search

josenk / terraform-provider-esxi

Terraform-provider-esxi plugin
GNU General Public License v3.0
540 stars 154 forks source link

does not work using active directory credentials #143

Closed ericb-summit closed 3 years ago

ericb-summit commented 3 years ago

Describe the bug

Generally speaking, this provider does not work when using active directory credentials, for a number of reasons.

1) When logging in through AD, the user is of format DOMAIN\user. Also, the user does not actually exist until you log in, and so elements such as the home directory don't exist.

The SSH component of the provider assumes no possible errors could come as part of login. However, when logging in via ssh using an active directory account, you get this output:

$ ssh -l "DOMAIN\user" esxi-host
Password:
The time and date of this login have been sent to the system logs.

WARNING:
   All commands run on the ESXi shell are logged and may be included in
   support bundles. Do not provide passwords directly on the command line.
   Most tools can prompt for secrets or accept them from standard input.

VMware offers supported, powerful system administration tools.  Please
see www.vmware.com/go/sysadmintools for details.

The ESXi Shell can be disabled by an administrative user. See the
vSphere Security documentation for more information.
Could not chdir to home directory /home/local/DOMAIN/user: No such file or directory
[DOMAIN\user@esxi-host:~]

Thie erorr message "Could not chdir, ..." makes its way into various variables in the provider, and obviously blows up.

This is easily overcome using a remote-exec provisioner to create the home directory

2) The username in the vi:// path passed to ovtool needs to be URL encoded. So like, DOMAIN\User needs to become DOMAIN%5cUser when creating the vi:// URL passed to ovftool.

josenk commented 3 years ago

I don't have an AD server in my home lab. It will be difficult for me to reproduce the issue, so it can be fixed. Do you know enough about Go to create a PR?

ericb-summit commented 3 years ago

If you explain to me how to build this locally and use it locally I can probably give it a stab.

I have the base go tools, compiler etc installed. I'm just not sure how to use a locally compiled provider in terraform.

ericb-summit commented 3 years ago

Ok, I figured it out. Code from this PR tested OK in my use case. As you see the change is near trivial.

PR https://github.com/josenk/terraform-provider-esxi/pull/144

josenk commented 3 years ago

Merged. Thanks for the contribution. Sorry it took so long to get done.