chef-provisioning-aws 1.2.1 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +21 -8
- data/lib/chef/provider/aws_cache_cluster.rb +75 -0
- data/lib/chef/provider/aws_cache_replication_group.rb +49 -0
- data/lib/chef/provider/aws_cache_subnet_group.rb +60 -0
- data/lib/chef/provider/aws_instance.rb +4 -1
- data/lib/chef/provider/aws_key_pair.rb +1 -1
- data/lib/chef/provider/aws_network_acl.rb +131 -0
- data/lib/chef/provider/aws_security_group.rb +1 -1
- data/lib/chef/provider/aws_subnet.rb +14 -0
- data/lib/chef/provider/aws_vpc.rb +1 -0
- data/lib/chef/provisioning/aws_driver.rb +4 -0
- data/lib/chef/provisioning/aws_driver/aws_provider.rb +25 -0
- data/lib/chef/provisioning/aws_driver/aws_resource.rb +7 -2
- data/lib/chef/provisioning/aws_driver/driver.rb +59 -24
- data/lib/chef/provisioning/aws_driver/version.rb +1 -1
- data/lib/chef/resource/aws_cache_cluster.rb +37 -0
- data/lib/chef/resource/aws_cache_replication_group.rb +37 -0
- data/lib/chef/resource/aws_cache_subnet_group.rb +28 -0
- data/lib/chef/resource/aws_network_acl.rb +61 -0
- data/lib/chef/resource/aws_subnet.rb +9 -0
- data/spec/aws_support.rb +4 -1
- data/spec/aws_support/matchers/match_an_aws_object.rb +58 -0
- data/spec/integration/aws_cache_subnet_group_spec.rb +32 -0
- data/spec/integration/aws_key_pair_spec.rb +2 -2
- data/spec/integration/aws_network_acl_spec.rb +107 -0
- data/spec/integration/aws_security_group_spec.rb +16 -0
- data/spec/integration/aws_subnet_spec.rb +8 -11
- data/spec/integration/aws_tagged_items_spec.rb +1 -1
- data/spec/integration/aws_vpc_spec.rb +16 -0
- metadata +27 -2
@@ -0,0 +1,32 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Chef::Resource::AwsCacheSubnetGroup do
|
4
|
+
extend AWSSupport
|
5
|
+
|
6
|
+
when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
|
7
|
+
with_aws "with a VPC with an internet gateway and subnet" do
|
8
|
+
aws_vpc "test_vpc" do
|
9
|
+
cidr_block '10.0.0.0/24'
|
10
|
+
internet_gateway true
|
11
|
+
end
|
12
|
+
|
13
|
+
aws_subnet "test_subnet" do
|
14
|
+
vpc 'test_vpc'
|
15
|
+
cidr_block "10.0.0.0/24"
|
16
|
+
end
|
17
|
+
|
18
|
+
it "aws_cache_subnet_group 'test-subnet-group' creates a cache subnet group" do
|
19
|
+
expect_recipe {
|
20
|
+
aws_cache_subnet_group 'test-subnet-group' do
|
21
|
+
description 'Test Subnet Group'
|
22
|
+
subnets [ 'test_subnet' ]
|
23
|
+
end
|
24
|
+
}.to create_an_aws_cache_subnet_group('test-subnet-group',
|
25
|
+
subnets: [
|
26
|
+
{ subnet_identifier: test_subnet.aws_object.id }
|
27
|
+
]
|
28
|
+
).and be_idempotent
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -10,11 +10,11 @@ describe Chef::Resource::AwsKeyPair do
|
|
10
10
|
end
|
11
11
|
|
12
12
|
it "aws_key_pair 'test_key_pair' creates a key pair" do
|
13
|
-
|
13
|
+
expect(recipe {
|
14
14
|
aws_key_pair 'test_key_pair' do
|
15
15
|
private_key_options format: :der, type: :rsa
|
16
16
|
end
|
17
|
-
}.to create_an_aws_key_pair('test_key_pair').and be_idempotent
