chef-metal-fog 0.5.4 → 0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d352005e584088b29def2a19cb7bb2ae8e582b52
-  data.tar.gz: 82a39220c895a4a62a92664e6377615090465f45
+  metadata.gz: b1fdb71aedeacd1389f9b204d2518a566cd129f8
+  data.tar.gz: 06a458753dad712619205ad5cccee51c8cbd00c3
 SHA512:
-  metadata.gz: eef339d4b7ee99b1538cfb0788448ea0dd514d06a8db6cb8b10cccd738fee1dbf2ff9251eb976ee448dfc282ef137243c46d8840bc4b32ffd96555ac86b7e884
-  data.tar.gz: 6b8019284fbb58cdd1d5dffda056d23a67ff8a34001d871b2a28f1bd5198e77faba71abfff8102c5be4eaf74adcbf69cb535d837eba815878206cd9e73be2848
+  metadata.gz: a3b39d661695873096fd28868f735e8d73266cc19b08e5ab646a092e0a8cee2dceebe4ab09aaf9c4f4de04248dafd42fc9bc5eba34d172480a2d5aec37e53329
+  data.tar.gz: 1e0f3e6766d5aa9da0b38a2f8e236764bea3de9b68c54b4d70d13188e29ef4da2f5dcf47e11ac0b6e863aea7478b7d598a154341cf758f271f062c1368e5f563

data/lib/chef/provider/fog_key_pair.rb

@@ -70,8 +70,19 @@ class Chef::Provider::FogKeyPair < Chef::Provider::LWRPBase
         # them matches.
         new_fingerprints = [Cheffish::KeyFormatter.encode(desired_key, :format => :fingerprint)]
         if RUBY_VERSION.to_f < 2.0
-          new_fingerprints << Cheffish::KeyFormatter.encode(desired_private_key,
-                                :format => :pkcs8sha1fingerprint)
+          if @@use_pkcs8.nil?
+            begin
+              require 'openssl_pkcs8'
+              @@use_pkcs8 = true
+            rescue LoadError
+              Chef::Log.warn("The openssl_pkcs8 gem is not loaded: you may not be able to read key fingerprints created by some cloud providers.  gem install openssl_pkcs8 to fix!")
+              @@use_pkcs8 = false
+            end
+          end
+          if @@use_pkcs8
+            new_fingerprints << Cheffish::KeyFormatter.encode(desired_private_key,
+                                  :format => :pkcs8sha1fingerprint)
+          end
         end
       end
 

data/lib/chef_metal_fog/fog_driver.rb

@@ -8,11 +8,9 @@ require 'chef_metal/convergence_strategy/install_cached'
 require 'chef_metal/convergence_strategy/no_converge'
 require 'chef_metal/transport/ssh'
 require 'chef_metal_fog/version'
-require 'chef_metal_fog/fog_driver_aws'
 require 'fog'
 require 'fog/core'
 require 'fog/compute'
-require 'fog/aws'
 require 'socket'
 require 'etc'
 require 'time'
@@ -25,14 +23,8 @@ module ChefMetalFog
   # ## Fog Driver URLs
   #
   # All Metal drivers use URLs to uniquely identify a driver's "bucket" of machines.
-  # Fog URLs are of the form fog:<provider>:<identifier>:
-  #
-  #   fog:AWS:<account_id>:<region>
-  #   fog:AWS:<profile_name>
-  #   fog:AWS:<profile_name>:<region>
-  #   fog:OpenStack:https://identityHost:portNumber/v2.0
-  #   fog:DigitalOcean:<client id>
-  #   fog:Rackspace:https://identity.api.rackspacecloud.com/v2.0
+  # Fog URLs are of the form fog:<provider>:<identifier:> - see individual providers
+  # for sample URLs.
   #
   # Identifier is generally something uniquely identifying the account.  If multiple
   # users can access the account, the identifier should be the same for all of
@@ -102,6 +94,31 @@ module ChefMetalFog
       :ssh_timeout => 20
     }
 
+    class << self
+      alias :__new__ :new
+
+      def inherited(klass)
+        class << klass
+          alias :new :__new__
+        end
+      end
+    end
+
+    @@registered_provider_classes = {}
+    def self.register_provider_class(name, driver)
+      @@registered_provider_classes[name] = driver
+    end
+
+    def self.provider_class_for(provider)
+      require "chef_metal_fog/providers/#{provider.downcase}"
+      @@registered_provider_classes[provider]
+    end
+
+    def self.new(driver_url, config)
+      provider = driver_url.split(':')[1]
+      provider_class_for(provider).new(driver_url, config)
+    end
+
     # Passed in a driver_url, and a config in the format of Driver.config.
     def self.from_url(driver_url, config)
       FogDriver.new(driver_url, config)
@@ -109,7 +126,7 @@ module ChefMetalFog
 
     def self.canonicalize_url(driver_url, config)
       _, provider, id = driver_url.split(':', 3)
-      config, id = compute_options_for(provider, id, config)
+      config, id = provider_class_for(provider).compute_options_for(provider, id, config)
       [ "fog:#{provider}:#{id}", config ]
     end
 
@@ -117,7 +134,7 @@ module ChefMetalFog
     # know what it is yet) but which has the same keys
     def self.from_provider(provider, config)
       # Figure out the options and merge them into the config
-      config, id = compute_options_for(provider, nil, config)
+      config, id = provider_class_for(provider).compute_options_for(provider, nil, config)
 
       driver_url = "fog:#{provider}:#{id}"
 
@@ -230,6 +247,10 @@ module ChefMetalFog
       machine_options[key] || DEFAULT_OPTIONS[key]
     end
 
+    def creator
+      raise "unsupported fog provider #{provider} (please implement #creator)"
+    end
+
     def create_server(action_handler, machine_spec, machine_options)
       if machine_spec.location
         if machine_spec.location['driver_url'] != driver_url
@@ -255,21 +276,13 @@ module ChefMetalFog
       server = nil
       action_handler.report_progress description
       if action_handler.should_perform_actions
-        creator = case provider
-          when 'AWS'
-            driver_options[:aws_account_info][:aws_username]
-          when 'OpenStack'
-            compute_options[:openstack_username]
-          when 'Rackspace'
-            compute_options[:rackspace_username]
-        end
         server = compute.servers.create(bootstrap_options)
         machine_spec.location = {
           'driver_url' => driver_url,
           'driver_version' => ChefMetalFog::VERSION,
           'server_id' => server.id,
           'creator' => creator,
-          'allocated_at' => Time.now.utc.to_s
+          'allocated_at' => Time.now.to_i
         }
         machine_spec.location['key_name'] = bootstrap_options[:key_name] if bootstrap_options[:key_name]
         %w(is_windows ssh_username sudo use_private_ip_for_ssh ssh_gateway).each do |key|
@@ -291,7 +304,7 @@ module ChefMetalFog
       if server.state == 'stopped'
         action_handler.perform_action "start machine #{machine_spec.name} (#{server.id} on #{driver_url})" do
           server.start
-          machine_spec.location['started_at'] = Time.now.utc.to_s
+          machine_spec.location['started_at'] = Time.now.to_i
         end
         machine_spec.save(action_handler)
       end
@@ -300,20 +313,28 @@ module ChefMetalFog
     def restart_server(action_handler, machine_spec, server)
       action_handler.perform_action "restart machine #{machine_spec.name} (#{server.id} on #{driver_url})" do
         server.reboot
-        machine_spec.location['started_at'] = Time.now.utc.to_s
+        machine_spec.location['started_at'] = Time.now.to_i
       end
       machine_spec.save(action_handler)
     end
 
