chef-provisioning-aws 1.2.1 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +21 -8
  3. data/lib/chef/provider/aws_cache_cluster.rb +75 -0
  4. data/lib/chef/provider/aws_cache_replication_group.rb +49 -0
  5. data/lib/chef/provider/aws_cache_subnet_group.rb +60 -0
  6. data/lib/chef/provider/aws_instance.rb +4 -1
  7. data/lib/chef/provider/aws_key_pair.rb +1 -1
  8. data/lib/chef/provider/aws_network_acl.rb +131 -0
  9. data/lib/chef/provider/aws_security_group.rb +1 -1
  10. data/lib/chef/provider/aws_subnet.rb +14 -0
  11. data/lib/chef/provider/aws_vpc.rb +1 -0
  12. data/lib/chef/provisioning/aws_driver.rb +4 -0
  13. data/lib/chef/provisioning/aws_driver/aws_provider.rb +25 -0
  14. data/lib/chef/provisioning/aws_driver/aws_resource.rb +7 -2
  15. data/lib/chef/provisioning/aws_driver/driver.rb +59 -24
  16. data/lib/chef/provisioning/aws_driver/version.rb +1 -1
  17. data/lib/chef/resource/aws_cache_cluster.rb +37 -0
  18. data/lib/chef/resource/aws_cache_replication_group.rb +37 -0
  19. data/lib/chef/resource/aws_cache_subnet_group.rb +28 -0
  20. data/lib/chef/resource/aws_network_acl.rb +61 -0
  21. data/lib/chef/resource/aws_subnet.rb +9 -0
  22. data/spec/aws_support.rb +4 -1
  23. data/spec/aws_support/matchers/match_an_aws_object.rb +58 -0
  24. data/spec/integration/aws_cache_subnet_group_spec.rb +32 -0
  25. data/spec/integration/aws_key_pair_spec.rb +2 -2
  26. data/spec/integration/aws_network_acl_spec.rb +107 -0
  27. data/spec/integration/aws_security_group_spec.rb +16 -0
  28. data/spec/integration/aws_subnet_spec.rb +8 -11
  29. data/spec/integration/aws_tagged_items_spec.rb +1 -1
  30. data/spec/integration/aws_vpc_spec.rb +16 -0
  31. metadata +27 -2
@@ -0,0 +1,32 @@
1
+ require 'spec_helper'
2
+
3
+ describe Chef::Resource::AwsCacheSubnetGroup do
4
+ extend AWSSupport
5
+
6
+ when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
7
+ with_aws "with a VPC with an internet gateway and subnet" do
8
+ aws_vpc "test_vpc" do
9
+ cidr_block '10.0.0.0/24'
10
+ internet_gateway true
11
+ end
12
+
13
+ aws_subnet "test_subnet" do
14
+ vpc 'test_vpc'
15
+ cidr_block "10.0.0.0/24"
16
+ end
17
+
18
+ it "aws_cache_subnet_group 'test-subnet-group' creates a cache subnet group" do
19
+ expect_recipe {
20
+ aws_cache_subnet_group 'test-subnet-group' do
21
+ description 'Test Subnet Group'
22
+ subnets [ 'test_subnet' ]
23
+ end
24
+ }.to create_an_aws_cache_subnet_group('test-subnet-group',
25
+ subnets: [
26
+ { subnet_identifier: test_subnet.aws_object.id }
27
+ ]
28
+ ).and be_idempotent
29
+ end
30
+ end
31
+ end
32
+ end
@@ -10,11 +10,11 @@ describe Chef::Resource::AwsKeyPair do
10
10
  end
11
11
 
12
12
  it "aws_key_pair 'test_key_pair' creates a key pair" do
13
- expect_recipe {
13
+ expect(recipe {
14
14
  aws_key_pair 'test_key_pair' do
15
15
  private_key_options format: :der, type: :rsa
16
16
  end
17
- }.to create_an_aws_key_pair('test_key_pair').and be_idempotent
17
+ }).to create_an_aws_key_pair('test_key_pair').and be_idempotent
18
18
  end
19
19
  end
20
20
  end
@@ -0,0 +1,107 @@
1
+ require 'spec_helper'
2
+
3
+ describe Chef::Resource::AwsNetworkAcl do
4
+ extend AWSSupport
5
+
6
+ when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
7
+ with_aws "with a VPC" do
8
+ aws_vpc "test_vpc" do
9
+ cidr_block '10.0.0.0/24'
10
+ internet_gateway true
11
+ end
12
+
13
+ it "aws_network_acl 'test_network_acl' with no parameters except VPC creates a network acl" do
14
+ expect_recipe {
15
