chef-provisioning-aws 1.1.1 → 1.2.0

data/lib/chef/resource/aws_security_group.rb

@@ -1,13 +1,23 @@
-require 'chef/provisioning/aws_driver/aws_resource_with_entry'
+require 'chef/provisioning/aws_driver/aws_resource'
 require 'chef/resource/aws_vpc'
+require 'chef/provisioning/aws_driver/exceptions'
 
-class Chef::Resource::AwsSecurityGroup < Chef::Provisioning::AWSDriver::AWSResourceWithEntry
-  aws_sdk_type AWS::EC2::SecurityGroup
+class Chef::Resource::AwsSecurityGroup < Chef::Provisioning::AWSDriver::AWSResource
+  aws_sdk_type AWS::EC2::SecurityGroup,
+               id: :id,
+               option_names: [:security_group, :security_group_id, :security_group_name]
 
   attribute :name,          kind_of: String, name_attribute: true
   attribute :vpc,           kind_of: [ String, AwsVpc, AWS::EC2::VPC ]
   attribute :description,   kind_of: String
 
+  # This should be a hash of tags to apply to the AWS object
+  # TODO this is duplicated from AWSResourceWithEntry
+  #
+  # @param aws_tags [Hash] Should be a hash of keys & values to add.  Keys and values
+  #        can be provided as symbols or strings, but will be stored in AWS as strings.
+  attribute :aws_tags, kind_of: Hash
+
   #
   # Accepts rules in the format:
   # [
@@ -49,8 +59,22 @@ class Chef::Resource::AwsSecurityGroup < Chef::Provisioning::AWSDriver::AWSResou
   }
 
   def aws_object
-    driver, id = get_driver_and_id
-    result = driver.ec2.security_groups[id] if id
+    if security_group_id
+      result = driver.ec2.security_groups[security_group_id]
+    else
+      # Names are unique within a VPC.  Try to search by name and narroy by VPC, if
+      # provided
+      if vpc
+        vpc_object = Chef::Resource::AwsVpc.get_aws_object(vpc, resource: self)
+        results = vpc_object.security_groups.filter('group-name', name).to_a
+      else
+        results = driver.ec2.security_groups.filter('group-name', name).to_a
+      end
+      if results.size >= 2
+        raise ::Chef::Provisioning::AWSDriver::Exceptions::MultipleSecurityGroupError.new(name, results)
+      end
+      result = results.first
+    end
     result && result.exists? ? result : nil
   end
 end

data/spec/aws_support.rb

@@ -13,6 +13,7 @@ module AWSSupport
   require 'aws_support/matchers/create_an_aws_object'
   require 'aws_support/matchers/update_an_aws_object'
   require 'aws_support/matchers/destroy_an_aws_object'
+  require 'aws_support/matchers/have_aws_object_tags'
   require 'aws_support/delayed_stream'
   require 'chef/provisioning/aws_driver/resources'
   require 'aws_support/aws_resource_run_wrapper'
@@ -21,7 +22,7 @@ module AWSSupport
   require 'aws'
   require 'aws_support/deep_matcher/matchable_object'
   require 'aws_support/deep_matcher/matchable_array'
-  DeepMatcher::MatchableObject.matchable_classes << proc { |o| o.class.name =~ /^AWS::EC2($|::)/ }
+  DeepMatcher::MatchableObject.matchable_classes << proc { |o| o.class.name =~ /^AWS::(EC2|ELB)($|::)/ }
   DeepMatcher::MatchableArray.matchable_classes  << AWS::Core::Data::List
 
   def purge_all
@@ -189,6 +190,9 @@ module AWSSupport
       define_method("create_an_#{resource_name}") do |name, expected_values={}|
         AWSSupport::Matchers::CreateAnAWSObject.new(self, resource_class, name, expected_values)
       end
+      define_method("have_#{resource_name}_tags") do |name, expected_tags={}|
+        AWSSupport::Matchers::HaveAWSObjectTags.new(self, resource_class, name, expected_tags)
+      end
       define_method("destroy_an_#{resource_name}") do |name, expected_values={}|
         AWSSupport::Matchers::DestroyAnAWSObject.new(self, resource_class, name)
       end