     def remaining_wait_time(machine_spec, machine_options)
       if machine_spec.location['started_at']
-        timeout = option_for(machine_options, :start_timeout) - (Time.now.utc - Time.parse(machine_spec.location['started_at']))
+        timeout = option_for(machine_options, :start_timeout) - (Time.now.utc - parse_time(machine_spec.location['started_at']))
       else
-        timeout = option_for(machine_options, :create_timeout) - (Time.now.utc - Time.parse(machine_spec.location['allocated_at']))
+        timeout = option_for(machine_options, :create_timeout) - (Time.now.utc - parse_time(machine_spec.location['allocated_at']))
       end
       timeout > 0 ? timeout : 0.01
     end
 
+    def parse_time(value)
+      if value.is_a?(String)
+        Time.parse(value)
+      else
+        Time.at(value)
+      end
+    end
+
     def wait_until_ready(action_handler, machine_spec, machine_options, server)
       if !server.ready?
         if action_handler.should_perform_actions
@@ -418,9 +439,15 @@ module ChefMetalFog
 
     def bootstrap_options_for(action_handler, machine_spec, machine_options)
       bootstrap_options = symbolize_keys(machine_options[:bootstrap_options] || {})
-      if (provider == 'DigitalOcean' || provider == 'AWS') && !bootstrap_options[:key_name]
-        bootstrap_options[:key_name] = overwrite_default_key_willy_nilly(action_handler)
-      end
+
+      bootstrap_options[:tags]  = default_tags(machine_spec, bootstrap_options[:tags] || {})
+
+      bootstrap_options[:name] ||= machine_spec.name
+
+      bootstrap_options
+    end
+
+    def default_tags(machine_spec, bootstrap_tags = {})
       tags = {
           'Name' => machine_spec.name,
           'BootstrapId' => machine_spec.id,
@@ -428,36 +455,7 @@ module ChefMetalFog
           'BootstrapUser' => Etc.getlogin
       }
       # User-defined tags override the ones we set
-      tags.merge!(bootstrap_options[:tags]) if bootstrap_options[:tags]
-      bootstrap_options.merge!({ :tags => tags })
-
-      # Provide reasonable defaults for DigitalOcean
-      if provider == 'DigitalOcean'
-        if !bootstrap_options[:image_id]
-          bootstrap_options[:image_name] ||= 'CentOS 6.4 x32'
-          bootstrap_options[:image_id] = compute.images.select { |image| image.name == bootstrap_options[:image_name] }.first.id
-        end
-        if !bootstrap_options[:flavor_id]
-          bootstrap_options[:flavor_name] ||= '512MB'
-          bootstrap_options[:flavor_id] = compute.flavors.select { |flavor| flavor.name == bootstrap_options[:flavor_name] }.first.id
-        end
-        if !bootstrap_options[:region_id]
-          bootstrap_options[:region_name] ||= 'San Francisco 1'
-          bootstrap_options[:region_id] = compute.regions.select { |region| region.name == bootstrap_options[:region_name] }.first.id
-        end
-        found_key = compute.ssh_keys.select { |k| k.name == bootstrap_options[:key_name] }.first
-        if !found_key
-          raise "Could not find key named '#{bootstrap_options[:key_name]}' on #{driver_url}"
-        end
-        bootstrap_options[:ssh_key_ids] ||= [ found_key.id ]
-
-        # You don't get to specify name yourself
-        bootstrap_options[:name] = machine_spec.name
-      end
-
-      bootstrap_options[:name] ||= machine_spec.name
-
-      bootstrap_options
+      tags.merge(bootstrap_tags)
     end
 
     def machine_for(machine_spec, machine_options, server = nil)
@@ -503,6 +501,8 @@ module ChefMetalFog
         result[:key_data] = [ get_private_key(server.key_name) ]
       elsif machine_spec.location['key_name']
         result[:key_data] = [ get_private_key(machine_spec.location['key_name']) ]
+      elsif machine_options[:bootstrap_options][:key_path]
+        result[:key_data] = [ IO.read(machine_options[:bootstrap_options][:key_path]) ]
       elsif machine_options[:bootstrap_options][:key_name]
         result[:key_data] = [ get_private_key(machine_options[:bootstrap_options][:key_name]) ]
       else
@@ -512,14 +512,13 @@ module ChefMetalFog
       result
     end
 
+    def default_ssh_username
+      'root'
+    end
+
     def create_ssh_transport(machine_spec, machine_options, server)
       ssh_options = ssh_options_for(machine_spec, machine_options, server)
-      # If we're on AWS, the default is to use ubuntu, not root
-      if provider == 'AWS'
-        username = machine_spec.location['ssh_username'] || 'ubuntu'
-      else
-        username = machine_spec.location['ssh_username'] || 'root'
-      end
+      username = machine_spec.location['ssh_username'] || default_ssh_username
       if machine_options.has_key?(:ssh_username) && machine_options[:ssh_username] != machine_spec.location['ssh_username']
         Chef::Log.warn("Server #{machine_spec.name} was created with SSH username #{machine_spec.location['ssh_username']} and machine_options specifies username #{machine_options[:ssh_username]}.  Using #{machine_spec.location['ssh_username']}.  Please edit the node and change the metal.location.ssh_username attribute if you want to change it.")
       end
@@ -548,136 +547,7 @@ module ChefMetalFog
     end
 
