chef-provisioning-aws 1.3.1 → 1.4.0

data/lib/chef/provider/aws_vpc_peering_connection.rb

@@ -0,0 +1,88 @@
+require 'chef/provisioning/aws_driver/aws_provider'
+require 'retryable'
+
+class Chef::Provider::AwsVpcPeeringConnection < Chef::Provisioning::AWSDriver::AWSProvider
+  provides :aws_vpc_peering_connection
+
+  def action_create
+    vpc_peering_connection = super
+    accept_connection(vpc_peering_connection, new_resource)
+  end
+
+  def action_accept
+    existing_vpc_peering_connection = new_resource.aws_object
+    accept_connection(existing_vpc_peering_connection, new_resource)
+  end
+
+  protected
+
+  def create_aws_object
+    if new_resource.vpc.nil?
+      raise "VCP peering connection create action for '#{new_resource.name}' requires the 'vpc' attribute."
+    elsif new_resource.peer_vpc.nil?
+      raise "VCP peering connection create action for '#{new_resource.name}' requires the 'peer_vpc' attribute."
+    end
+
+    options = {}
+    options[:vpc_id] = new_resource.vpc
+    options[:peer_vpc_id] = new_resource.peer_vpc
+    options[:peer_owner_id] = new_resource.peer_owner_id unless new_resource.peer_owner_id.nil?
+    options = AWSResource.lookup_options(options, resource: new_resource)
+
+    ec2_resource = new_resource.driver.ec2_resource
+    vpc = ec2_resource.vpc(options[:vpc_id])
+
+    converge_by "create peering connection #{new_resource.name} in VPC #{new_resource.vpc} (#{vpc.id}) and region #{region}" do
+      vpc_peering_connection = vpc.request_vpc_peering_connection(options)
+
+      retry_with_backoff(::Aws::EC2::Errors::ServiceError) do
+        ec2_resource.create_tags({
+          :resources => [vpc_peering_connection.id],
+          :tags => [
+            {
+              :key => "Name",
+              :value => new_resource.name
+            }
+          ]
+        })
+      end
+      vpc_peering_connection
+    end
+  end
+
+  def update_aws_object(vpc_peering_connection)
+    vpc_id = vpc_peering_connection.requester_vpc_info.vpc_id
+    peer_vpc_id = vpc_peering_connection.accepter_vpc_info.vpc_id
+    peer_owner_id = vpc_peering_connection.accepter_vpc_info.owner_id
+
+    desired_vpc_id = Chef::Resource::AwsVpc.get_aws_object_id(new_resource.vpc, resource: new_resource)
+    desired_peer_vpc_id = Chef::Resource::AwsVpc.get_aws_object_id(new_resource.peer_vpc, resource: new_resource)
+    desired_peer_owner_id = new_resource.peer_owner_id
+
+    if desired_vpc_id && vpc_id != desired_vpc_id
+      raise "VCP peering connection requester vpc cannot be changed after being created! Desired requester vpc id for #{new_resource.name} (#{vpc_peering_connection.id}) was \"#{desired_vpc_id}\" and actual id is \"#{vpc_id}\""
+    end
+    if desired_peer_vpc_id && peer_vpc_id != desired_peer_vpc_id
+      raise "VCP peering connection accepter vpc cannot be changed after being created! Desired accepter vpc id for #{new_resource.name} (#{vpc_peering_connection.id}) was \"#{desired_peer_vpc_id}\" and actual id is \"#{peer_vpc_id}\""
+    end
+    if desired_peer_owner_id && peer_owner_id != desired_peer_owner_id
+      raise "VCP peering connection accepter owner id vpc cannot be changed after being created! Desired accepter vpc owner id for #{new_resource.name} (#{vpc_peering_connection.id}) was \"#{desired_peer_owner_id}\" and actual owner id is \"#{peer_owner_id}\""
+    end
+  end
+
+  def destroy_aws_object(vpc_peering_connection)
+    converge_by "delete #{new_resource.to_s} in #{region}" do
+      unless ['deleted', 'failed', 'deleting'].include? vpc_peering_connection.status.code
+        vpc_peering_connection.delete
+      end
+    end
+  end
+
+  private
+
+  def accept_connection(vpc_peering_connection, new_resource)
+    if new_resource.peer_owner_id.nil? or new_resource.peer_owner_id == new_resource.driver.account_id
+      vpc_peering_connection.accept
+    end
+  end
+end

