chef-provisioning-aws 1.2.1 → 1.3.0

data/lib/chef/provider/aws_vpc.rb

@@ -42,6 +42,7 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
 
     converge_by "create new VPC #{new_resource.name} in #{region}" do
       vpc = new_resource.driver.ec2.vpcs.create(new_resource.cidr_block, options)
+      wait_for_state(vpc, [:available])
       vpc.tags['Name'] = new_resource.name
       vpc
     end

data/lib/chef/provisioning/aws_driver.rb

@@ -2,6 +2,9 @@ require 'chef/provisioning'
 require 'chef/provisioning/aws_driver/driver'
 
 require "chef/resource/aws_auto_scaling_group"
+require "chef/resource/aws_cache_cluster"
+require "chef/resource/aws_cache_replication_group"
+require "chef/resource/aws_cache_subnet_group"
 require "chef/resource/aws_dhcp_options"
 require "chef/resource/aws_ebs_volume"
 require "chef/resource/aws_eip_address"
@@ -10,6 +13,7 @@ require "chef/resource/aws_instance"
 require "chef/resource/aws_internet_gateway"
 require "chef/resource/aws_launch_configuration"
 require "chef/resource/aws_load_balancer"
+require "chef/resource/aws_network_acl"
 require "chef/resource/aws_network_interface"
 require "chef/resource/aws_route_table"
 require "chef/resource/aws_s3_bucket"

data/lib/chef/provisioning/aws_driver/aws_provider.rb

@@ -288,5 +288,30 @@ class AWSProvider < Chef::Provider::LWRPBase
     end
   end
 
+  # Wait until aws_object obtains one of expected_state
+  #
+  # @param aws_object Aws SDK Object to check state on
+  # @param expected_state [Symbol,Array<Symbol>] Final state(s) to look for
+  # @param acceptable_errors [Exception,Array<Exception>] Acceptable errors that are caught and squelched
+  # @param tries [Integer] Number of times to check state
+  # @param sleep [Integer] Time to wait between checking states
+  #
+  def wait_for_state(aws_object, expected_states, acceptable_errors = [], tries=60, sleep=5)
+    acceptable_errors = [acceptable_errors].flatten
+    expected_states = [expected_states].flatten
+    current_state = aws_object.state
+
+    Retryable.retryable(:tries => tries, :sleep => sleep, :on => StatusTimeoutError) do |retries, exception|
+      action_handler.report_progress "waited #{retries*sleep}/#{tries*sleep}s for #{aws_object.id} state to change to #{expected_states.inspect}..."
+      begin
+        current_state = aws_object.state
+        unless expected_states.include?(current_state)
+          raise StatusTimeoutError.new(aws_object, current_state, expected_states)
+        end
+      rescue *acceptable_errors
+      end
+    end
+  end
+
 end
 end

data/lib/chef/provisioning/aws_driver/aws_resource.rb

@@ -25,8 +25,13 @@ class AWSResource < Chef::Provisioning::AWSDriver::SuperLWRP
       super
     end
   end
-  def action=(value)
-    action(value)
+
+  # In Chef < 12.4 we need to define this method.  In > 12.4 this method is
+  # already defined for us so we don't need to overwrite it.
+  unless defined?(:action=)
+    def action=(value)
+      action(value)
+    end
   end
 
   #

data/lib/chef/provisioning/aws_driver/driver.rb

@@ -1,4 +1,5 @@
 require 'chef/mixin/shell_out'
+require 'chef/mixin/deep_merge'
 require 'chef/provisioning/driver'
 require 'chef/provisioning/convergence_strategy/install_cached'
 require 'chef/provisioning/convergence_strategy/install_sh'
@@ -21,7 +22,7 @@ require 'chef/provisioning/aws_driver/credentials'
 require 'yaml'
 require 'aws-sdk-v1'
 require 'retryable'
-
+require 'ubuntu_ami'
 
