open-nomad/e2e/terraform/packer/windows
Tim Gross 566dae7b19
e2e: add flag to bootstrap Nomad ACLs (#8961)
Adds a `nomad_acls` flag to our Terraform stack that bootstraps Nomad ACLs via
a `local-exec` provider. There's no way to set the `NOMAD_TOKEN` in the Nomad
TF provider if we're bootstrapping in the same Terraform stack, so instead of
using `resource.nomad_acl_token`, we also bootstrap a wide-open anonymous
policy. The resulting management token is exported as an environment var with
`$(terraform output environment)` and tests that want stricter ACLs will be
able to write them using that token.

This should also provide a basis to do similar work with Consul ACLs in the
future.
2020-09-28 09:22:36 -04:00
..
disable-windows-updates.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
fix-tls.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
install-consul.ps1 e2e: minor rename and cleanup (#8824) 2020-09-04 08:51:22 -04:00
install-docker.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
install-nuget.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
install-openssh.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
install-tools.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
install-vault.ps1 e2e: minor rename and cleanup (#8824) 2020-09-04 08:51:22 -04:00
provision.ps1 e2e: add flag to bootstrap Nomad ACLs (#8961) 2020-09-28 09:22:36 -04:00
README.md Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
setup-directories.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
setupwinrm.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00

Windows Packer Build

There are a few boilerplate items in the Powershell scripts, explained below.

The default TLS protocol in the version of .NET that our Powershell cmdlets are built in it 1.0, which means plenty of properly configured HTTP servers will reject requests. The boilerplate snippet below sets this for the current script:

# Force TLS1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

We need to run some of the scripts as an administrator role. The following is a safety check that we're doing so:

$RunningAsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
if (!$RunningAsAdmin) {
  Write-Error "Must be executed in Administrator level shell."
  exit 1
}