data/lib/chef/provisioning/aws_driver.rb

@@ -5,20 +5,28 @@ require "chef/resource/aws_auto_scaling_group"
 require "chef/resource/aws_cache_cluster"
 require "chef/resource/aws_cache_replication_group"
 require "chef/resource/aws_cache_subnet_group"
+require "chef/resource/aws_cloudsearch_domain"
 require "chef/resource/aws_dhcp_options"
 require "chef/resource/aws_ebs_volume"
 require "chef/resource/aws_eip_address"
 require "chef/resource/aws_image"
 require "chef/resource/aws_instance"
 require "chef/resource/aws_internet_gateway"
+require "chef/resource/aws_key_pair"
 require "chef/resource/aws_launch_configuration"
 require "chef/resource/aws_load_balancer"
 require "chef/resource/aws_network_acl"
 require "chef/resource/aws_network_interface"
 require "chef/resource/aws_route_table"
+require "chef/resource/aws_rds_instance"
+require "chef/resource/aws_rds_subnet_group"
+require "chef/resource/aws_route_table"
 require "chef/resource/aws_s3_bucket"
 require "chef/resource/aws_security_group"
+require "chef/resource/aws_server_certificate"
 require "chef/resource/aws_sns_topic"
 require "chef/resource/aws_sqs_queue"
 require "chef/resource/aws_subnet"
 require "chef/resource/aws_vpc"
+require "chef/resource/aws_vpc_peering_connection"
+

data/lib/chef/provisioning/aws_driver/aws_provider.rb

@@ -3,6 +3,8 @@ require 'chef/provisioning/aws_driver/aws_resource'
 require 'chef/provisioning/aws_driver/aws_resource_with_entry'
 require 'chef/provisioning/chef_managed_entry_store'
 require 'chef/provisioning/chef_provider_action_handler'
+# Enough providers will require this that we put it in here
+require 'chef/provisioning/aws_driver/tagging_strategy/ec2'
 require 'retryable'
 
 module Chef::Provisioning::AWSDriver
@@ -121,8 +123,6 @@ class AWSProvider < Chef::Provider::LWRPBase
       aws_object = create_aws_object
     end
 
-    converge_tags(aws_object)
-
     #
     # Associate the managed entry with the AWS object
     #
@@ -130,6 +130,12 @@ class AWSProvider < Chef::Provider::LWRPBase
       new_resource.save_managed_entry(aws_object, action_handler, existing_entry: entry)
     end
 
+    # This has to be after the managed entry save so the `aws_object` lookup
+    # from the resource succeeds
+    if respond_to?(:converge_tags)
+      converge_tags
+    end
+
     aws_object
   end
 
@@ -223,90 +229,53 @@ class AWSProvider < Chef::Provider::LWRPBase
     raise NotImplementedError, :destroy_aws_object
   end
 