|
17
|
+
}).to create_an_aws_key_pair('test_key_pair').and be_idempotent
|
18
18
|
end
|
19
19
|
end
|
20
20
|
end
|
@@ -0,0 +1,107 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Chef::Resource::AwsNetworkAcl do
|
4
|
+
extend AWSSupport
|
5
|
+
|
6
|
+
when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
|
7
|
+
with_aws "with a VPC" do
|
8
|
+
aws_vpc "test_vpc" do
|
9
|
+
cidr_block '10.0.0.0/24'
|
10
|
+
internet_gateway true
|
11
|
+
end
|
12
|
+
|
13
|
+
it "aws_network_acl 'test_network_acl' with no parameters except VPC creates a network acl" do
|
14
|
+
expect_recipe {
|
15
|
+
aws_network_acl 'test_network_acl' do
|
16
|
+
vpc 'test_vpc'
|
17
|
+
end
|
18
|
+
}.to create_an_aws_network_acl('test_network_acl',
|
19
|
+
vpc_id: test_vpc.aws_object.id,
|
20
|
+
).and be_idempotent
|
21
|
+
end
|
22
|
+
|
23
|
+
it "aws_network_acl 'test_network_acl' with all parameters creates a network acl" do
|
24
|
+
expect_recipe {
|
25
|
+
aws_network_acl 'test_network_acl' do
|
26
|
+
vpc 'test_vpc'
|
27
|
+
inbound_rules(
|
28
|
+
[
|
29
|
+
{ rule_number: 100, action: :deny, protocol: -1, cidr_block: '10.0.0.0/24' },
|
30
|
+
{ rule_number: 200, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0' },
|
31
|
+
{ rule_number: 300, action: :allow, protocol: 6, port_range: 22..23, cidr_block: '172.31.0.0/22' }
|
32
|
+
]
|
33
|
+
)
|
34
|
+
outbound_rules(
|
35
|
+
[
|
36
|
+
{ rule_number: 500, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0' }
|
37
|
+
]
|
38
|
+
)
|
39
|
+
end
|
40
|
+
}.to create_an_aws_network_acl('test_network_acl',
|
41
|
+
vpc_id: test_vpc.aws_object.id,
|
42
|
+
entry_set:
|
43
|
+
[
|
44
|
+
{ :rule_number=>500, :protocol=>"-1", :rule_action=>"allow", :egress=>true, :cidr_block=>"0.0.0.0/0" },
|
45
|
+
{ :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>true, :cidr_block=>"0.0.0.0/0" },
|
46
|
+
{ :rule_number=>100, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"10.0.0.0/24" },
|
47
|
+
{ :rule_number=>200, :protocol=>"-1", :rule_action=>"allow", :egress=>false, :cidr_block=>"0.0.0.0/0" },
|
48
|
+
{ :rule_number=>300, :protocol=>"6", :rule_action=>"allow", :egress=>false, :cidr_block=>"172.31.0.0/22", :port_range=>{ :from=>22, :to=>23 } },
|
49
|
+
{ :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"0.0.0.0/0" }
|
50
|
+
]
|
51
|
+
).and be_idempotent
|
52
|
+
end
|
53
|
+
|
54
|
+
context 'when rules are empty' do
|
55
|
+
aws_network_acl 'test_network_acl' do
|
56
|
+
vpc 'test_vpc'
|
57
|
+
inbound_rules(rule_number: 100, action: :deny, protocol: -1, cidr_block: '10.0.0.0/24')
|
58
|
+
outbound_rules(rule_number: 500, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0')
|
59
|
+
end
|
60
|
+
|
61
|
+
it "aws_network_acl 'test_network_acl' removes current rules" do
|
62
|
+
expect_recipe {
|
63
|
+
aws_network_acl 'test_network_acl' do
|
64
|
+
vpc 'test_vpc'
|
65
|
+
inbound_rules []
|
66
|
+
outbound_rules []
|
67
|
+
end
|
68
|
+
}.to create_an_aws_network_acl('test_network_acl',
|
69
|
+
vpc_id: test_vpc.aws_object.id,
|
70
|
+
entry_set:
|
71
|
+
[
|
72
|
+
{ :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>true, :cidr_block=>"0.0.0.0/0" },
|
73
|
+
{ :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"0.0.0.0/0" }
|
74
|
+
]
|
75
|
+
).and be_idempotent
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
context 'when rules are nil' do
|
80
|
+
aws_network_acl 'test_network_acl' do
|
81
|
+
vpc 'test_vpc'
|
82
|
+
inbound_rules(rule_number: 100, action: :deny, protocol: -1, cidr_block: '10.0.0.0/24')
|
83
|
+
outbound_rules(rule_number: 500, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0')
|
84
|
+
end
|
85
|
+
|
86
|
+
it "aws_network_acl 'test_network_acl' with a nil rules array leaves current rules alone" do
|
87
|
+
expect_recipe {
|
88
|
+
aws_network_acl 'test_network_acl' do
|
89
|
+
vpc 'test_vpc'
|
90
|
+
inbound_rules nil
|
91
|
+
outbound_rules nil
|
92
|
+
end
|
93
|
+
}.to match_an_aws_network_acl('test_network_acl',
|
94
|
+
vpc_id: test_vpc.aws_object.id,
|
95
|
+
entry_set:
|
96
|
+
[
|
97
|
+
{ :rule_number=>500, :protocol=>"-1", :rule_action=>"allow", :egress=>true, :cidr_block=>"0.0.0.0/0" },
|
98
|
+
{ :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>true, :cidr_block=>"0.0.0.0/0" },
|
99
|
+
{ :rule_number=>100, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"10.0.0.0/24" },
|
100
|
+
{ :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"0.0.0.0/0" }
|
101
|
+
]
|
102
|
+
).and be_idempotent
|
103
|
+
end
|
104
|
+
end
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|
@@ -90,6 +90,22 @@ describe Chef::Resource::AwsSecurityGroup do
|
|
90
90
|
ip_permissions_list_egress: [{groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}], ip_protocol: "tcp", from_port: 22, to_port: 22 }]
|
91
91
|
).and be_idempotent
|
92
92
|
end
|
93
|
+
|
94
|
+
it "aws_security_group 'test_sg' with inbound and outbound rules allowing all ports works when protocol specified" do
|
95
|
+
expect_recipe {
|
96
|
+
aws_security_group 'test_sg' do
|
97
|
+
vpc 'test_vpc'
|
98
|
+
inbound_rules('0.0.0.0/0' => { port_range: -1..-1, protocol: -1 })
|
99
|
+
outbound_rules({ port_range: -1..-1, protocol: -1 } => '0.0.0.0/0')
|
100
|
+
end
|
101
|
+
}.to create_an_aws_security_group('test_sg',
|
102
|
+
vpc_id: test_vpc.aws_object.id,
|
103
|
+
ip_permissions_list: [
|
104
|
+
{ groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}], ip_protocol: "-1"}
|
105
|
+
],
|
106
|
+
ip_permissions_list_egress: [{ groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}], ip_protocol: "-1"}]
|
107
|
+
).and be_idempotent
|
108
|
+
end
|
93
109
|
end
|
94
110
|
|
95
111
|
with_aws "when narrowing from multiple VPCs" do
|
@@ -4,16 +4,7 @@ describe Chef::Resource::AwsSubnet do
|
|
4
4
|
extend AWSSupport
|
5
5
|
|
6
6
|
when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
|
7
|
-
