awspec 1.24.1 → 1.25.0

data/lib/awspec/command/generate.rb

@@ -51,7 +51,7 @@ module Awspec
     types_for_generate_all = %w(
       cloudwatch_alarm cloudwatch_event directconnect ebs efs
       elasticsearch iam_group iam_policy iam_role iam_user kms lambda
-      acm cloudwatch_logs eip codebuild
+      acm cloudwatch_logs eip codebuild elasticache
     )
 
     types_for_generate_all.each do |type|

data/lib/awspec/generator/spec/cloudwatch_logs.rb

@@ -23,7 +23,11 @@ module Awspec::Generator
         metric_filters = select_all_cloudwatch_logs_metric_filter(log_group)
         metric_filter_lines = []
         metric_filters.each do |metric_filter|
-          line = "it { should have_metric_filter('#{metric_filter.filter_name}') }"
+          line = "it { should have_metric_filter('#{metric_filter.filter_name}')"
+          unless metric_filter.filter_pattern.empty?
+            line += ".filter_pattern('#{metric_filter.filter_pattern}')"
+          end
+          line += ' }'
           metric_filter_lines.push(line)
         end
         metric_filter_lines

data/lib/awspec/generator/spec/elasticache.rb

@@ -0,0 +1,43 @@
+module Awspec::Generator
+  module Spec
+    class Elasticache
+      include Awspec::Helper::Finder
+      def generate_all
+        opt = {}
+        clusters = []
+        loop do
+          res = elasticache_client.describe_cache_clusters(opt)
+          clusters.push(*res.cache_clusters)
+          break if res.marker.nil?
+          opt = { marker: res.marker }
+        end
+        raise 'Not Found Cache Clusters' if clusters.empty?
+        ERB.new(cache_clusters_spec_template, nil, '-').result(binding).gsub(/^\n/, '')
+      end
+
+      def cache_clusters_spec_template
+        template = <<-'EOF'
+<% clusters.each do |cluster| %>
+describe elasticache('<%= cluster.cache_cluster_id %>') do
+  it { should exist }
+  it { should be_available }
+  it { should have_cache_parameter_group('<%= cluster.cache_parameter_group.cache_parameter_group_name %>') }
+  it { should belong_to_cache_subnet_group('<%= cluster.cache_subnet_group_name %>') }
+<% unless cluster.replication_group_id.nil? %>
+  its(:replication_group_id) { should eq '<%= cluster.replication_group_id %>' }
+<% end %>
+  its(:engine) { should eq '<%= cluster.engine %>' }
+  its(:engine_version) { should eq '<%= cluster.engine_version %>' }
+  its(:cache_node_type) { should eq '<%= cluster.cache_node_type %>' }
+<% unless cluster.snapshot_retention_limit.nil? %>
+  its(:snapshot_retention_limit) { should eq <%= cluster.snapshot_retention_limit %> }
+  its(:snapshot_window) { should eq '<%= cluster.snapshot_window %>' }
+<% end %>
+end
+<% end %>
+EOF
+        template
+      end
+    end
+  end
+end

data/lib/awspec/generator.rb

@@ -27,6 +27,7 @@ require 'awspec/generator/spec/cloudwatch_logs'
 require 'awspec/generator/spec/alb'
 require 'awspec/generator/spec/nlb'
 require 'awspec/generator/spec/internet_gateway'
+require 'awspec/generator/spec/elasticache'
 require 'awspec/generator/spec/elasticsearch'
 require 'awspec/generator/spec/eip'
 require 'awspec/generator/spec/rds_db_parameter_group'

