feat(M39): IIS WinRM proxy agent mode + front-to-back wiring

Complete the IIS target connector with dual-mode deployment: - WinRM proxy agent mode via masterzen/winrm for remote Windows servers - Base64 PFX transfer with try/finally cleanup on remote host - GUI wizard updated with 13 IIS config fields including WinRM settings - TargetDetailPage sensitive field redaction (password/secret/token/key) - OpenAPI TargetType enum updated (added Traefik, Caddy) - connectors.md fully documented with WinRM proxy config example - 38 total IIS tests (10 new WinRM tests), all passing with race detection Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-07 16:01:30 +00:00 · 2026-04-02 20:53:20 -04:00
parent 8b52da6aef
commit 9a41d0ca39
10 changed files with 546 additions and 60 deletions
@@ -164,11 +164,16 @@ export default function TargetDetailPage() {
            <h3 className="text-sm font-semibold text-ink-muted mb-4">Configuration</h3>
            {target.config && Object.keys(target.config).length > 0 ? (
              <div className="space-y-0">
-                {Object.entries(target.config).map(([key, val]) => (
-                  <InfoRow key={key} label={key.replace(/_/g, ' ')} value={
-                    <span className="font-mono text-xs truncate max-w-xs inline-block">{String(val)}</span>
-                  } />
-                ))}
+                {Object.entries(target.config).map(([key, val]) => {
+                  const sensitiveKeys = ['password', 'secret', 'token', 'key', 'winrm_password'];
+                  const isSensitive = sensitiveKeys.some(s => key.toLowerCase().includes(s));
+                  const displayVal = isSensitive && val ? '********' : String(val);
+                  return (
+                    <InfoRow key={key} label={key.replace(/_/g, ' ')} value={
+                      <span className="font-mono text-xs truncate max-w-xs inline-block">{displayVal}</span>
+                    } />
+                  );
+                })}
              </div>
            ) : (
              <div className="text-sm text-ink-faint py-4 text-center">No configuration data</div>
@@ -27,7 +27,7 @@ const TARGET_TYPES = [
  { value: 'traefik', label: 'Traefik', description: 'File provider deployment — writes cert/key to watched directory, auto-reload' },
  { value: 'caddy', label: 'Caddy', description: 'Admin API hot-reload or file-based deployment with configurable mode' },
  { value: 'f5_bigip', label: 'F5 BIG-IP', description: 'iControl REST via proxy agent (V3 implementation)' },
-  { value: 'iis', label: 'IIS', description: 'Windows IIS via agent-local PowerShell or proxy WinRM (V3 implementation)' },
+  { value: 'iis', label: 'IIS', description: 'Windows IIS via agent-local PowerShell or remote WinRM proxy agent' },
 ];

 const CONFIG_FIELDS: Record<string, { key: string; label: string; placeholder: string; required?: boolean }[]> = {
@@ -67,9 +67,18 @@ const CONFIG_FIELDS: Record<string, { key: string; label: string; placeholder: s
  ],
  iis: [
    { key: 'site_name', label: 'IIS Site Name', placeholder: 'Default Web Site', required: true },
-    { key: 'binding_ip', label: 'Binding IP', placeholder: '*' },
-    { key: 'binding_port', label: 'Binding Port', placeholder: '443' },
-    { key: 'cert_store', label: 'Certificate Store', placeholder: 'My' },
+    { key: 'cert_store', label: 'Certificate Store', placeholder: 'My', required: true },
+    { key: 'port', label: 'HTTPS Port', placeholder: '443' },
+    { key: 'ip_address', label: 'Binding IP', placeholder: '*' },
+    { key: 'binding_info', label: 'Host Header (SNI)', placeholder: 'www.example.com' },
+    { key: 'sni', label: 'Enable SNI', placeholder: 'true or false' },
+    { key: 'mode', label: 'Deployment Mode', placeholder: 'local (default) or winrm' },
+    { key: 'winrm.winrm_host', label: 'WinRM Host (remote mode)', placeholder: 'iis-server.example.com' },
+    { key: 'winrm.winrm_port', label: 'WinRM Port', placeholder: '5985 (HTTP) or 5986 (HTTPS)' },
+    { key: 'winrm.winrm_username', label: 'WinRM Username', placeholder: 'Administrator' },
+    { key: 'winrm.winrm_password', label: 'WinRM Password', placeholder: '(sensitive)' },
+    { key: 'winrm.winrm_https', label: 'WinRM Use HTTPS', placeholder: 'true or false' },
+    { key: 'winrm.winrm_insecure', label: 'WinRM Skip TLS Verify', placeholder: 'false' },
  ],
 };