From e96409954aefb69f267cca744a74b2d4d5be3057 Mon Sep 17 00:00:00 2001 From: Adrien Delorme Date: Thu, 23 May 2019 14:10:41 +0200 Subject: [PATCH] add execution policy type and use it to default the powershell cmd --- helper/config/decode.go | 19 +++++-- provisioner/powershell/execution_policy.go | 38 +++++++++++++ .../powershell/execution_policy_test.go | 21 +++++++ .../powershell/executionpolicy_enumer.go | 55 +++++++++++++++++++ provisioner/powershell/provisioner.go | 16 +++++- 5 files changed, 142 insertions(+), 7 deletions(-) create mode 100644 provisioner/powershell/execution_policy.go create mode 100644 provisioner/powershell/execution_policy_test.go create mode 100644 provisioner/powershell/executionpolicy_enumer.go diff --git a/helper/config/decode.go b/helper/config/decode.go index 27c1bf0b7..efb17cb00 100644 --- a/helper/config/decode.go +++ b/helper/config/decode.go @@ -23,6 +23,14 @@ type DecodeOpts struct { Interpolate bool InterpolateContext *interpolate.Context InterpolateFilter *interpolate.RenderFilter + + DecodeHooks []mapstructure.DecodeHookFunc +} + +var DefaultDecodeHookFuncs = []mapstructure.DecodeHookFunc{ + uint8ToStringHook, + mapstructure.StringToSliceHookFunc(","), + mapstructure.StringToTimeDurationHookFunc(), } // Decode decodes the configuration into the target and optionally @@ -60,17 +68,18 @@ func Decode(target interface{}, config *DecodeOpts, raws ...interface{}) error { } } + decodeHookFuncs := DefaultDecodeHookFuncs + if len(config.DecodeHooks) != 0 { + decodeHookFuncs = config.DecodeHooks + } + // Build our decoder var md mapstructure.Metadata decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{ Result: target, Metadata: &md, WeaklyTypedInput: true, - DecodeHook: mapstructure.ComposeDecodeHookFunc( - uint8ToStringHook, - mapstructure.StringToSliceHookFunc(","), - mapstructure.StringToTimeDurationHookFunc(), - ), + DecodeHook: mapstructure.ComposeDecodeHookFunc(decodeHookFuncs...), }) if err != nil { return err diff --git a/provisioner/powershell/execution_policy.go b/provisioner/powershell/execution_policy.go new file mode 100644 index 000000000..e39be2d31 --- /dev/null +++ b/provisioner/powershell/execution_policy.go @@ -0,0 +1,38 @@ +package powershell + +import ( + "fmt" + "reflect" +) + +// ExecutionPolicy setting to run the command(s). +// For the powershell provider the default has historically been to bypass. +type ExecutionPolicy int + +const ( + Bypass ExecutionPolicy = 0 + AllSigned ExecutionPolicy = 1 + Default ExecutionPolicy = 2 + RemoteSigned ExecutionPolicy = 3 + Restricted ExecutionPolicy = 4 + Undefined ExecutionPolicy = 5 + Unrestricted ExecutionPolicy = 6 +) + +func (ep *ExecutionPolicy) Decode(v interface{}) (err error) { + str, ok := v.(string) + if !ok { + return fmt.Errorf("%#v is not a string", v) + } + *ep, err = ExecutionPolicyString(str) + return err +} + +func StringToExecutionPolicyHook(f reflect.Kind, t reflect.Kind, data interface{}) (interface{}, error) { + if f != reflect.String || t != reflect.Int { + return data, nil + } + + raw := data.(string) + return ExecutionPolicyString(raw) +} diff --git a/provisioner/powershell/execution_policy_test.go b/provisioner/powershell/execution_policy_test.go new file mode 100644 index 000000000..d7ffacf32 --- /dev/null +++ b/provisioner/powershell/execution_policy_test.go @@ -0,0 +1,21 @@ +package powershell + +import ( + "testing" +) + +func TestExecutionPolicy_Decode(t *testing.T) { + config := map[string]interface{}{ + "inline": []interface{}{"foo", "bar"}, + "execution_policy": "AllSigned", + } + p := new(Provisioner) + err := p.Prepare(config) + if err != nil { + t.Fatal(err) + } + + if p.config.ExecutionPolicy != AllSigned { + t.Fatalf("Expected AllSigned execution policy; got: %s", p.config.ExecutionPolicy) + } +} diff --git a/provisioner/powershell/executionpolicy_enumer.go b/provisioner/powershell/executionpolicy_enumer.go new file mode 100644 index 000000000..18f31b9c7 --- /dev/null +++ b/provisioner/powershell/executionpolicy_enumer.go @@ -0,0 +1,55 @@ +// Code generated by "enumer -type