data/spec/aws_support/matchers/have_aws_object_tags.rb

@@ -0,0 +1,63 @@
+require 'rspec/matchers'
+require 'chef/provisioning'
+require 'aws_support/deep_matcher'
+
+module AWSSupport
+  module Matchers
+    class HaveAWSObjectTags
+      include RSpec::Matchers::Composable
+      include AWSSupport::DeepMatcher
+
+      def initialize(example, resource_class, name, expected_tags)
+        @example = example
+        @resource_class = resource_class
+        @name = name
+        @expected_tags = expected_tags
+      end
+
+      attr_reader :example
+      attr_reader :resource_class
+      attr_reader :name
+      attr_reader :expected_tags
+      def resource_name
+        @resource_class.resource_name
+      end
+
+      def match_failure_messages(recipe)
+        differences = []
+
+        # Check for object existence and properties
+        resource = resource_class.new(name, nil)
+        resource.driver example.driver
+        resource.managed_entry_store Chef::Provisioning.chef_managed_entry_store
+        @aws_object = resource.aws_object
+
+        # Check existence
+        if @aws_object.nil?
+          differences << "#{resource_name}[#{name}] did not exist!"
+        else
+          differences += match_hashes_failure_messages(expected_tags, aws_object_tags, "#{resource_name}[#{name}]")
+        end
+
+        differences
+      end
+
+      private
+
+      def aws_object_tags
+        if @aws_object.is_a? AWS::ELB::LoadBalancer
+          resp = @example.driver.elb.client.describe_tags load_balancer_names: [@aws_object.name]
+          tags = {}
+          resp.data[:tag_descriptions] && resp.data[:tag_descriptions].each do |td|
+            td[:tags].each do |t|
+              tags[t[:key]] = t[:value]
+            end
+          end
+          tags
+        else
+          @aws_object.tags.to_h
+        end
+      end
+    end
+  end
+end

data/spec/integration/aws_ebs_volume_spec.rb

@@ -8,10 +8,7 @@ describe Chef::Resource::AwsEbsVolume do
 
       it "aws_ebs_volume 'test_volume' creates an ebs volume" do
         expect_recipe {
-          aws_ebs_volume "test_volume" do
-            availability_zone 'a'
-            size 8
-          end
+          aws_ebs_volume "test_volume"
         }.to create_an_aws_ebs_volume('test_volume',
           :size => 8
         ).and be_idempotent
@@ -25,12 +22,16 @@ describe Chef::Resource::AwsEbsVolume do
           end
         }
         it "deletes the ebs volume" do
-          expect_recipe {
+          # TODO all the `with_*` and `expect_*` methods from Cheffish
+          # automatically converge the block - we don't want to do that,
+          # we want to let the `destroy_an*` matcher do that
+          r = recipe {
             aws_ebs_volume "test_volume" do
               action :destroy
             end
-          }.to destroy_an_aws_ebs_volume('test_volume')
-           .and be_idempotent
+          }
+          expect(r).to destroy_an_aws_ebs_volume('test_volume'
+          ).and be_idempotent
         end
       end
 
@@ -38,7 +39,6 @@ describe Chef::Resource::AwsEbsVolume do
         expect_recipe {
           aws_ebs_volume "test_volume_az" do
             availability_zone "#{driver.aws_config.region}a"
-            size 8
           end
         }.to create_an_aws_ebs_volume('test_volume_az')
          .and be_idempotent

data/spec/integration/aws_route_table_spec.rb

@@ -35,6 +35,39 @@ describe Chef::Resource::AwsRouteTable do
           ]
         ).and be_idempotent
       end
+
+      it "ignores routes whose target matches ignore_route_targets" do
+        eni = nil
+        expect_recipe {
+            aws_subnet 'test_subnet' do
+              vpc 'test_vpc'
+            end
+
+            eni = aws_network_interface 'test_network_interface' do
+              subnet 'test_subnet'
+            end
+
+            aws_route_table 'test_route_table' do
+              vpc 'test_vpc'
+              routes(
+                '0.0.0.0/0' => :internet_gateway,
+                '172.31.0.0/16' => eni
+              )
+            end
+  
+            aws_route_table 'test_route_table' do
+              vpc 'test_vpc'
+              routes '0.0.0.0/0' => :internet_gateway
+              ignore_route_targets ['^eni-']
+            end
+          }.to create_an_aws_route_table('test_route_table',
+            routes: [
+              { destination_cidr_block: '10.0.0.0/24', 'target.id' => 'local', state: :active },
+              { destination_cidr_block: '172.31.0.0/16', 'target.id' => eni.aws_object.id, state: :blackhole },
+              { destination_cidr_block: '0.0.0.0/0', 'target.id' => test_vpc.aws_object.internet_gateway.id, state: :active },
+            ]
+          ).and be_idempotent
+      end
     end
   end
 end

data/spec/integration/aws_security_group_spec.rb

@@ -1,4 +1,6 @@
 require 'spec_helper'
+require 'chef/resource/aws_security_group'
+require 'chef/provisioning/aws_driver/exceptions'
 
 describe Chef::Resource::AwsSecurityGroup do
   extend AWSSupport
@@ -18,6 +20,42 @@ describe Chef::Resource::AwsSecurityGroup do
         ).and be_idempotent
       end
 