 # loads the entire aws-sdk
 AWS.eager_autoload!
@@ -33,6 +34,7 @@ module AWSDriver
   class Driver < Chef::Provisioning::Driver
 
     include Chef::Mixin::ShellOut
+    include Chef::Mixin::DeepMerge
 
     attr_reader :aws_config
 
@@ -69,6 +71,9 @@ module AWSDriver
     # Load balancer methods
     def allocate_load_balancer(action_handler, lb_spec, lb_options, machine_specs)
       lb_options = AWSResource.lookup_options(lb_options || {}, managed_entry_store: lb_spec.managed_entry_store, driver: self)
+      # We delete the attributes here because they are not valid in the create call
+      # and must be applied afterward
+      lb_attributes = lb_options.delete(:attributes)
 
       old_elb = nil
       actual_elb = load_balancer_for(lb_spec)
@@ -304,6 +309,21 @@ module AWSDriver
       }
       converge_tags(actual_elb, lb_options[:aws_tags], action_handler, read_tags_block, set_tags_block, delete_tags_block)
 
+      # Update load balancer attributes
+      if lb_attributes
+        current = elb.client.describe_load_balancer_attributes(load_balancer_name: actual_elb.name)[:load_balancer_attributes]
+        # Need to do a deep copy w/ Marshal load/dump to avoid overwriting current
+        desired = deep_merge!(lb_attributes, Marshal.load(Marshal.dump(current)))
+        if current != desired
+          perform_action.call("  updating attributes to #{desired.inspect}") do
+            elb.client.modify_load_balancer_attributes(
+              load_balancer_name: actual_elb.name,
+              load_balancer_attributes: desired.to_hash
+            )
+          end
+        end
+      end
+
       # Update instance list, but only if there are machines specified
       if machine_specs
         actual_instance_ids = actual_elb.instances.map { |i| i.instance_id }
@@ -522,6 +542,10 @@ EOD
       @elb ||= AWS::ELB.new(config: aws_config)
     end
 
+    def elasticache
+      @elasticache ||= AWS::ElastiCache::Client.new(config: aws_config)
+    end
+
     def iam
       @iam ||= AWS::IAM.new(config: aws_config)
     end
@@ -675,31 +699,42 @@ EOD
                            end
     end
 
-    def default_ami_for_region(region)
-      Chef::Log.debug("Choosing default AMI for region '#{region}'")
+    def default_ami_arch
+      'amd64'
+    end
 
-      case region
-        when 'ap-northeast-1'
-          'ami-6cbca76d'
-        when 'ap-southeast-1'
-          'ami-04c6ec56'
-        when 'ap-southeast-2'
-          'ami-c9eb9ff3'
-        when 'eu-west-1'
-          'ami-5f9e1028'
-        when 'eu-central-1'
-          'ami-56c2f14b'
-        when 'sa-east-1'
-          'ami-81f14e9c'
-        when 'us-east-1'
-          'ami-12793a7a'
-        when 'us-west-1'
-          'ami-6ebca42b'
-        when 'us-west-2'
-          'ami-b9471c89'
-        else
-          raise 'Unsupported region!'
+    def default_ami_release
+      'vivid'
+    end
+
+    def default_ami_root_store
+      'ebs'
+    end
+
+    def default_ami_virtualization_type
+      'hvm'
+    end
+
+    def default_ami_for_criteria(region, arch, release, root_store, virtualization_type)
+      ami = Ubuntu.release(release).amis.find do |ami|
+        ami.arch == arch &&
+        ami.root_store == root_store &&
+        ami.region == region &&
+        ami.virtualization_type == virtualization_type
       end
+
+      ami.name || fail("Default AMI not found")
+    end
+
+    def default_ami_for_region(region, criteria = {})
+      Chef::Log.debug("Choosing default AMI for region '#{region}'")
+
+      arch = criteria['arch'] || default_ami_arch
+      release = criteria['release'] || default_ami_release
+      root_store = criteria['root_store'] || default_ami_root_store
+      virtualization_type = criteria['virtualization_type'] || default_ami_virtualization_type
+
+      default_ami_for_criteria(region, arch, release, root_store, virtualization_type)
     end
 