+ aws_network_acl 'test_network_acl' do
16
+ vpc 'test_vpc'
17
+ end
18
+ }.to create_an_aws_network_acl('test_network_acl',
19
+ vpc_id: test_vpc.aws_object.id,
20
+ ).and be_idempotent
21
+ end
22
+
23
+ it "aws_network_acl 'test_network_acl' with all parameters creates a network acl" do
24
+ expect_recipe {
25
+ aws_network_acl 'test_network_acl' do
26
+ vpc 'test_vpc'
27
+ inbound_rules(
28
+ [
29
+ { rule_number: 100, action: :deny, protocol: -1, cidr_block: '10.0.0.0/24' },
30
+ { rule_number: 200, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0' },
31
+ { rule_number: 300, action: :allow, protocol: 6, port_range: 22..23, cidr_block: '172.31.0.0/22' }
32
+ ]
33
+ )
34
+ outbound_rules(
35
+ [
36
+ { rule_number: 500, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0' }
37
+ ]
38
+ )
39
+ end
40
+ }.to create_an_aws_network_acl('test_network_acl',
41
+ vpc_id: test_vpc.aws_object.id,
42
+ entry_set:
43
+ [
44
+ { :rule_number=>500, :protocol=>"-1", :rule_action=>"allow", :egress=>true, :cidr_block=>"0.0.0.0/0" },
45
+ { :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>true, :cidr_block=>"0.0.0.0/0" },
46
+ { :rule_number=>100, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"10.0.0.0/24" },
47
+ { :rule_number=>200, :protocol=>"-1", :rule_action=>"allow", :egress=>false, :cidr_block=>"0.0.0.0/0" },
48
+ { :rule_number=>300, :protocol=>"6", :rule_action=>"allow", :egress=>false, :cidr_block=>"172.31.0.0/22", :port_range=>{ :from=>22, :to=>23 } },
49
+ { :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"0.0.0.0/0" }
50
+ ]
51
+ ).and be_idempotent
52
+ end
53
+
54
+ context 'when rules are empty' do
55
+ aws_network_acl 'test_network_acl' do
56
+ vpc 'test_vpc'
57
+ inbound_rules(rule_number: 100, action: :deny, protocol: -1, cidr_block: '10.0.0.0/24')
58
+ outbound_rules(rule_number: 500, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0')
59
+ end
60
+
61
+ it "aws_network_acl 'test_network_acl' removes current rules" do
62
+ expect_recipe {
63
+ aws_network_acl 'test_network_acl' do
64
+ vpc 'test_vpc'
65
+ inbound_rules []
66
+ outbound_rules []
67
+ end
68
+ }.to create_an_aws_network_acl('test_network_acl',
69
+ vpc_id: test_vpc.aws_object.id,
70
+ entry_set:
71
+ [
72
+ { :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>true, :cidr_block=>"0.0.0.0/0" },
73
+ { :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"0.0.0.0/0" }
74
+ ]
75
+ ).and be_idempotent
76
+ end
77
+ end
78
+
79
+ context 'when rules are nil' do
80
+ aws_network_acl 'test_network_acl' do
81
+ vpc 'test_vpc'
82
+ inbound_rules(rule_number: 100, action: :deny, protocol: -1, cidr_block: '10.0.0.0/24')
83
+ outbound_rules(rule_number: 500, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0')
84
+ end
85
+
86
+ it "aws_network_acl 'test_network_acl' with a nil rules array leaves current rules alone" do
87
+ expect_recipe {
88
+ aws_network_acl 'test_network_acl' do
89
+ vpc 'test_vpc'
90
+ inbound_rules nil
91
+ outbound_rules nil
92
+ end
93
+ }.to match_an_aws_network_acl('test_network_acl',
94
+ vpc_id: test_vpc.aws_object.id,
95
+ entry_set:
96
+ [
97
+ { :rule_number=>500, :protocol=>"-1", :rule_action=>"allow", :egress=>true, :cidr_block=>"0.0.0.0/0" },
98
+ { :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>true, :cidr_block=>"0.0.0.0/0" },
99
+ { :rule_number=>100, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"10.0.0.0/24" },
100
+ { :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"0.0.0.0/0" }
101
+ ]
102
+ ).and be_idempotent
103
+ end
104
+ end
105
+ end
106
+ end
107
+ end
@@ -90,6 +90,22 @@ describe Chef::Resource::AwsSecurityGroup do
90
90
  ip_permissions_list_egress: [{groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}], ip_protocol: "tcp", from_port: 22, to_port: 22 }]
91
91
  ).and be_idempotent
92
92
  end
93
+
94
+ it "aws_security_group 'test_sg' with inbound and outbound rules allowing all ports works when protocol specified" do
95
+ expect_recipe {
96
+ aws_security_group 'test_sg' do
97
+ vpc 'test_vpc'
98
+ inbound_rules('0.0.0.0/0' => { port_range: -1..-1, protocol: -1 })
99
+ outbound_rules({ port_range: -1..-1, protocol: -1 } => '0.0.0.0/0')
100
+ end
101
+ }.to create_an_aws_security_group('test_sg',
102
+ vpc_id: test_vpc.aws_object.id,
103
+ ip_permissions_list: [
104
+ { groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}], ip_protocol: "-1"}
105
+ ],
106
+ ip_permissions_list_egress: [{ groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}], ip_protocol: "-1"}]
107
+ ).and be_idempotent
108
+ end
93
109
  end
94
110
 
95
111
  with_aws "when narrowing from multiple VPCs" do
@@ -4,16 +4,7 @@ describe Chef::Resource::AwsSubnet do
4
4
  extend AWSSupport
5
5
 
6
6
  when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
7
- with_aws "with a VPC with an internet gateway and route table" do
8
- before :context do
9
- driver.ec2.vpcs.with_tag('Name', 'test_vpc').each do |vpc|
10
- recipe do
11
- aws_vpc vpc do
12
- action :purge
13
- end
14
- end.converge
15
- end
16
- end
7
+ with_aws "with a VPC with an internet gateway, route table and network acl" do
17
8
  aws_vpc "test_vpc" do
18
9
  cidr_block '10.0.0.0/24'
19
10
  internet_gateway true
@@ -23,6 +14,10 @@ describe Chef::Resource::AwsSubnet do
23
14
  vpc 'test_vpc'
24
15
  end
25
16
 
17
+ aws_network_acl 'test_network_acl' do
18
+ vpc 'test_vpc'
19
+ end
20
+
26
21
  it "aws_subnet 'test_subnet' with no parameters except VPC creates a route table" do
27
22
  expect_recipe {
28
23
  aws_subnet 'test_subnet' do
@@ -43,12 +38,14 @@ describe Chef::Resource::AwsSubnet do
43
38
  availability_zone az
44
39
  map_public_ip_on_launch true
45
40
  route_table 'test_route_table'
41
+ network_acl 'test_network_acl'
46
42
  end
47
43
  }.to create_an_aws_subnet('test_subnet',
48
44
  vpc_id: test_vpc.aws_object.id,
49
45
  cidr_block: '10.0.0.0/24',
50
46
  'availability_zone.name' => az,
51
- 'route_table.id' => test_route_table.aws_object.id
47
+ 'route_table.id' => test_route_table.aws_object.id,
48
+ 'network_acl.id' => test_network_acl.aws_object.id
52
49
  ).and be_idempotent
53
50
  end
54
51
  end
@@ -137,7 +137,7 @@ describe "AWS Tagged Items" do
137
137
  expect_recipe {
138
138
  load_balancer 'lbtest' do
139
139
  load_balancer_options :aws_tags => { :marco => 'polo', 'happyhappy' => 'joyjoy' },
140
- :availability_zones => ["#{driver.aws_config.region}a", "#{driver.aws_config.region}b"] # TODO should enchance to accept letter AZs
140
+ :availability_zones => ["#{driver.aws_config.region}a", "#{driver.aws_config.region}c"]
141
141
  end
142
142
  }.to create_an_aws_load_balancer('lbtest'
143
143
  ).and have_aws_load_balancer_tags('lbtest',
@@ -23,6 +23,22 @@ describe Chef::Resource::AwsVpc do
23
23
  ).and be_idempotent
24
24
  end
25
25
 
26
+ it "aws_vpc 'vpc' with cidr_block '10.0.0.0/24' creates a VPC with tags" do
27
+ expect_recipe {
28
+ aws_vpc 'test_vpc_2' do
29
+ cidr_block '10.0.0.0/24'
30
+ aws_tags :foo => :bar
31
+ end
32
