chef-provisioning-aws 0.4.0 → 0.5.0

data/lib/chef/provider/aws_sns_topic.rb

@@ -1,39 +1,23 @@
-require 'chef/provider/aws_provider'
+require 'chef/provisioning/aws_driver/aws_provider'
 require 'date'
 
-class Chef::Provider::AwsSnsTopic < Chef::Provider::AwsProvider
+class Chef::Provider::AwsSnsTopic < Chef::Provisioning::AWSDriver::AWSProvider
 
-  action :create do
-    if existing_topic == nil
-      converge_by "Creating new SNS topic #{fqn} in #{new_driver.aws_config.region}" do
-        new_driver.sns.topics.create(fqn)
+  protected
 
-        new_resource.created_at DateTime.now.to_s
-        new_resource.save
-      end
+  def create_aws_object
+    converge_by "Creating new SNS topic #{new_resource.name} in #{region}" do
+      new_resource.driver.sns.topics.create(new_resource.name)
     end
   end
 
-  action :delete do
-    if existing_topic
-      converge_by "Deleting SNS topic #{fqn} in #{new_driver.aws_config.region}" do
-        existing_topic.delete
-      end
-    end
-
-    new_resource.delete
+  def update_aws_object(topic)
   end
 
-  def existing_topic
-    @existing_topic ||= begin
-      new_driver.sns.topics.named(fqn)
-    rescue
-      nil
+  def destroy_aws_object(topic)
+    converge_by "Deleting SNS topic #{topic.name} in #{region}" do
+      topic.delete
     end
   end
 
-  def id
-    new_resource.topic_name
-  end
-
 end

data/lib/chef/provider/aws_sqs_queue.rb

@@ -1,47 +1,25 @@
-require 'chef/provider/aws_provider'
-require 'date'
-
-class Chef::Provider::AwsSqsQueue < Chef::Provider::AwsProvider
-
-  action :create do
-    if existing_queue == nil
-      converge_by "Creating new SQS queue #{fqn} in #{new_driver.aws_config.region}" do
-        loop do
-          begin
-            new_driver.sqs.queues.create(fqn)
-            break
-          rescue AWS::SQS::Errors::QueueDeletedRecently
-            sleep 5
-          end
-        end
-
-        new_resource.created_at DateTime.now.to_s
-        new_resource.save
+require 'chef/provisioning/aws_driver/aws_provider'
+
+class Chef::Provider::AwsSqsQueue < Chef::Provisioning::AWSDriver::AWSProvider
+
+  def create_aws_object
+    converge_by "create new SQS queue #{new_resource.name} in #{region}" do
+      # TODO need timeout here.
+      begin
+        new_resource.driver.sqs.queues.create(new_resource.name, new_resource.options || {})
+      rescue AWS::SQS::Errors::QueueDeletedRecently
+        sleep 5
+        retry
       end
     end
   end
 
-  action :delete do
-    if existing_queue
-      converge_by "Deleting SQS queue #{fqn} in #{new_driver.aws_config.region}" do
-        existing_queue.delete
-      end
-    end
-
-    new_resource.delete
+  def update_aws_object(queue)
   end
 
-  def existing_queue
-    @existing_queue ||= begin
-      new_driver.sqs.queues.named(fqn)
-    rescue
-      nil
+  def destroy_aws_object(queue)
+    converge_by "delete SQS queue #{new_resource.name} in #{region}" do
+      queue.delete
     end
   end
-
-  # Fully qualified queue name (i.e luigi:us-east-1)
-  def id
-    new_resource.queue_name
-  end
-
 end

data/lib/chef/provider/aws_subnet.rb

@@ -1,52 +1,105 @@
-require 'chef/provider/aws_provider'
+require 'chef/provisioning/aws_driver/aws_provider'
+require 'chef/provisioning/aws_driver/aws_resource'
 require 'date'
+require 'chef/resource/aws_vpc'
 
-class Chef::Provider::AwsSubnet < Chef::Provider::AwsProvider
+class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
 
-  action :create do
-    fail "Can't create a Subnet without a CIDR block" if new_resource.cidr_block.nil?
+  def action_create
+    subnet = super
 
-    if existing_subnet == nil
-      converge_by "Creating new Subnet #{fqn} in VPC #{new_resource.vpc} in #{new_driver.aws_config.region}" do
-        opts = { :vpc => vpc_id }
-        opts[:availability_zone] = new_resource.availability_zone if new_resource.availability_zone
-        subnet = new_driver.ec2.subnets.create(new_resource.cidr_block, opts)
-        subnet.tags['Name'] = new_resource.name
-        subnet.tags['VPC'] = new_resource.vpc
-        new_resource.subnet_id subnet.id
-        new_resource.save
-      end
+    if new_resource.map_public_ip_on_launch != nil
+      update_map_public_ip_on_launch(subnet)
+    end
+
+    if new_resource.route_table != nil
+      update_route_table(subnet)
     end
   end
 