+      it "can reference a security group by name or id" do
+        expect_recipe {
+          sg = aws_security_group 'test_sg'
+          sg.run_action(:create)
+          id = sg.aws_object.id
+          aws_security_group id do
+            inbound_rules '0.0.0.0/0' => 22
+          end
+          aws_security_group 'test_sg' do
+            security_group_id id
+            outbound_rules 22 => '0.0.0.0/0'
+          end
+        }.to create_an_aws_security_group('test_sg',
+          description:                'test_sg',
+          vpc_id:                     default_vpc.id,
+          ip_permissions_list: [
+            { groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}],  ip_protocol: "tcp", from_port: 22, to_port: 22},
+          ],
+          ip_permissions_list_egress: [
+            {groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}], ip_protocol: "tcp", from_port: 22, to_port: 22 }
+          ]
+
+        ).and be_idempotent
+      end
+
+      it "raises an error trying to reference a security group by an unknown id" do
+        expect_converge {
+          aws_security_group 'sg-12345678'
+        }.to raise_error(RuntimeError, /Chef::Resource::AwsSecurityGroup\[sg-12345678\] does not exist!/)
+        expect_converge {
+          aws_security_group 'test_sg' do
+            security_group_id 'sg-12345678'
+          end
+        }.to raise_error(RuntimeError, /Chef::Resource::AwsSecurityGroup\[sg-12345678\] does not exist!/)
+      end
+
     end
 
     with_aws "in a VPC" do
@@ -53,5 +91,53 @@ describe Chef::Resource::AwsSecurityGroup do
         ).and be_idempotent
       end
     end
+
+    with_aws "when narrowing from multiple VPCs" do
+      aws_vpc 'test_vpc1' do
+        cidr_block '10.0.0.0/24'
+      end
+      aws_vpc 'test_vpc2' do
+        cidr_block '10.0.0.0/24'
+      end
+      aws_security_group 'test_sg' do
+        vpc 'test_vpc1'
+      end
+      aws_security_group 'test_sg' do
+        vpc 'test_vpc2'
+      end
+
+      # We need to manually delete these because the auto-delete
+      # won't specify VPC
+      after(:context) do
+        converge {
+          aws_security_group 'test_sg' do
+            vpc 'test_vpc1'
+            action :destroy
+          end
+          aws_security_group 'test_sg' do
+            vpc 'test_vpc2'
+            action :destroy
+          end
+        }
+      end
+
+      it "raises an error if it finds multiple security groups" do
+        expect_converge {
+          r = aws_security_group 'test_sg'
+          r.aws_object
+        }.to raise_error(::Chef::Provisioning::AWSDriver::Exceptions::MultipleSecurityGroupError)
+      end
+
+      it "correctly returns the security group when vpc is specified" do
+        aws_obj = nil
+        expect_converge {
+          r = aws_security_group 'test_sg' do
+            vpc 'test_vpc1'
+          end
+          aws_obj = r.aws_object
+        }.to_not raise_error
+        expect(aws_obj.vpc.tags['Name']).to eq('test_vpc1')
+      end
+    end
   end
 end