data/lib/awspec/helper/finder/ec2.rb

@@ -3,23 +3,48 @@ module Awspec::Helper
     module Ec2
       def find_ec2(id)
         # instance_id or tag:Name
-        begin
-          res = ec2_client.describe_instances({
-                                                instance_ids: [id]
-                                              })
-        rescue
-          # Aws::EC2::Errors::InvalidInstanceIDMalformed
-          # Aws::EC2::Errors::InvalidInstanceIDNotFound
-          res = ec2_client.describe_instances({
-                                                filters: [{ name: 'tag:Name', values: [id] }]
-                                              })
-        end
-        # rubocop:enable Style/GuardClause
-        if res.reservations.count == 1
-          res.reservations.first.instances.single_resource(id)
-        elsif res.reservations.count > 1
-          raise Awspec::DuplicatedResourceTypeError, "Duplicate instances matching id or tag #{id}"
+
+        # First tries to search by using an educated guess, based on the
+        # references below:
+        # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html
+        # https://docs.chef.io/inspec/resources/aws_ec2_instance/
+        # This should be faster then just first trying ID when the parameter is
+        # clearly not one
+
+        # https://medium.com/@Bakku1505/ruby-start-with-end-with-vs-regular-expressions-59728be0859e
+        if id.start_with?('i-') && id.length == 19 && id =~ /^i-[0-9a-f]/
+          begin
+            res = ec2_client.describe_instances({
+                                                  instance_ids: [id]
+                                                })
+          rescue Aws::EC2::Errors::InvalidInstanceIDNotFound, Aws::EC2::Errors::InvalidInstanceIDMalformed => e
+            res = ec2_client.describe_instances({
+                                                  filters: [{ name: 'tag:Name', values: [id] }]
+                                                })
+          end
+        else
+          begin
+            res = ec2_client.describe_instances({
+                                                  filters: [{ name: 'tag:Name', values: [id] }]
+                                                })
+          rescue Aws::EC2::Errors::InvalidInstanceIDNotFound, Aws::EC2::Errors::InvalidInstanceIDMalformed => e
+            res = ec2_client.describe_instances({
+                                                  instance_ids: [id]
+                                                })
+            if res.reservations.count > 1
+              STDERR.puts "Warning: '#{id}' unexpectedly identified as a valid instance ID during fallback search"
+            end
+          end
         end
+
+        return nil if res.reservations.count == 0
+        return res.reservations.first.instances.single_resource(id) if res.reservations.count == 1
+        raise Awspec::DuplicatedResourceTypeError, dup_ec2_instance(id) if res.reservations.count > 1
+        raise "Unexpected condition of having reservations = #{res.reservations.count}"
+      end
+
+      def dup_ec2_instance(id)
+        "Duplicate instances matching id or tag #{id}"
       end
 
       def find_ec2_attribute(id, attribute)

data/lib/awspec/helper/finder/ecs.rb

@@ -36,7 +36,7 @@ module Awspec::Helper
       # deprecated method
       def find_ecs_container_instances(cluster, container_instances)
         res = ecs_client.describe_container_instances(cluster: cluster, container_instances: container_instances)
-        res.container_instances if res.container_instances
+        res.container_instances if res.container_instances # rubocop:disable Style/UnneededCondition
       end
 
       alias_method :list_ecs_container_instances, :select_ecs_container_instance_arn_by_cluster_name # deprecated method

data/lib/awspec/helper/finder/subnet.rb

@@ -1,29 +1,127 @@
+require 'singleton'
+
 module Awspec::Helper
   module Finder
     module Subnet
-      def find_subnet(subnet_id)
-        res = ec2_client.describe_subnets({
-                                            filters: [{ name: 'subnet-id', values: [subnet_id] }]
-                                          })
-        resource = res.subnets.single_resource(subnet_id)
-        return resource if resource
-        res = ec2_client.describe_subnets({
-                                            filters: [{ name: 'tag:Name', values: [subnet_id] }]
-                                          })
-        resource = res.subnets.single_resource(subnet_id)
-        return resource if resource
-        res = ec2_client.describe_subnets({
-                                            filters: [{ name: 'cidrBlock', values: [subnet_id] }]
-                                          })
-        res.subnets.single_resource(subnet_id)
+      # Implements in-memory cache for +AWS::Ec2::Client+ +describe_subnets+
+      # method.
+
+      # == Usage
+      # Includes {Singleton}[https://ruby-doc.org/stdlib-2.7.3/libdoc/singleton/rdoc/index.html]
+      # module, so use +instance+ instead of +new+ to get a instance.
+      #
+      # It is intended to be used internally by the +find_subnet+ function only.
+      #
+      # Many of the methods expect a symbol to search through the cache to
+      # avoid having to call +to_sym+ multiple times.
+
+      class SubnetCache
+        include Singleton
+
+        def initialize # :nodoc:
+          @by_tag_name = {}
+          @by_cidr = {}
+          @subnet_ids = {}
+          @ip_matcher = Regexp.new('^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/\d{1,2}$')
+        end
+
+        # Add a mapping of a CIDR to the respective subnet ID
+        def add_by_cidr(cidr, subnet_id)
+          key_sym = cidr.to_sym
+          @by_cidr[key_sym] = subnet_id.to_sym unless @by_cidr.key?(key_sym)
+        end
+
+        # Add a mapping of a tag to the respective subnet ID
+        def add_by_tag(tag, subnet_id)
+          key_sym = tag.to_sym
+          @by_tag_name[key_sym] = subnet_id.to_sym unless @by_tag_name.key?(key_sym)
+        end
+
+        # Add a +Aws::EC2::Types::Subnet+ instance to the cache, mapping it's ID
+        # to the instance itself.
+        def add_subnet(subnet)
+          key_sym = subnet.subnet_id.to_sym
+          @subnet_ids[key_sym] = subnet unless @subnet_ids.key?(key_sym)
+        end
+
+        # Check if a subnet ID (as a symbol) exists in the cache.
+        def has_subnet?(subnet_id_symbol)
+          @subnet_ids.key?(subnet_id_symbol)
+        end
+
+        # Return a +Aws::EC2::Types::Subnet+ that matches the given CIDR.
+        def subnet_by_cidr(cidr_symbol)
+          @subnet_ids[@by_cidr[cidr_symbol]]
+        end
+
+        # Return a +Aws::EC2::Types::Subnet+ that matches the given tag.
+        def subnet_by_tag(tag_symbol)
+          @subnet_ids[@by_tag_name[tag_symbol]]
+        end
+
+        # Return a +Aws::EC2::Types::Subnet+ that matches the given subnet ID.
+        def subnet_by_id(subnet_id_symbol)
+          @subnet_ids[subnet_id_symbol]
+        end
+
+        # Check if a given string looks like a IPv4 CIDR.
+        def is_cidr?(subnet_id)
+          @ip_matcher.match(subnet_id)
+        end
+
+        # Check if the cache was already initialized or not.
+        def empty?
+          @subnet_ids.empty?
+        end
+
+        # Return the cache as a string.
+        def to_s
+          "by tag name: #{@by_tag_name}, by CIDR: #{@by_cidr}"
+        end
       end
 
