awspec 1.24.2 → 1.25.1

data/lib/awspec/helper/finder/subnet.rb

@@ -1,29 +1,132 @@
+require 'singleton'
+
 module Awspec::Helper
   module Finder
     module Subnet
-      def find_subnet(subnet_id)
-        res = ec2_client.describe_subnets({
-                                            filters: [{ name: 'subnet-id', values: [subnet_id] }]
-                                          })
-        resource = res.subnets.single_resource(subnet_id)
-        return resource if resource
-        res = ec2_client.describe_subnets({
-                                            filters: [{ name: 'tag:Name', values: [subnet_id] }]
-                                          })
-        resource = res.subnets.single_resource(subnet_id)
-        return resource if resource
-        res = ec2_client.describe_subnets({
-                                            filters: [{ name: 'cidrBlock', values: [subnet_id] }]
-                                          })
-        res.subnets.single_resource(subnet_id)
+      # Implements in-memory cache for +AWS::Ec2::Client+ +describe_subnets+
+      # method.
+
+      # == Usage
+      # Includes {Singleton}[https://ruby-doc.org/stdlib-2.7.3/libdoc/singleton/rdoc/index.html]
+      # module, so use +instance+ instead of +new+ to get a instance.
+      #
+      # It is intended to be used internally by the +find_subnet+ function only.
+      #
+      # Many of the methods expect a symbol to search through the cache to
+      # avoid having to call +to_sym+ multiple times.
+
+      class SubnetCache
+        include Singleton
+
+        def initialize # :nodoc:
+          @by_tag_name = {}
+          @by_cidr = {}
+          @subnet_ids = {}
+          @ip_matcher = Regexp.new('^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/\d{1,2}$')
+        end
+
+        # Add a mapping of a CIDR to the respective subnet ID
+        def add_by_cidr(cidr, subnet_id)
+          key_sym = cidr.to_sym
+          @by_cidr[key_sym] = subnet_id.to_sym unless @by_cidr.key?(key_sym)
+        end
+
+        # Add a mapping of a tag to the respective subnet ID
+        def add_by_tag(tag, subnet_id)
+          key_sym = tag.to_sym
+          @by_tag_name[key_sym] = subnet_id.to_sym unless @by_tag_name.key?(key_sym)
+        end
+
+        # Add a +Aws::EC2::Types::Subnet+ instance to the cache, mapping it's ID
+        # to the instance itself.
+        def add_subnet(subnet)
+          key_sym = subnet.subnet_id.to_sym
+          @subnet_ids[key_sym] = subnet unless @subnet_ids.key?(key_sym)
+        end
+
+        # Check if a subnet ID (as a symbol) exists in the cache.
+        def has_subnet?(subnet_id_symbol)
+          @subnet_ids.key?(subnet_id_symbol)
+        end
+
+        # Check if a IPv4 CIDR (as a symbol) exists in the cache.
+        def has_cidr?(cidr_symbol)
+          @by_cidr.key?(cidr_symbol)
+        end
+
+        # Return a +Aws::EC2::Types::Subnet+ that matches the given CIDR.
+        def subnet_by_cidr(cidr_symbol)
+          @subnet_ids[@by_cidr[cidr_symbol]]
+        end
+
+        # Return a +Aws::EC2::Types::Subnet+ that matches the given tag.
+        def subnet_by_tag(tag_symbol)
+          @subnet_ids[@by_tag_name[tag_symbol]]
+        end
+
+        # Return a +Aws::EC2::Types::Subnet+ that matches the given subnet ID.
+        def subnet_by_id(subnet_id_symbol)
+          @subnet_ids[subnet_id_symbol]
+        end
+
+        # Check if a given string looks like a IPv4 CIDR.
+        def is_cidr?(subnet_id)
+          @ip_matcher.match(subnet_id)
+        end
+
+        # Check if the cache was already initialized or not.
+        def empty?
+          @subnet_ids.empty?
+        end
+
+        # Return the cache as a string.
+        def to_s
+          "by tag name: #{@by_tag_name}, by CIDR: #{@by_cidr}"
+        end
       end
 
