)
     end
   end
 
+  def encryption_key
+    @encryption_key ||= source.ext_management_system.with_provider_connection do |vim|
+      vim.getVimCustomizationSpecManager&.encryptionKey&.map(&:to_i)
+    end
+  end
+
+  def encrypt_passwords?
+    !!get_option(:sysprep_encrypt_passwords)
+  end
+
   def find_build_spec_path(spec, end_type, *path)
     found = spec.fetch_path(path)
     if found.nil?

diff --git a/spec/models/manageiq/providers/vmware/infra_manager/provision/customization_spec.rb b/spec/models/manageiq/providers/vmware/infra_manager/provision/customization_spec.rb
@@ -74,17 +74,21 @@
     vh
   end
   let(:nic_settings_map) { [] }
+  let(:gui_unattended)   { {"autoLogonCount" => 1} }
+  let(:user_data) do
+    {
+      "fullName"     => "sysprep_full_name_value",
+      "orgName"      => "sysprep_organization_value",
+      "computerName" => {"name" => "computerName"}
+    }
+  end
   let(:new_spec) do
     {
       "identity"         => {
-        "guiUnattended"        => { "autoLogonCount" => 1 },
+        "guiUnattended"        => gui_unattended,
         "identification"       => {},
-        "licenseFilePrintData" => { "autoMode" => "perServer" },
-        "userData"             => {
-          "fullName"     => "sysprep_full_name_value",
-          "orgName"      => "sysprep_organization_value",
-          "computerName" => { "name" => "computerName" }
-        }
+        "licenseFilePrintData" => {"autoMode" => "perServer"},
+        "userData"             => user_data
       },
       "globalIPSettings" => {},
       "nicSettingMap"    => nic_settings_map,
@@ -167,5 +171,41 @@
         end
       end
     end
+
+    context "with encrypted passwords" do
+      let(:gui_unattended) { {"autoLogonCount" => 1, "password" => {"plainText" => "true", "value" => "123456"}} }
+      let(:new_spec) do
+        {
+          "identity"         => {
+            "guiUnattended"        => gui_unattended,
+            "identification"       => {},
+            "licenseFilePrintData" => {"autoMode" => "perServer"},
+            "userData"             => user_data
+          },
+          "globalIPSettings" => {},
+          "nicSettingMap"    => nic_settings_map,
+          "options"          => {},
+          "encryptionKey"    => encryption_key
+        }
+      end
+
+      let(:encryption_key) do