-      def select_subnet_by_vpc_id(vpc_id)
-        res = ec2_client.describe_subnets({
-                                            filters: [{ name: 'vpc-id', values: [vpc_id] }]
-                                          })
-        res.subnets
+      # Try to locate a +Aws::EC2::Types::Subnet+ with a given subnet ID.
+      #
+      # A subnet ID might be multiple things, like the
+      # +Aws::EC2::Types::Subnet.subnet_id+, or a IPv4 CIDR or the value for the
+      # +Name+ tag associated with the subnet.
+      #
+      # Returns a instance of +Aws::EC2::Types::Subnet+ or +nil+.
+      def find_subnet(subnet_id)
+        cache = SubnetCache.instance
+
+        if cache.empty?
+          res = ec2_client.describe_subnets
+
+          res.subnets.each do |sub|
+            cache.add_by_cidr(sub.cidr_block, sub.subnet_id)
+            cache.add_subnet(sub)
+            next if sub.tags.empty?
+
+            sub.tags.each do |tag|
+              if tag[:key].eql?('Name')
+                cache.add_by_tag(tag[:value], sub.subnet_id)
+                break
+              end
+            end
+          end
+        end
+
+        id_key = subnet_id.to_sym
+        return cache.subnet_by_id(id_key) if subnet_id.start_with?('subnet-') && cache.has_subnet?(id_key)
+        return cache.subnet_by_cidr(id_key) if cache.is_cidr?(subnet_id) && cache.by_cidr.key?(id_key)
+        cache.subnet_by_tag(id_key)
       end
     end
+
+    # Search for the subnets associated with a given VPC ID.
+    #
+    # Returns an array of +Aws::EC2::Types::Subnet+ instances.
+    def select_subnet_by_vpc_id(vpc_id)
+      res = ec2_client.describe_subnets({
+                                          filters: [{ name: 'vpc-id', values: [vpc_id] }]
+                                        })
+      res.subnets
+    end
   end
 end

data/lib/awspec/helper/finder.rb

@@ -166,6 +166,12 @@ module Awspec::Helper
       http_wire_trace: ENV['http_wire_trace'] || false
     }
 
+    check_configuration = ENV['DISABLE_AWS_CLIENT_CHECK'] != 'true' if ENV.key?('DISABLE_AWS_CLIENT_CHECK')
+
+    # define_method below will "hide" any exception that comes from bad
+    # setup of AWS client, so let's try first to create a instance
+    Awsecrets.load if check_configuration
+
     CLIENTS.each do |method_name, client|
       define_method method_name do
         unless self.methods.include? "@#{method_name}"

data/lib/awspec/helper/states.rb

@@ -0,0 +1,16 @@
+module Awspec::Helper
+  module States
+    EC2_STATES = %w(pending running shutting-down terminated stopping stopped)
+
+    def self.ec2_states_checks
+      Enumerator.new do |yielder|
+        n = 0
+        while n < EC2_STATES.size
+          method_name = EC2_STATES[n].tr('-', '_') + '?'
+          yielder.yield(method_name, EC2_STATES[n])
+          n += 1
+        end
+      end.lazy
+    end
+  end
+end