-      def select_subnet_by_vpc_id(vpc_id)
-        res = ec2_client.describe_subnets({
-                                            filters: [{ name: 'vpc-id', values: [vpc_id] }]
-                                          })
-        res.subnets
+      # Try to locate a +Aws::EC2::Types::Subnet+ with a given subnet ID.
+      #
+      # A subnet ID might be multiple things, like the
+      # +Aws::EC2::Types::Subnet.subnet_id+, or a IPv4 CIDR or the value for the
+      # +Name+ tag associated with the subnet.
+      #
+      # Returns a instance of +Aws::EC2::Types::Subnet+ or +nil+.
+      def find_subnet(subnet_id)
+        cache = SubnetCache.instance
+
+        if cache.empty?
+          res = ec2_client.describe_subnets
+
+          res.subnets.each do |sub|
+            cache.add_by_cidr(sub.cidr_block, sub.subnet_id)
+            cache.add_subnet(sub)
+            next if sub.tags.empty?
+
+            sub.tags.each do |tag|
+              if tag[:key].eql?('Name')
+                cache.add_by_tag(tag[:value], sub.subnet_id)
+                break
+              end
+            end
+          end
+        end
+
+        id_key = subnet_id.to_sym
+        return cache.subnet_by_id(id_key) if subnet_id.start_with?('subnet-') && cache.has_subnet?(id_key)
+        return cache.subnet_by_cidr(id_key) if cache.is_cidr?(subnet_id) && cache.has_cidr?(id_key)
+        cache.subnet_by_tag(id_key)
       end
     end
+
+    # Search for the subnets associated with a given VPC ID.
+    #
+    # Returns an array of +Aws::EC2::Types::Subnet+ instances.
+    def select_subnet_by_vpc_id(vpc_id)
+      res = ec2_client.describe_subnets({
+                                          filters: [{ name: 'vpc-id', values: [vpc_id] }]
+                                        })
+      res.subnets
+    end
   end
 end

data/lib/awspec/matcher/belong_to_subnets.rb

@@ -0,0 +1,14 @@
+RSpec::Matchers.define :belong_to_subnets do |*subnets|
+  match do |nodegroup|
+    superset = Set.new(subnets)
+    nodegroup.subnets.subset?(superset)
+  end
+  failure_message { |nodegroup| super() + failure_reason(nodegroup) }
+  failure_message_when_negated { |nodegroup| super() + failure_reason(nodegroup) }
+end
+
+private
+
+def failure_reason(nodegroup)
+  ", but the nodes are allocated to the subnets #{nodegroup.subnets.to_a}"
+end

data/lib/awspec/matcher/have_metric_filter.rb

@@ -0,0 +1,9 @@
+RSpec::Matchers.define :have_metric_filter do |filter_name|
+  match do |log_group_name|
+    log_group_name.has_metric_filter?(filter_name, @pattern)
+  end
+
+  chain :filter_pattern do |pattern|
+    @pattern = pattern
+  end
+end

data/lib/awspec/matcher.rb

@@ -4,6 +4,9 @@ require 'awspec/matcher/belong_to_subnet'
 require 'awspec/matcher/have_tag'
 require 'awspec/matcher/have_network_interface'
 
+# EKS
+require 'awspec/matcher/belong_to_subnets'
+
 # RDS
 require 'awspec/matcher/belong_to_db_subnet_group'
 require 'awspec/matcher/have_db_parameter_group'
@@ -53,6 +56,7 @@ require 'awspec/matcher/have_rule'
 
 # CloudWatch Logs
 require 'awspec/matcher/have_subscription_filter'
+require 'awspec/matcher/have_metric_filter'
 
 # DynamoDB
 require 'awspec/matcher/have_attribute_definition'

data/lib/awspec/setup.rb

@@ -18,7 +18,7 @@ EOF
       dir = 'spec'
       if File.exist? dir
         unless File.directory? dir
-          $stderr.puts '!! #{dir} already exists and is not a directory'
+          $stderr.puts "!! #{dir} already exists and is not a directory"
         end
       else
         FileUtils.mkdir dir

data/lib/awspec/stub/cloudwatch_logs.rb

@@ -18,7 +18,8 @@ Aws.config[:cloudwatchlogs] = {
     describe_metric_filters: {
       metric_filters: [
         {
-          filter_name: 'my-cloudwatch-logs-metric-filter'
+          filter_name: 'my-cloudwatch-logs-metric-filter',
+          filter_pattern: '[date, error]'
         }
       ]
     },

