Added support for validator less bootstrap

lib/chef/azure/bootstrap/chef-full.erb

@@ -21,12 +21,10 @@ exists() {
 
 mkdir -p /etc/chef
 
-<% if client_pem -%>
 cat > /etc/chef/client.pem <<'EOP'
-<%= ::File.read(::File.expand_path(client_pem)) %>
+<%= client_key %>
 EOP
 chmod 0600 /etc/chef/client.pem
-<% end -%>
 
 cat > /etc/chef/validation.pem <<'EOP'
 <%= validation_key %>

lib/chef/azure/bootstrap/windows-chef-client-msi.erb

@@ -42,6 +42,14 @@ echo Writing validation key...
 )
 
 echo Validation key written.
+
+echo Writing client key...
+
+> <%= bootstrap_directory %>\client.pem (
+ <%= client_key %>
+)
+
+echo client key written.
 @echo on
 
 <% if @config[:secret] -%>

lib/chef/azure/commands/enable.rb

@@ -127,6 +127,7 @@ def configure_chef_only_once
         config[:user_client_rb] = @client_rb
         config[:log_location] = @azure_plugin_log_location
         Chef::Config[:validation_key_content] = @validation_key
+        Chef::Config[:client_key_content] = @client_key
         config[:chef_server_url] = bootstrap_options['chef_server_url'] if bootstrap_options['chef_server_url']
         config[:validation_client_name] =  bootstrap_options['validation_client_name'] if bootstrap_options['validation_client_name']
         template_file = File.expand_path(File.dirname(File.dirname(__FILE__)))
@@ -185,6 +186,7 @@ def load_cloud_attributes_in_hints
   def load_settings
     protected_settings = value_from_json_file(handler_settings_file,'runtimeSettings','0','handlerSettings', 'protectedSettings')
     @validation_key = get_validation_key(protected_settings)
+    @client_key = get_client_key(protected_settings)
     @client_rb = value_from_json_file(handler_settings_file, 'runtimeSettings', '0', 'handlerSettings', 'publicSettings', 'client_rb')
     @run_list = value_from_json_file(handler_settings_file, 'runtimeSettings', '0', 'handlerSettings', 'publicSettings', 'runlist')
   end
@@ -223,6 +225,31 @@ def escape_runlist(run_list)
   end
 
   def get_validation_key(encrypted_text)
+    decrypted_text = get_decrypted_key(encrypted_text)
+    #extract validation_key from decrypted hash
+    validation_key = value_from_json_file(decrypted_text, "validation_key")
+    begin
+      validation_key = OpenSSL::PKey::RSA.new(validation_key.squeeze("\n")).to_pem
+    rescue OpenSSL::PKey::RSAError => e
+      Chef::Log.error "Chef validation key parsing error. #{e.inspect}"
+      validation_key
+    end
+  end
+
+  def get_client_key(encrypted_text)
+    decrypted_text = get_decrypted_key(encrypted_text)
+
+    #extract client_key from decrypted hash
+    client_key = value_from_json_file(decrypted_text, "client_pem")
+    begin
+      client_key = OpenSSL::PKey::RSA.new(client_key.squeeze("\n")).to_pem
+    rescue OpenSSL::PKey::RSAError => e
+      Chef::Log.error "Chef client key parsing error. #{e.inspect}"
+      client_key
+    end
+  end
+
+  def get_decrypted_key(encrypted_text)
     if windows?
       decrypt_content_file_path = File.expand_path(File.dirname(File.dirname(__FILE__)))
       decrypt_content_file_path += "\\helpers\\powershell\\decrypt_content_on_windows.ps1"
@@ -232,7 +259,6 @@ def get_validation_key(encrypted_text)
       decrypted_text = result.stdout
       result.error!
     else
-
       certificate_path = LINUX_CERT_PATH
 
       # read cert & get key from the certificate
@@ -244,14 +270,7 @@ def get_validation_key(encrypted_text)
       encrypted_text = OpenSSL::PKCS7.new(encrypted_text)
       decrypted_text = encrypted_text.decrypt(private_key, certificate)
     end
-
-    #extract validation_key from decrypted hash
-    validation_key = value_from_json_file(decrypted_text, "validation_key")
-    begin
-      validation_key = OpenSSL::PKey::RSA.new(validation_key.squeeze("\n")).to_pem
-    rescue OpenSSL::PKey::RSAError => e
-      Chef::Log.error "Chef validation key parsing error. #{e.inspect}"
-      validation_key
-    end
+    decrypted_text
   end
+
 end

lib/chef/azure/core/bootstrap_context.rb

@@ -13,6 +13,10 @@ def validation_key
           @chef_config[:validation_key_content]
         end
 
+        def client_key
+          @chef_config[:client_key_content]
+        end
+
         def config_content
           client_rb = ""
           # Add user provided client_rb to the beginning of a file.

lib/chef/azure/core/windows_bootstrap_context.rb

@@ -50,6 +50,10 @@ def validation_key
           escape_and_echo(super)
         end
 
+        def client_key
+          escape_and_echo(super)
+        end
+
         def secret
           escape_and_echo(@config[:secret])
         end

spec/unit/azure_enable_spec.rb

@@ -120,6 +120,7 @@
       allow(instance).to receive(:bootstrap_directory).and_return(Dir.home)
       allow(instance).to receive(:handler_settings_file).and_return(mock_data("handler_settings.settings"))
       allow(instance).to receive(:get_validation_key).and_return("")
+      allow(instance).to receive(:get_client_key).and_return("")
       allow(instance).to receive(:windows?).and_return(true)
       # Call to load_cloud_attributes_in_hints method has been removed for time being
       #expect(instance).to receive(:load_cloud_attributes_in_hints)
@@ -142,6 +143,7 @@
       allow(instance).to receive(:bootstrap_directory).and_return(Dir.home)
       allow(instance).to receive(:handler_settings_file).and_return(mock_data("handler_settings.settings"))
       allow(instance).to receive(:get_validation_key).and_return("")
+      allow(instance).to receive(:get_client_key).and_return("")
       allow(instance).to receive(:windows?).and_return(false)
       #expect(instance).to receive(:load_cloud_attributes_in_hints)
       sample_config = {:chef_node_name=>"mynode3", :chef_extension_root=>"./", :user_client_rb=>"", :log_location=>nil, :chef_server_url=>"https://api.opscode.com/organizations/clochefacc", :validation_client_name=>"clochefacc-validator", :secret=>nil}
@@ -160,6 +162,7 @@
       expect(instance).to receive(:handler_settings_file).exactly(3).times
       expect(instance).to receive(:value_from_json_file).exactly(3).times
       expect(instance).to receive(:get_validation_key)
+      allow(instance).to receive(:get_client_key).and_return("")
       instance.send(:load_settings)
     end
   end