     def self.compute_options_for(provider, id, config)
-      driver_options = config[:driver_options] || {}
-      compute_options = driver_options[:compute_options] || {}
-      new_compute_options = {}
-      new_compute_options[:provider] = provider
-      new_config = { :driver_options => { :compute_options => new_compute_options }}
-      new_defaults = {
-                       :driver_options => { :compute_options => {} },
-                       :machine_options => { :bootstrap_options => {} }
-                     }
-      result = Cheffish::MergedConfig.new(new_config, config, new_defaults)
-
-      # Get data from the identifier in the URL
-      if id && id != ''
-        case provider
-        when 'AWS'
-          # AWS canonical URLs are of the form fog:AWS:
-          if id =~ /^(\d{12})(:(.+))?$/
-            if $2
-              id = $1
-              new_compute_options[:region] = $3
-            else
-              Chef::Log.warn("Old-style AWS URL #{id} from an early beta of chef-metal (before 0.11-final) found. If you have servers in multiple regions on this account, you may see odd behavior like servers being recreated. To fix, edit any nodes with attribute metal.location.driver_url to include the region like so: fog:AWS:#{id}:<region> (e.g. us-east-1)")
-            end
-          else
-            # Assume it is a profile name, and set that.
-            aws_profile, region = id.split(':', 2)
-            new_config[:driver_options][:aws_profile] = aws_profile
-            new_compute_options[:region] = region
-            id = nil
-          end
-        when 'DigitalOcean'
-          new_compute_options[:digitalocean_client_id] = id
-        when 'OpenStack'
-          new_compute_options[:openstack_auth_url] = id
-        when 'Rackspace'
-          new_compute_options[:rackspace_auth_url] = id
-        when 'CloudStack'
-          cloudstack_uri = URI.parse(id)
-          new_compute_options[:cloudstack_scheme] = cloudstack_uri.scheme
-          new_compute_options[:cloudstack_host]   = cloudstack_uri.host
-          new_compute_options[:cloudstack_port]   = cloudstack_uri.port
-          new_compute_options[:cloudstack_path]   = cloudstack_uri.path
-        else
-          raise "unsupported fog provider #{provider}"
-        end
-      end
-
-      # Set auth info from environment
-      case provider
-      when 'AWS'
-        # Grab the profile
-        aws_profile = FogDriverAWS.get_aws_profile(result[:driver_options], id)
-        new_compute_options[:aws_access_key_id] = aws_profile[:aws_access_key_id]
-        new_compute_options[:aws_secret_access_key] = aws_profile[:aws_secret_access_key]
-        new_compute_options[:aws_session_token] = aws_profile[:aws_security_token]
-        new_defaults[:driver_options][:compute_options][:region] = aws_profile[:region]
-      when 'OpenStack'
-        # TODO it is supposed to be unnecessary to load credentials from fog this way;
-        # why are we doing it?
-        # TODO support http://docs.openstack.org/cli-reference/content/cli_openrc.html
-        credential = Fog.credentials
-
-        new_compute_options[:openstack_username] ||= credential[:openstack_username]
-        new_compute_options[:openstack_api_key] ||= credential[:openstack_api_key]
-        new_compute_options[:openstack_auth_url] ||= credential[:openstack_auth_url]
-        new_compute_options[:openstack_tenant] ||= credential[:openstack_tenant]
-      when 'Rackspace'
-        credential = Fog.credentials
-
-        new_compute_options[:rackspace_username] ||= credential[:rackspace_username]
-        new_compute_options[:rackspace_api_key] ||= credential[:rackspace_api_key]
-        new_compute_options[:rackspace_auth_url] ||= credential[:rackspace_auth_url]
-        new_compute_options[:rackspace_region] ||= credential[:rackspace_region]
-        new_compute_options[:rackspace_endpoint] ||= credential[:rackspace_endpoint]
-        new_compute_options[:rackspace_compute_url] ||= credential[:rackspace_compute_url]
-      when 'DigitalOcean'
-        # This uses ~/.tugboat, generated by "tugboat authorize" - see https://github.com/pearkes/tugboat
-        tugboat_file = File.expand_path('~/.tugboat')
-        if File.exist?(tugboat_file)
-          tugboat_data = YAML.load(IO.read(tugboat_file))
-          new_compute_options.merge!(
-            :digitalocean_client_id => tugboat_data['authentication']['client_key'],
-            :digitalocean_api_key => tugboat_data['authentication']['api_key']
-          )
-          new_defaults[:machine_options].merge!(
-            #:ssh_username => tugboat_data['ssh']['ssh_user'],
-            :ssh_options => {
-              :port => tugboat_data['ssh']['ssh_port'],
-              # TODO we ignore ssh_key_path in favor of ssh_key / key_name stuff
-              #:key_data => [ IO.read(tugboat_data['ssh']['ssh_key_path']) ] # TODO use paths, not data?
-            }
-          )
-
-          # TODO verify that the key_name exists and matches the ssh key path
-
-          new_defaults[:machine_options][:bootstrap_options].merge!(
-            :region_id => tugboat_data['defaults']['region'].to_i,
-            :image_id => tugboat_data['defaults']['image'].to_i,
-            :size_id => tugboat_data['defaults']['region'].to_i,
-            :private_networking => tugboat_data['defaults']['private_networking'] == 'true',
-            :backups_enabled => tugboat_data['defaults']['backups_enabled'] == 'true',
-          )
-          ssh_key = tugboat_data['defaults']['ssh_key']
-          if ssh_key && ssh_key.size > 0
-            new_defaults[:machine_options][:bootstrap_options][:key_name] = ssh_key
-          end
-        end
-      end
-
-      id = case provider
-        when 'AWS'
-          account_info = FogDriverAWS.aws_account_info_for(result[:driver_options][:compute_options])
-          new_config[:driver_options][:aws_account_info] = account_info
-          "#{account_info[:aws_account_id]}:#{result[:driver_options][:compute_options][:region]}"
-        when 'DigitalOcean'
-          result[:driver_options][:compute_options][:digitalocean_client_id]
-        when 'OpenStack'
-          result[:driver_options][:compute_options][:openstack_auth_url]
-        when 'Rackspace'
-          result[:driver_options][:compute_options][:rackspace_auth_url]
-        when 'CloudStack'
-          host   = result[:driver_options][:compute_options][:cloudstack_host]
-          path   = result[:driver_options][:compute_options][:cloudstack_path]    || '/client/api'
-          port   = result[:driver_options][:compute_options][:cloudstack_port]    || 443
-          scheme = result[:driver_options][:compute_options][:cloudstack_scheme]  || 'https'
-
-          URI.scheme_list[scheme.upcase].build(:host => host, :port => port, :path => path).to_s
-        end
-
-      [ result, id ]
+      raise "unsupported fog provider #{provider}"
     end
   end
 end