     def create_winrm_transport(machine_spec, machine_options, instance)

data/lib/chef/provisioning/aws_driver/version.rb

@@ -1,7 +1,7 @@
 class Chef
 module Provisioning
 module AWSDriver
-  VERSION = '1.2.1'
+  VERSION = '1.3.0'
 end
 end
 end

data/lib/chef/resource/aws_cache_cluster.rb

@@ -0,0 +1,37 @@
+require 'chef/provisioning/aws_driver/aws_resource'
+require 'chef/resource/aws_security_group'
+
+class Chef::Resource::AwsCacheCluster < Chef::Provisioning::AWSDriver::AWSResource
+  # Note: There isn't actually an SDK class for Elasticache.
+  aws_sdk_type AWS::ElastiCache
+
+  # See http://docs.aws.amazon.com/AWSRubySDK/latest/AWS/ElastiCache/Client/V20140930.html#create_cache_cluster-instance_method
+  # for information on possible values for each attribute. Values are passed
+  # straight through to AWS, with the exception of security_groups, which
+  # may contain a reference to a Chef aws_security_group resource.
+  attribute :cluster_name, kind_of: String, name_attribute: true
+  attribute :az_mode, kind_of: String
+  attribute :preferred_availability_zone, kind_of: String
+  attribute :preferred_availability_zones,
+            kind_of: [ String, Array ],
+            coerce: proc { |v| [v].flatten }
+  attribute :number_nodes, kind_of: Integer, default: 1
+  attribute :node_type, kind_of: String, required: true
+  attribute :engine, kind_of: String, required: true
+  attribute :engine_version, kind_of: String, required: true
+  attribute :subnet_group_name, kind_of: String
+  attribute :security_groups,
+            kind_of: [ String, Array, AwsSecurityGroup, AWS::EC2::SecurityGroup ],
+            required: true,
+            coerce: proc { |v| [v].flatten }
+
+  def aws_object
+    begin
+      driver.elasticache
+        .describe_cache_clusters(cache_cluster_id: cluster_name)
+        .data[:cache_clusters].first
+    rescue AWS::ElastiCache::Errors::CacheClusterNotFound
+      nil
+    end
+  end
+end

data/lib/chef/resource/aws_cache_replication_group.rb

@@ -0,0 +1,37 @@
+require 'chef/provisioning/aws_driver/aws_resource'
+require 'chef/resource/aws_security_group'
+
+class Chef::Resource::AwsCacheReplicationGroup < Chef::Provisioning::AWSDriver::AWSResource
+  # Note: There isn't actually an SDK class for Elasticache.
+  aws_sdk_type AWS::ElastiCache
+
+  # See http://docs.aws.amazon.com/AWSRubySDK/latest/AWS/ElastiCache/Client/V20140930.html#create_replication_group-instance_method
+  # for information on possible values for each attribute. Values are passed
+  # straight through to AWS, with the exception of security_groups, which
+  # may contain a reference to a Chef aws_security_group resource.
+  attribute :group_name, kind_of: String, name_attribute: true
+  attribute :description, kind_of: String, required: true
+  attribute :automatic_failover, kind_of: [TrueClass, FalseClass], default: false
+  attribute :number_cache_clusters, kind_of: Integer, default: 2
+  attribute :node_type, kind_of: String, required: true
+  attribute :engine, kind_of: String, required: true
+  attribute :engine_version, kind_of: String, required: true
+  attribute :subnet_group_name, kind_of: String
+  attribute :security_groups,
+            kind_of: [ String, Array, AwsSecurityGroup, AWS::EC2::SecurityGroup ],
+            required: true,
+            coerce: proc { |v| [v].flatten }
+  attribute :preferred_availability_zones,
+            kind_of: [ String, Array ],
+            coerce: proc { |v| [v].flatten }
+
+  def aws_object
+    begin
+      driver.elasticache
+        .describe_replication_groups(replication_group_id: group_name)
+        .data[:replication_groups].first
+    rescue AWS::ElastiCache::Errors::ReplicationGroupNotFoundFault
+      nil
+    end
+  end
+end