-  action :delete do
-    if existing_subnet
-      converge_by "Deleting subnet #{fqn} in VPC #{new_resource.vpc} in #{new_driver.aws_config.region}" do
-        existing_subnet.delete
-      end
+  protected
+
+  def create_aws_object
+    cidr_block = new_resource.cidr_block
+    if !cidr_block
+      cidr_block = Chef::Resource::AwsVpc.get_aws_object(new_resource.vpc, resource: new_resource).cidr_block
     end
+    options = { :vpc => new_resource.vpc }
+    options[:availability_zone] = new_resource.availability_zone if new_resource.availability_zone
+    options = Chef::Provisioning::AWSDriver::AWSResource.lookup_options(options, resource: new_resource)
 
-    new_resource.delete
+    converge_by "create new subnet #{new_resource.name} with CIDR #{cidr_block} in VPC #{new_resource.vpc} (#{options[:vpc]}) in #{region}" do
+      subnet = new_resource.driver.ec2.subnets.create(cidr_block, options)
+      subnet.tags['Name'] = new_resource.name
+      subnet.tags['VPC'] = new_resource.vpc
+      subnet
+    end
   end
 
-  def vpc_id
-    @vpc_id ||= begin
-      new_driver.ec2.vpcs.with_tag('Name', new_resource.vpc).first
-    rescue
-      nil
+  def update_aws_object(subnet)
+    # Verify unmodifiable attributes of existing subnet
+    if new_resource.cidr_block && subnet.cidr_block != new_resource.cidr_block
+      raise "cidr_block for subnet #{new_resource.name} is #{new_resource.cidr_block}, but existing subnet (#{subnet.id})'s cidr_block is #{subnet.cidr_block}.  Modification of subnet cidr_block is unsupported!"
+    end
+    vpc = Chef::Resource::AwsVpc.get_aws_object(new_resource.vpc, resource: new_resource)
+    if vpc && subnet.vpc != vpc
+      raise "vpc for subnet #{new_resource.name} is #{new_resource.vpc} (#{vpc.id}), but existing subnet (#{subnet.id})'s vpc is #{subnet.vpc.id}.  Modification of subnet vpc is unsupported!"
+    end
+    if new_resource.availability_zone && subnet.availability_zone_name != new_resource.availability_zone
+      raise "availability_zone for subnet #{new_resource.name} is #{new_resource.availability_zone}, but existing subnet (#{subnet.id})'s availability_zone is #{subnet.availability_zone}.  Modification of subnet availability_zone is unsupported!"
     end
   end
 
-  def existing_subnet
-      @subnet_id ||= begin
-      new_driver.ec2.subnets.with_tag('Name', new_resource.name).first
-    rescue
-      nil
+  def destroy_aws_object(subnet)
+    converge_by "delete subnet #{new_resource.name} in VPC #{new_resource.vpc} in #{region}" do
+      subnet.delete
     end
   end
 
-  def id
-    new_resource.subnet_id
+  private
+
+  def update_map_public_ip_on_launch(subnet)
+    if !new_resource.map_public_ip_on_launch.nil?
+      subnet_desc = subnet.client.describe_subnets(subnet_ids: [ subnet.id ])[:subnet_set].first
+      if new_resource.map_public_ip_on_launch
+        if !subnet_desc[:map_public_ip_on_launch]
+          converge_by "turn on automatic public IPs for subnet #{subnet.id}" do
+            subnet.client.modify_subnet_attribute(subnet_id: subnet.id, map_public_ip_on_launch: { value: true })
+          end
+        end
+      else
+        if subnet_desc[:map_public_ip_on_launch]
+          converge_by "turn off automatic public IPs for subnet #{subnet.id}" do
+            subnet.client.modify_subnet_attribute(subnet_id: subnet.id, map_public_ip_on_launch: { value: false })
+          end
+        end
+      end
+    end
   end
 