+        "0\x82\x03:0\x82\x02\"\xA0\x03\x02\x01\x02\x02\x11\x00\xAE\x9D\xFC\x9AF/\xBEO\xDB\x03\x92a\xCE\x96jQ0\r\x06\t*\x86H\x86\xF7\r\x01\x01\v\x05\x000\x121\x100\x0E\x06\x03U\x04\n\x13\aAcme Co0 \x17\r700101000000Z\x18\x0F20840129160000Z0\x121\x100\x0E\x06\x03U\x04\n\x13\aAcme Co0\x82\x01\"0\r\x06\t*\x86H\x86\xF7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x000\x82\x01\n\x02\x82\x01\x01\x00\xAFe\"s88\x02\x88\xE3?\xB0\f\xD9/q\x90\xBAK\xA7\xB1\x15#\xB2\xB2\x9E\xCD<\x9C\x9A\x10\bV\xF7y\x0Fc\xB8\x0E\x7F\xA1\xF9h\xFD\xD5\xDD\x854\xBD\x8ABJ|\xFFR\x1C\x83\x0F\xEF\xE4\x9C\x1A\x1F\xD4\x9D\xC3\xA3\xB1U\xC1\x8BB\xDB\xDD\xEF\xAE\xD5\xDF|\xDB@\xBF(\x1F&\x87V\xD5\xD3\xE5\x96\x9D{d\x96\xEA\xEF\xA7\xA2\xF6\x85\xAA\xD5\x8EG\xA3\x1F\xECU\x89\x8DT\xDC\xED\xBC\x17\xCA\xD6kiK\xCC\xFCB\xB95-`\xB2. \xC7\x92\xF0\xC0\x84,\xB6:;\x9A\xA2\x9CB\xEA\xA4\x1E\x8D\xD5\x93\xD4\xFCpn\xAAm\xB8\xB5Z\x91\t\x9Er\x98\x85\xAE\xEAr\xF04\xC6\xD3\x1D+\xC7\x17Lt\x00\x13\xCB\bX\x1An=\x03\xF1k\xA1\xA8\x19\xE8s3\xDD\xB9\xB7\xF7\a\xBF\xC3\xA5H\xC7zW\xD6V\xD4S*\xDF\x8E\xF0`}IQ\xC3\x1C\x99\x00\x10c\xD9$\xC6\xB0\xE4\tk\x8EuxG\x04Iw\x12\x11l\xE3\x1A5\x10\xD5g\xFE\xCF<k\xD8`\a\x98\x8F\x02\x03\x01\x00\x01\xA3\x81\x880\x81\x850\x0E\x06\x03U\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x02\xA40\x13\x06\x03U\x1D%\x04\f0\n\x06\b+\x06\x01\x05\x05\a\x03\x010\x0F\x06\x03U\x1D\x13\x01\x01\xFF\x04\x050\x03\x01\x01\xFF0\x1D\x06\x03U\x1D\x0E\x04\x16\x04\x14\x8E\xD4vU+\xB1r\x14\xF1{E\r\rZ\x96\f\xD3\x11\xDF\xB00.\x06\x03U\x1D\x11\x04'0%\x82\vexample.com\x87\x04\x7F\x00\x00\x01\x87\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x010\r\x06\t*\x86H\x86\xF7\r\x01\x01\v\x05\x00\x03\x82\x01\x01\x00\"\xBB\xD4\xBDy!\xE6\x0F\x89\x01\xC5\x0Eiw\x12\x00\xE8Fw\x7F\xB4\x06\x99?\xD9\xD4d\x82\x0F-\x18\x14\x9D\x02\x134\vc\x16\x00o\xAAw\x90g\tP\xB5\xCA6\xB3\xC6\x17J+\xC1B \x13\x94\x11-\x18\x1C\xD5\xC6\xFD\xFAG\x8BS^WH\x80\x9CZ\tLqf\xDA\x80,\xBC2\x1A\xA4\x9A#\xF70\x13JVk\xA6t:\x9D\xB0\x935&\xA1\x0EkF\xB2_D\xCF\x82\xE8t\x7F\xFAU\xA46\xD1\xD1\xCD\xA5\x059)q4\x96\xCF\xA3\x9D\xCA\xE7s\xA8\x0E\xB8\xB0\x11\xCDO\xBCF\x0F\xC0W\x94_\x04\xF3\t\x9E\xBC\xA4\tVR`\xCA\v*~\x94\xF8c\"\xDD\x86\xCEx\xA0\xF8\x14\x8F\b\xD2j\x9B\x02\x8C\xEF\xAA\x05\xCB,\"\xDCr\x0F\xE7\xAA\xC3\xFD\xCC\x14\xB6\x8Ae\x17\xAF.V\xE0\xFC\x1Dv\xF5\x82\x01\xAC\xAA\xD1\xA2\x01>\x06-?-S\x9C>\x06\xD2\xBCd\x8B?,\xAE\xE6v.\xD6\xF1\xA2\x0E\x85E\a\x97Y`y]\xE8\x11\v\x9E\xDC\x0E\xD2\xA2\x00".unpack("c*")
+      end
+      before do
+        options[:sysprep_custom_spec]       = ''
+        options[:sysprep_password]          = '123456'
+        options[:sysprep_full_name]         = 'sysprep_full_name_value'
+        options[:sysprep_organization]      = 'sysprep_organization_value'
+        options[:sysprep_encrypt_passwords] = true
+
+        expect(prov_vm).to receive(:encryption_key).and_return(encryption_key)
+      end
+
+      it "sets the encryptionKey" do
+        expect(prov_vm).not_to receive(:load_customization_spec)
+        expect(prov_vm.build_customization_spec).to(eq(new_spec))
+      end
+    end
   end
 end