chef-provisioning-aws 1.10.0 → 1.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a6942ab3aca17cfa681e5023c373ceca03447728
-  data.tar.gz: 937b97d44672eb3c4aa85e2730211b09f03d218e
+  metadata.gz: b8a5c0aed646021b3eaf7a62862172f5c7fe2de7
+  data.tar.gz: 484a6c780d5194f447e1929a234a73343a0ac651
 SHA512:
-  metadata.gz: 7a265b44bc28a8f62cc24c2d054cb4d1a9aec99b72c3a7f219f5e07498fb3e4923cdc3ffada912945df7968c5ba7f8a952de12255d764bd7da7abcda6d16467c
-  data.tar.gz: 7bb902bc96c98c8116f033416ad68823f93265396deb41c43ff8cdea6787e88f7bfe9207216c025d2e204d78d89e7c3db329575c145298035f1a6c3d637d055f
+  metadata.gz: cbb4e40771fdac35dbbf3cca8a60a09f2f0860d57595fb8078111f6081c6a0dd64f08fa64a453442d242613f6b7d86a526cc9b1a5b678422a8785bd17cd05cbe
+  data.tar.gz: 8ea07beb763fc0997070a9b61e2d7c45e66a4977bf6800d253ef9c1a146199562083854a52a4982abb76a4a069878a7b693c7dcc7a41e48be64f680a6bfadcb1

data/lib/chef/provisioning/aws_driver/driver.rb

@@ -340,8 +340,8 @@ module AWSDriver
               elsif ! server_certificate_eql?(listener.server_certificate,
                                               server_cert_from_spec(desired_listener))
                 # Server certificate is mutable - if no immutable changes required a full recreate, update cert
-                perform_action.call("    update server certificate from #{listener.server_certificate} to #{desired_listener[:server_certificate]}") do
-                  listener.server_certificate = desired_listener[:server_certificate]
+                perform_action.call("    update server certificate from #{listener.server_certificate} to #{server_cert_from_spec(desired_listener)}") do
+                  listener.server_certificate = server_cert_from_spec(desired_listener)
                 end
               end
 
@@ -356,7 +356,7 @@ module AWSDriver
             updates << "    set protocol to #{listener[:protocol].inspect}"
             updates << "    set instance port to #{listener[:instance_port].inspect}"
             updates << "    set instance protocol to #{listener[:instance_protocol].inspect}"
-            updates << "    set server certificate to #{listener[:server_certificate]}" if listener[:server_certificate]
+            updates << "    set server certificate to #{server_cert_from_spec(listener)}" if server_cert_from_spec(listener)
             perform_action.call(updates) do
               actual_elb.listeners.create(listener)
             end
@@ -1163,7 +1163,12 @@ EOD
 
       #Enable pty by default
       options[:ssh_pty_enable] = true
-      options[:ssh_gateway] = machine_spec.reference['ssh_gateway'] if machine_spec.reference.has_key?('ssh_gateway')
+
+      if machine_spec.reference.has_key?('ssh_gateway')
+        options[:ssh_gateway] = machine_spec.reference['ssh_gateway']
+      elsif machine_options[:ssh_gateway]
+        options[:ssh_gateway] = machine_options[:ssh_gateway]
+      end
 
       Chef::Provisioning::Transport::SSH.new(remote_host, username, ssh_options, options, config)
     end

data/lib/chef/provisioning/aws_driver/version.rb

@@ -1,7 +1,7 @@
 class Chef
 module Provisioning
 module AWSDriver
-  VERSION = '1.10.0'
+  VERSION = '1.11.0'
 end
 end
 end

data/lib/chef/resource/aws_ebs_volume.rb

@@ -20,7 +20,7 @@ class Chef::Resource::AwsEbsVolume < Chef::Provisioning::AWSDriver::AWSResourceW
   attribute :device,            kind_of: String
 
   attribute :volume_id,         kind_of: String, aws_id_attribute: true, default: lazy {
-    name =~ /^vol-[a-f0-9]{8}$/ ? name : nil
+    name =~ /^vol-(?:[a-f0-9]{8}|[a-f0-9]{17})$/ ? name : nil
   }
 
   def aws_object

data/lib/chef/resource/aws_route53_hosted_zone.rb

@@ -126,7 +126,7 @@ class Chef::Provider::AwsRoute53HostedZone < Chef::Provisioning::AWSDriver::AWSP
       if record_set_resources
         populate_zone_info(record_set_resources, zone)
 
-        change_list = record_set_resources.map { |rs| rs.to_aws_change_struct(CREATE) }
+        change_list = record_set_resources.map { |rs| rs.to_aws_change_struct(UPDATE) }
 
         new_resource.driver.route53_client.change_resource_record_sets(hosted_zone_id: new_resource.aws_route53_zone_id,
                                                                        change_batch: {

data/lib/chef/resource/aws_route53_record_set.rb

@@ -80,10 +80,11 @@ class Chef::Resource::AwsRoute53RecordSet < Chef::Provisioning::AWSDriver::Super
                 raise(::Chef::Exceptions::ValidationFailed,
                       "CNAME records may only have a single value (a hostname).")
 