with_aws "with a VPC with an internet gateway and
|
8
|
-
before :context do
|
9
|
-
driver.ec2.vpcs.with_tag('Name', 'test_vpc').each do |vpc|
|
10
|
-
recipe do
|
11
|
-
aws_vpc vpc do
|
12
|
-
action :purge
|
13
|
-
end
|
14
|
-
end.converge
|
15
|
-
end
|
16
|
-
end
|
7
|
+
with_aws "with a VPC with an internet gateway, route table and network acl" do
|
17
8
|
aws_vpc "test_vpc" do
|
18
9
|
cidr_block '10.0.0.0/24'
|
19
10
|
internet_gateway true
|
@@ -23,6 +14,10 @@ describe Chef::Resource::AwsSubnet do
|
|
23
14
|
vpc 'test_vpc'
|
24
15
|
end
|
25
16
|
|
17
|
+
aws_network_acl 'test_network_acl' do
|
18
|
+
vpc 'test_vpc'
|
19
|
+
end
|
20
|
+
|
26
21
|
it "aws_subnet 'test_subnet' with no parameters except VPC creates a route table" do
|
27
22
|
expect_recipe {
|
28
23
|
aws_subnet 'test_subnet' do
|
@@ -43,12 +38,14 @@ describe Chef::Resource::AwsSubnet do
|
|
43
38
|
availability_zone az
|
44
39
|
map_public_ip_on_launch true
|
45
40
|
route_table 'test_route_table'
|
41
|
+
network_acl 'test_network_acl'
|
46
42
|
end
|
47
43
|
}.to create_an_aws_subnet('test_subnet',
|
48
44
|
vpc_id: test_vpc.aws_object.id,
|
49
45
|
cidr_block: '10.0.0.0/24',
|
50
46
|
'availability_zone.name' => az,
|
51
|
-
'route_table.id' => test_route_table.aws_object.id
|
47
|
+
'route_table.id' => test_route_table.aws_object.id,
|
48
|
+
'network_acl.id' => test_network_acl.aws_object.id
|
52
49
|
).and be_idempotent
|
53
50
|
end
|
54
51
|
end
|
@@ -137,7 +137,7 @@ describe "AWS Tagged Items" do
|
|
137
137
|
expect_recipe {
|
138
138
|
load_balancer 'lbtest' do
|
139
139
|
load_balancer_options :aws_tags => { :marco => 'polo', 'happyhappy' => 'joyjoy' },
|
140
|
-
:availability_zones => ["#{driver.aws_config.region}a", "#{driver.aws_config.region}
|
140
|
+
:availability_zones => ["#{driver.aws_config.region}a", "#{driver.aws_config.region}c"]
|
141
141
|
end
|
142
142
|
}.to create_an_aws_load_balancer('lbtest'
|
143
143
|
).and have_aws_load_balancer_tags('lbtest',
|
@@ -23,6 +23,22 @@ describe Chef::Resource::AwsVpc do
|
|
23
23
|
).and be_idempotent
|
24
24
|
end
|
25
25
|
|
26
|
+
it "aws_vpc 'vpc' with cidr_block '10.0.0.0/24' creates a VPC with tags" do
|
27
|
+
expect_recipe {
|
28
|
+
aws_vpc 'test_vpc_2' do
|
29
|
+
cidr_block '10.0.0.0/24'
|
30
|
+
aws_tags :foo => :bar
|
31
|
+
end
|
32
|
+
}.to create_an_aws_vpc('test_vpc_2',
|
33
|
+
cidr_block: '10.0.0.0/24',
|
34
|
+
instance_tenancy: :default,
|
35
|
+
state: :available,
|
36
|
+
internet_gateway: nil
|
37
|
+
).and have_aws_vpc_tags('test_vpc_2',
|
38
|
+
{"foo" => "bar"}
|
39
|
+
).and be_idempotent
|
40
|
+
end
|
41
|
+
|
26
42
|
it "aws_vpc 'vpc' with all attributes creates a VPC" do
|
27
43
|
expect_recipe {
|
28
44
|
aws_vpc 'test_vpc' do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: chef-provisioning-aws
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John Ewart
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-07-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: chef