data/lib/awspec/stub/eks_nodegroup.rb

@@ -9,8 +9,68 @@ Aws.config[:eks] = {
         nodegroup_arn: 'arn:aws:eks:us-west-2:012345678910:nodegroup/my-cluster/my-nodegroup/08bd000a',
         created_at: Time.parse('2018-10-28 00:23:32 -0400'),
         node_role: 'arn:aws:iam::012345678910:role/eks-nodegroup-role',
-        status: 'ACTIVE'
+        status: 'ACTIVE',
+        scaling_config: { min_size: 1, desired_size: 2, max_size: 3 }
       }
     }
   }
 }
+
+Aws.config[:ec2] = {
+  stub_responses: {
+    describe_instances: {
+      reservations: [
+        {
+          instances: [
+            {
+              instance_id: 'i-ec12345a',
+              image_id: 'ami-abc12def',
+              vpc_id: 'vpc-ab123cde',
+              subnet_id: 'subnet-1234a567',
+              public_ip_address: '123.0.456.789',
+              private_ip_address: '10.0.1.1',
+              instance_type: 't2.small',
+              state: {
+                name: 'running'
+              },
+              security_groups: [
+                {
+                  group_id: 'sg-1a2b3cd4',
+                  group_name: 'my-security-group-name'
+                }
+              ],
+              iam_instance_profile: {
+                arn: 'arn:aws:iam::123456789012:instance-profile/Ec2IamProfileName',
+                id: 'ABCDEFGHIJKLMNOPQRSTU'
+              },
+              block_device_mappings: [
+                {
+                  device_name: '/dev/sda',
+                  ebs: {
+                    volume_id: 'vol-123a123b'
+                  }
+                }
+              ],
+              network_interfaces: [
+                {
+                  network_interface_id: 'eni-12ab3cde',
+                  subnet_id: 'subnet-1234a567',
+                  vpc_id: 'vpc-ab123cde',
+                  attachment: {
+                    device_index: 1
+                  }
+                }
+              ],
+              tags: [
+                {
+                  key: 'Name',
+                  value: 'my-ec2'
+                }
+              ]
+            }
+          ]
+        }
+      ]
+    }
+  }
+}

data/lib/awspec/stub/elasticsearch.rb

@@ -1,4 +1,3 @@
-
 Aws.config[:elasticsearchservice] = {
   stub_responses: {
     list_domain_names: {

data/lib/awspec/stub/rds_db_parameter_group.rb

@@ -13,6 +13,14 @@ Aws.config[:rds] = {
         {
           parameter_name: 'max_allowed_packet',
           parameter_value: '16777216'
+        },
+        {
+          parameter_name: 'rds.logical_replication',
+          parameter_value: '1'
+        },
+        {
+          parameter_name: 'rds.accepted_password_auth_method',
+          parameter_value: 'md5+scram'
         }
       ]
     }

data/lib/awspec/stub/sns_topic.rb

@@ -1,26 +1,33 @@
+OWNER = '123456789'
+REGION = 'us-east-1'
+TOPIC_ARN = "arn:aws:sns:#{REGION}:#{OWNER}:foobar"
+DISPLAY_NAME = 'Useless'
+SUBSCRIBED = "arn:aws:sns:#{REGION}:#{OWNER}:Foobar:3dbf4999-b3e2-4345-bd11-c34c9784ecca"
+ENDPOINT = "arn:aws:lambda:#{REGION}:#{OWNER}:function:foobar"
+
 Aws.config[:sns] = {
   stub_responses: {
     get_topic_attributes: {
       attributes: {
         # rubocop:disable LineLength
-        'Policy'                  => '{\"Version\":\"2008-10-17\",\"Id\":\"__default_policy_ID\",\"Statement\":[{\"Sid\":\"__default_statement_ID\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Action\":[\"SNS:GetTopicAttributes\",\"SNS:SetTopicAttributes\",\"SNS:AddPermission\",\"SNS:RemovePermission\",\"SNS:DeleteTopic\",\"SNS:Subscribe\",\"SNS:ListSubscriptionsByTopic\",\"SNS:Publish\",\"SNS:Receive\"],\"Resource\":\"arn:aws:sns:us-east-1:123456789:foobar-lambda-sample\",\"Condition\":{\"StringEquals\":{\"AWS:SourceOwner\":\"123456789\"}}}]}',
-        'Owner'                   => '123456789',
+        'Policy'                  => "{\"Version\":\"2008-10-17\",\"Id\":\"__default_policy_ID\",\"Statement\":[{\"Sid\":\"__default_statement_ID\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Action\":[\"SNS:GetTopicAttributes\",\"SNS:SetTopicAttributes\",\"SNS:AddPermission\",\"SNS:RemovePermission\",\"SNS:DeleteTopic\",\"SNS:Subscribe\",\"SNS:ListSubscriptionsByTopic\",\"SNS:Publish\",\"SNS:Receive\"],\"Resource\":\"arn:aws:sns:#{REGION}:#{OWNER}:foobar-lambda-sample\",\"Condition\":{\"StringEquals\":{\"AWS:SourceOwner\":\"#{OWNER}\"}}}]}",
+        'Owner'                   => OWNER,
         'SubscriptionsPending'    => '0',
-        'TopicArn'                => 'arn:aws:sns:us-east-1:123456789:foobar',
+        'TopicArn'                => TOPIC_ARN,
         'EffectiveDeliveryPolicy' => '{\"http\":{\"defaultHealthyRetryPolicy\":{\"minDelayTarget\":20,\"maxDelayTarget\":20,\"numRetries\":3,\"numMaxDelayRetries\":0,\"numNoDelayRetries\":0,\"numMinDelayRetries\":0,\"backoffFunction\":\"linear\"},\"disableSubscriptionOverrides\":false}}',
         'SubscriptionsConfirmed'  => '1',
-        'DisplayName'             => 'Useless',
+        'DisplayName'             => DISPLAY_NAME,
         'SubscriptionsDeleted'    => '0'
       }
     },
     list_subscriptions_by_topic: {
       subscriptions: [
         {
-          subscription_arn: 'arn:aws:sns:us-east-1:123456789:Foobar:3dbf4999-b3e2-4345-bd11-c34c9784ecca',
-          owner: '123456789',
+          subscription_arn: SUBSCRIBED,
+          owner: OWNER,
           protocol: 'lambda',
-          endpoint: 'arn:aws:lambda:us-east-1:123456789:function:foobar',
-          topic_arn: 'arn:aws:sns:us-east-1:123456789:foobar'
+          endpoint: ENDPOINT,
+          topic_arn: TOPIC_ARN
         }
       ],
       next_token: nil