ExecutionPolicy provisioner/powershell/execution_policy.go"; DO NOT EDIT. + +// +package powershell + +import ( + "fmt" +) + +const _ExecutionPolicyName = "BypassAllSignedDefaultRemoteSignedRestrictedUndefinedUnrestricted" + +var _ExecutionPolicyIndex = [...]uint8{0, 6, 15, 22, 34, 44, 53, 65} + +func (i ExecutionPolicy) String() string { + if i < 0 || i >= ExecutionPolicy(len(_ExecutionPolicyIndex)-1) { + return fmt.Sprintf("ExecutionPolicy(%d)", i) + } + return _ExecutionPolicyName[_ExecutionPolicyIndex[i]:_ExecutionPolicyIndex[i+1]] +} + +var _ExecutionPolicyValues = []ExecutionPolicy{0, 1, 2, 3, 4, 5, 6} + +var _ExecutionPolicyNameToValueMap = map[string]ExecutionPolicy{ + _ExecutionPolicyName[0:6]: 0, + _ExecutionPolicyName[6:15]: 1, + _ExecutionPolicyName[15:22]: 2, + _ExecutionPolicyName[22:34]: 3, + _ExecutionPolicyName[34:44]: 4, + _ExecutionPolicyName[44:53]: 5, + _ExecutionPolicyName[53:65]: 6, +} + +// ExecutionPolicyString retrieves an enum value from the enum constants string name. +// Throws an error if the param is not part of the enum. +func ExecutionPolicyString(s string) (ExecutionPolicy, error) { + if val, ok := _ExecutionPolicyNameToValueMap[s]; ok { + return val, nil + } + return 0, fmt.Errorf("%s does not belong to ExecutionPolicy values", s) +} + +// ExecutionPolicyValues returns all values of the enum +func ExecutionPolicyValues() []ExecutionPolicy { + return _ExecutionPolicyValues +} + +// IsAExecutionPolicy returns "true" if the value is listed in the enum definition. "false" otherwise +func (i ExecutionPolicy) IsAExecutionPolicy() bool { + for _, v := range _ExecutionPolicyValues { + if i == v { + return true + } + } + return false +} diff --git a/provisioner/powershell/provisioner.go b/provisioner/powershell/provisioner.go index eac61b9c9..070c31ed3 100644 --- a/provisioner/powershell/provisioner.go +++ b/provisioner/powershell/provisioner.go @@ -66,6 +66,8 @@ type Config struct { ElevatedUser string `mapstructure:"elevated_user"` ElevatedPassword string `mapstructure:"elevated_password"` + ExecutionPolicy ExecutionPolicy `mapstructure:"execution_policy"` + ctx interpolate.Context } @@ -84,6 +86,13 @@ type EnvVarsTemplate struct { WinRMPassword string } +func (p *Provisioner) defaultExecuteCommand() string { + return `powershell -executionpolicy ` + p.config.ExecutionPolicy.String() + + ` "& { if (Test-Path variable:global:ProgressPreference)` + + `{set-variable -name variable:global:ProgressPreference -value 'SilentlyContinue'};` + + `. {{.Vars}}; &'{{.Path}}'; exit $LastExitCode }"` +} + func (p *Provisioner) Prepare(raws ...interface{}) error { // Create passthrough for winrm password so we can fill it in once we know // it @@ -100,6 +109,7 @@ func (p *Provisioner) Prepare(raws ...interface{}) error { "elevated_execute_command", }, }, + DecodeHooks: append(config.DefaultDecodeHookFuncs, StringToExecutionPolicyHook), }, raws...) if err != nil { @@ -115,11 +125,11 @@ func (p *Provisioner) Prepare(raws ...interface{}) error { } if p.config.ExecuteCommand == "" { - p.config.ExecuteCommand = `powershell -executionpolicy bypass "& { if (Test-Path variable:global:ProgressPreference){set-variable -name variable:global:ProgressPreference -value 'SilentlyContinue'};. {{.Vars}}; &'{{.Path}}'; exit $LastExitCode }"` + p.config.ExecuteCommand = p.defaultExecuteCommand() } if p.config.ElevatedExecuteCommand == "" { - p.config.ElevatedExecuteCommand = `powershell -executionpolicy bypass "& { if (Test-Path variable:global:ProgressPreference){set-variable -name variable:global:ProgressPreference -value 'SilentlyContinue'};. {{.Vars}}; &'{{.Path}}'; exit $LastExitCode }"` + p.config.ElevatedExecuteCommand = p.defaultExecuteCommand() } if p.config.Inline != nil && len(p.config.Inline) == 0 { @@ -272,6 +282,8 @@ func (p *Provisioner) Provision(ctx context.Context, ui packer.Ui, comm packer.C // Close the original file since we copied it f.Close() + log.Printf("%s returned with exit code %d", p.config.RemotePath, cmd.ExitStatus()) + if err := p.config.ValidExitCode(cmd.ExitStatus()); err != nil { return err }