-    when "TXT", "PTR", "AAAA", "SPF"
+
+    when "SOA", "NS", "TXT", "PTR", "AAAA", "SPF"
       true
     else
-      raise ArgumentError, "Argument '#{type}' must be one of #{%w(A MX SRV CNAME TXT PTR AAAA SPF)}"
+      raise ArgumentError, "Argument '#{type}' must be one of #{%w(SOA NS A MX SRV CNAME TXT PTR AAAA SPF)}"
     end
   end
 

data/lib/chef/resource/aws_subnet.rb

@@ -76,7 +76,7 @@ class Chef::Resource::AwsSubnet < Chef::Provisioning::AWSDriver::AWSResourceWith
   #
   # By default, an implicit association with the main route table is made (`:default_to_main`)
   #
-  attribute :route_table#, kind_of: [ String, AwsRouteTable, AWS::EC2::RouteTable ], equal_to: [ :default_to_main ]
+  attribute :route_table#, kind_of: [ String, AwsRouteTable, ::Aws::EC2::RouteTable ], equal_to: [ :default_to_main ]
 
   #
   # The Network ACL to associate with this subnet. Subnets may only

data/lib/chef/resource/aws_vpc.rb

@@ -79,7 +79,7 @@ class Chef::Resource::AwsVpc < Chef::Provisioning::AWSDriver::AWSResourceWithEnt
   # - An actual `aws_route_table` resource.
   # - An AWS `route_table` object.
   #
-  attribute :main_route_table, kind_of: [ String, AwsRouteTable, AWS::EC2::RouteTable ]
+  attribute :main_route_table, kind_of: [ String, AwsRouteTable, ::Aws::EC2::RouteTable ]
 
   #
   # The routes for the main route table.

data/spec/integration/aws_route53_hosted_zone_spec.rb

@@ -384,6 +384,17 @@ describe Chef::Resource::AwsRoute53HostedZone do
                 resource_records: [{ value: "10 50 8889 chef-server.example.com" },
                                    { value: "20 70 80 narf.net" }],
               },
+              soa: {
+                name: "feegle.com.",
+                type: "SOA",
+                resource_records: [{ value: "ns-1641.awsdns-13.co.uk. awsdns-hostmaster.amazon.com. 2 7200 900 1209600 86400"}],
+              },
+              ns: {
+                name: "feegle.com.",
+                type: "NS",
+                resource_records: [{ value: "ns1.amazon.com." },
+                                   { value: "ns2.amazon.org." }],
+              },
             }}
 
             it "handles CNAME records" do
@@ -482,6 +493,38 @@ describe Chef::Resource::AwsRoute53HostedZone do
               }.to raise_error(Chef::Exceptions::ValidationFailed, /MX records must have a priority and mail server/)
             end
 
+            it "handles SOA records" do
+              expect_recipe {
+                aws_route53_hosted_zone "feegle.com" do
+                  record_sets {
+                    aws_route53_record_set "SOA-host" do
+                      rr_name "feegle.com."
+                      type "SOA"
+                      ttl 300
+                      resource_records ["ns-1641.awsdns-13.co.uk. awsdns-hostmaster.amazon.com. 2 7200 900 1209600 86400"]
+                    end
+                  }
+                end
+              }.to create_an_aws_route53_hosted_zone("feegle.com",
+                                                     resource_record_sets: [ {}, expected[:soa] ]).and be_idempotent
+            end
+
+            it "handles NS records" do
+              expect_recipe {
+                aws_route53_hosted_zone "feegle.com" do
+                  record_sets {
+                    aws_route53_record_set "NS-host" do
+                      rr_name "feegle.com."
+                      type "NS"
+                      ttl 300
+                      resource_records %w[ns1.amazon.com. ns2.amazon.org.]
+                    end
+                  }
+                end
+              }.to create_an_aws_route53_hosted_zone("feegle.com",
+                                                     resource_record_sets: [ expected[:ns], {} ]).and be_idempotent
+            end
+
             # we don't validate TXT values:
             # http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html#TXTFormat
             it "handles TXT records" do

data/spec/integration/load_balancer_spec.rb

@@ -16,7 +16,7 @@ describe Chef::Resource::LoadBalancer do
         recursive_delete true
       end
 