data/lib/chef_metal_fog/providers/aws/credentials.rb

@@ -0,0 +1,71 @@
+require 'inifile'
+require 'csv'
+
+module ChefMetalFog
+  module Providers
+    class AWS
+      # Reads in a credentials file in Amazon's download format and presents the credentials to you
+      class Credentials
+        def initialize
+          @credentials = {}
+        end
+
+        include Enumerable
+
+        def default
+          @credentials[ENV['AWS_DEFAULT_PROFILE'] || 'default'] || @credentials.first[1]
+        end
+
+        def keys
+          @credentials.keys
+        end
+
+        def [](name)
+          @credentials[name]
+        end
+
+        def each(&block)
+          @credentials.each(&block)
+        end
+
+        def load_ini(credentials_ini_file)
+          inifile = IniFile.load(File.expand_path(credentials_ini_file))
+          inifile.each_section do |section|
+            if section =~ /^\s*profile\s+(.+)$/ || section =~ /^\s*(default)\s*/
+              profile_name = $1.strip
+              profile = inifile[section].inject({}) do |result, pair|
+                result[pair[0].to_sym] = pair[1]
+                result
+              end
+              profile[:name] = profile_name
+              @credentials[profile_name] = profile
+            end
+          end
+        end
+
+        def load_csv(credentials_csv_file)
+          CSV.new(File.open(credentials_csv_file), :headers => :first_row).each do |row|
+            @credentials[row['User Name']] = {
+              :name => row['User Name'],
+              :user_name => row['User Name'],
+              :aws_access_key_id => row['Access Key Id'],
+              :aws_secret_access_key => row['Secret Access Key']
+            }
+          end
+        end
+
+        def load_default
+          load_ini(ENV['AWS_CONFIG_FILE'] || File.expand_path('~/.aws/config'))
+        end
+
+        def self.method_missing(name, *args, &block)
+          singleton.send(name, *args, &block)
+        end
+
+        def self.singleton
+          @aws_credentials ||= Credentials.new
+        end
+      end
+    end
+  end
+end

data/lib/chef_metal_fog/providers/aws.rb

@@ -0,0 +1,214 @@
+require 'chef/log'
+require 'fog/aws'
+
+#   fog:AWS:<account_id>:<region>
+#   fog:AWS:<profile_name>
+#   fog:AWS:<profile_name>:<region>
+module ChefMetalFog
+  module Providers
+    class AWS < ChefMetalFog::FogDriver
+
+      require_relative 'aws/credentials'
+
+      ChefMetalFog::FogDriver.register_provider_class('AWS', ChefMetalFog::Providers::AWS)
+
+      def creator
+        driver_options[:aws_account_info][:aws_username]
+      end
+
+      def default_ssh_username
+        'ubuntu'
+      end
+
+      def bootstrap_options_for(action_handler, machine_spec, machine_options)
+        bootstrap_options = symbolize_keys(machine_options[:bootstrap_options] || {})
+
+        unless !bootstrap_options[:key_name]
+          bootstrap_options[:key_name] = overwrite_default_key_willy_nilly(action_handler)
+        end
+
+        bootstrap_options[:tags]  = default_tags(machine_spec, bootstrap_options[:tags] || {})
+
+        bootstrap_options[:name] ||= machine_spec.name
+
+        bootstrap_options
+      end
+
+      def self.get_aws_profile(driver_options, aws_account_id)
+        aws_credentials = get_aws_credentials(driver_options)
+        compute_options = driver_options[:compute_options] || {}
+
+        # Order of operations:
+        # compute_options[:aws_access_key_id] / compute_options[:aws_secret_access_key] / compute_options[:aws_security_token] / compute_options[:region]
+        # compute_options[:aws_profile]
+        # ENV['AWS_ACCESS_KEY_ID'] / ENV['AWS_SECRET_ACCESS_KEY'] / ENV['AWS_SECURITY_TOKEN'] / ENV['AWS_REGION']
+        # ENV['AWS_PROFILE']
+        # ENV['DEFAULT_PROFILE']
+        # 'default'
+        aws_profile = if compute_options[:aws_access_key_id]
+            Chef::Log.debug("Using AWS driver access key options")
+            {
+              :aws_access_key_id => compute_options[:aws_access_key_id],
+              :aws_secret_access_key => compute_options[:aws_secret_access_key],
+              :aws_security_token => compute_options[:aws_session_token],
+              :region => compute_options[:region]
+            }
+          elsif driver_options[:aws_profile]
+            Chef::Log.debug("Using AWS profile #{driver_options[:aws_profile]}")
+            aws_credentials[driver_options[:aws_profile]]
+          elsif ENV['AWS_ACCESS_KEY_ID']
+            Chef::Log.debug("Using AWS environment variable access keys")
+            {
+              :aws_access_key_id => ENV['AWS_ACCESS_KEY_ID'],
+              :aws_secret_access_key => ENV['AWS_SECRET_ACCESS_KEY'],
+              :aws_security_token => ENV['AWS_SECURITY_TOKEN'],
+              :region => ENV['AWS_REGION']
+            }
+          elsif ENV['AWS_PROFILE']
+            Chef::Log.debug("Using AWS profile #{ENV['AWS_PROFILE']} from AWS_PROFILE environment variable")
+            aws_credentials[ENV['AWS_PROFILE']]
+          else
+            Chef::Log.debug("Using AWS default profile")
+            aws_credentials.default
+          end
+
+        # Merge in account info for profile
+        if aws_profile
+          aws_profile = aws_profile.merge(aws_account_info_for(aws_profile))
+        end
+
+        # If no profile is found (or the profile is not the right account), search
+        # for a profile that matches the given account ID
+        if aws_account_id && (!aws_profile || aws_profile[:aws_account_id] != aws_account_id)
+          aws_profile = find_aws_profile_for_account_id(aws_credentials, aws_account_id)
+        end
+
+        if !aws_profile
+          raise "No AWS profile specified!  Are you missing something in the Chef config or ~/.aws/config?"
+        end
+
+        aws_profile.delete_if { |key, value| value.nil? }
+        aws_profile
+      end
+
+      def self.find_aws_profile_for_account_id(aws_credentials, aws_account_id)
+        aws_profile = nil
+        aws_credentials.each do |profile_name, profile|
+          begin
+            aws_account_info = aws_account_info_for(profile)
+          rescue
+            Chef::Log.warn("Could not connect to AWS profile #{aws_credentials[:name]}: #{$!}")
+            Chef::Log.debug($!.backtrace.join("\n"))
+            next
+          end
+          if aws_account_info[:aws_account_id] == aws_account_id
+            aws_profile = profile
+            aws_profile[:name] = profile_name
+            aws_profile = aws_profile.merge(aws_account_info)
+            break
+          end
+        end
+        if aws_profile
+          Chef::Log.info("Discovered AWS profile #{aws_profile[:name]} pointing at account #{aws_account_id}.  Using ...")
+        else
+          raise "No AWS profile leads to account ##{aws_account_id}.  Do you need to add profiles to ~/.aws/config?"
+        end
+        aws_profile
+      end
+
+      def self.aws_account_info_for(aws_profile)
+        @@aws_account_info ||= {}
+        @@aws_account_info[aws_profile[:aws_access_key_id]] ||= begin
+          options = {
+            :aws_access_key_id => aws_profile[:aws_access_key_id],
+            :aws_secret_access_key => aws_profile[:aws_secret_access_key],
+            :aws_session_token => aws_profile[:aws_security_token]
+          }
+          options.delete_if { |key, value| value.nil? }
+
+          iam = Fog::AWS::IAM.new(options)
+          arn = begin
+                  # TODO it would be nice if Fog let you do this normally ...
+                  iam.send(:request, {
+                    'Action'    => 'GetUser',
+                    :parser     => Fog::Parsers::AWS::IAM::GetUser.new
+                  }).body['User']['Arn']
+                rescue Fog::AWS::IAM::Error
+                  # TODO Someone tell me there is a better way to find out your current
+                  # user ID than this!  This is what happens when you use an IAM user
+                  # with default privileges.
+                  if $!.message =~ /AccessDenied.+(arn:aws:iam::\d+:\S+)/
+                    arn = $1
+                  else
+                    raise
+                  end
+                end
+          arn_split = arn.split(':', 6)
+          {
+            :aws_account_id => arn_split[4],
+            :aws_username => arn_split[5],
+            :aws_user_arn => arn
+          }
+        end
+      end
+
+      def self.get_aws_credentials(driver_options)
+        # Grab the list of possible credentials
+        if driver_options[:aws_credentials]
+          aws_credentials = driver_options[:aws_credentials]
+        else
+          aws_credentials = Credentials.new
+          if driver_options[:aws_config_file]
+            aws_credentials.load_ini(driver_options.delete(:aws_config_file))
+          elsif driver_options[:aws_csv_file]
+            aws_credentials.load_csv(driver_options.delete(:aws_csv_file))
+          else
+            aws_credentials.load_default
+          end
+        end
+        aws_credentials
+      end
+
+      def self.compute_options_for(provider, id, config)
+        new_compute_options = {}
+        new_compute_options[:provider] = provider
+        new_config = { :driver_options => { :compute_options => new_compute_options }}
+        new_defaults = {
+          :driver_options => { :compute_options => {} },
+          :machine_options => { :bootstrap_options => {} }
+        }
+        result = Cheffish::MergedConfig.new(new_config, config, new_defaults)
+
+        if id && id != ''
+          # AWS canonical URLs are of the form fog:AWS:
+          if id =~ /^(\d{12})(:(.+))?$/
+            if $2
+              id = $1
+              new_compute_options[:region] = $3
+            else
+              Chef::Log.warn("Old-style AWS URL #{id} from an early beta of chef-metal (before 0.11-final) found. If you have servers in multiple regions on this account, you may see odd behavior like servers being recreated. To fix, edit any nodes with attribute metal.location.driver_url to include the region like so: fog:AWS:#{id}:<region> (e.g. us-east-1)")
+            end
+          else
+            # Assume it is a profile name, and set that.
+            aws_profile, region = id.split(':', 2)
+            new_config[:driver_options][:aws_profile] = aws_profile
+            new_compute_options[:region] = region
+            id = nil
+          end
+        end
+
+        aws_profile = get_aws_profile(result[:driver_options], id)
+        new_compute_options[:aws_access_key_id] = aws_profile[:aws_access_key_id]
+        new_compute_options[:aws_secret_access_key] = aws_profile[:aws_secret_access_key]
+        new_compute_options[:aws_session_token] = aws_profile[:aws_security_token]
+        new_defaults[:driver_options][:compute_options][:region] = aws_profile[:region]
+
+        account_info = aws_account_info_for(result[:driver_options][:compute_options])
+        new_config[:driver_options][:aws_account_info] = account_info
+        id = "#{account_info[:aws_account_id]}:#{result[:driver_options][:compute_options][:region]}"
+
+        [result, id]
+      end
+    end
+  end
+end