data/lib/chef/resource/aws_cache_subnet_group.rb

@@ -0,0 +1,28 @@
+require 'chef/provisioning/aws_driver/aws_resource'
+require 'chef/resource/aws_subnet'
+
+class Chef::Resource::AwsCacheSubnetGroup < Chef::Provisioning::AWSDriver::AWSResource
+  # Note: There isn't actually an SDK class for Elasticache.
+  aws_sdk_type AWS::ElastiCache, id: :group_name
+
+  # See http://docs.aws.amazon.com/AWSRubySDK/latest/AWS/ElastiCache/Client/V20140930.html#create_cache_subnet_group-instance_method
+  # for information on possible values for each attribute. Values are passed
+  # straight through to AWS, with the exception of subnets, which
+  # may contain a reference to a Chef aws_subnet resource.
+  attribute :group_name, kind_of: String, name_attribute: true
+  attribute :description, kind_of: String, required: true
+  attribute :subnets,
+            kind_of: [ String, Array, AwsSubnet, AWS::EC2::Subnet ],
+            required: true,
+            coerce: proc { |v| [v].flatten }
+
+  def aws_object
+    begin
+      driver.elasticache
+        .describe_cache_subnet_groups(cache_subnet_group_name: group_name)
+        .data[:cache_subnet_groups].first
+    rescue AWS::ElastiCache::Errors::CacheSubnetGroupNotFoundFault
+      nil
+    end
+  end
+end

data/lib/chef/resource/aws_network_acl.rb

@@ -0,0 +1,61 @@
+require 'chef/provisioning/aws_driver/aws_resource_with_entry'
+require 'chef/resource/aws_vpc'
+require 'chef/resource/aws_subnet'
+
+class Chef::Resource::AwsNetworkAcl < Chef::Provisioning::AWSDriver::AWSResourceWithEntry
+  aws_sdk_type AWS::EC2::NetworkACL
+
+  #
+  # The name of this network acl.
+  #
+  attribute :name, kind_of: String, name_attribute: true
+
+  #
+  # The VPC of this network acl.
+  #
+  # May be one of:
+  # - The name of an `aws_vpc` Chef resource.
+  # - An actual `aws_vpc` resource.
+  # - An AWS `VPC` object.
+  #
+  attribute :vpc, kind_of: [ String, AwsVpc, AWS::EC2::VPC ]
+
+  #
+  # Accepts rules in the format:
+  # [
+  #   { rule_number: 100, action: <:deny|:allow>, protocol: -1, cidr_block: '0.0.0.0/0', port_range: 80..80 }
+  # ]
+  #
+  # `cidr_block` will be a source if it is an inbound rule, or a destination if it is an outbound rule
+  #
+  # If `inbound_rules` or `outbound_rules` is `nil`, respective current rules will not be changed.
+  # However, if either is set to `[]` all respective current rules will be removed.
+  #
+  attribute :inbound_rules,
+            kind_of: [ Array, Hash ],
+            coerce: proc { |v| [v].flatten }
+
+  attribute :outbound_rules,
+            kind_of: [ Array, Hash ],
+            coerce: proc { |v| [v].flatten }
+
+  attribute :network_acl_id,
+            kind_of: String,
+            aws_id_attribute: true,
+            lazy_default: proc {
+              name =~ /^acl-[a-f0-9]{8}$/ ? name : nil
+            }
+
+  def aws_object
+    driver, id = get_driver_and_id
+    result = driver.ec2.network_acls[id] if id
+    begin
+      # network_acls don't have an `exists?` method so have to query an attribute
+      result.vpc_id
+      result
+    rescue AWS::EC2::Errors::InvalidNetworkAclID::NotFound
+      nil
+    end
+  end
+
+end

data/lib/chef/resource/aws_subnet.rb

@@ -17,6 +17,7 @@ class Chef::Resource::AwsSubnet < Chef::Provisioning::AWSDriver::AWSResourceWith
   aws_sdk_type AWS::EC2::Subnet
 
   require 'chef/resource/aws_vpc'
+  require 'chef/resource/aws_network_acl'
   require 'chef/resource/aws_route_table'
 