+  def update_route_table(subnet)
+    if new_resource.route_table == :default_to_main
+      if !subnet.route_table_association.main?
+        converge_by "reset route table of subnet #{new_resource.name} to the VPC default" do
+          subnet.route_table = nil
+        end
+      end
+    else
+      route_table = Chef::Resource::AwsRouteTable.get_aws_object(new_resource.route_table, resource: new_resource)
+      current_route_table_association = subnet.route_table_association
+      if current_route_table_association.main?
+        # Even if the user sets the route table explicitly to the main route table,
+        # we have work to do here: we need to make the relationship explicit so that
+        # it won't be changed when the main route table of the VPC changes.
+        converge_by "set route table of subnet #{new_resource.name} to #{new_resource.route_table}" do
+          subnet.route_table = route_table
+        end
+      elsif current_route_table_association.route_table != route_table
+        # The route table is different now.  Change it.
+        converge_by "change route table of subnet #{new_resource.name} to #{new_resource.route_table} (was #{current_route_table_association.route_table.id})" do
+          subnet.route_table = route_table
+        end
+      end
+    end
+  end
 end

data/lib/chef/provider/aws_vpc.rb

@@ -1,42 +1,182 @@
-require 'chef/provider/aws_provider'
+require 'chef/provisioning/aws_driver/aws_provider'
 require 'date'
 
-class Chef::Provider::AwsVpc < Chef::Provider::AwsProvider
+class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
 
-  action :create do
-    fail "Can't create a VPC without a CIDR block" if new_resource.cidr_block.nil?
+  def action_create
+    vpc = super
 
-    if existing_vpc == nil
-      converge_by "Creating new VPC #{fqn} in #{new_driver.aws_config.region}" do
-        opts = { :instance_tenancy => :default}
-        vpc = new_driver.ec2.vpcs.create(new_resource.cidr_block, opts)
-        vpc.tags['Name'] = new_resource.name
-        new_resource.vpc_id vpc.id
-        new_resource.save
+    # Update DNS attributes
+    update_vpc_attributes(vpc)
+
+    #
+    # Attach/detach internet gateway
+    #
+    if !new_resource.internet_gateway.nil?
+      update_internet_gateway(vpc)
+    end
+
+    # Replace the main route table for the VPC
+    if !new_resource.main_route_table.nil?
+      main_route_table = update_main_route_table(vpc)
+    end
+
+    # Update the main route table
+    if !new_resource.main_routes.nil?
+      update_main_routes(vpc, main_route_table)
+    end
+
+    # Update DHCP options
+    if !new_resource.dhcp_options.nil?
+      update_dhcp_options(vpc)
+    end
+  end
+
+  protected
+
+  def create_aws_object
+    options = { }
+    options[:instance_tenancy] = new_resource.instance_tenancy if new_resource.instance_tenancy
+
+    converge_by "create new VPC #{new_resource.name} in #{region}" do
+      vpc = new_resource.driver.ec2.vpcs.create(new_resource.cidr_block, options)
+      vpc.tags['Name'] = new_resource.name
+      vpc
+    end
+  end
+
+  def update_aws_object(vpc)
+    if new_resource.instance_tenancy && new_resource.instance_tenancy != vpc.instance_tenancy
+      raise "Tenancy of VPC #{new_resource.name} is #{vpc.instance_tenancy}, but desired tenancy is #{new_resource.instance_tenancy}.  Instance tenancy of VPCs cannot be changed!"
+    end
+    if new_resource.cidr_block && new_resource.cidr_block != vpc.cidr_block
+      raise "CIDR block of VPC #{new_resource.name} is #{vpc.cidr_block}, but desired CIDR block is #{new_resource.cidr_block}.  VPC CIDR blocks cannot currently be changed!"
+    end
+  end
+
+  def destroy_aws_object(vpc)
+    # Detach or destroy the internet gateway
+    ig = vpc.internet_gateway
+    if ig
+      converge_by "detach Internet Gateway #{ig.id} in #{region} from VPC #{new_resource.name} (#{vpc.id}" do
+        ig.detach(vpc.id)
+      end
+      if ig.tags['OwnedByVPC'] == vpc.id
+        converge_by "destroy Internet Gateway #{ig.id} in #{region} (owned by VPC #{new_resource.name} (#{vpc.id}))" do
+          ig.delete
+        end
       end
     end
+
+    # TODO delete main route table & routes if they exist and we created them
+
+    converge_by "delete VPC #{new_resource.name} (#{vpc.id}) in #{region}" do
+      vpc.delete
+    end
   end
 
-  action :delete do
-    if existing_vpc
-      converge_by "Deleting VPC #{fqn} in #{new_driver.aws_config.region}" do
-        existing_vpc.delete
+  private
+
+  def update_vpc_attributes(vpc)
+    # Figure out what (if anything) we need to update
+    update_attributes = {}
+    %w(enable_dns_support enable_dns_hostnames).each do |name|
+      desired_value = new_resource.public_send(name)
+      if !desired_value.nil?
+        # enable_dns_support -> enableDnsSupport
+        aws_attr_name = name.gsub(/_./) { |v| v[1..1].upcase }
+        name = name.to_sym
+        actual_value = vpc.client.describe_vpc_attribute(vpc_id: vpc.id, attribute: aws_attr_name)
+        if actual_value[name][:value] != desired_value
+          update_attributes[name] = { old_value: actual_value[name][:value], value: desired_value }
+        end
       end
     end
 