-      cert_string = "-----BEGIN CERTIFICATE-----\nMIIDejCCAmICCQCpupMy/LKfLTANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJV\nUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTENMAsGA1UE\nChMEQ2hlZjEMMAoGA1UECxMDRGV2MQ4wDAYDVQQDEwVUeWxlcjEcMBoGCSqGSIb3\nDQEJARYNdHlsZXJAY2hlZi5pbzAeFw0xNTA4MDQwMDI1NDFaFw0xNjA4MDMwMDI1\nNDFaMH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH\nEwdTZWF0dGxlMQ0wCwYDVQQKEwRDaGVmMQwwCgYDVQQLEwNEZXYxDjAMBgNVBAMT\nBVR5bGVyMRwwGgYJKoZIhvcNAQkBFg10eWxlckBjaGVmLmlvMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4gFxNSzwwwYrYTTOCNVQL/agpIXmQKKtkE7\n+Up+waOdSR2iZvgc4fowAqQQ5dtVtur6LEA2LDlLILE+7MhlBxPc3V99lhi5p/Pv\neGCPI7k9sYT0iPJwiqvW+/nCo93QoNpUUDgb6WpT/RENFESn99nTE5NjxNx560aq\nSxAPHTogJEz3wC8c6mQQoANOuXzNb41wvOCUI7Tku76AQ9uECFUjtYpXpx8komaY\nAPtwzr87LGdSysE75roagews2MzAJgGG16oUBsJzT45MlIyQorN3AjoZ3fze6kop\nOhAWeYUM61rwTq7JtLXtBG/9yJzTd/eWU8c4cSK8zePx48X9TQIDAQABMA0GCSqG\nSIb3DQEBBQUAA4IBAQBXJQSpDkjxyljnSWjBur4XikLlFuEpdAdu0MILM3GnS3rT\ntoCVPG2U1d+KkhYG0Y9TBxHpK+3lDGYNyFYJN0STzL4cFzMgQlmZKFhVi/YJWKYO\nj9baIB3dy2k8b2XdDe3WxyycQpHjHhFPqpOTMGNV/1PwJNZGQEjc/svr8EalxvZB\neMb3Kk94K7yohvhT+Ze//rr4ArlM1zvEv3QMwSuyJBA2gtH7FgFKWohZnubW+3uc\n9W/Ux/3O1+BKDWp6zyqn/b2SSF51Jt3tSCF+hIMKYeJnJojY/AF9tQ+DtE8EKYRD\n/qzXX2MQLbhm1AzLt4PN63r96ADYlHhOJGNa9ocS\n-----END CERTIFICATE-----"
+      cert_string = "-----BEGIN CERTIFICATE-----\nMIIDlDCCAnygAwIBAgIJAOR3PCV+XjkpMA0GCSqGSIb3DQEBBQUAMDoxCzAJBgNV\nBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRYwFAYDVQQKEw1DaGVmIFNvZnR3\nYXJlMB4XDTE2MDgwMzE2MTUwNVoXDTQzMTIyMDE2MTUwNVowOjELMAkGA1UEBhMC\nVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxFjAUBgNVBAoTDUNoZWYgU29mdHdhcmUw\nggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPiAXE1LPDDBithNM4I1VA\nv9qCkheZAoq2QTv5Sn7Bo51JHaJm+Bzh+jACpBDl21W26vosQDYsOUsgsT7syGUH\nE9zdX32WGLmn8+94YI8juT2xhPSI8nCKq9b7+cKj3dCg2lRQOBvpalP9EQ0URKf3\n2dMTk2PE3HnrRqpLEA8dOiAkTPfALxzqZBCgA065fM1vjXC84JQjtOS7voBD24QI\nVSO1ilenHySiZpgA+3DOvzssZ1LKwTvmuhqB7CzYzMAmAYbXqhQGwnNPjkyUjJCi\ns3cCOhnd/N7qSik6EBZ5hQzrWvBOrsm0te0Eb/3InNN395ZTxzhxIrzN4/Hjxf1N\nAgMBAAGjgZwwgZkwHQYDVR0OBBYEFOxyNX8IT5AqXXIlIx49yxf/IYLOMGoGA1Ud\nIwRjMGGAFOxyNX8IT5AqXXIlIx49yxf/IYLOoT6kPDA6MQswCQYDVQQGEwJVUzET\nMBEGA1UECBMKU