data/spec/integration/aws_tagged_items_spec.rb

@@ -0,0 +1,160 @@
+require 'spec_helper'
+
+describe "AWS Tagged Items" do
+  extend AWSSupport
+
+  when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
+    with_aws "when connected to AWS" do
+      it "aws_ebs_volume 'test_volume' created with default Name tag" do
+        expect_recipe {
+          aws_ebs_volume "test_volume"
+        }.to create_an_aws_ebs_volume('test_volume'
+        ).and have_aws_ebs_volume_tags('test_volume',
+                       { 'Name' => 'test_volume' }
+        ).and be_idempotent
+      end
+
+      it "aws_ebs_volume 'test_volume' tags are updated" do
+        expect_recipe {
+          aws_ebs_volume "test_volume_a" do
+            aws_tags :byebye => 'true'
+          end
+        }.to create_an_aws_ebs_volume('test_volume_a'
+        ).and have_aws_ebs_volume_tags('test_volume_a',
+                                      { 'Name' => 'test_volume_a',
+                                        'byebye' => 'true'
+                                      }
+        ).and be_idempotent
+
+        expect_recipe {
+          aws_ebs_volume "test_volume_a" do
+            aws_tags 'Name' => 'test_volume_b', :project => 'X'
+          end
+        }.to update_an_aws_ebs_volume('test_volume_a'
+        ).and have_aws_ebs_volume_tags('test_volume_a',
+                                      { 'Name' => 'test_volume_b',
+                                        'project' => 'X'
+                                      }
+        ).and be_idempotent
+      end
+
+      it "aws_ebs_volume 'test_volume' tags are not changed when not updated" do
+        expect_recipe {
+          aws_ebs_volume "test_volume_c" do
+            aws_tags :byebye => 'true'
+          end
+        }.to create_an_aws_ebs_volume('test_volume_c'
+        ).and have_aws_ebs_volume_tags('test_volume_c',
+                                      { 'Name' => 'test_volume_c',
+                                        'byebye' => 'true'
+                                      }
+        ).and be_idempotent
+
+        expect_recipe {
+          aws_ebs_volume "test_volume_c"
+        }.to have_aws_ebs_volume_tags('test_volume_c',
+                                      { 'Name' => 'test_volume_c',
+                                        'byebye' => 'true'
+                                      }
+        ).and be_idempotent
+      end
+
+
+      it "aws_ebs_volume 'test_volume' created with new Name tag" do
+        expect_recipe {
+          aws_ebs_volume "test_volume_2" do
+            aws_tags :Name => 'test_volume_new'
+          end
+        }.to create_an_aws_ebs_volume('test_volume_2'
+        ).and have_aws_ebs_volume_tags('test_volume_2',
+                                      { 'Name' => 'test_volume_new' }
+        ).and be_idempotent
+      end
+
+      it "aws_ebs_volume 'test_volume' created with custom tag" do
+        expect_recipe {
+          aws_ebs_volume "test_volume_3" do
+            aws_tags :project => 'aws-provisioning'
+          end
+        }.to create_an_aws_ebs_volume('test_volume_3'
+        ).and have_aws_ebs_volume_tags('test_volume_3',
+                                      { 'Name' => 'test_volume_3',
+                                        'project' => 'aws-provisioning'
+                                      }
+        ).and be_idempotent
+      end
+
+      it "aws_instance 'test_instance' created with custom tag", :super_slow do
+        expect_recipe {
+          machine 'test_instance' do
+            action :allocate
+          end
+        }.to create_an_aws_instance('test_instance')
+
+        expect_recipe {
+          aws_instance "test_instance" do
+            aws_tags :project => 'FUN'
+          end
+        }.to update_an_aws_instance('test_instance'
+        ).and have_aws_instance_tags('test_instance',
+                                      { 'Name' => 'test_instance',
+                                        'project' => 'FUN'
+                                      }
+        ).and be_idempotent
+      end
+
+      it "machine 'test_machine' created using machine_options aws_tag", :super_slow do
+        expect_recipe {
+          machine 'test_machine' do
+            machine_options :aws_tags => { :mach_opt_sym => 'value', 'mach_opt_str' => 'value' }
+            action :allocate
+          end
+        }.to create_an_aws_instance('test_machine'
+        ).and have_aws_instance_tags('test_machine',
+                                      { 'Name' => 'test_machine',
+                                        'mach_opt_sym' => 'value',
+                                        'mach_opt_str' => 'value'
+                                      }
+        ).and be_idempotent
+      end
+
+      it "machine 'test_machine_2' created using default with_machine_options aws_tag", :super_slow do
+        expect_recipe {
+          with_machine_options :aws_tags => { :default => 'value1' }
+
+          machine 'test_machine_2' do
+            action :allocate
+          end
+        }.to create_an_aws_instance('test_machine_2'
+        ).and have_aws_instance_tags('test_machine_2',
+                                      { 'Name' => 'test_machine_2',
+                                        'default' => 'value1'
+                                      }
+        ).and be_idempotent
+      end
+
+      it "load balancer 'lbtest' tagged with load_balancer_options" do
+        expect_recipe {
+          load_balancer 'lbtest' do
+            load_balancer_options :aws_tags => { :marco => 'polo', 'happyhappy' => 'joyjoy' },
+                                  :availability_zones => ["#{driver.aws_config.region}a", "#{driver.aws_config.region}b"] # TODO should enchance to accept letter AZs
+          end
+        }.to create_an_aws_load_balancer('lbtest'
+        ).and have_aws_load_balancer_tags('lbtest',
+                                            { 'marco' => 'polo',
+                                              'happyhappy' => 'joyjoy'
+                                            }
+        ).and be_idempotent
+        expect_recipe {
+          load_balancer 'lbtest' do
+            load_balancer_options :aws_tags => { :default => 'value1' }
+          end
+        }.to update_an_aws_load_balancer('lbtest'
+        ).and have_aws_load_balancer_tags('lbtest',
+                                            { 'default' => 'value1' }
+        ).and be_idempotent
+      end
+
+    end
+  end
+end