Add Windows support (#170)

albaltimore · web-flow · commit e86a5a1099e0 · 2023-08-01T10:50:02.000+01:00
* Add support for sshd_config
* Add windows specific unit tests
* Update kitchen and ci config for Windows
* template properties filtered out for Windows
* template properties filtered out for Windows for all
* Configure sshd path
* Fix sshd Windows path
* Remove iptables for Windows &amp; fix integration tests
* Run Windows VM on macOS
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -64,6 +64,58 @@ jobs:
           suite: ${{ matrix.suite }}
           os: ${{ matrix.os }}
 
+  integration-windows:
+    needs: lint-unit
+    runs-on: windows-latest
+    timeout-minutes: 20
+    strategy:
+      matrix:
+        os:
+          - "windows-latest"
+        suite:
+          - "windows-default"
+      fail-fast: false
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+      - name: Install Chef
+        uses: actionshub/chef-install@2.0.4
+      - name: Download Openssh Installer
+        uses: suisei-cn/actions-download-file@v1.4.0
+        with:
+          url: https://github.com/PowerShell/Win32-OpenSSH/releases/download/v9.2.2.0p1-Beta/OpenSSH-Win64-v9.2.2.0.msi
+          target: installer/
+      - name: Install Openssh
+        run: |
+          echo %cd%
+          dir installer
+          $file = "installer\\OpenSSH-Win64-v9.2.2.0.msi"
+          $log = "installer\\install.log"
+          $procMain = Start-Process "msiexec" "/i `"$file`" /qn /l*! `"$log`"" -NoNewWindow -PassThru
+          $procLog = Start-Process "powershell" "Get-Content -Path `"$log`" -Wait" -NoNewWindow -PassThru
+          $procMain.WaitForExit()
+          $procLog.Kill()
+
+      - name: Kitchen Converge
+        uses: actionshub/test-kitchen@2.1.0
+        env:
+          CHEF_LICENSE: accept-no-persist
+          KITCHEN_LOCAL_YAML: kitchen.exec.yml
+        with:
+          suite: ${{ matrix.suite }}
+          os: ${{ matrix.os }}
+          action: converge
+      - name: Kitchen Verify
+        uses: actionshub/test-kitchen@2.1.0
+        env:
+          CHEF_LICENSE: accept-no-persist
+          KITCHEN_LOCAL_YAML: kitchen.exec.yml
+        with:
+          suite: ${{ matrix.suite }}
+          os: ${{ matrix.os }}
+          action: verify
+
   # unable to get SSH service to start
   #  integration-macos:
   #    needs: [mdl, yamllint, delivery]
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,8 @@ This file is used to list changes made in each version of the openssh cookbook.
 
 ## Unreleased
 
+- Add Windows Support
+
 ## 2.10.18 - *2023-07-10*
 
 ## 2.10.17 - *2023-05-16*
diff --git a/README.md b/README.md
@@ -23,6 +23,7 @@ This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of
 - Suse Enterprise Linux
 - openSUSE / openSUSE leap
 - AIX 7.1
+- Windows
 
 ### Chef
 
diff --git a/attributes/default.rb b/attributes/default.rb
@@ -26,7 +26,7 @@
                                        %w(openssh-clients openssh-server)
                                      when 'arch', 'suse', 'gentoo'
                                        %w(openssh)
-                                     when 'freebsd', 'smartos', 'mac_os_x', 'aix'
+                                     when 'freebsd', 'smartos', 'mac_os_x', 'aix', 'windows'
                                        %w()
                                      else
                                        %w(openssh-client openssh-server)
@@ -140,8 +140,16 @@
 # default['openssh']['server']['chroot_directory'] = 'none'
 # default['openssh']['server']['banner'] = 'none'
 # default['openssh']['server']['subsystem'] = 'sftp /usr/libexec/sftp-server'
-default['openssh']['server']['trusted_user_c_a_keys'] = '/etc/ssh/ca_keys'
-default['openssh']['server']['revoked_keys'] = '/etc/ssh/revoked_keys'
+default['openssh']['server']['trusted_user_c_a_keys'] = if platform_family?('windows')
+                                                          join_path(base_ssh_config_dir, 'ca_userkeys.pub')
+                                                        else
+                                                          '/etc/ssh/ca_keys'
+                                                        end
+default['openssh']['server']['revoked_keys'] = if platform_family?('windows')
+                                                 join_path(base_ssh_config_dir, 'revoked_keys')
+                                               else
+                                                 '/etc/ssh/revoked_keys'
+                                               end
 default['openssh']['server']['subsystem'] = 'sftp /usr/libexec/openssh/sftp-server' if platform_family?('rhel', 'amazon', 'fedora')
 default['openssh']['server']['subsystem'] = 'sftp /usr/lib/openssh/sftp-server' if platform_family?('debian')
 default['openssh']['server']['subsystem'] = 'sftp /usr/lib/ssh/sftp-server' if platform_family?('suse')
diff --git a/kitchen.exec.yml b/kitchen.exec.yml
@@ -1,7 +1,14 @@
 ---
-driver: { name: exec }
-transport: { name: exec }
+driver:
+  name: exec
+
+transport:
+  name: exec
+
+provisioner:
+  name: chef_zero
+  deprecations_as_errors: true
 