29tZS1TdGF0ZTEWMBQGA1UEChMNQ2hlZiBTb2Z0d2FyZYIJAOR3\nPCV+XjkpMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBALagR0Da4UgO\nQap+dbZV6w/xsGuDE8nmb+nT40e5t06H1dlJtqv1KQiZvTE2F4qdb3gNTLriST5d\nIBgb9NvfVwkUx5J/PNJPwGkLGLgPk7SdGZeIht081wm/OQ/EcadAx8hI778AR877\ng6ni7QG+uJsIsuAnsTWC7T+/QNkVp0WvPw2CWPgmWm5Hg4zK6KUMQ5zKi91mMkzv\nclUpgp1qdQOwbS9tDygz5MBsThdsxKZ90I8AxDsPNGFxDZJg9Dj2IvETC3pVvGlh\nMlr7hdYITWdCEPEntDKPA4OOqpJhcfxGbN+Ze/XhpYbqOG9aPYU6w4oqcmjinf+j\nySQz2RMQ9To=\n-----END CERTIFICATE-----"
       private_key_string = "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAz4gFxNSzwwwYrYTTOCNVQL/agpIXmQKKtkE7+Up+waOdSR2i\nZvgc4fowAqQQ5dtVtur6LEA2LDlLILE+7MhlBxPc3V99lhi5p/PveGCPI7k9sYT0\niPJwiqvW+/nCo93QoNpUUDgb6WpT/RENFESn99nTE5NjxNx560aqSxAPHTogJEz3\nwC8c6mQQoANOuXzNb41wvOCUI7Tku76AQ9uECFUjtYpXpx8komaYAPtwzr87LGdS\nysE75roagews2MzAJgGG16oUBsJzT45MlIyQorN3AjoZ3fze6kopOhAWeYUM61rw\nTq7JtLXtBG/9yJzTd/eWU8c4cSK8zePx48X9TQIDAQABAoIBAA8teoaHq9Hy+4cN\nNMlhRCXlIhz0hEdLeUuU/8benOCaj7E+OpdfQ/V+763xw86buOwUyVEdLRkU45qz\ne8+jZEgdOsTx6+RjUIio/XWHUlChhpKKD7xIRtTNdn6dKJAFc/GfphTr1Za/kP7s\nFVHLJ6Gny5kd6WkHWt9LHr84oHJZoSjR6YDYdSTL+NtVTwqsKj4EfNY8JAPJI/xI\n9A9t57pvXzwdiya/vXPGytgwkHC/HHWp2sgFvKtJUzuGH0ETDlys9mvXoVQeZ0d9\njhzwIwWAoyvTY9FsUBTCD0aO8r2ylsDVIo2b2cEAZ0Z77OGMUt4sock88sDIICnO\nZVjhV50CgYEA8hKTHpI5ENFvYrTckrc+PnPw7B7xHCCB84ut/CiwzawYRjUx/mtm\nCYYR1xAXdEFrBC21i4Ri8LAIrAQiFGydg2oh4ZQcnEMGKZ0F2VXlsidVNN2tW/50\n8kEaPHPVeP6Trt2kPtpQnhDcuQXbPmOgPBIY2j6nu/Go25e8eICkfhsCgYEA23iy\n8Og1SWZlV5b3ZFyolZiZ9kp0cwyXUGWxUZyw33gBmK6BFkscflI1vfNutxnTDjNl\nALLRoAeIApvXTMFOMUPJsDk90pO7rdlfLznU27lKPyCDkvDGmjCvGGDXrnvi+cc3\ngB3ERfrLJCMoMk9lyg7/KEzzsIjvtTRO79atCLcCgYAGT/+wI2YDj0KVU1wRI2An\nJsTYk3H8Jsjcvf66faEmq98yLX7xQIG3q9xZPF0wNeiBgmOikMA3wI9pVO5ClBaD\nb8gUZtVcKc9GVIbrhPbpb2ckasdzh64rBxGVE/w0HIdjXvpCfVTu2ke3N3ThKp3q\nExq8zjd3ijS6DTnn9orTkwKBgQCxVwpgl4HXWaIx8I7ezfB7UN+3n9oQzO/HyyRI\n6fAR4oqHsRolxXO0rwE2B+pCkd907hqDQfsY8Hz6fqquHtTsAfaLKvXFnhJdG/RJ\n2NUi5soT0FYA+gXAue4CKN6e4wQ5CLzUDTl3wns7LB1i6b06VHvhOK0AzOXE6guO\nyUzwaQKBgDCrGz6IrxEUWl6C14xNNRZBvYTY9oCQpUnup1gMxATJZm4KelKvtKz2\nU1MXpc1i395e+E+tjNAQg0JcBmwkHOMl8c/oAESWPxi11ezalGtUXjIgjBkqqNUE\n/uFqRpNFGwI09JolIqhBTgPWFq6MuuPDJ9IIGJZDQoGEBKmu0k2r\n-----END RSA PRIVATE KEY-----"
 
