Add support for powershell credential to VMware train

inspec / train

Transport Interface to unify communication over SSH, WinRM, and friends.

Apache License 2.0

119 stars 87 forks source link

Add support for powershell credential to VMware train #540

Open rlakey opened 4 years ago

rlakey commented 4 years ago

Describe the Enhancement:

Using a powershell credential to connect to vCenter/ESXi with the VMware train. PowerCLI already supports this natively with the -Credential option on Connect-VIServer.

Describe the Need:

This will allow more credential options like using a smartcard/token for authentication and would be more secure than using environmental variables or username/password.

Current Alternative

None that i know of

Can We Help You Implement This?:

Yes

kclinden commented 4 years ago

It looks like to implement this we could make the following modifications to the vmware transport.

https://github.com/inspec/train/blob/master/lib/train/transports/vmware.rb

Add a credential option after line 13. This might have to be restricted to an environment variable right now since it is a PowerShell construct and ruby won't know what it is. It might also not work if ruby is unable to handle the credential object.

Add a clause for if a credential is defined at line 53 to change the command used to connect.

rlakey commented 4 years ago

Another thought would be to have an option where the vCenter connection was handled outside of inspec.

Say I pre-connected to vCenter before running Inspec which would then handle all the normal authentication options.

So then running inspec would just be something like "inspec exec ./profile -t vmware:// --vcpreauth"