data/lib/chef_metal_fog/providers/cloudstack.rb

@@ -0,0 +1,36 @@
+module ChefMetalFog
+  module Providers
+    class CloudStack < ChefMetalFog::FogDriver
+
+      ChefMetalFog::FogDriver.register_provider_class('CloudStack', ChefMetalFog::Providers::CloudStack)
+
+      def self.compute_options_for(provider, id, config)
+        new_compute_options = {}
+        new_compute_options[:provider] = provider
+        new_config = { :driver_options => { :compute_options => new_compute_options }}
+        new_defaults = {
+          :driver_options => { :compute_options => {} },
+          :machine_options => { :bootstrap_options => {} }
+        }
+        result = Cheffish::MergedConfig.new(new_config, config, new_defaults)
+
+        if id && id != ''
+          cloudstack_uri = URI.parse(id)
+          new_compute_options[:cloudstack_scheme] = cloudstack_uri.scheme
+          new_compute_options[:cloudstack_host]   = cloudstack_uri.host
+          new_compute_options[:cloudstack_port]   = cloudstack_uri.port
+          new_compute_options[:cloudstack_path]   = cloudstack_uri.path
+        end
+
+        host   = result[:driver_options][:compute_options][:cloudstack_host]
+        path   = result[:driver_options][:compute_options][:cloudstack_path]    || '/client/api'
+        port   = result[:driver_options][:compute_options][:cloudstack_port]    || 443
+        scheme = result[:driver_options][:compute_options][:cloudstack_scheme]  || 'https'
+        id = URI.scheme_list[scheme.upcase].build(:host => host, :port => port, :path => path).to_s
+
+        [result, id]
+      end
+
+    end
+  end
+end

