Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add NTLM authentication support #56

Merged
merged 10 commits into from
Dec 17, 2020

Conversation

czeumer
Copy link
Contributor

@czeumer czeumer commented Nov 16, 2020

Description

Implemented the suggested changes and tested it in our environment.

References

#34

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

@ghost ghost added the size/XS label Nov 16, 2020
@hashicorp-cla
Copy link

hashicorp-cla commented Nov 16, 2020

CLA assistant check
All committers have signed the CLA.

Copy link
Contributor

@koikonom koikonom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @czeumer ! Thanks for taking the time to submit this PR.

Code-wise I only have a minor comment to make that's really trivial to fix.
There seems to be a weird problem with the provider though. Specifically when I try to run the acceptance tests it seems that authentication fails randomly:

❯ TESTARGS='-count 1 -run TestAccADGroupMembership_basic' make testacc 
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -count 1 -run TestAccADGroupMembership_basic -timeout 120m
[...output...]
=== RUN   TestAccADGroupMembership_basic
    resource_ad_group_membership_test.go:14: terraform failed: exit status 1

        stderr:

        Error: powershell command failed with exit code 1
        stdout:
        stderr:
        error: http response error: 401 - invalid content type



        Error: powershell command failed with exit code 1
        stdout:
        stderr:
        error: http response error: 401 - invalid content type



        Error: powershell command failed with exit code 1
        stdout:
        stderr:
        error: http response error: 401 - invalid content type



--- FAIL: TestAccADGroupMembership_basic (7.41s)

[...output...]
❯ TESTARGS='-count 1 -run TestAccADGroupMembership_basic' make testacc
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -count 1 -run TestAccADGroupMembership_basic -timeout 120m
[...output...]
=== RUN   TestAccADGroupMembership_basic
--- PASS: TestAccADGroupMembership_basic (28.28s)
PASS
ok  	github.com/hashicorp/terraform-provider-ad/ad	28.687s
?   	github.com/hashicorp/terraform-provider-ad/ad/internal/adschema	[no test files]
testing: warning: no tests to run
PASS
ok  	github.com/hashicorp/terraform-provider-ad/ad/internal/gposec	0.198s [no tests to run]
[...output...]

❯ echo $AD_WINRM_USE_NTLM
true

I am running the tests against a Win2k12R2 server and my test server has this setup:

winrm quickconfig -q
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'

docs/index.md Outdated Show resolved Hide resolved
czeumer and others added 2 commits December 7, 2020 10:53
Co-authored-by: Kyriakos Oikonomakos <koikonom@users.noreply.github.com>
@ghost ghost added size/XL and removed size/XS labels Dec 7, 2020
@czeumer
Copy link
Contributor Author

czeumer commented Dec 8, 2020

There seems to be a weird problem with the provider though. Specifically when I try to run the acceptance tests it seems that authentication fails randomly:

Hi @koikonom,

it seems, that an NTLM authenticated session does not allow to be used in parallel.
We implemented a simple connection pooling, that ensures a WinRM connection is used exclusively during a run.

@koikonom
Copy link
Contributor

Hi @czeumer thanks for adding the connection pooling too, the tests no longer fail.

Unfortunately I cannot merge the PR as is until you rebase on top of the main branch, due to conflicts. Let me know once you do that and I'll merge this!

@czeumer
Copy link
Contributor Author

czeumer commented Dec 17, 2020

hi @koikonom

Unfortunately I cannot merge the PR as is until you rebase on top of the main branch, due to conflicts. Let me know once you do that and I'll merge this!

The PR has been rebased.

@koikonom koikonom merged commit 0767540 into hashicorp:main Dec 17, 2020
@rbojan rbojan deleted the issue34-support-ntlm branch December 19, 2020 21:07
@ghost
Copy link

ghost commented Jan 17, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Jan 17, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants