chef-provisioning-aws 0.4.0 → 0.5.0

data/lib/chef/resource/aws_s3_bucket.rb

@@ -1,25 +1,15 @@
-require 'chef/resource/aws_resource'
-require 'chef/provisioning/aws_driver'
+require 'chef/provisioning/aws_driver/aws_resource'
 
-class Chef::Resource::AwsS3Bucket < Chef::Resource::AwsResource
-  self.resource_name = 'aws_s3_bucket'
-  self.databag_name = 's3_buckets'
-
-  actions :create, :delete, :nothing
-  default_action :create
+class Chef::Resource::AwsS3Bucket < Chef::Provisioning::AWSDriver::AWSResource
+  aws_sdk_type AWS::S3::Bucket, id: :name
 
   attribute :name, :kind_of => String, :name_attribute => true
-  attribute :bucket_name, :kind_of => String
+  attribute :options, :kind_of => Hash, :default => {}
   attribute :enable_website_hosting, :kind_of => [TrueClass, FalseClass], :default => false
-  attribute :website_options, :kind_of => Hash
-
-  stored_attribute :endpoint
-
-  def initialize(*args)
-    super
-  end
+  attribute :website_options, :kind_of => Hash, :default => {}
 
-  def after_created
-    super
+  def aws_object
+    result = driver.s3.buckets[name]
+    result && result.exists? ? result : nil
   end
 end

data/lib/chef/resource/aws_security_group.rb

@@ -1,26 +1,56 @@
-require 'chef/resource/aws_resource'
-require 'chef/provisioning/aws_driver'
+require 'chef/provisioning/aws_driver/aws_resource_with_entry'
+require 'chef/resource/aws_vpc'
 
-class Chef::Resource::AwsSecurityGroup < Chef::Resource::AwsResource
-  self.resource_name = 'aws_security_group'
-  self.databag_name = 'aws_security_groups'
+class Chef::Resource::AwsSecurityGroup < Chef::Provisioning::AWSDriver::AWSResourceWithEntry
+  aws_sdk_type AWS::EC2::SecurityGroup
 
-  actions :create, :delete, :nothing
-  default_action :create
+  attribute :name,          kind_of: String, name_attribute: true
+  attribute :vpc,           kind_of: [ String, AwsVpc, AWS::EC2::VPC ]
+  attribute :description,   kind_of: String
 
-  attribute :name, :kind_of => String, :name_attribute => true
-  attribute :vpc_id, :kind_of => String
-  attribute :vpc_name, :kind_of => String
-  attribute :inbound_rules
-  attribute :outbound_rules
-  stored_attribute :security_group_id
-  stored_attribute :description
+  #
+  # Accepts rules in the format:
+  # [
+  #   { port: 22, protocol: :tcp, sources: [<source>, <source>, ...] }
+  # ]
+  #
+  # Or:
+  # {
+  #   <permitted_source> => <port>,
+  #   ...
+  # }
+  #
+  # Where <port> is one of:
+  # - <port number/range>: the port number. e.g. `80`; or a port range: `1024..2048`
+  # - [ <port number/range>, <protocol> ] or [ <protocol>, <number> ], e.g. `[ 80, :http ]`
+  # - { port: <port number/range>, protocol: <protocol> }, e.g. { port: 80, protocol: :http }
+  #
+  # And <permitted_source> is one of:
+  # - <CIDR>: An IP or CIDR of IPs to talk to.
+  #   - `inbound_rules '1.2.3.4' => 80`
+  #   - `inbound_rules '1.2.3.4/24' => 80`
+  # - <Security Group>: A security group to authorize.
+  #   - `inbound_rules 'mysecuritygroup'`
+  #   - `inbound_rules { security_group: 'mysecuritygroup' }`
+  #   - `inbound_rules 'sg-1234abcd' => 80`
+  #   - `inbound_rules aws_security_group('mysecuritygroup') => 80`
+  #   - `inbound_rules AWS.ec2.security_groups.first => 80`
+  # - <Load Balancer>: A load balancer to authorize.
+  #   - `inbound_rules { load_balancer: 'myloadbalancer' } => 80`
+  #   - `inbound_rules 'elb-1234abcd' => 80`
+  #   - `inbound_rules load_balancer('myloadbalancer') => 80`
+  #   - `inbound_rules AWS.ec2.security_groups.first => 80`
+  #
+  attribute :inbound_rules,  kind_of: [ Array, Hash ]
+  attribute :outbound_rules, kind_of: [ Array, Hash ]
 
-  def initialize(*args)
-    super
-  end
+  attribute :security_group_id, kind_of: String, aws_id_attribute: true, lazy_default: proc {
+    name =~ /^sg-[a-f0-9]{8}$/ ? name : nil
+  }
 
-  def after_created
-    super
+  def aws_object
+    driver, id = get_driver_and_id
+    result = driver.ec2.security_groups[id] if id
+    result && result.exists? ? result : nil
   end
 end

data/lib/chef/resource/aws_sns_topic.rb

@@ -1,20 +1,19 @@
-require 'chef/resource/aws_resource'
-require 'chef/provisioning/aws_driver'
+require 'chef/provisioning/aws_driver/aws_resource'
 
-class Chef::Resource::AwsSnsTopic < Chef::Resource::AwsResource
-  self.resource_name = 'aws_sns_topic'
+class Chef::Resource::AwsSnsTopic < Chef::Provisioning::AWSDriver::AWSResource
+  aws_sdk_type AWS::SNS::Topic
 
-  actions :create, :delete, :nothing
-  default_action :create
+  attribute :name, kind_of: String, name_attribute: true
+  attribute :arn,  kind_of: String, lazy_default: proc { driver.build_arn(service: 'sns', resource: name) }
 
-  attribute :name, :kind_of => String, :name_attribute => true
-  attribute :topic_name, :kind_of => String
-
-  def initialize(*args)
-    super
-  end
-
-  def after_created
-    super
+  def aws_object
+    result = driver.sns.topics[arn]
+    begin
+      # Test whether it exists or not by asking for a property
+      result.display_name
+    rescue AWS::SNS::Errors::NotFound
+      result = nil
+    end
+    result
   end
 end

data/lib/chef/resource/aws_sqs_queue.rb

@@ -1,21 +1,23 @@
-require 'chef/resource/aws_resource'
-require 'chef/provisioning/aws_driver'
+require 'chef/provisioning/aws_driver/aws_resource'
 
-class Chef::Resource::AwsSqsQueue < Chef::Resource::AwsResource
-  self.resource_name = 'aws_sqs_queue'
+class Chef::Resource::AwsSqsQueue < Chef::Provisioning::AWSDriver::AWSResource
+  aws_sdk_type AWS::SQS::Queue
 
-  actions :create, :delete, :nothing
-  default_action :create
+  attribute :name,    kind_of: String, name_attribute: true
+  attribute :options, kind_of: Hash
 
-  attribute :name, :kind_of => String, :name_attribute => true
-  attribute :queue_name, :kind_of => String
-  stored_attribute :created_at
-
-  def initialize(*args)
-    super
+  def aws_object
+    begin
+      driver.sqs.queues.named(name)
+    rescue AWS::SQS::Errors::NonExistentQueue
+      nil
+    end
   end
 
-  def after_created
-    super
+  protected
+
+  def self.get_aws_object_id(value, **options)
+    aws_object = get_aws_object(value, **options)
+    aws_object.arn.split(':')[-1] if aws_object
   end
 end

data/lib/chef/resource/aws_subnet.rb

@@ -1,25 +1,95 @@
-require 'chef/resource/aws_resource'
-require 'chef/provisioning/aws_driver'
+require 'chef/provisioning/aws_driver/aws_resource_with_entry'
 
-class Chef::Resource::AwsSubnet < Chef::Resource::AwsResource
-  self.resource_name = 'aws_subnet'
-  self.databag_name = 'aws_subnet'
+#
+# An AWS subnet is a sub-section of a VPC, walled gardens within the walled garden;
+# they share a space of IP addresses with other subnets in the VPC but can otherwise
+# be walled off from each other.
+#
+# `name` is not guaranteed unique for an AWS account; therefore, Chef will
+# store the subnet ID associated with this name in your Chef server in the
+# data bag `data/aws_subnet/<name>`.
+#
+# API documentation for the AWS Ruby SDK for VPCs (and the object returned from `aws_object` can be found here:
+#
+# - http://docs.aws.amazon.com/AWSRubySDK/latest/AWS/EC2/Subnet.html
+#
+class Chef::Resource::AwsSubnet < Chef::Provisioning::AWSDriver::AWSResourceWithEntry
+  aws_sdk_type AWS::EC2::Subnet
 
-  actions :create, :delete, :nothing
-  default_action :create
+  require 'chef/resource/aws_vpc'
+  require 'chef/resource/aws_route_table'
 
-  attribute :name, :kind_of => String, :name_attribute => true
-  attribute :cidr_block, :kind_of => String
-  attribute :vpc, :kind_of => String
-  attribute :availability_zone, :kind_of => String
+  #
+  # The name of this subnet.
+  #
+  attribute :name, kind_of: String, name_attribute: true
 
-  stored_attribute :subnet_id
+  #
+  # The VPC of this subnet.
+  #
+  # May be one of:
+  # - The name of an `aws_vpc` Chef resource.
+  # - An actual `aws_vpc` resource.
+  # - An AWS `VPC` object.
+  #
+  attribute :vpc, kind_of: [ String, AwsVpc, AWS::EC2::VPC ]
 
-  def initialize(*args)
-    super
-  end
+  #
+  # The CIDR block of IP addresses allocated to this subnet.
+  # Must be a subset of the IP addresses in the VPC, and must not overlap the
+  # IP addresses of any other subnet in the VPC.
+  #
+  # For example:
+  # - `'10.0.0.0/24'` gives you 256 addresses.
+  # - `'10.0.0.0/16'` gives you 65536 addresses.
+  #
+  # This defaults to taking all IP addresses in the VPC.
+  #
+  attribute :cidr_block, kind_of: String
+
+  #
+  # The availability zone of this subnet.
+  #
+  # e.g. us-east-1a or us-east-1b.
+  #
+  # By default, AWS will pick an AZ for a given subnet.
+  #
+  attribute :availability_zone, kind_of: String
+
+  #
+  # Whether to give public IP addresses to new instances in this subnet by default.
+  #
+  attribute :map_public_ip_on_launch, kind_of: [ TrueClass, FalseClass ]
+
+  #
+  # The route table to associate with this subnet.
+  #
+  # May be one of:
+  # - The name of an `aws_route_table` Chef resource.
+  # - An actual `aws_route_table` resource.
+  # - An AWS `route_table` object.
+  # - `:default_to_main`, which will detach any explicit route tables associated
+  #   with the subnet, causing it to use the default (main) route table for the VPC.
+  #
+  # By default, an implicit association with the main route table is made (`:default_to_main`)
+  #
+  attribute :route_table#, kind_of: [ String, AwsRouteTable, AWS::EC2::RouteTable ], equal_to: [ :default_to_main ]
+
+  attribute :subnet_id, kind_of: String, aws_id_attribute: true, lazy_default: proc {
+    name =~ /^subnet-[a-f0-9]{8}$/ ? name : nil
+  }
 
-  def after_created
-    super
+  def aws_object
+    driver, id = get_driver_and_id
+    result = driver.ec2.subnets[id] if id
+    if result
+      begin
+        # Try to access it to see if it exists (no `exists?` method)
+        result.vpc_id
+      rescue AWS::EC2::Errors::InvalidSubnetID::NotFound
+        result = nil
+      end
+    end
+    result
   end
 end

data/lib/chef/resource/aws_vpc.rb

@@ -1,23 +1,145 @@
-require 'chef/resource/aws_resource'
-require 'chef/provisioning/aws_driver'
+require 'chef/provisioning/aws_driver/aws_resource_with_entry'
 
-class Chef::Resource::AwsVpc < Chef::Resource::AwsResource
-  self.resource_name = 'aws_vpc'
-  self.databag_name = 'aws_vpc'
+#
+# Represents an AWS VPC.
+#
+# This allows you to finely control network access and security for your
+# instances, creating a "walled garden" which cannot be accessed by the Internet
+# (or get out to it) without explicitly enabling it through subnets, route tables,
+# internet gateways and NATs.
+#
+# VPCs and network security are closely related with the following other resources:
+# - `aws_subnet`: sub-sections of a VPC that can be walled off from each other, which actually contain instances
+# - `aws_security_group`: descriptions of instances--particularly, who can talk to them and who they can talk to.
+# - `aws_route_table`: descriptions of where traffic should be routed when an instance in a subnet tries to talk to a particular IP.
+#
+# `name` is not guaranteed unique for an AWS account; therefore, Chef will
+# store the VPC ID associated with this name in your Chef server in the
+# data bag `data/aws_vpc/<name>`.
+#
+# General documentation on AWS VPCs can be found here:
+#
+# - http://aws.amazon.com/documentation/vpc/
+#
+# API documentation for the AWS Ruby SDK for VPCs (and the object returned from `aws_object` can be found here:
+#
+# - http://docs.aws.amazon.com/AWSRubySDK/latest/AWS/EC2/VPC.html
+#
+class Chef::Resource::AwsVpc < Chef::Provisioning::AWSDriver::AWSResourceWithEntry
+  aws_sdk_type AWS::EC2::VPC
 
-  actions :create, :delete, :nothing
-  default_action :create
+  require 'chef/resource/aws_dhcp_options'
+  require 'chef/resource/aws_route_table'
 