-  # Update AWS resource tags
-  #
-  # AWS resources which include the TaggedItem Module
-  # will have an 'aws_tags' attribute available.
-  # The 'aws_tags' Hash will apply all the tags within
-  # the hash, and remove existing tags not included within
-  # the hash.  The 'Name' tag will not removed.  The 'Name'
-  # tag can still be updated in the hash.
-  #
-  # @param aws_object Aws SDK Object to update tags
-  #
-  def converge_tags(aws_object)
-    return unless new_resource.respond_to?(:aws_tags)
-    desired_tags = new_resource.aws_tags
-    # If aws_tags were not provided we exit
-    if desired_tags.nil?
-      Chef::Log.debug "aws_tags not provided, nothing to converge"
-      return
-    end
-    current_tags = aws_object.tags.to_h
-    # AWS always returns tags as strings, and we don't want to overwrite a
-    # tag-as-string with the same tag-as-symbol
-    desired_tags = Hash[desired_tags.map {|k, v| [k.to_s, v.to_s] }]
-    tags_to_update = desired_tags.reject {|k,v| current_tags[k] == v}
-    tags_to_delete = current_tags.keys - desired_tags.keys
-    # We don't want to delete `Name`, just all other tags
-    tags_to_delete.delete('Name')
-
-    unless tags_to_update.empty?
-      converge_by "applying tags #{tags_to_update}" do
-        aws_object.tags.set(tags_to_update)
-      end
-    end
-    unless tags_to_delete.empty?
-      converge_by "deleting tags #{tags_to_delete.inspect}" do
-        aws_object.tags.delete(*tags_to_delete)
-      end
-    end
-  end
-
-  # Wait until aws_object obtains one of expected_status
-  #
-  # @param aws_object Aws SDK Object to check status on
-  # @param expected_status [Symbol,Array<Symbol>] Final status(s) to look for
-  # @param acceptable_errors [Exception,Array<Exception>] Acceptable errors that are caught and squelched
-  # @param tries [Integer] Number of times to check status
-  # @param sleep [Integer] Time to wait between checking status
-  #
   def wait_for_status(aws_object, expected_status, acceptable_errors = [], tries=60, sleep=5)
-    acceptable_errors = [acceptable_errors].flatten
-    expected_status = [expected_status].flatten
-    current_status = aws_object.status
+    wait_for(
+      aws_object: aws_object,
+      query_method: :status,
+      expected_responses: expected_status,
+      acceptable_errors: acceptable_errors,
+      tries: tries,
+      sleep: sleep
+    )
+  end
 
-    Retryable.retryable(:tries => tries, :sleep => sleep) do |retries, exception|
-      action_handler.report_progress "waited #{retries*sleep}/#{tries*sleep}s for #{aws_object.id} status to change to #{expected_status.inspect}..."
-      begin
-        current_status = aws_object.status
-        unless expected_status.include?(current_status)
-          raise StatusTimeoutError.new(aws_object, current_status, expected_status)
-        end
-      rescue *acceptable_errors
-      end
-    end
+  def wait_for_state(aws_object, expected_states, acceptable_errors = [], tries=60, sleep=5)
+    wait_for(
+      aws_object: aws_object,
+      query_method: :state,
+      expected_responses: expected_states,
+      acceptable_errors: acceptable_errors,
+      tries: tries,
+      sleep: sleep
+    )
   end
 
-  # Wait until aws_object obtains one of expected_state
+  # Wait until aws_object obtains one of expected_responses
   #
   # @param aws_object Aws SDK Object to check state on
-  # @param expected_state [Symbol,Array<Symbol>] Final state(s) to look for
+  # @param query_method Method to call on aws_object to get current state
+  # @param expected_responses [Symbol,Array<Symbol>] Final state(s) to look for
   # @param acceptable_errors [Exception,Array<Exception>] Acceptable errors that are caught and squelched
-  # @param tries [Integer] Number of times to check state
-  # @param sleep [Integer] Time to wait between checking states
+  # @param tries [Integer] Number of times to check state, defaults to 60
+  # @param sleep [Integer] Time to wait between checking states, defaults to 5
   #
-  def wait_for_state(aws_object, expected_states, acceptable_errors = [], tries=60, sleep=5)
-    acceptable_errors = [acceptable_errors].flatten
-    expected_states = [expected_states].flatten
-    current_state = aws_object.state
+  def wait_for(opts={})
+    aws_object = opts[:aws_object]
+    query_method = opts[:query_method]
+    expected_responses = [opts[:expected_responses]].flatten
+    acceptable_errors = [opts[:acceptable_errors] || []].flatten
+    tries = opts[:tries] || 60
+    sleep = opts[:sleep] || 5
 