data/lib/awspec/stub/sns_topic_error.rb

@@ -0,0 +1,13 @@
+OWNER = '123456789'
+REGION = 'us-east-1'
+TOPIC_ARN = "arn:aws:sns:#{REGION}:#{OWNER}:invalid"
+TOPIC_SUBS_ARN = "arn:aws:sns:us-east-1:#{OWNER}:Foobar:3dbf4999-b3e2-4345-bd11-c34c9784ecca"
+
+Aws.config[:sns] = {
+  stub_responses: {
+    get_topic_attributes: Aws::SNS::Errors::NotFound.new(
+      TOPIC_ARN, 'no such topic'),
+    list_subscriptions_by_topic: Aws::SNS::Errors::NotFound.new(
+      TOPIC_SUBS_ARN, 'no such topic')
+  }
+}

data/lib/awspec/type/cloudwatch_logs.rb

@@ -13,9 +13,14 @@ module Awspec::Type
       return true if ret == stream_name
     end
 
-    def has_metric_filter?(filter_name)
-      ret = find_cloudwatch_logs_metric_fileter_by_log_group_name(@id, filter_name).filter_name
-      return true if ret == filter_name
+    def has_metric_filter?(filter_name, pattern = nil)
+      ret = find_cloudwatch_logs_metric_fileter_by_log_group_name(@id, filter_name)
+      if pattern.nil?
+        return true if ret.filter_name == filter_name
+      else
+        return false unless ret.filter_pattern == pattern
+      end
+      return true if ret.filter_name == filter_name
     end
 
     def has_subscription_filter?(filter_name, pattern = nil)

data/lib/awspec/type/eks_nodegroup.rb

@@ -1,10 +1,47 @@
+require 'set'
+
 module Awspec::Type
+  class EksNodeEC2
+    attr_reader :state, :subnet_id, :sec_groups
+
+    def initialize(id, state, subnet_id, sec_groups)
+      @id = id
+      @state = state
+      @subnet_id = subnet_id
+      @sec_groups = sec_groups
+    end
+
+    def to_s
+      "ID: #{@id}, State: #{@state}, Subnet ID: #{@subnet_id}, Security Groups: #{@sec_groups}"
+    end
+  end
+
+  class EksNodeSecGroup
+    attr_reader :name, :id
+
+    def initialize(id, name)
+      @id = id
+      @name = name
+    end
+
+    def to_s
+      "ID: #{@id}, Name: #{@name}"
+    end
+  end
+
   class EksNodegroup < ResourceBase
+    # the tags below are standard for EKS node groups instances
+    EKS_CLUSTER_TAG = 'tag:eks:cluster-name'
+    EKS_NODEGROUP_TAG = 'tag:eks:nodegroup-name'
+
     attr_accessor :cluster
 
     def initialize(group_name)
       super
       @group_name = group_name
+      @ec2_instances = []
+      @sec_groups = Set.new
+      @sec_groups_ids = Set.new
     end
 
     def resource_via_client
@@ -19,6 +56,39 @@ module Awspec::Type
       @cluster || 'default'
     end
 