|
@@ -66,6 +66,20 @@ dependencies:
|
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: 2.0.1
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: ubuntu_ami
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: 0.4.1
|
76
|
+
type: :runtime
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: 0.4.1
|
69
83
|
- !ruby/object:Gem::Dependency
|
70
84
|
name: chef-zero
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -134,6 +148,9 @@ files:
|
|
134
148
|
- README.md
|
135
149
|
- Rakefile
|
136
150
|
- lib/chef/provider/aws_auto_scaling_group.rb
|
151
|
+
- lib/chef/provider/aws_cache_cluster.rb
|
152
|
+
- lib/chef/provider/aws_cache_replication_group.rb
|
153
|
+
- lib/chef/provider/aws_cache_subnet_group.rb
|
137
154
|
- lib/chef/provider/aws_dhcp_options.rb
|
138
155
|
- lib/chef/provider/aws_ebs_volume.rb
|
139
156
|
- lib/chef/provider/aws_eip_address.rb
|
@@ -142,6 +159,7 @@ files:
|
|
142
159
|
- lib/chef/provider/aws_key_pair.rb
|
143
160
|
- lib/chef/provider/aws_launch_configuration.rb
|
144
161
|
- lib/chef/provider/aws_load_balancer.rb
|
162
|
+
- lib/chef/provider/aws_network_acl.rb
|
145
163
|
- lib/chef/provider/aws_network_interface.rb
|
146
164
|
- lib/chef/provider/aws_route_table.rb
|
147
165
|
- lib/chef/provider/aws_s3_bucket.rb
|
@@ -162,6 +180,9 @@ files:
|
|
162
180
|
- lib/chef/provisioning/aws_driver/version.rb
|
163
181
|
- lib/chef/provisioning/driver_init/aws.rb
|
164
182
|
- lib/chef/resource/aws_auto_scaling_group.rb
|
183
|
+
- lib/chef/resource/aws_cache_cluster.rb
|
184
|
+
- lib/chef/resource/aws_cache_replication_group.rb
|
185
|
+
- lib/chef/resource/aws_cache_subnet_group.rb
|
165
186
|
- lib/chef/resource/aws_dhcp_options.rb
|
166
187
|
- lib/chef/resource/aws_ebs_volume.rb
|
167
188
|
- lib/chef/resource/aws_eip_address.rb
|
@@ -171,6 +192,7 @@ files:
|
|
171
192
|
- lib/chef/resource/aws_key_pair.rb
|
172
193
|
- lib/chef/resource/aws_launch_configuration.rb
|
173
194
|
- lib/chef/resource/aws_load_balancer.rb
|
195
|
+
- lib/chef/resource/aws_network_acl.rb
|
174
196
|
- lib/chef/resource/aws_network_interface.rb
|
175
197
|
- lib/chef/resource/aws_route_table.rb
|
176
198
|
- lib/chef/resource/aws_s3_bucket.rb
|
@@ -191,9 +213,12 @@ files:
|
|
191
213
|
- spec/aws_support/matchers/create_an_aws_object.rb
|
192
214
|
- spec/aws_support/matchers/destroy_an_aws_object.rb
|
193
215
|
- spec/aws_support/matchers/have_aws_object_tags.rb
|
216
|
+
- spec/aws_support/matchers/match_an_aws_object.rb
|
194
217
|
- spec/aws_support/matchers/update_an_aws_object.rb
|
218
|
+
- spec/integration/aws_cache_subnet_group_spec.rb
|
195
219
|
- spec/integration/aws_ebs_volume_spec.rb
|
196
220
|
- spec/integration/aws_key_pair_spec.rb
|
221
|
+
- spec/integration/aws_network_acl_spec.rb
|
197
222
|
- spec/integration/aws_route_table_spec.rb
|
198
223
|
- spec/integration/aws_security_group_spec.rb
|
199
224
|
- spec/integration/aws_subnet_spec.rb
|