diff --git a/app/models/manageiq/providers/vmware/infra_manager/provision/customization.rb b/app/models/manageiq/providers/vmware/infra_manager/provision/customization.rb index 7f9e14c6e..1c95b5c54 100644 --- a/app/models/manageiq/providers/vmware/infra_manager/provision/customization.rb +++ b/app/models/manageiq/providers/vmware/infra_manager/provision/customization.rb @@ -22,6 +22,8 @@ def build_customization_spec spec = VimHash.new("CustomizationSpec") if spec.nil? + spec.encryptionKey = encryption_key if encrypt_passwords? + # Create customization spec based on platform case source.platform when 'linux', 'windows' @@ -219,6 +221,16 @@ def load_customization_spec(custom_spec_name) end end + def encryption_key + @encryption_key ||= source.ext_management_system.with_provider_connection do |vim| + vim.getVimCustomizationSpecManager&.encryptionKey&.map(&:to_i) + end + end + + def encrypt_passwords? + !!get_option(:sysprep_encrypt_passwords) + end + def find_build_spec_path(spec, end_type, *path) found = spec.fetch_path(path) if found.nil? diff --git a/spec/models/manageiq/providers/vmware/infra_manager/provision/customization_spec.rb b/spec/models/manageiq/providers/vmware/infra_manager/provision/customization_spec.rb index b1682c6d9..e43792944 100644 --- a/spec/models/manageiq/providers/vmware/infra_manager/provision/customization_spec.rb +++ b/spec/models/manageiq/providers/vmware/infra_manager/provision/customization_spec.rb @@ -74,17 +74,21 @@ vh end let(:nic_settings_map) { [] } + let(:gui_unattended) { {"autoLogonCount" => 1} } + let(:user_data) do + { + "fullName" => "sysprep_full_name_value", + "orgName" => "sysprep_organization_value", + "computerName" => {"name" => "computerName"} + } + end let(:new_spec) do { "identity" => { - "guiUnattended" => { "autoLogonCount" => 1 }, + "guiUnattended" => gui_unattended, "identification" => {}, - "licenseFilePrintData" => { "autoMode" => "perServer" }, - "userData" => { - "fullName" => "sysprep_full_name_value", - "orgName" => "sysprep_organization_value", - "computerName" => { "name" => "computerName" } - } + "licenseFilePrintData" => {"autoMode" => "perServer"}, + "userData" => user_data }, "globalIPSettings" => {}, "nicSettingMap" => nic_settings_map, @@ -167,5 +171,41 @@ end end end + + context "with encrypted passwords" do + let(:gui_unattended) { {"autoLogonCount" => 1, "password" => {"plainText" => "true", "value" => "123456"}} } + let(:new_spec) do + { + "identity" => { + "guiUnattended" => gui_unattended, + "identification" => {}, + "licenseFilePrintData" => {"autoMode" => "perServer"}, + "userData" => user_data + }, + "globalIPSettings" => {}, + "nicSettingMap" => nic_settings_map, + "options" => {}, + "encryptionKey" => encryption_key + } + end + + let(:encryption_key) do + "0\x82\x03:0\x82\x02\"\xA0\x03\x02\x01\x02\x02\x11\x00\xAE\x9D\xFC\x9AF/\xBEO\xDB\x03\x92a\xCE\x96jQ0\r\x06\t*\x86H\x86\xF7\r\x01\x01\v\x05\x000\x121\x100\x0E\x06\x03U\x04\n\x13\aAcme Co0 \x17\r700101000000Z\x18\x0F20840129160000Z0\x121\x100\x0E\x06\x03U\x04\n\x13\aAcme Co0\x82\x01\"0\r\x06\t*\x86H\x86\xF7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x000\x82\x01\n\x02\x82\x01\x01\x00\xAFe\"s88\x02\x88\xE3?\xB0\f\xD9/q\x90\xBAK\xA7\xB1\x15#\xB2\xB2\x9E\xCD<\x9C\x9A\x10\bV\xF7y\x0Fc\xB8\x0E\x7F\xA1\xF9h\xFD\xD5\xDD\x854\xBD\x8ABJ|\xFFR\x1C\x83\x0F\xEF\xE4\x9C\x1A\x1F\xD4\x9D\xC3\xA3\xB1U\xC1\x8BB\xDB\xDD\xEF\xAE\xD5\xDF|\xDB@\xBF(\x1F&\x87V\xD5\xD3\xE5\x96\x9D{d\x96\xEA\xEF\xA7\xA2\xF6\x85\xAA\xD5\x8EG\xA3\x1F\xECU\x89\x8DT\xDC\xED\xBC\x17\xCA\xD6kiK\xCC\xFCB\xB95-`\xB2. \xC7\x92\xF0\xC0\x84,\xB6:;\x9A\xA2\x9CB\xEA\xA4\x1E\x8D\xD5\x93\xD4\xFCpn\xAAm\xB8\xB5Z\x91\t\x9Er\x98\x85\xAE\xEAr\xF04\xC6\xD3\x1D+\xC7\x17Lt\x00\x13\xCB\bX\x1An=\x03\xF1k\xA1\xA8\x19\xE8s3\xDD\xB9\xB7\xF7\a\xBF\xC3\xA5H\xC7zW\xD6V\xD4S*\xDF\x8E\xF0`}IQ\xC3\x1C\x99\x00\x10c\xD9$\xC6\xB0\xE4\tk\x8EuxG\x04Iw\x12\x11l\xE3\x1A5\x10\xD5g\xFE\xCF\x06-?-S\x9C>\x06\xD2\xBCd\x8B?,\xAE\xE6v.\xD6\xF1\xA2\x0E\x85E\a\x97Y`y]\xE8\x11\v\x9E\xDC\x0E\xD2\xA2\x00".unpack("c*") + end + before do + options[:sysprep_custom_spec] = '' + options[:sysprep_password] = '123456' + options[:sysprep_full_name] = 'sysprep_full_name_value' + options[:sysprep_organization] = 'sysprep_organization_value' + options[:sysprep_encrypt_passwords] = true + + expect(prov_vm).to receive(:encryption_key).and_return(encryption_key) + end + + it "sets the encryptionKey" do + expect(prov_vm).not_to receive(:load_customization_spec) + expect(prov_vm.build_customization_spec).to(eq(new_spec)) + end + end end end