       aws_server_certificate "load_balancer_cert" do
@@ -24,6 +24,11 @@ describe Chef::Resource::LoadBalancer do
         private_key private_key_string
       end
 
+      aws_server_certificate "load_balancer_cert_2" do
+        certificate_body cert_string
+        private_key private_key_string
+      end
+
       it "creates a load_balancer with the maximum attributes" do
         expect_recipe {
           load_balancer 'test-load-balancer' do
@@ -173,6 +178,13 @@ describe Chef::Resource::LoadBalancer do
                 :protocol => :http,
                 :instance_port => 80,
                 :instance_protocol => :http,
+            },
+            {
+                :port => 8443,
+                :protocol => :https,
+                :instance_port => 80,
+                :instance_protocol => :http,
+                :ssl_certificate_id => load_balancer_cert.aws_object.arn
             }],
             subnets: ["test_public_subnet"],
             security_groups: ["test_security_group"],
@@ -219,6 +231,13 @@ describe Chef::Resource::LoadBalancer do
                     :instance_port => 8080,
                     :instance_protocol => :http,
                     :ssl_certificate_id => load_balancer_cert.aws_object.arn
+                },
+                {
+                    :port => 8443,
+                    :protocol => :https,
+                    :instance_port => 80,
+                    :instance_protocol => :http,
+                    :ssl_certificate_id => load_balancer_cert_2.aws_object.arn
                 }],
                 subnets: ["test_public_subnet2"],
                 security_groups: ["test_security_group2"],
@@ -262,6 +281,13 @@ describe Chef::Resource::LoadBalancer do
                 :instance_port => 8080,
                 :instance_protocol => :http,
                 :server_certificate => {arn: load_balancer_cert.aws_object.arn}
+            },
+            {
+                :port => 8443,
+                :protocol => :https,
+                :instance_port => 80,
+                :instance_protocol => :http,
+                :server_certificate => {arn: load_balancer_cert_2.aws_object.arn}
             }],
             subnets: [test_public_subnet2.aws_object],
             security_groups: [test_security_group2.aws_object],

data/spec/integration/machine_spec.rb

@@ -53,6 +53,33 @@ describe Chef::Resource::Machine do
         # The non-idempotence is that it runs chef again, not that it unecessarily modifies the aws_object
       end
 
+      it "successfully converges a machine with custom ssh options", :super_slow do
+        expect_recipe {
+          machine 'test_machine' do
+            machine_options bootstrap_options: {
+              subnet_id: 'test_public_subnet',
+              key_name: 'test_key_pair'
+            },
+            ssh_username: "ubuntu", # Username to use for ssh and WinRM
+            ssh_options: { # a list of options to Net::SSH.start
+              :auth_methods => [ 'publickey' ], # DEFAULT
+              :keys_only => true, # DEFAULT
+              :forward_agent => true, # you may want your ssh-agent to be available on your provisioned machines
+              :remote_forwards => [
+                  # Give remote host access to private git server
+                  {:remote_port => 2222, :local_host => 'git.example.com', :local_port => 22,},
+              ],
+              # You can send net-ssh log info to the Chef::Log if you are having
+              # trouble with ssh.
+              :logger => Chef::Log,
+            }
+          end
+        }.to create_an_aws_instance('test_machine'
+        )#.and be_idempotent
+        # Bug - machine resource with :converge action isn't idempotent
+        # The non-idempotence is that it runs chef again, not that it unecessarily modifies the aws_object
+      end
+
       it "machine with source_dest_check false creates a machine with no source dest check", :super_slow do
         expect_recipe {
           machine 'test_machine' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-provisioning-aws
 version: !ruby/object:Gem::Version
-  version: 1.10.0
+  version: 1.11.0
 platform: ruby
 authors:
 - John Ewart
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-06-16 00:00:00.000000000 Z
+date: 2016-08-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-provisioning