chef-provisioning-aws 1.2.1 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +21 -8
- data/lib/chef/provider/aws_cache_cluster.rb +75 -0
- data/lib/chef/provider/aws_cache_replication_group.rb +49 -0
- data/lib/chef/provider/aws_cache_subnet_group.rb +60 -0
- data/lib/chef/provider/aws_instance.rb +4 -1
- data/lib/chef/provider/aws_key_pair.rb +1 -1
- data/lib/chef/provider/aws_network_acl.rb +131 -0
- data/lib/chef/provider/aws_security_group.rb +1 -1
- data/lib/chef/provider/aws_subnet.rb +14 -0
- data/lib/chef/provider/aws_vpc.rb +1 -0
- data/lib/chef/provisioning/aws_driver.rb +4 -0
- data/lib/chef/provisioning/aws_driver/aws_provider.rb +25 -0
- data/lib/chef/provisioning/aws_driver/aws_resource.rb +7 -2
- data/lib/chef/provisioning/aws_driver/driver.rb +59 -24
- data/lib/chef/provisioning/aws_driver/version.rb +1 -1
- data/lib/chef/resource/aws_cache_cluster.rb +37 -0
- data/lib/chef/resource/aws_cache_replication_group.rb +37 -0
- data/lib/chef/resource/aws_cache_subnet_group.rb +28 -0
- data/lib/chef/resource/aws_network_acl.rb +61 -0
- data/lib/chef/resource/aws_subnet.rb +9 -0
- data/spec/aws_support.rb +4 -1
- data/spec/aws_support/matchers/match_an_aws_object.rb +58 -0
- data/spec/integration/aws_cache_subnet_group_spec.rb +32 -0
- data/spec/integration/aws_key_pair_spec.rb +2 -2
- data/spec/integration/aws_network_acl_spec.rb +107 -0
- data/spec/integration/aws_security_group_spec.rb +16 -0
- data/spec/integration/aws_subnet_spec.rb +8 -11
- data/spec/integration/aws_tagged_items_spec.rb +1 -1
- data/spec/integration/aws_vpc_spec.rb +16 -0
- metadata +27 -2
@@ -0,0 +1,32 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Chef::Resource::AwsCacheSubnetGroup do
|
4
|
+
extend AWSSupport
|
5
|
+
|
6
|
+
when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
|
7
|
+
with_aws "with a VPC with an internet gateway and subnet" do
|
8
|
+
aws_vpc "test_vpc" do
|
9
|
+
cidr_block '10.0.0.0/24'
|
10
|
+
internet_gateway true
|
11
|
+
end
|
12
|
+
|
13
|
+
aws_subnet "test_subnet" do
|
14
|
+
vpc 'test_vpc'
|
15
|
+
cidr_block "10.0.0.0/24"
|
16
|
+
end
|
17
|
+
|
18
|
+
it "aws_cache_subnet_group 'test-subnet-group' creates a cache subnet group" do
|
19
|
+
expect_recipe {
|
20
|
+
aws_cache_subnet_group 'test-subnet-group' do
|
21
|
+
description 'Test Subnet Group'
|
22
|
+
subnets [ 'test_subnet' ]
|
23
|
+
end
|
24
|
+
}.to create_an_aws_cache_subnet_group('test-subnet-group',
|
25
|
+
subnets: [
|
26
|
+
{ subnet_identifier: test_subnet.aws_object.id }
|
27
|
+
]
|
28
|
+
).and be_idempotent
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -10,11 +10,11 @@ describe Chef::Resource::AwsKeyPair do
|
|
10
10
|
end
|
11
11
|
|
12
12
|
it "aws_key_pair 'test_key_pair' creates a key pair" do
|
13
|
-
|
13
|
+
expect(recipe {
|
14
14
|
aws_key_pair 'test_key_pair' do
|
15
15
|
private_key_options format: :der, type: :rsa
|
16
16
|
end
|
17
|
-
}.to create_an_aws_key_pair('test_key_pair').and be_idempotent
