1 | initial version |
Personally I am a big fan of looking at djoin and the offline model for this ask myself. Its not done in any project I know of, but it shouldn't be a ton of work. You would just need a microservice that wraps that binary on a windows box and provides a context that is scoped for OU authorization. Than you could just pipe the base64 blob into the userdata for the instance and leverage cb-init to run the /requestodj in the VM init process.
Now admin passwords or anything being tossed around or obfuscated. Just a single use blob of metadata that is easily handled within init.