-  attribute :name, :kind_of => String, :name_attribute => true
-  attribute :cidr_block, :kind_of => String
+  #
+  # The name of this VPC.
+  #
+  attribute :name, kind_of: String, name_attribute: true
 
-  stored_attribute :vpc_id
+  #
+  # The CIDR block of IP addresses allocated to this VPC.
+  #
+  # For example:
+  # - `'10.0.0.0/24'` gives you 256 addresses.
+  # - `'10.0.0.0/16'` gives you 65536 addresses.
+  #
+  # This must be specified: there is no default, and it cannot be changed.
+  #
+  attribute :cidr_block, kind_of: String
 
-  def initialize(*args)
-    super
-  end
+  #
+  # The instance tenancy of this VPC.
+  #
+  # - `:default` allows any tenancy
+  # - `:dedicated` forces all instances to be dedicated
+  #
+  # Defaults, not surprisingly, to `default`.
+  #
+  attribute :instance_tenancy, equal_to: [ :default, :dedicated ]
+
+  #
+  # Whether this VPC should have an Internet Gateway or not.
+  #
+  # - `true` will create an Internet Gateway and attach it to the VPC, if one is not attached currently.
+  # - `false` will delete or detache the Internet Gateway attached to the VPC, if any.
+  #   It will delete if the tag "Owned": true is on the Internet Gateway; it will
+  #   detach if not.
+  # - You may specify the AWS ID of an actual Internet Gateway
+  #
+  attribute :internet_gateway#, kind_of: [ String, AWS::EC2::InternetGateway ], equal_to: [ true, false, :detach ]
+
+  #
+  # The main route table.
+  #
+  # May be one of:
+  # - The name of an `aws_route_table` Chef resource.
+  # - An actual `aws_route_table` resource.
+  # - An AWS `route_table` object.
+  #
+  attribute :main_route_table, kind_of: [ String, AwsRouteTable, AWS::EC2::RouteTable ]
+
+  #
+  # The routes for the main route table.
+  #
+  # This is in the form of a Hash, like so:
+  #
+  # ```ruby
+  # main_routes '10.0.0.0/8' => 'internal_vpn',
+  #             '0.0.0.0/0' => :internet_gateway
+  # ```
+  #
+  # The destination (the left side of the `=>`) is always a CIDR block.
+  # The target (the right side of the `=>`) can be one of several things:
+  # - { internet_gateway: <AWS Internet Gateway ID or object> }
+  # - { instance: <Chef machine name or resource, AWS Instance ID or object> }
+  # - { network_interface: <AWS Network Interface ID or object> }
+  # - <AWS Internet Gateway, Instance or Network Interface <ID or object)>
+  # - Chef machine name
+  # - Chef machine resource
+  #
+  attribute :main_routes, kind_of: Hash
+
+  #
+  # The DHCP options for this VPC.
+  #
+  attribute :dhcp_options, kind_of: [ AwsDhcpOptions, AWS::EC2::DHCPOptions, String ]
+
+  #
+  # Indicates whether the DNS resolution is supported for the VPC. If this
+  # attribute is false, the Amazon provided DNS service in the VPC that resolves
+  # public DNS hostnames to IP addresses is not enabled. If this attribute is
+  # true, queries to the Amazon provided DNS server at the 169.254.169.253 IP
+  # address, or the reserved IP address at the base of the VPC network range
+  # "plus two" will succeed.
+  #
+  # For more information, see Amazon DNS Server:
+  # - http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html#AmazonDNS
+  #
+  attribute :enable_dns_support, equal_to: [ true, false ]
+
+  #
+  # Indicates whether the instances launched in the VPC get DNS hostnames. If
+  # this attribute is true, instances in the VPC get DNS hostnames; otherwise,
+  # they do not. If you want your instances to get DNS hostnames, you must also
+  # set enable_dns_support to true.
+  #
+  attribute :enable_dns_hostnames, equal_to: [ true, false ]
+
+  #
+  # A list of tags to put on the VPC.
+  #
+  # The "Name" tag will always be set to the Chef name of the instance if you do
+  # not specify it.
+  #
+  attribute :tags, kind_of: Array
+
+  attribute :vpc_id, kind_of: String, aws_id_attribute: true, lazy_default: proc {
+    name =~ /^vpc-[a-f0-9]{8}$/ ? name : nil
+  }
 
-  def after_created
-    super
+  def aws_object
+    driver, id = get_driver_and_id
+    result = driver.ec2.vpcs[id] if id
+    result && result.exists? ? result : nil
   end
 end