github.com/cloudfoundry-incubator/windows-utilities-tests@v0.11.1-0.20230315194243-a2ce46b74d8a/assets/wuts-release/jobs/check_kms_host/templates/run.ps1.erb

github.com/cloudfoundry-incubator/windows-utilities-tests@v0.11.1-0.20230315194243-a2ce46b74d8a/assets/wuts-release/jobs/check_kms_host/templates/run.ps1.erb (about)

     1  $ExpectedHost="<%= p("check_kms_host.host").to_s %>"
     2  $ExpectedPort="<%= p("check_kms_host.port").to_s %>"
     3  
     4  $KMSServicePath="HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform"
     5  
     6  $ActualHost="{0}" -f (Get-ItemProperty -Path $KMSServicePath).KeyManagementServiceName
     7  $ActualPort="{0}" -f (Get-ItemProperty -Path $KMSServicePath).KeyManagementServicePort
     8  
     9  $script:i = 0;
    10  While ($script:i -lt 10) {
    11    $msg="Checking host and port; try {0}" -f $script:i
    12    Write-Host msg
    13  
    14    If (($ExpectedHost -Ne $ActualHost) -Or ($ExpectedPort -Ne $ActualPort)) {
    15      $script:i++
    16      Start-Sleep -s 5
    17    } Else {
    18      Break
    19    }
    20  }
    21  
    22  # Check KMS settings in registry
    23  $DefaultKms=@(
    24    "kms.windows.googlecloud.com", # GCP
    25    "169.254.169.250", # Amazon
    26    "169.254.169.251", # Amazon
    27    "azkms.core.windows.net" # Azure
    28  )
    29  
    30  If (($ExpectedHost -Eq "") -And ($DefaultKms.Contains($ActualHost))) {
    31    "Default KMS Host set by IaaS"
    32  } Else {
    33    If ($ExpectedHost -Ne $ActualHost) {
    34      $msg="Error: Expected KMS Host to equal {0}; Got {1}" -f $ExpectedHost,$ActualHost
    35      Write-Error $msg
    36      Exit 1
    37    }
    38    If ($ExpectedPort -Ne $ActualPort) {
    39      $msg="Error: Expected KMS Port to equal {0}; Got {1}" -f $ExpectedPort,$ActualPort
    40      Write-Error $msg
    41      Exit 1
    42    }
    43  }
    44  
    45  
    46  # Check firewall rules
    47  if ($ExpectedPort -Ne "") {
    48    $InboundRule="Open inbound $ExpectedPort for KMS Server"
    49    if ((Get-NetFirewallRule | where { $_.DisplayName -eq $InboundRule }) -eq $null) {
    50      $msg="Error: Missing firewall rule: $InboundRule"
    51      Write-Error $msg
    52      Exit 1
    53    }
    54    $OutboundRule="Open outbound $ExpectedPort for KMS Server"
    55    if ((Get-NetFirewallRule | where { $_.DisplayName -eq $OutboundRule }) -eq $null) {
    56      $msg="Error: Missing firewall rule: $OutboundRule"
    57      Write-Error $msg
    58      Exit 1
    59    }
    60  } Else {
    61    if (($UnexpectedRule = Get-NetFirewallRule | where { $_.DisplayName -match "Open inbound \d+ for KMS Server" }) -ne $null) {
    62      $msg="Error: Unexpected firewall rule: {0}" -f $UnexpectedRule.DisplayName
    63      Write-Error $msg
    64      Exit 1
    65    }
    66    if (($UnexpectedRule = Get-NetFirewallRule | where { $_.DisplayName -match "Open outbound \d+ for KMS Server" }) -ne $null) {
    67      $msg="Error: Unexpected firewall rule: {0}" -f $UnexpectedRule.DisplayName
    68      Write-Error $msg
    69      Exit 1
    70    }
    71  }
    72  
    73  Exit 0