-    new_resource.delete
+    update_attributes.each do |name, update|
+      converge_by "update #{name} to #{update[:value].inspect} (was #{update[:old_value].inspect}) in VPC #{new_resource.name} (#{vpc.id})" do
+        vpc.client.modify_vpc_attribute(:vpc_id => vpc.id, name => { value: update[:value] })
+      end
+    end
   end
 
-  def existing_vpc
-    @existing_vpc ||= begin
-      new_driver.ec2.vpcs.with_tag('Name', new_resource.name).first
-    rescue
-      nil
+  def update_internet_gateway(vpc)
+    current_ig = vpc.internet_gateway
+    case new_resource.internet_gateway
+    when String, Chef::Resource::AwsInternetGateway, AWS::EC2::InternetGateway
+      new_ig = Chef::Resource::AwsInternetGateway.get_aws_object(new_resource.internet_gateway, resource: new_resource)
+      if !current_ig
+        converge_by "attach Internet Gateway #{new_resource.internet_gateway} to VPC #{vpc.id}" do
+          new_ig.attach(vpc.id)
+        end
+      elsif current_ig != new_ig
+        converge_by "replace Internet Gateway #{current_ig.id} on VPC #{vpc.id} with new Internet Gateway #{new_ig.id}" do
+          current_ig.detach(vpc.id)
+          new_ig.attach(vpc.id)
+        end
+        if current_ig.tags['OwnedByVPC'] == vpc.id
+          converge_by "destroy Internet Gateway #{current_ig.id} in #{region} (owned by VPC #{vpc.id})" do
+            current_ig.delete
+          end
+        end
+      end
+    when true
+      if !current_ig
+        converge_by "attach new Internet Gateway to VPC #{vpc.id}" do
+          current_ig = AWS.ec2(config: vpc.config).internet_gateways.create
+          action_handler.report_progress "create Internet Gateway #{current_ig.id}"
+          current_ig.tags['OwnedByVPC'] = vpc.id
+          action_handler.report_progress "tag Internet Gateway #{current_ig.id} as OwnedByVpc: #{vpc.id}"
+          vpc.internet_gateway = current_ig
+        end
+      end
+    when false
+      if current_ig
+        converge_by "detach Internet Gateway #{current_ig.id} from VPC #{vpc.id}" do
+          current_ig.detach(vpc.id)
+        end
+        if current_ig.tags['OwnedByVPC'] == vpc.id
+          converge_by "destroy Internet Gateway #{current_ig.id} in #{region} (owned by VPC #{vpc.id})" do
+            current_ig.delete
+          end
+        end
+      end
     end
   end
 
-  def id
-    new_resource.vpc_id
+  def update_main_route_table(vpc)
+    desired_route_table = Chef::Resource::AwsRouteTable.get_aws_object(new_resource.main_route_table, resource: new_resource)
+    current_route_table = vpc.route_tables.main_route_table
+    if current_route_table != desired_route_table
+      main_association = current_route_table.associations.select { |a| a.main? }.first
+      if !main_association
+        raise "No main route table association found for VPC #{new_resource.name} (#{vpc.id})'s current main route table #{current_route_table.id}: error!  Probably a race condition."
+      end
+      converge_by "change main route table for VPC #{new_resource.name} (#{vpc.id}) to #{desired_route_table.id} (was #{current_route_table.id})" do
+        vpc.client.replace_route_table_association(
+          association_id: main_association.id,
+          route_table_id: desired_route_table.id)
+      end
+    end
+    desired_route_table
   end
 
+  def update_main_routes(vpc, main_route_table)
+    main_route_table ||= vpc.route_tables.main_route_table
+    aws_route_table main_route_table do
+      vpc vpc
+      routes new_resource.main_routes
+    end
+    main_route_table
+  end
+
+  def update_dhcp_options(vpc)
+    dhcp_options = vpc.dhcp_options
+    desired_dhcp_options = Chef::Resource::AwsDhcpOptions.get_aws_object(new_resource.dhcp_options, resource: new_resource)
+    if dhcp_options != desired_dhcp_options
+      converge_by "change DHCP options for VPC #{new_resource.name} (#{vpc.id}) to #{new_resource.dhcp_options} (#{desired_dhcp_options.id}) - was #{dhcp_options.id}" do
+        vpc.dhcp_options = desired_dhcp_options
+      end
+    end
+  end
 end