chef-provisioning-aws 1.2.1 → 1.3.0

data/spec/integration/aws_cache_subnet_group_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe Chef::Resource::AwsCacheSubnetGroup do
+  extend AWSSupport
+
+  when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
+    with_aws "with a VPC with an internet gateway and subnet" do
+      aws_vpc "test_vpc" do
+        cidr_block '10.0.0.0/24'
+        internet_gateway true
+      end
+
+      aws_subnet "test_subnet" do
+        vpc 'test_vpc'
+        cidr_block "10.0.0.0/24"
+      end
+
+      it "aws_cache_subnet_group 'test-subnet-group' creates a cache subnet group" do
+        expect_recipe {
+          aws_cache_subnet_group 'test-subnet-group' do
+            description 'Test Subnet Group'
+            subnets [ 'test_subnet' ]
+          end
+        }.to create_an_aws_cache_subnet_group('test-subnet-group',
+          subnets: [
+            { subnet_identifier: test_subnet.aws_object.id }
+          ]
+        ).and be_idempotent
+      end
+    end
+  end
+end

data/spec/integration/aws_key_pair_spec.rb

@@ -10,11 +10,11 @@ describe Chef::Resource::AwsKeyPair do
       end
 
       it "aws_key_pair 'test_key_pair' creates a key pair" do
-        expect_recipe {
+        expect(recipe {
           aws_key_pair 'test_key_pair' do
             private_key_options format: :der, type: :rsa
           end
-        }.to create_an_aws_key_pair('test_key_pair').and be_idempotent
+        }).to create_an_aws_key_pair('test_key_pair').and be_idempotent
       end
     end
   end

data/spec/integration/aws_network_acl_spec.rb

@@ -0,0 +1,107 @@
+require 'spec_helper'
+
+describe Chef::Resource::AwsNetworkAcl do
+  extend AWSSupport
+
+  when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
+    with_aws "with a VPC" do
+      aws_vpc "test_vpc" do
+        cidr_block '10.0.0.0/24'
+        internet_gateway true
+      end
+
+      it "aws_network_acl 'test_network_acl' with no parameters except VPC creates a network acl" do
+        expect_recipe {
+          aws_network_acl 'test_network_acl' do
+            vpc 'test_vpc'
+          end
+        }.to create_an_aws_network_acl('test_network_acl',
+          vpc_id: test_vpc.aws_object.id,
+        ).and be_idempotent
+      end
+
+      it "aws_network_acl 'test_network_acl' with all parameters creates a network acl" do
+        expect_recipe {
+          aws_network_acl 'test_network_acl' do
+            vpc 'test_vpc'
+            inbound_rules(
+              [
+                { rule_number: 100, action: :deny, protocol: -1, cidr_block: '10.0.0.0/24' },
+                { rule_number: 200, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0' },
+                { rule_number: 300, action: :allow, protocol: 6, port_range: 22..23, cidr_block: '172.31.0.0/22' }
+              ]
+            )
+            outbound_rules(
+              [
+                { rule_number: 500, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0' }
+              ]
+            )
+          end
+        }.to create_an_aws_network_acl('test_network_acl',
+          vpc_id: test_vpc.aws_object.id,
+          entry_set:
+            [
+              { :rule_number=>500, :protocol=>"-1", :rule_action=>"allow", :egress=>true, :cidr_block=>"0.0.0.0/0" },
+              { :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>true, :cidr_block=>"0.0.0.0/0" },
+              { :rule_number=>100, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"10.0.0.0/24" },
+              { :rule_number=>200, :protocol=>"-1", :rule_action=>"allow", :egress=>false, :cidr_block=>"0.0.0.0/0" },
+              { :rule_number=>300, :protocol=>"6", :rule_action=>"allow", :egress=>false, :cidr_block=>"172.31.0.0/22", :port_range=>{ :from=>22, :to=>23 } },
+              { :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"0.0.0.0/0" }
+            ]
+        ).and be_idempotent
+      end
+
+      context 'when rules are empty' do
+        aws_network_acl 'test_network_acl' do
+          vpc 'test_vpc'
+          inbound_rules(rule_number: 100, action: :deny, protocol: -1, cidr_block: '10.0.0.0/24')
+          outbound_rules(rule_number: 500, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0')
+        end
+
+        it "aws_network_acl 'test_network_acl' removes current rules" do
+          expect_recipe {
+            aws_network_acl 'test_network_acl' do
+              vpc 'test_vpc'
+              inbound_rules []
+              outbound_rules []
+            end
+          }.to create_an_aws_network_acl('test_network_acl',
+            vpc_id: test_vpc.aws_object.id,
+            entry_set:
+              [
+                { :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>true, :cidr_block=>"0.0.0.0/0" },
+                { :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"0.0.0.0/0" }
+              ]
+          ).and be_idempotent
+        end
+      end
+
+      context 'when rules are nil' do
+        aws_network_acl 'test_network_acl' do
+          vpc 'test_vpc'
+          inbound_rules(rule_number: 100, action: :deny, protocol: -1, cidr_block: '10.0.0.0/24')
+          outbound_rules(rule_number: 500, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0')
+        end
+
+        it "aws_network_acl 'test_network_acl' with a nil rules array leaves current rules alone" do
+          expect_recipe {
+            aws_network_acl 'test_network_acl' do
+              vpc 'test_vpc'
+              inbound_rules nil
+              outbound_rules nil
+            end
+          }.to match_an_aws_network_acl('test_network_acl',
+            vpc_id: test_vpc.aws_object.id,
+            entry_set:
+              [
+                { :rule_number=>500, :protocol=>"-1", :rule_action=>"allow", :egress=>true, :cidr_block=>"0.0.0.0/0" },
+                { :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>true, :cidr_block=>"0.0.0.0/0" },
+                { :rule_number=>100, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"10.0.0.0/24" },
+                { :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"0.0.0.0/0" }
+              ]
+          ).and be_idempotent
+        end
+      end
+    end
+  end
+end

data/spec/integration/aws_security_group_spec.rb

@@ -90,6 +90,22 @@ describe Chef::Resource::AwsSecurityGroup do
           ip_permissions_list_egress: [{groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}], ip_protocol: "tcp", from_port: 22, to_port: 22 }]
         ).and be_idempotent
       end
+
+      it "aws_security_group 'test_sg' with inbound and outbound rules allowing all ports works when protocol specified" do
+        expect_recipe {
+        aws_security_group 'test_sg' do
+          vpc 'test_vpc'
+          inbound_rules('0.0.0.0/0' => { port_range: -1..-1, protocol: -1 })
+          outbound_rules({ port_range: -1..-1, protocol: -1 } => '0.0.0.0/0')
+        end
+        }.to create_an_aws_security_group('test_sg',
+          vpc_id: test_vpc.aws_object.id,
+          ip_permissions_list: [
+            { groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}],  ip_protocol: "-1"}
+          ],
+          ip_permissions_list_egress: [{ groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}],  ip_protocol: "-1"}]
+        ).and be_idempotent
+      end
     end
 
     with_aws "when narrowing from multiple VPCs" do

data/spec/integration/aws_subnet_spec.rb

@@ -4,16 +4,7 @@ describe Chef::Resource::AwsSubnet do
   extend AWSSupport
 
   when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
-    with_aws "with a VPC with an internet gateway and route table" do
-      before :context do
-        driver.ec2.vpcs.with_tag('Name', 'test_vpc').each do |vpc|
-          recipe do
-            aws_vpc vpc do
-              action :purge
-            end
-          end.converge
-        end
-      end
+    with_aws "with a VPC with an internet gateway, route table and network acl" do
       aws_vpc "test_vpc" do
         cidr_block '10.0.0.0/24'
         internet_gateway true
@@ -23,6 +14,10 @@ describe Chef::Resource::AwsSubnet do
         vpc 'test_vpc'
       end
 
+      aws_network_acl 'test_network_acl' do
+        vpc 'test_vpc'
+      end
+
       it "aws_subnet 'test_subnet' with no parameters except VPC creates a route table" do
         expect_recipe {
           aws_subnet 'test_subnet' do
@@ -43,12 +38,14 @@ describe Chef::Resource::AwsSubnet do
             availability_zone az
             map_public_ip_on_launch true
             route_table 'test_route_table'
+            network_acl 'test_network_acl'
           end
         }.to create_an_aws_subnet('test_subnet',
           vpc_id: test_vpc.aws_object.id,
           cidr_block: '10.0.0.0/24',
           'availability_zone.name' => az,
-          'route_table.id' => test_route_table.aws_object.id
+          'route_table.id' => test_route_table.aws_object.id,
+          'network_acl.id' => test_network_acl.aws_object.id
         ).and be_idempotent
       end
     end

data/spec/integration/aws_tagged_items_spec.rb

@@ -137,7 +137,7 @@ describe "AWS Tagged Items" do
         expect_recipe {
           load_balancer 'lbtest' do
             load_balancer_options :aws_tags => { :marco => 'polo', 'happyhappy' => 'joyjoy' },
-                                  :availability_zones => ["#{driver.aws_config.region}a", "#{driver.aws_config.region}b"] # TODO should enchance to accept letter AZs
+                                  :availability_zones => ["#{driver.aws_config.region}a", "#{driver.aws_config.region}c"]
           end
         }.to create_an_aws_load_balancer('lbtest'
         ).and have_aws_load_balancer_tags('lbtest',

data/spec/integration/aws_vpc_spec.rb

@@ -23,6 +23,22 @@ describe Chef::Resource::AwsVpc do
           ).and be_idempotent
         end
 
+        it "aws_vpc 'vpc' with cidr_block '10.0.0.0/24' creates a VPC with tags" do
+          expect_recipe {
+            aws_vpc 'test_vpc_2' do
+              cidr_block '10.0.0.0/24'
+              aws_tags :foo => :bar
+            end
+          }.to create_an_aws_vpc('test_vpc_2',
+            cidr_block: '10.0.0.0/24',
+            instance_tenancy: :default,
+            state: :available,
+            internet_gateway: nil
+          ).and have_aws_vpc_tags('test_vpc_2',
+                                  {"foo" => "bar"}
+          ).and be_idempotent
+        end
+
         it "aws_vpc 'vpc' with all attributes creates a VPC" do
           expect_recipe {
             aws_vpc 'test_vpc' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-provisioning-aws
 version: !ruby/object:Gem::Version
-  version: 1.2.1
+  version: 1.3.0
 platform: ruby
 authors:
 - John Ewart
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-28 00:00:00.000000000 Z
+date: 2015-07-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef
@@ -66,6 +66,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 2.0.1
+- !ruby/object:Gem::Dependency
+  name: ubuntu_ami
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.4.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.4.1
 - !ruby/object:Gem::Dependency
   name: chef-zero
   requirement: !ruby/object:Gem::Requirement
@@ -134,6 +148,9 @@ files:
 - README.md
 - Rakefile
 - lib/chef/provider/aws_auto_scaling_group.rb
+- lib/chef/provider/aws_cache_cluster.rb
+- lib/chef/provider/aws_cache_replication_group.rb
+- lib/chef/provider/aws_cache_subnet_group.rb
 - lib/chef/provider/aws_dhcp_options.rb
 - lib/chef/provider/aws_ebs_volume.rb
 - lib/chef/provider/aws_eip_address.rb
@@ -142,6 +159,7 @@ files:
 - lib/chef/provider/aws_key_pair.rb
 - lib/chef/provider/aws_launch_configuration.rb
 - lib/chef/provider/aws_load_balancer.rb
+- lib/chef/provider/aws_network_acl.rb
 - lib/chef/provider/aws_network_interface.rb
 - lib/chef/provider/aws_route_table.rb
 - lib/chef/provider/aws_s3_bucket.rb
@@ -162,6 +180,9 @@ files:
 - lib/chef/provisioning/aws_driver/version.rb
 - lib/chef/provisioning/driver_init/aws.rb
 - lib/chef/resource/aws_auto_scaling_group.rb
+- lib/chef/resource/aws_cache_cluster.rb
+- lib/chef/resource/aws_cache_replication_group.rb
+- lib/chef/resource/aws_cache_subnet_group.rb
 - lib/chef/resource/aws_dhcp_options.rb
 - lib/chef/resource/aws_ebs_volume.rb
 - lib/chef/resource/aws_eip_address.rb
@@ -171,6 +192,7 @@ files:
 - lib/chef/resource/aws_key_pair.rb
 - lib/chef/resource/aws_launch_configuration.rb
 - lib/chef/resource/aws_load_balancer.rb
+- lib/chef/resource/aws_network_acl.rb
 - lib/chef/resource/aws_network_interface.rb
 - lib/chef/resource/aws_route_table.rb
 - lib/chef/resource/aws_s3_bucket.rb
@@ -191,9 +213,12 @@ files:
 - spec/aws_support/matchers/create_an_aws_object.rb
 - spec/aws_support/matchers/destroy_an_aws_object.rb
 - spec/aws_support/matchers/have_aws_object_tags.rb
+- spec/aws_support/matchers/match_an_aws_object.rb
 - spec/aws_support/matchers/update_an_aws_object.rb
+- spec/integration/aws_cache_subnet_group_spec.rb
 - spec/integration/aws_ebs_volume_spec.rb
 - spec/integration/aws_key_pair_spec.rb
+- spec/integration/aws_network_acl_spec.rb
 - spec/integration/aws_route_table_spec.rb
 - spec/integration/aws_security_group_spec.rb
 - spec/integration/aws_subnet_spec.rb