data/lib/chef_metal_fog/providers/digitalocean.rb

@@ -0,0 +1,106 @@
+#   fog:DigitalOcean:<client id>
+module ChefMetalFog
+  module Providers
+    class DigitalOcean < ChefMetalFog::FogDriver
+      ChefMetalFog::FogDriver.register_provider_class('DigitalOcean', ChefMetalFog::Providers::DigitalOcean)
+
+      def creator
+        ''
+      end
+
+      def bootstrap_options_for(action_handler, machine_spec, machine_options)
+        bootstrap_options = symbolize_keys(machine_options[:bootstrap_options] || {})
+        if bootstrap_options[:key_path]
+          bootstrap_options[:key_name] ||= File.basename(bootstrap_options[:key_path])
+          # Verify that the provided key name and path are in line (or create the key pair if not!)
+          driver = self
+          ChefMetal.inline_resource(action_handler) do
+            fog_key_pair bootstrap_options[:key_name] do
+              private_key_path bootstrap_options[:key_path]
+              driver driver
+            end
+          end
+        else
+          bootstrap_options[:key_name] = overwrite_default_key_willy_nilly(action_handler)
+        end
+
+        bootstrap_options[:tags]  = default_tags(machine_spec, bootstrap_options[:tags] || {})
+
+        if !bootstrap_options[:image_id]
+          bootstrap_options[:image_name] ||= 'CentOS 6.4 x32'
+          bootstrap_options[:image_id] = compute.images.select { |image| image.name == bootstrap_options[:image_name] }.first.id
+        end
+        if !bootstrap_options[:flavor_id]
+          bootstrap_options[:flavor_name] ||= '512MB'
+          bootstrap_options[:flavor_id] = compute.flavors.select { |flavor| flavor.name == bootstrap_options[:flavor_name] }.first.id
+        end
+        if !bootstrap_options[:region_id]
+          bootstrap_options[:region_name] ||= 'San Francisco 1'
+          bootstrap_options[:region_id] = compute.regions.select { |region| region.name == bootstrap_options[:region_name] }.first.id
+        end
+        found_key = compute.ssh_keys.select { |k| k.name == bootstrap_options[:key_name] }.first
+        if !found_key
+          raise "Could not find key named '#{bootstrap_options[:key_name]}' on #{driver_url}"
+        end
+        bootstrap_options[:ssh_key_ids] ||= [ found_key.id ]
+
+        # You don't get to specify name yourself
+        bootstrap_options[:name] = machine_spec.name
+
+        bootstrap_options
+      end
+
+      def self.compute_options_for(provider, id, config)
+        new_compute_options = {}
+        new_compute_options[:provider] = provider
+        new_config = { :driver_options => { :compute_options => new_compute_options }}
+        new_defaults = {
+          :driver_options => { :compute_options => {} },
+          :machine_options => { :bootstrap_options => {} }
+        }
+        result = Cheffish::MergedConfig.new(new_config, config, new_defaults)
+
+        new_compute_options[:digitalocean_client_id] = id if (id && id != '')
+
+        # This uses ~/.tugboat, generated by "tugboat authorize" - see https://github.com/pearkes/tugboat
+        tugboat_file = File.expand_path('~/.tugboat')
+        if File.exist?(tugboat_file)
+          tugboat_data = YAML.load(IO.read(tugboat_file))
+          new_compute_options.merge!(
+            :digitalocean_client_id => tugboat_data['authentication']['client_key'],
+            :digitalocean_api_key => tugboat_data['authentication']['api_key']
+          )
+          new_defaults[:machine_options].merge!(
+            #:ssh_username => tugboat_data['ssh']['ssh_user'],
+            :ssh_options => {
+              :port => tugboat_data['ssh']['ssh_port'],
+              # TODO we ignore ssh_key_path in favor of ssh_key / key_name stuff
+              #:key_data => [ IO.read(tugboat_data['ssh']['ssh_key_path']) ] # TODO use paths, not data?
+            }
+          )
+
+          # TODO verify that the key_name exists and matches the ssh key path
+
+          new_defaults[:machine_options][:bootstrap_options].merge!(
+            :region_id => tugboat_data['defaults']['region'].to_i,
+            :image_id => tugboat_data['defaults']['image'].to_i,
+            :size_id => tugboat_data['defaults']['region'].to_i,
+            :private_networking => tugboat_data['defaults']['private_networking'] == 'true',
+            :backups_enabled => tugboat_data['defaults']['backups_enabled'] == 'true',
+          )
+          if tugboat_data['ssh']['ssh_key_path']
+            new_defaults[:machine_options][:bootstrap_options][:key_path] = tugboat_data['ssh']['ssh_key_path']
+          end
+          ssh_key = tugboat_data['defaults']['ssh_key']
+          if ssh_key && ssh_key.size > 0
+            new_defaults[:machine_options][:bootstrap_options][:key_name] = ssh_key
+          end
+        end
+        id = result[:driver_options][:compute_options][:digitalocean_client_id]
+
+        [result, id]
+      end
+
+    end
+  end
+end

data/lib/chef_metal_fog/providers/openstack.rb

@@ -0,0 +1,37 @@
+# fog:OpenStack:https://identifyhost:portNumber/v2.0
+module ChefMetalFog
+  module Providers
+    class OpenStack < ChefMetalFog::FogDriver
+
+      ChefMetalFog::FogDriver.register_provider_class('OpenStack', ChefMetalFog::Providers::OpenStack)
+
+      def creator
+        compute_options[:openstack_username]
+      end
+
+      def self.compute_options_for(provider, id, config)
+        new_compute_options = {}
+        new_compute_options[:provider] = provider
+        new_config = { :driver_options => { :compute_options => new_compute_options }}
+        new_defaults = {
+          :driver_options => { :compute_options => {} },
+          :machine_options => { :bootstrap_options => {} }
+        }
+        result = Cheffish::MergedConfig.new(new_config, config, new_defaults)
+
+        new_compute_options[:openstack_auth_url] = id if (id && id != '')
+        credential = Fog.credentials
+
+        new_compute_options[:openstack_username] ||= credential[:openstack_username]
+        new_compute_options[:openstack_api_key] ||= credential[:openstack_api_key]
+        new_compute_options[:openstack_auth_url] ||= credential[:openstack_auth_url]
+        new_compute_options[:openstack_tenant] ||= credential[:openstack_tenant]
+
+        id = result[:driver_options][:compute_options][:openstack_auth_url]
+
+        [result, id]
+      end
+
+    end
+  end
+end

data/lib/chef_metal_fog/providers/rackspace.rb

@@ -0,0 +1,38 @@
+# fog:Rackspace:https://identity.api.rackspacecloud.com/v2.0
+module ChefMetalFog
+  module Providers
+    class Rackspace < ChefMetalFog::FogDriver
+
+      ChefMetalFog::FogDriver.register_provider_class('Rackspace', ChefMetalFog::Providers::Rackspace)
+
+      def creator
+        compute_options[:rackspace_username]
+      end
+
+      def self.compute_options_for(provider, id, config)
+        new_compute_options = {}
+        new_compute_options[:provider] = provider
+        new_config = { :driver_options => { :compute_options => new_compute_options }}
+        new_defaults = {
+          :driver_options => { :compute_options => {} },
+          :machine_options => { :bootstrap_options => {} }
+        }
+        result = Cheffish::MergedConfig.new(new_config, config, new_defaults)
+
+        new_compute_options[:rackspace_auth_url] = id if (id && id != '')
+        credential = Fog.credentials
+
+        new_compute_options[:rackspace_username] ||= credential[:rackspace_username]
+        new_compute_options[:rackspace_api_key] ||= credential[:rackspace_api_key]
+        new_compute_options[:rackspace_auth_url] ||= credential[:rackspace_auth_url]
+        new_compute_options[:rackspace_region] ||= credential[:rackspace_region]
+        new_compute_options[:rackspace_endpoint] ||= credential[:rackspace_endpoint]
+
+        id = result[:driver_options][:compute_options][:rackspace_auth_url]
+
+        [result, id]
+      end
+
+    end
+  end
+end

data/lib/chef_metal_fog/version.rb

@@ -1,3 +1,3 @@
 module ChefMetalFog
-  VERSION = '0.5.4'
+  VERSION = '0.6'
 end

data/spec/spec_helper.rb

@@ -0,0 +1,18 @@
+$:.unshift File.expand_path('../../lib', __FILE__)
+$:.unshift File.expand_path('../support', __FILE__)
+require 'fog'
+require 'chef_metal'
+require 'chef_metal_fog'
+
+RSpec.configure do |config|
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = 'random'
+end
+
+Fog.mock!