data/lib/awspec/matcher/belong_to_subnets.rb

@@ -0,0 +1,14 @@
+RSpec::Matchers.define :belong_to_subnets do |*subnets|
+  match do |nodegroup|
+    superset = Set.new(subnets)
+    nodegroup.subnets.subset?(superset)
+  end
+  failure_message { |nodegroup| super() + failure_reason(nodegroup) }
+  failure_message_when_negated { |nodegroup| super() + failure_reason(nodegroup) }
+end
+
+private
+
+def failure_reason(nodegroup)
+  ", but the nodes are allocated to the subnets #{nodegroup.subnets.to_a}"
+end

data/lib/awspec/matcher/have_metric_filter.rb

@@ -0,0 +1,9 @@
+RSpec::Matchers.define :have_metric_filter do |filter_name|
+  match do |log_group_name|
+    log_group_name.has_metric_filter?(filter_name, @pattern)
+  end
+
+  chain :filter_pattern do |pattern|
+    @pattern = pattern
+  end
+end

data/lib/awspec/matcher.rb

@@ -4,6 +4,9 @@ require 'awspec/matcher/belong_to_subnet'
 require 'awspec/matcher/have_tag'
 require 'awspec/matcher/have_network_interface'
 
+# EKS
+require 'awspec/matcher/belong_to_subnets'
+
 # RDS
 require 'awspec/matcher/belong_to_db_subnet_group'
 require 'awspec/matcher/have_db_parameter_group'
@@ -53,6 +56,7 @@ require 'awspec/matcher/have_rule'
 
 # CloudWatch Logs
 require 'awspec/matcher/have_subscription_filter'
+require 'awspec/matcher/have_metric_filter'
 
 # DynamoDB
 require 'awspec/matcher/have_attribute_definition'

data/lib/awspec/setup.rb

@@ -18,7 +18,7 @@ EOF
       dir = 'spec'
       if File.exist? dir
         unless File.directory? dir
-          $stderr.puts '!! #{dir} already exists and is not a directory'
+          $stderr.puts "!! #{dir} already exists and is not a directory"
         end
       else
         FileUtils.mkdir dir

data/lib/awspec/stub/cloudwatch_logs.rb

@@ -18,7 +18,8 @@ Aws.config[:cloudwatchlogs] = {
     describe_metric_filters: {
       metric_filters: [
         {
-          filter_name: 'my-cloudwatch-logs-metric-filter'
+          filter_name: 'my-cloudwatch-logs-metric-filter',
+          filter_pattern: '[date, error]'
         }
       ]
     },

data/lib/awspec/stub/ec2_non_existing.rb

@@ -0,0 +1,7 @@
+Aws.config[:ec2] = {
+  stub_responses: {
+    describe_instances: {
+      reservations: []
+    }
+  }
+}

data/lib/awspec/stub/eks_nodegroup.rb

@@ -9,8 +9,68 @@ Aws.config[:eks] = {
         nodegroup_arn: 'arn:aws:eks:us-west-2:012345678910:nodegroup/my-cluster/my-nodegroup/08bd000a',
         created_at: Time.parse('2018-10-28 00:23:32 -0400'),
         node_role: 'arn:aws:iam::012345678910:role/eks-nodegroup-role',
-        status: 'ACTIVE'
+        status: 'ACTIVE',
+        scaling_config: { min_size: 1, desired_size: 2, max_size: 3 }
       }
     }
   }
 }
+
+Aws.config[:ec2] = {
+  stub_responses: {
+    describe_instances: {
+      reservations: [
+        {
+          instances: [
+            {
+              instance_id: 'i-ec12345a',
+              image_id: 'ami-abc12def',
+              vpc_id: 'vpc-ab123cde',
+              subnet_id: 'subnet-1234a567',
+              public_ip_address: '123.0.456.789',
+              private_ip_address: '10.0.1.1',
+              instance_type: 't2.small',
+              state: {
+                name: 'running'
+              },
+              security_groups: [
+                {
+                  group_id: 'sg-1a2b3cd4',
+                  group_name: 'my-security-group-name'
+                }
+              ],
+              iam_instance_profile: {
+                arn: 'arn:aws:iam::123456789012:instance-profile/Ec2IamProfileName',
+                id: 'ABCDEFGHIJKLMNOPQRSTU'
+              },
+              block_device_mappings: [
+                {
+                  device_name: '/dev/sda',
+                  ebs: {
+                    volume_id: 'vol-123a123b'
+                  }
+                }
+              ],
+              network_interfaces: [
+                {
+                  network_interface_id: 'eni-12ab3cde',
+                  subnet_id: 'subnet-1234a567',
+                  vpc_id: 'vpc-ab123cde',
+                  attachment: {
+                    device_index: 1
+                  }
+                }
+              ],
+              tags: [
+                {
+                  key: 'Name',
+                  value: 'my-ec2'
+                }
+              ]
+            }
+          ]
+        }
+      ]
+    }
+  }
+}