|
17
|
+
}).to create_an_aws_key_pair('test_key_pair').and be_idempotent
|
18
18
|
end
|
19
19
|
end
|
20
20
|
end
|
@@ -0,0 +1,107 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Chef::Resource::AwsNetworkAcl do
|
4
|
+
extend AWSSupport
|
5
|
+
|
6
|
+
when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
|
7
|
+
with_aws "with a VPC" do
|
8
|
+
aws_vpc "test_vpc" do
|
9
|
+
cidr_block '10.0.0.0/24'
|
10
|
+
internet_gateway true
|
11
|
+
end
|
12
|
+
|
13
|
+
it "aws_network_acl 'test_network_acl' with no parameters except VPC creates a network acl" do
|
14
|
+
expect_recipe {
|
15
|
+
aws_network_acl 'test_network_acl' do
|
16
|
+
vpc 'test_vpc'
|
17
|
+
end
|
18
|
+
}.to create_an_aws_network_acl('test_network_acl',
|
19
|
+
vpc_id: test_vpc.aws_object.id,
|
20
|
+
).and be_idempotent
|
21
|
+
end
|
22
|
+
|
23
|
+
it "aws_network_acl 'test_network_acl' with all parameters creates a network acl" do
|
24
|
+
expect_recipe {
|
25
|
+
aws_network_acl 'test_network_acl' do
|
26
|
+
vpc 'test_vpc'
|
27
|
+
inbound_rules(
|
28
|
+
[
|
29
|
+
{ rule_number: 100, action: :deny, protocol: -1, cidr_block: '10.0.0.0/24' },
|
30
|
+
{ rule_number: 200, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0' },
|
31
|
+
{ rule_number: 300, action: :allow, protocol: 6, port_range: 22..23, cidr_block: '172.31.0.0/22' }
|
32
|
+
]
|
33
|
+
)
|
34
|
+
outbound_rules(
|
35
|
+
[
|
36
|
+
{ rule_number: 500, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0' }
|
37
|
+
]
|
38
|
+
)
|
39
|
+
end
|
40
|
+
}.to create_an_aws_network_acl('test_network_acl',
|
41
|
+
vpc_id: test_vpc.aws_object.id,
|
42
|
+
entry_set:
|
43
|
+
[
|
44
|
+
{ :rule_number=>500, :protocol=>"-1", :rule_action=>"allow", :egress=>true, :cidr_block=>"0.0.0.0/0" },
|
45
|
+
{ :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>true, :cidr_block=>"0.0.0.0/0" },
|
46
|
+
{ :rule_number=>100, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"10.0.0.0/24" },
|
47
|
+
{ :rule_number=>200, :protocol=>"-1", :rule_action=>"allow", :egress=>false, :cidr_block=>"0.0.0.0/0" },
|
48
|
+
{ :rule_number=>300, :protocol=>"6", :rule_action=>"allow", :egress=>false, :cidr_block=>"172.31.0.0/22", :port_range=>{ :from=>22, :to=>23 } },
|
49
|
+
{ :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"0.0.0.0/0" }
|
50
|
+
]
|
51
|
+
).and be_idempotent
|
52
|
+
end
|
53
|
+
|
54
|
+
context 'when rules are empty' do
|
55
|
+
aws_network_acl 'test_network_acl' do
|
56
|
+
vpc 'test_vpc'
|
57
|
+
inbound_rules(rule_number: 100, action: :deny, protocol: -1, cidr_block: '10.0.0.0/24')
|
58
|
+
outbound_rules(rule_number: 500, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0')
|
59
|
+
end
|
60
|
+
|
61
|
+
it "aws_network_acl 'test_network_acl' removes current rules" do
|
62
|
+
expect_recipe {
|
63
|
+
aws_network_acl 'test_network_acl' do
|
64
|
+
vpc 'test_vpc'
|
65
|
+
inbound_rules []
|
66
|
+
outbound_rules []
|
67
|
+
end
|
68
|
+
}.to create_an_aws_network_acl('test_network_acl',
|
69
|
+
vpc_id: test_vpc.aws_object.id,
|
70
|
+
entry_set:
|
71
|
+
[
|
72
|
+
{ :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>true, :cidr_block=>"0.0.0.0/0" },
|
73
|
+
{ :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"0.0.0.0/0" }
|
74
|
+
]
|
75
|
+
).and be_idempotent
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
context 'when rules are nil' do
|
80
|
+
aws_network_acl 'test_network_acl' do
|
81
|
+
vpc 'test_vpc'
|
82
|
+
inbound_rules(rule_number: 100, action: :deny, protocol: -1, cidr_block: '10.0.0.0/24')
|
83
|
+
outbound_rules(rule_number: 500, action: :allow, protocol: -1, cidr_block: '0.0.0.0/0')
|
84
|
+
end
|
85
|
+
|
86
|
+
it "aws_network_acl 'test_network_acl' with a nil rules array leaves current rules alone" do
|
87
|
+
expect_recipe {
|
88
|
+
aws_network_acl 'test_network_acl' do
|
89
|
+
vpc 'test_vpc'
|
90
|
+
inbound_rules nil
|
91
|
+
outbound_rules nil
|
92
|
+
end
|
93
|
+
}.to match_an_aws_network_acl('test_network_acl',
|
94
|
+
vpc_id: test_vpc.aws_object.id,
|
95
|
+
entry_set:
|
96
|
+
[
|
97
|
+
{ :rule_number=>500, :protocol=>"-1", :rule_action=>"allow", :egress=>true, :cidr_block=>"0.0.0.0/0" },
|
98
|
+
{ :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>true, :cidr_block=>"0.0.0.0/0" },
|
99
|
+
{ :rule_number=>100, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"10.0.0.0/24" },
|
100
|
+
{ :rule_number=>32767, :protocol=>"-1", :rule_action=>"deny", :egress=>false, :cidr_block=>"0.0.0.0/0" }
|
101
|
+
]
|
102
|
+
).and be_idempotent
|
103
|
+
end
|
104
|
+
end
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|
@@ -90,6 +90,22 @@ describe Chef::Resource::AwsSecurityGroup do
|
|
90
90
|
ip_permissions_list_egress: [{groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}], ip_protocol: "tcp", from_port: 22, to_port: 22 }]
|
91
91
|
).and be_idempotent
|
92
92
|
end
|
93
|
+
|
94
|
+
it "aws_security_group 'test_sg' with inbound and outbound rules allowing all ports works when protocol specified" do
|
95
|
+
expect_recipe {
|
96
|
+
aws_security_group 'test_sg' do
|
97
|
+
vpc 'test_vpc'
|
98
|
+
inbound_rules('0.0.0.0/0' => { port_range: -1..-1, protocol: -1 })
|
99
|
+
outbound_rules({ port_range: -1..-1, protocol: -1 } => '0.0.0.0/0')
|
100
|
+
end
|
101
|
+
}.to create_an_aws_security_group('test_sg',
|
102
|
+
vpc_id: test_vpc.aws_object.id,
|
103
|
+
ip_permissions_list: [
|
104
|
+
{ groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}], ip_protocol: "-1"}
|
105
|
+
],
|
106
|
+
ip_permissions_list_egress: [{ groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}], ip_protocol: "-1"}]
|
107
|
+
).and be_idempotent
|
108
|
+
end
|
93
109
|
end
|
94
110
|
|
95
111
|
with_aws "when narrowing from multiple VPCs" do
|
@@ -4,16 +4,7 @@ describe Chef::Resource::AwsSubnet do
|
|
4
4
|
extend AWSSupport
|
5
5
|
|
6
6
|
when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
|
7
|
-
with_aws "with a VPC with an internet gateway and
|
8
|
-
before :context do
|
9
|
-
driver.ec2.vpcs.with_tag('Name', 'test_vpc').each do |vpc|
|
10
|
-
recipe do
|
11
|
-
aws_vpc vpc do
|
12
|
-
action :purge
|
13
|
-
end
|
14
|
-
end.converge
|
15
|
-
end
|
16
|
-
end
|
7
|
+
with_aws "with a VPC with an internet gateway, route table and network acl" do
|
17
8
|
aws_vpc "test_vpc" do
|
18
9
|
cidr_block '10.0.0.0/24'
|
19
10
|
internet_gateway true
|
@@ -23,6 +14,10 @@ describe Chef::Resource::AwsSubnet do
|
|
23
14
|
vpc 'test_vpc'
|
24
15
|
end
|
25
16
|
|
17
|
+
aws_network_acl 'test_network_acl' do
|
18
|
+
vpc 'test_vpc'
|
19
|
+
end
|
20
|
+
|
26
21
|
it "aws_subnet 'test_subnet' with no parameters except VPC creates a route table" do
|
27
22
|
expect_recipe {
|
28
23
|
aws_subnet 'test_subnet' do
|
@@ -43,12 +38,14 @@ describe Chef::Resource::AwsSubnet do
|
|
43
38
|
availability_zone az
|
44
39
|
map_public_ip_on_launch true
|
45
40
|
route_table 'test_route_table'
|
41
|
+
network_acl 'test_network_acl'
|
46
42
|
end
|
47
43
|
}.to create_an_aws_subnet('test_subnet',
|
48
44
|
vpc_id: test_vpc.aws_object.id,
|
49
45
|
cidr_block: '10.0.0.0/24',
|
50
46
|
'availability_zone.name' => az,
|
51
|
-
'route_table.id' => test_route_table.aws_object.id
|
47
|
+
'route_table.id' => test_route_table.aws_object.id,
|
48
|
+
'network_acl.id' => test_network_acl.aws_object.id
|
52
49
|
).and be_idempotent
|
53
50
|
end
|
54
51
|
end
|
@@ -137,7 +137,7 @@ describe "AWS Tagged Items" do
|
|
137
137
|
expect_recipe {
|
138
138
|
load_balancer 'lbtest' do
|
139
139
|
load_balancer_options :aws_tags => { :marco => 'polo', 'happyhappy' => 'joyjoy' },
|
140
|
-
:availability_zones => ["#{driver.aws_config.region}a", "#{driver.aws_config.region}
|
140
|
+
:availability_zones => ["#{driver.aws_config.region}a", "#{driver.aws_config.region}c"]
|
141
141
|
end
|
142
142
|
}.to create_an_aws_load_balancer('lbtest'
|
143
143
|
).and have_aws_load_balancer_tags('lbtest',
|
@@ -23,6 +23,22 @@ describe Chef::Resource::AwsVpc do
|
|
23
23
|
).and be_idempotent
|
24
24
|
end
|
25
25
|
|
26
|
+
it "aws_vpc 'vpc' with cidr_block '10.0.0.0/24' creates a VPC with tags" do
|
27
|
+
expect_recipe {
|
28
|
+
aws_vpc 'test_vpc_2' do
|
29
|
+
cidr_block '10.0.0.0/24'
|
30
|
+
aws_tags :foo => :bar
|
31
|
+
end
|
32
|
+
}.to create_an_aws_vpc('test_vpc_2',
|
33
|
+
cidr_block: '10.0.0.0/24',
|
34
|
+
instance_tenancy: :default,
|
35
|
+
state: :available,
|
36
|
+
internet_gateway: nil
|
37
|
+
).and have_aws_vpc_tags('test_vpc_2',
|
38
|
+
{"foo" => "bar"}
|
39
|
+
).and be_idempotent
|
40
|
+
end
|
41
|
+
|
26
42
|
it "aws_vpc 'vpc' with all attributes creates a VPC" do
|
27
43
|
expect_recipe {
|
28
44
|
aws_vpc 'test_vpc' do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: chef-provisioning-aws
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John Ewart
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-07-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: chef