data/spec/support/aws/config-file.csv

@@ -0,0 +1,2 @@
+User Name,Access Key Id,Secret Access Key
+test,12345,abcde

data/spec/support/aws/ini-file.ini

@@ -0,0 +1,7 @@
+[default]
+  aws_access_key_id = 12345
+  aws_secret_access_key = abcde
+
+[profile test]
+  aws_access_key_id = foobar
+  aws_secret_access_key = canteloupe

data/spec/support/chef_metal_fog/providers/testdriver.rb

@@ -0,0 +1,14 @@
+module ChefMetalFog::Providers
+  class TestDriver < ChefMetalFog::FogDriver
+    ChefMetalFog::FogDriver.register_provider_class('TestDriver', ChefMetalFog::Providers::TestDriver)
+
+    attr_reader :config
+    def initialize(driver_url, config)
+      super
+    end
+
+    def self.compute_options_for(provider, id, config)
+      [config, 'test']
+    end
+  end
+end

data/spec/unit/fog_driver_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+require 'chef_metal_fog/fog_driver'
+
+describe ChefMetalFog::FogDriver do
+
+  describe ".from_url" do
+    subject { ChefMetalFog::FogDriver.from_provider('TestDriver', {}) }
+
+    it "should return the correct class" do
+      expect(subject).to be_an_instance_of ChefMetalFog::Providers::TestDriver
+    end
+
+    it "should call the target compute_options_for" do
+      expect(ChefMetalFog::Providers::TestDriver).to receive(:compute_options_for)
+        .with('TestDriver', anything, {}).and_return([{}, 'test']).twice
+      subject
+    end
+
+  end
+
+  describe "when creating a new class" do
+    it "should return the correct class" do
+      test = ChefMetalFog::FogDriver.new('fog:TestDriver:foo', {})
+      expect(test).to be_an_instance_of ChefMetalFog::Providers::TestDriver
+    end
+
+    it "should populate config" do
+      test = ChefMetalFog::FogDriver.new('fog:TestDriver:foo', {test: "metal"})
+      expect(test.config[:test]).to eq "metal"
+    end
+  end
+end

data/spec/unit/providers/aws/credentials_spec.rb

@@ -0,0 +1,42 @@
+require 'chef_metal_fog/providers/aws/credentials'
+
+describe ChefMetalFog::Providers::AWS::Credentials do
+  describe "#load_ini" do
+    let(:aws_credentials_ini_file) { File.join(File.expand_path('../../../../support', __FILE__), 'aws/ini-file.ini') }
+
+    before do
+      described_class.load_ini(aws_credentials_ini_file)
+    end
+
+    it "should load a default profile" do
+      expect(described_class['default']).to include(:aws_access_key_id)
+    end
+
+    it "should load the correct values" do
+      expect(described_class['default'][:aws_access_key_id]).to eq "12345"
+    end
+
+    it "should load several profiles" do
+      expect(described_class.keys.length).to eq 2
+    end
+  end
+
+  describe "#load_csv" do
+    let(:aws_credentials_csv_file) { File.join(File.expand_path('../../../../support', __FILE__), 'aws/config-file.csv') }
+    before do
+      described_class.load_csv(aws_credentials_csv_file)
+    end
+
+    it "should load a single profile" do
+      expect(described_class['default']).to include(:aws_access_key_id)
+    end
+
+    it "should load the correct values" do
+      expect(described_class['default'][:aws_access_key_id]).to eq "12345"
+    end
+
+    it "should load several profiles" do
+      expect(described_class.keys.length).to eq 2
+    end
+  end
+end

data/spec/unit/providers/rackspace_spec.rb

@@ -0,0 +1,16 @@
+require 'chef_metal_fog/fog_driver'
+require 'chef_metal_fog/providers/rackspace'
+
+describe ChefMetalFog::Providers::Rackspace do
+  subject { ChefMetalFog::FogDriver.from_provider('Rackspace',{}) }
+
+  it "returns the correct driver" do
+    expect(subject).to be_an_instance_of ChefMetalFog::Providers::Rackspace
+  end
+
+  it "has a fog backend" do
+    pending unless Fog.mock?
+    expect(subject.compute).to be_an_instance_of Fog::Compute::RackspaceV2::Mock
+  end
+
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-metal-fog
 version: !ruby/object:Gem::Version
-  version: 0.5.4
+  version: '0.6'
 platform: ruby
 authors:
 - John Keiser
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-06-10 00:00:00.000000000 Z
+date: 2014-06-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0.4'
+- !ruby/object:Gem::Dependency
+  name: chef-metal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
 - !ruby/object:Gem::Dependency
   name: fog
   requirement: !ruby/object:Gem::Requirement
@@ -95,11 +109,22 @@ files:
 - lib/chef/resource/fog_key_pair.rb
 - lib/chef_metal/driver_init/fog.rb
 - lib/chef_metal_fog.rb
-- lib/chef_metal_fog/aws_credentials.rb
 - lib/chef_metal_fog/fog_driver.rb
-- lib/chef_metal_fog/fog_driver_aws.rb
+- lib/chef_metal_fog/providers/aws.rb
+- lib/chef_metal_fog/providers/aws/credentials.rb
+- lib/chef_metal_fog/providers/cloudstack.rb
+- lib/chef_metal_fog/providers/digitalocean.rb
+- lib/chef_metal_fog/providers/openstack.rb
+- lib/chef_metal_fog/providers/rackspace.rb
 - lib/chef_metal_fog/recipe_dsl.rb
 - lib/chef_metal_fog/version.rb
+- spec/spec_helper.rb
+- spec/support/aws/config-file.csv
+- spec/support/aws/ini-file.ini
+- spec/support/chef_metal_fog/providers/testdriver.rb
+- spec/unit/fog_driver_spec.rb
+- spec/unit/providers/aws/credentials_spec.rb
+- spec/unit/providers/rackspace_spec.rb
 homepage: https://github.com/opscode/chef-metal-fog
 licenses: []
 metadata: {}

data/lib/chef_metal_fog/aws_credentials.rb

@@ -1,67 +0,0 @@
-require 'inifile'
-require 'csv'
-
-module ChefMetalFog
-  # Reads in a credentials file in Amazon's download format and presents the credentials to you
-  class AWSCredentials
-    def initialize
-      @credentials = {}
-    end
-
-    include Enumerable
-
-    def default
-      @credentials[ENV['AWS_DEFAULT_PROFILE'] || 'default'] || @credentials.first[1]
-    end
-
-    def keys
-      @credentials.keys
-    end
-
-    def [](name)
-      @credentials[name]
-    end
-
-    def each(&block)
-      @credentials.each(&block)
-    end
-
-    def load_ini(credentials_ini_file)
-      inifile = IniFile.load(File.expand_path(credentials_ini_file))
-      inifile.each_section do |section|
-        if section =~ /^\s*profile\s+(.+)$/ || section =~ /^\s*(default)\s*/
-          profile_name = $1.strip
-          profile = inifile[section].inject({}) do |result, pair|
-            result[pair[0].to_sym] = pair[1]
-            result
-          end
-          profile[:name] = profile_name
-          @credentials[profile_name] = profile
-        end
-      end
-    end
-
-    def load_csv(credentials_csv_file)
-      CSV.new(File.open(credentials_csv_file), :headers => :first_row).each do |row|
-        @credentials[row['User Name']] = {
-          :name => row['User Name'],
-          :user_name => row['User Name'],
-          :aws_access_key_id => row['Access Key Id'],
-          :aws_secret_access_key => row['Secret Access Key']
-        }
-      end
-    end
-
-    def load_default
-      load_ini(ENV['AWS_CONFIG_FILE'] || File.expand_path('~/.aws/config'))
-    end
-
-    def self.method_missing(name, *args, &block)
-      singleton.send(name, *args, &block)
-    end
-
-    def self.singleton
-      @aws_credentials ||= AWSCredentials.new
-    end
-  end
-end