 platforms:
-  - name: macos-latest
   - name: windows-latest
+  - name: macos-latest
diff --git a/kitchen.yml b/kitchen.yml
@@ -1,10 +1,10 @@
+---
 driver:
   name: vagrant
 
 provisioner:
-  name: chef_infra
-  enforce_idempotency: true
-  multiple_converge: 2
+  name: chef_zero
+  product_name: chef
   deprecations_as_errors: true
   chef_license: accept-no-persist
 
@@ -26,10 +26,20 @@ platforms:
     driver_config:
       box: tas50/macos_10.15
       provider: vmware_desktop
+  - name: windows-2016
+    driver_config:
+      box: tas50/windows_2016
+  - name: windows-2019
+    driver_config:
+      box: tas50/windows_2019
 
 suites:
   - name: default
     run_list: openssh::default
+    excludes:
+      - windows-2016
+      - windows-2019
+      - windows-latest
   - name: iptables
     run_list:
       - openssh::default
@@ -41,3 +51,12 @@ suites:
       - macosx-10.15
       - opensuse-leap-15
       - rockylinux-8
+      - windows-2016
+      - windows-2019
+      - windows-latest
+  - name: windows-default
+    run_list: openssh::default
+    includes:
+      - windows-2016
+      - windows-2019
+      - windows-latest
diff --git a/libraries/helpers.rb b/libraries/helpers.rb
@@ -44,17 +44,29 @@ def sshd_host_keys_missing?
     end
 
     def openssh_service_name
-      if platform_family?('rhel', 'fedora', 'suse', 'freebsd', 'gentoo', 'arch', 'mac_os_x', 'amazon', 'aix')
+      if platform_family?('rhel', 'fedora', 'suse', 'freebsd', 'gentoo', 'arch', 'mac_os_x', 'amazon', 'aix', 'windows')
         'sshd'
       else
         'ssh'
       end
     end
 
+    def base_ssh_config_dir
+      platform_family?('windows') ? 'C:\\ProgramData\\ssh' : '/etc/ssh'
+    end
+
+    def base_ssh_bin_dir
+      platform_family?('windows') ? 'C:\\Program Files\\OpenSSH' : '/usr/sbin/'
+    end
+
+    def join_path(*path)
+      Chef::Util::PathHelper.cleanpath(::File.join(path))
+    end
+
     def supported_ssh_host_keys
-      keys = ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key']
-      keys << '/etc/ssh/ssh_host_dsa_key' if platform_family?('smartos, suse')
-      keys << '/etc/ssh/ssh_host_ed25519_key' if rhel_7_plus? || platform?('amazon', 'fedora') || platform_family?('debian') || opensuse_15_plus?
+      keys = [join_path(base_ssh_config_dir, 'ssh_host_rsa_key'), join_path(base_ssh_config_dir, 'ssh_host_ecdsa_key')]
+      keys << join_path(base_ssh_config_dir, 'ssh_host_dsa_key') if platform_family?('smartos', 'suse', 'windows')
+      keys << join_path(base_ssh_config_dir, 'ssh_host_ed25519_key') if rhel_7_plus? || platform?('amazon', 'fedora') || platform_family?('debian', 'windows') || opensuse_15_plus?
       keys
     end
 