   #
@@ -75,6 +76,14 @@ class Chef::Resource::AwsSubnet < Chef::Provisioning::AWSDriver::AWSResourceWith
   #
   attribute :route_table#, kind_of: [ String, AwsRouteTable, AWS::EC2::RouteTable ], equal_to: [ :default_to_main ]
 
+  #
+  # The Network ACL to associate with this subnet. Subnets may only
+  # be associated with a single Network ACL.
+  #
+  # TODO: See if it's possible to disassociate a Network ACL.
+  #
+  attribute :network_acl, kind_of: [ String, AwsNetworkAcl, AWS::EC2::NetworkACL ]
+
   attribute :subnet_id, kind_of: String, aws_id_attribute: true, lazy_default: proc {
     name =~ /^subnet-[a-f0-9]{8}$/ ? name : nil
   }

data/spec/aws_support.rb

@@ -14,6 +14,7 @@ module AWSSupport
   require 'aws_support/matchers/update_an_aws_object'
   require 'aws_support/matchers/destroy_an_aws_object'
   require 'aws_support/matchers/have_aws_object_tags'
+  require 'aws_support/matchers/match_an_aws_object'
   require 'aws_support/delayed_stream'
   require 'chef/provisioning/aws_driver/resources'
   require 'aws_support/aws_resource_run_wrapper'
@@ -196,7 +197,9 @@ module AWSSupport
       define_method("destroy_an_#{resource_name}") do |name, expected_values={}|
         AWSSupport::Matchers::DestroyAnAWSObject.new(self, resource_class, name)
       end
-
+      define_method("match_an_#{resource_name}") do |name, expected_values={}|
+        AWSSupport::Matchers::MatchAnAWSObject.new(self, resource_class, name, expected_values)
+      end
     end
 
     def chef_config

data/spec/aws_support/matchers/match_an_aws_object.rb

@@ -0,0 +1,58 @@
+require 'rspec/matchers'
+require 'chef/provisioning'
+require 'aws_support/deep_matcher'
+
+module AWSSupport
+  module Matchers
+
+    # This matcher doesn't try to validate that an example was created/updated/destroyed
+    # it just checks that the object exists and posses the attributes you specify
+    # It also doesn't clean up any aws objects so only use if the resource is defined outside
+    # of an example block
+    class MatchAnAWSObject
+      include RSpec::Matchers::Composable
+      include AWSSupport::DeepMatcher
+
+      def initialize(example, resource_class, name, expected_values)
+        @example = example
+        @resource_class = resource_class
+        @name = name
+        @expected_values = expected_values
+      end
+
+      attr_reader :example
+      attr_reader :resource_class
+      attr_reader :name
+      attr_reader :expected_values
+      def resource_name
+        @resource_class.resource_name
+      end
+
+      def match_failure_messages(recipe)
+        differences = []
+
+        # Converge
+        begin
+          recipe.converge
+        rescue
+          differences += [ "error trying to converge #{resource_name}[#{name}]!\n#{($!.backtrace.map { |line| "- #{line}\n" } + [ recipe.output_for_failure_message ]).join("")}" ]
+        end
+
+        # Check for object existence and properties
+        resource = resource_class.new(name, nil)
+        resource.driver example.driver
+        resource.managed_entry_store Chef::Provisioning.chef_managed_entry_store
+        aws_object = resource.aws_object
+
+        # Check existence
+        if aws_object.nil?
+          differences << "#{resource_name}[#{name}] AWS object did not exist!"
+        else
+          differences += match_values_failure_messages(expected_values, aws_object, "#{resource_name}[#{name}]")
+        end
+
+        differences
+      end
+    end
+  end
+end