+ }.to create_an_aws_vpc('test_vpc_2',
33
+ cidr_block: '10.0.0.0/24',
34
+ instance_tenancy: :default,
35
+ state: :available,
36
+ internet_gateway: nil
37
+ ).and have_aws_vpc_tags('test_vpc_2',
38
+ {"foo" => "bar"}
39
+ ).and be_idempotent
40
+ end
41
+
26
42
  it "aws_vpc 'vpc' with all attributes creates a VPC" do
27
43
  expect_recipe {
28
44
  aws_vpc 'test_vpc' do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef-provisioning-aws
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.1
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - John Ewart
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-05-28 00:00:00.000000000 Z
11
+ date: 2015-07-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef
@@ -66,6 +66,20 @@ dependencies:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: 2.0.1
69
+ - !ruby/object:Gem::Dependency
70
+ name: ubuntu_ami
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: 0.4.1
76
+ type: :runtime
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: 0.4.1
69
83
  - !ruby/object:Gem::Dependency
70
84
  name: chef-zero
71
85
  requirement: !ruby/object:Gem::Requirement
@@ -134,6 +148,9 @@ files:
134
148
  - README.md
135
149
  - Rakefile
136
150
  - lib/chef/provider/aws_auto_scaling_group.rb
151
+ - lib/chef/provider/aws_cache_cluster.rb
152
+ - lib/chef/provider/aws_cache_replication_group.rb
153
+ - lib/chef/provider/aws_cache_subnet_group.rb
137
154
  - lib/chef/provider/aws_dhcp_options.rb
138
155
  - lib/chef/provider/aws_ebs_volume.rb
139
156
  - lib/chef/provider/aws_eip_address.rb
@@ -142,6 +159,7 @@ files:
142
159
  - lib/chef/provider/aws_key_pair.rb
143
160
  - lib/chef/provider/aws_launch_configuration.rb
144
161
  - lib/chef/provider/aws_load_balancer.rb
162
+ - lib/chef/provider/aws_network_acl.rb
145
163
  - lib/chef/provider/aws_network_interface.rb
146
164
  - lib/chef/provider/aws_route_table.rb
147
165
  - lib/chef/provider/aws_s3_bucket.rb
@@ -162,6 +180,9 @@ files:
162
180
  - lib/chef/provisioning/aws_driver/version.rb
163
181
  - lib/chef/provisioning/driver_init/aws.rb
164
182
  - lib/chef/resource/aws_auto_scaling_group.rb
183
+ - lib/chef/resource/aws_cache_cluster.rb
184
+ - lib/chef/resource/aws_cache_replication_group.rb
185
+ - lib/chef/resource/aws_cache_subnet_group.rb
165
186
  - lib/chef/resource/aws_dhcp_options.rb
166
187
  - lib/chef/resource/aws_ebs_volume.rb
167
188
  - lib/chef/resource/aws_eip_address.rb
@@ -171,6 +192,7 @@ files:
171
192
  - lib/chef/resource/aws_key_pair.rb
172
193
  - lib/chef/resource/aws_launch_configuration.rb
173
194
  - lib/chef/resource/aws_load_balancer.rb
195
+ - lib/chef/resource/aws_network_acl.rb
174
196
  - lib/chef/resource/aws_network_interface.rb
175
197
  - lib/chef/resource/aws_route_table.rb
176
198
  - lib/chef/resource/aws_s3_bucket.rb
@@ -191,9 +213,12 @@ files:
191
213
  - spec/aws_support/matchers/create_an_aws_object.rb
192
214
  - spec/aws_support/matchers/destroy_an_aws_object.rb
193
215
  - spec/aws_support/matchers/have_aws_object_tags.rb
216
+ - spec/aws_support/matchers/match_an_aws_object.rb
194
217
  - spec/aws_support/matchers/update_an_aws_object.rb
218
+ - spec/integration/aws_cache_subnet_group_spec.rb
195
219
  - spec/integration/aws_ebs_volume_spec.rb
196
220
  - spec/integration/aws_key_pair_spec.rb
221
+ - spec/integration/aws_network_acl_spec.rb
197
222
  - spec/integration/aws_route_table_spec.rb
198
223
  - spec/integration/aws_security_group_spec.rb
199
224
  - spec/integration/aws_subnet_spec.rb