+    def subnets
+      ec2_instances = find_nodes
+      Set.new(ec2_instances.map { |ec2| ec2.subnet_id })
+    end
+
+    def has_security_group?(sec_group)
+      if @sec_groups.empty? || @sec_groups_ids.empty?
+        ec2_instances = find_nodes
+
+        ec2_instances.each do |ec2|
+          ec2.sec_groups.each do |sg|
+            @sec_groups.add(sg.name)
+            @sec_groups_ids.add(sg.id)
+          end
+        end
+      end
+
+      @sec_groups.member?(sec_group) || @sec_groups_ids.member?(sec_group)
+    end
+
+    def ready?
+      min_expected = resource_via_client.scaling_config.min_size
+      ec2_instances = find_nodes
+      running_counter = 0
+
+      ec2_instances.each do |ec2|
+        running_counter += 1 if ec2.state.eql?('running')
+        break if running_counter == min_expected
+      end
+
+      running_counter >= min_expected
+    end
+
     STATES = %w(ACTIVE INACTIVE)
 
     STATES.each do |state|
@@ -26,5 +96,40 @@ module Awspec::Type
         resource_via_client.status == state
       end
     end
+
+    private
+
+    def find_nodes
+      return @ec2_instances unless @ec2_instances.empty?
+
+      result = ec2_client.describe_instances(
+        {
+          filters: [
+            { name: EKS_CLUSTER_TAG, values: [cluster] },
+            { name: EKS_NODEGROUP_TAG, values: [@group_name] }
+          ]
+        }
+      )
+      result.reservations.each do |reservation|
+        reservation.instances.each do |instance|
+          sec_groups = []
+
+          instance.security_groups.map do |sg|
+            sec_groups.push(EksNodeSecGroup.new(sg.group_id, sg.group_name))
+          end
+
+          @ec2_instances.push(
+            EksNodeEC2.new(
+              instance.instance_id,
+              instance.state.name,
+              instance.subnet_id,
+              sec_groups
+            )
+          )
+        end
+      end
+
+      @ec2_instances
+    end
   end
 end

data/lib/awspec/type/rds_db_parameter_group.rb

@@ -1,4 +1,39 @@
 module Awspec::Type
+  class InvalidRdsDbParameter < StandardError
+    ##
+    # Overrides the superclass initialize method to include more information
+    # and default error message.
+    # Expected parameters:
+    # - parameter_name: the name of the parameter.
+
+    def initialize(parameter_name)
+      @param_name = parameter_name
+      message = "There is no such parameter \"rds.#{parameter_name}\""
+      super message
+    end
+  end
+
+  class RdsDBParameters
+    ##
+    # Thanks to AWS for creating parameters names like
+    # 'rds.accepted_password_auth_method', which would be caught as method 'rds'
+    # by method_missing in RdsDbParameterGroup class, this class was created
+    # See https://github.com/k1LoW/awspec/issues/527 for more details
+    def initialize(params)
+      @params = params
+    end
+
+    def to_s
+      return "RdsDBParameters = #{@params}"
+    end
+
+    def method_missing(name)
+      param_name = name.to_sym
+      return @params[param_name] if @params.include?(param_name)
+      raise InvalidRdsDbParameter, name
+    end
+  end
+
   class RdsDbParameterGroup < ResourceBase
     def resource_via_client
       return @resource_via_client if @resource_via_client
@@ -11,11 +46,30 @@ module Awspec::Type
 
     def method_missing(name)
       param_name = name.to_s
+      return create_rds_params if param_name == 'rds'
+
       if resource_via_client.include?(param_name)
         resource_via_client[param_name].to_s
       else
         super
       end
     end
+
+    private
+
+    def create_rds_params
+      return @rds_params if @rds_params
+
+      rds_params_keys = resource_via_client.keys.select { |key| key.to_s.start_with?('rds.') }
+      rds_params = {}
+
+      rds_params_keys.each do |key|
+        new_key = key.split('.')[-1]
+        rds_params[new_key.to_sym] = resource_via_client[key]
+      end
+
+      @rds_params = RdsDBParameters.new(rds_params)
+      @rds_params
+    end
   end
 end

data/lib/awspec/type/s3_bucket.rb

@@ -108,8 +108,8 @@ module Awspec::Type
           if value.is_a?(Array)
             return false if r[key].map(&:to_h) != value
           end
-          true
         end
+        true
       end
     end
 

data/lib/awspec/version.rb

@@ -1,3 +1,3 @@
 module Awspec
-  VERSION = '1.24.2'
+  VERSION = '1.25.1'
 end