|
@@ -66,6 +66,20 @@ dependencies:
|
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: 2.0.1
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: ubuntu_ami
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: 0.4.1
|
76
|
+
type: :runtime
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: 0.4.1
|
69
83
|
- !ruby/object:Gem::Dependency
|
70
84
|
name: chef-zero
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -134,6 +148,9 @@ files:
|
|
134
148
|
- README.md
|
135
149
|
- Rakefile
|
136
150
|
- lib/chef/provider/aws_auto_scaling_group.rb
|
151
|
+
- lib/chef/provider/aws_cache_cluster.rb
|
152
|
+
- lib/chef/provider/aws_cache_replication_group.rb
|
153
|
+
- lib/chef/provider/aws_cache_subnet_group.rb
|
137
154
|
- lib/chef/provider/aws_dhcp_options.rb
|
138
155
|
- lib/chef/provider/aws_ebs_volume.rb
|
139
156
|
- lib/chef/provider/aws_eip_address.rb
|
@@ -142,6 +159,7 @@ files:
|
|
142
159
|
- lib/chef/provider/aws_key_pair.rb
|
143
160
|
- lib/chef/provider/aws_launch_configuration.rb
|
144
161
|
- lib/chef/provider/aws_load_balancer.rb
|
162
|
+
- lib/chef/provider/aws_network_acl.rb
|
145
163
|
- lib/chef/provider/aws_network_interface.rb
|
146
164
|
- lib/chef/provider/aws_route_table.rb
|
147
165
|
- lib/chef/provider/aws_s3_bucket.rb
|
@@ -162,6 +180,9 @@ files:
|
|
162
180
|
- lib/chef/provisioning/aws_driver/version.rb
|
163
181
|
- lib/chef/provisioning/driver_init/aws.rb
|
164
182
|
- lib/chef/resource/aws_auto_scaling_group.rb
|
183
|
+
- lib/chef/resource/aws_cache_cluster.rb
|
184
|
+
- lib/chef/resource/aws_cache_replication_group.rb
|
185
|
+
- lib/chef/resource/aws_cache_subnet_group.rb
|
165
186
|
- lib/chef/resource/aws_dhcp_options.rb
|
166
187
|
- lib/chef/resource/aws_ebs_volume.rb
|
167
188
|
- lib/chef/resource/aws_eip_address.rb
|
@@ -171,6 +192,7 @@ files:
|
|
171
192
|
- lib/chef/resource/aws_key_pair.rb
|
172
193
|
- lib/chef/resource/aws_launch_configuration.rb
|
173
194
|
- lib/chef/resource/aws_load_balancer.rb
|
195
|
+
- lib/chef/resource/aws_network_acl.rb
|
174
196
|
- lib/chef/resource/aws_network_interface.rb
|
175
197
|
- lib/chef/resource/aws_route_table.rb
|
176
198
|
- lib/chef/resource/aws_s3_bucket.rb
|
@@ -191,9 +213,12 @@ files:
|
|
191
213
|
- spec/aws_support/matchers/create_an_aws_object.rb
|
192
214
|
- spec/aws_support/matchers/destroy_an_aws_object.rb
|
193
215
|
- spec/aws_support/matchers/have_aws_object_tags.rb
|
216
|
+
- spec/aws_support/matchers/match_an_aws_object.rb
|
194
217
|
- spec/aws_support/matchers/update_an_aws_object.rb
|
218
|
+
- spec/integration/aws_cache_subnet_group_spec.rb
|
195
219
|
- spec/integration/aws_ebs_volume_spec.rb
|
196
220
|
- spec/integration/aws_key_pair_spec.rb
|
221
|
+
- spec/integration/aws_network_acl_spec.rb
|
197
222
|
- spec/integration/aws_route_table_spec.rb
|
198
223
|
- spec/integration/aws_security_group_spec.rb
|
199
224
|
- spec/integration/aws_subnet_spec.rb
|