data/lib/chef_metal_fog/fog_driver_aws.rb

@@ -1,142 +0,0 @@
-require 'chef_metal_fog/aws_credentials'
-require 'chef/log'
-require 'fog/aws'
-
-module ChefMetalFog
-  module FogDriverAWS
-    def self.get_aws_profile(driver_options, aws_account_id)
-      aws_credentials = get_aws_credentials(driver_options)
-      compute_options = driver_options[:compute_options] || {}
-
-      # Order of operations:
-      # compute_options[:aws_access_key_id] / compute_options[:aws_secret_access_key] / compute_options[:aws_security_token] / compute_options[:region]
-      # compute_options[:aws_profile]
-      # ENV['AWS_ACCESS_KEY_ID'] / ENV['AWS_SECRET_ACCESS_KEY'] / ENV['AWS_SECURITY_TOKEN'] / ENV['AWS_REGION']
-      # ENV['AWS_PROFILE']
-      # ENV['DEFAULT_PROFILE']
-      # 'default'
-      aws_profile = if compute_options[:aws_access_key_id]
-        Chef::Log.debug("Using AWS driver access key options")
-        {
-          :aws_access_key_id => compute_options[:aws_access_key_id],
-          :aws_secret_access_key => compute_options[:aws_secret_access_key],
-          :aws_security_token => compute_options[:aws_session_token],
-          :region => compute_options[:region]
-        }
-      elsif driver_options[:aws_profile]
-        Chef::Log.debug("Using AWS profile #{driver_options[:aws_profile]}")
-        aws_credentials[driver_options[:aws_profile]]
-      elsif ENV['AWS_ACCESS_KEY_ID']
-        Chef::Log.debug("Using AWS environment variable access keys")
-        {
-          :aws_access_key_id => ENV['AWS_ACCESS_KEY_ID'],
-          :aws_secret_access_key => ENV['AWS_SECRET_ACCESS_KEY'],
-          :aws_security_token => ENV['AWS_SECURITY_TOKEN'],
-          :region => ENV['AWS_REGION']
-        }
-      elsif ENV['AWS_PROFILE']
-        Chef::Log.debug("Using AWS profile #{ENV['AWS_PROFILE']} from AWS_PROFILE environment variable")
-        aws_credentials[ENV['AWS_PROFILE']]
-      else
-        Chef::Log.debug("Using AWS default profile")
-        aws_credentials.default
-      end
-
-      # Merge in account info for profile
-      if aws_profile
-        aws_profile = aws_profile.merge(aws_account_info_for(aws_profile))
-      end
-
-      # If no profile is found (or the profile is not the right account), search
-      # for a profile that matches the given account ID
-      if aws_account_id && (!aws_profile || aws_profile[:aws_account_id] != aws_account_id)
-        aws_profile = find_aws_profile_for_account_id(aws_credentials, aws_account_id)
-      end
-
-      if !aws_profile
-        raise "No AWS profile specified!  Are you missing something in the Chef config or ~/.aws/config?"
-      end
-
-      aws_profile.delete_if { |key, value| value.nil? }
-      aws_profile
-    end
-
-    def self.find_aws_profile_for_account_id(aws_credentials, aws_account_id)
-      aws_profile = nil
-      aws_credentials.each do |profile_name, profile|
-        begin
-          aws_account_info = aws_account_info_for(profile)
-        rescue
-          Chef::Log.warn("Could not connect to AWS profile #{aws_credentials[:name]}: #{$!}")
-          Chef::Log.debug($!.backtrace.join("\n"))
-          next
-        end
-        if aws_account_info[:aws_account_id] == aws_account_id
-          aws_profile = profile
-          aws_profile[:name] = profile_name
-          aws_profile = aws_profile.merge(aws_account_info)
-          break
-        end
-      end
-      if aws_profile
-        Chef::Log.info("Discovered AWS profile #{aws_profile[:name]} pointing at account #{aws_account_id}.  Using ...")
-      else
-        raise "No AWS profile leads to account ##{aws_account_id}.  Do you need to add profiles to ~/.aws/config?"
-      end
-      aws_profile
-    end
-
-    def self.aws_account_info_for(aws_profile)
-      @@aws_account_info ||= {}
-      @@aws_account_info[aws_profile[:aws_access_key_id]] ||= begin
-        options = {
-          :aws_access_key_id => aws_profile[:aws_access_key_id],
-          :aws_secret_access_key => aws_profile[:aws_secret_access_key],
-          :aws_session_token => aws_profile[:aws_security_token]
-        }
-        options.delete_if { |key, value| value.nil? }
-
-        iam = Fog::AWS::IAM.new(options)
-        arn = begin
-          # TODO it would be nice if Fog let you do this normally ...
-          iam.send(:request, {
-            'Action'    => 'GetUser',
-            :parser     => Fog::Parsers::AWS::IAM::GetUser.new
-          }).body['User']['Arn']
-        rescue Fog::AWS::IAM::Error
-          # TODO Someone tell me there is a better way to find out your current
-          # user ID than this!  This is what happens when you use an IAM user
-          # with default privileges.
-          if $!.message =~ /AccessDenied.+(arn:aws:iam::\d+:\S+)/
-            arn = $1
-          else
-            raise
-          end
-        end
-        arn_split = arn.split(':', 6)
-        {
-          :aws_account_id => arn_split[4],
-          :aws_username => arn_split[5],
-          :aws_user_arn => arn
-        }
-      end
-    end
-
-    def self.get_aws_credentials(driver_options)
-      # Grab the list of possible credentials
-      if driver_options[:aws_credentials]
-        aws_credentials = driver_options[:aws_credentials]
-      else
-        aws_credentials = AWSCredentials.new
-        if driver_options[:aws_config_file]
-          aws_credentials.load_ini(driver_options.delete(:aws_config_file))
-        elsif driver_options[:aws_csv_file]
-          aws_credentials.load_csv(driver_options.delete(:aws_csv_file))
-        else
-          aws_credentials.load_default
-        end
-      end
-      aws_credentials
-    end
-  end
-end