diff --git a/metadata.rb b/metadata.rb
@@ -21,6 +21,7 @@
 supports 'smartos'
 supports 'suse'
 supports 'ubuntu'
+supports 'windows'
 supports 'zlinux'
 
 depends 'iptables', '>= 7.0'
diff --git a/mlc_config.json b/mlc_config.json
@@ -0,0 +1,10 @@
+{
+    "ignorePatterns": [
+        {
+            "pattern": "^https://tickets.chef.io/browse/COOK"
+        },
+        {
+            "pattern": "^https://opencollective.com/sous-chefs/contributors.svg"
+        }
+    ]
+}
diff --git a/recipes/default.rb b/recipes/default.rb
@@ -24,10 +24,10 @@ def listen_addr_for(interface, type)
 
 package node['openssh']['package_name'] unless node['openssh']['package_name'].empty?
 
-template '/etc/ssh/ssh_config' do
+template join_path(base_ssh_config_dir, 'ssh_config') do
   source 'ssh_config.erb'
-  mode '0644'
-  owner 'root'
+  mode '0644' unless platform_family?('windows')
+  owner 'root' unless platform_family?('windows')
   group node['root_group']
 end
 
@@ -44,16 +44,16 @@ def listen_addr_for(interface, type)
 template 'sshd_ca_keys_file' do
   source 'ca_keys.erb'
   path node['openssh']['server']['trusted_user_c_a_keys']
-  mode node['openssh']['config_mode']
-  owner 'root'
+  mode node['openssh']['config_mode'] unless platform_family?('windows')
+  owner 'root' unless platform_family?('windows')
   group node['root_group']
 end
 
 template 'sshd_revoked_keys_file' do
   source 'revoked_keys.erb'
   path node['openssh']['server']['revoked_keys']
-  mode node['openssh']['config_mode']
-  owner 'root'
+  mode node['openssh']['config_mode'] unless platform_family?('windows')
+  owner 'root' unless platform_family?('windows')
   group node['root_group']
 end
 
@@ -78,13 +78,19 @@ def listen_addr_for(interface, type)
   directory dir
 end
 
-template '/etc/ssh/sshd_config' do
+default_sshd_path = if platform_family?('windows')
+                      "\"#{join_path(base_ssh_bin_dir, 'sshd.exe')}\""
+                    else
+                      join_path(base_ssh_bin_dir, 'sshd')
+                    end
+
+template join_path(base_ssh_config_dir, 'sshd_config') do
   source 'sshd_config.erb'
-  mode node['openssh']['config_mode']
-  owner 'root'
+  mode node['openssh']['config_mode'] unless platform_family?('windows')
+  owner 'root' unless platform_family?('windows')
   group node['root_group']
   variables(options: openssh_server_options)
-  verify '/usr/sbin/sshd -t -f %{path}'
+  verify "#{default_sshd_path} -t -f %{path}"
   notifies :restart, 'service[ssh]'
 end
 
diff --git a/recipes/iptables.rb b/recipes/iptables.rb
@@ -17,6 +17,9 @@
 # limitations under the License.
 #
 
+# The iptables cookbook doesn't support Windows
+return if platform_family?('windows')
+
 iptables_packages 'install iptables'
 iptables_service 'start iptables'
 
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -8,3 +8,7 @@
   config.platform = 'ubuntu'
   config.version = '18.04'
 end
+
+def join_path(*path)
+  Chef::Util::PathHelper.cleanpath(::File.join(path))
+end
diff --git a/spec/unit/recipes/default_windows_spec.rb b/spec/unit/recipes/default_windows_spec.rb
diff --git a/test/integration/windows-default/default_spec.rb b/test/integration/windows-default/default_spec.rb

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,9 @@`
`17`	`17`	`# limitations under the License.`
`18`	`18`	`#`
`19`	`19`
	`20`	`+# The iptables cookbook doesn't support Windows`
	`21`	`+return if platform_family?('windows')`
	`22`	`+`
`20`	`23`	`iptables_packages 'install iptables'`
`21`	`24`	`iptables_service 'start iptables'`
`22`	`25`