     Retryable.retryable(:tries => tries, :sleep => sleep) do |retries, exception|
-      action_handler.report_progress "waited #{retries*sleep}/#{tries*sleep}s for #{aws_object.id} state to change to #{expected_states.inspect}..."
+      action_handler.report_progress "waited #{retries*sleep}/#{tries*sleep}s for #{aws_object.id} state to change to #{expected_responses.inspect}..."
+      Chef::Log.debug("Current exception is #{exception.inspect}")
       begin
-        current_state = aws_object.state
-        unless expected_states.include?(current_state)
-          raise StatusTimeoutError.new(aws_object, current_state, expected_states)
+        current_response = aws_object.send(query_method)
+        Chef::Log.debug("Current response from [#{query_method}] is #{current_response}")
+        unless expected_responses.include?(current_response)
+          raise StatusTimeoutError.new(aws_object, current_response, expected_responses)
         end
       rescue *acceptable_errors
       end
@@ -317,7 +286,7 @@ class AWSProvider < Chef::Provider::LWRPBase
   # @param retry_on [Exception] An exception to retry on, defaults to RuntimeError
   #
   def retry_with_backoff(retry_on = RuntimeError, &block)
-    Retryable.retryable(:tries => 10, :sleep => lambda { |n| [2**n, 10].min }, :on => retry_on, &block)
+    Retryable.retryable(:tries => 10, :sleep => lambda { |n| [2**n, 16].min }, :on => retry_on, &block)
   end
 
 end

data/lib/chef/provisioning/aws_driver/aws_rds_resource.rb

@@ -0,0 +1,11 @@
+require_relative 'aws_resource'
+
+module Chef::Provisioning::AWSDriver
+class AWSRDSResource < AWSResource
+
+  def rds_tagging_type
+    raise "You must add the RDS resource type lookup from http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html#USER_Tagging.ARN"
+  end
+
+end
+end

data/lib/chef/provisioning/aws_driver/aws_resource.rb

@@ -1,6 +1,8 @@
 require 'aws'
 require 'chef/provisioning/aws_driver/super_lwrp'
 require 'chef/provisioning/chef_managed_entry_store'
+# Enough resources will eventually require this that we put 1 require in here
+require 'chef/provisioning/aws_driver/aws_taggable'
 
 # Common AWS resource - contains metadata that all AWS resources will need
 module Chef::Provisioning::AWSDriver
@@ -59,12 +61,21 @@ class AWSResource < Chef::Provisioning::AWSDriver::SuperLWRP
                               lazy_default: proc { Chef::Provisioning::ChefManagedEntryStore.new(chef_server) }
 
   #
-  # Get the current AWS object.
+  # Get the current AWS object.  This should return the aws_object even if it has
+  # a status like 'deleted' or 'inactive'.  If there is an aws_object, we return it.
+  # Callers will need to check the status if they care.
   #
   def aws_object
     raise NotImplementedError, :aws_object
   end
 
+  def aws_object_id
+    @aws_object_id ||= begin
+      o = aws_object
+      o.public_send(self.class.aws_sdk_class_id) if o
+    end
+  end
+
   #
   # Look up an AWS options list, translating standard names using the appropriate
   # classes.
@@ -110,6 +121,7 @@ class AWSResource < Chef::Provisioning::AWSDriver::SuperLWRP
       resource.driver driver if driver
       resource.managed_entry_store managed_entry_store if managed_entry_store
     end
+
     result = resource.aws_object
     if required && result.nil?
       raise "#{self}[#{value}] does not exist!"
@@ -132,7 +144,7 @@ class AWSResource < Chef::Provisioning::AWSDriver::SuperLWRP
                         load_provider: true,
                         id: :name,
                         aws_id_prefix: nil)
-    self.resource_name = self.dsl_name
+    self.resource_name = convert_to_snake_case(self.name.split('::')[-1])
     @aws_sdk_class = sdk_class
     @aws_sdk_class_id = id
     @aws_id_prefix = aws_id_prefix

data/lib/chef/provisioning/aws_driver/aws_resource_with_entry.rb

@@ -4,12 +4,6 @@ require 'chef/provisioning/aws_driver/resources'
 # Common AWS resource - contains metadata that all AWS resources will need
 class Chef::Provisioning::AWSDriver::AWSResourceWithEntry < Chef::Provisioning::AWSDriver::AWSResource
 
-  # This should be a hash of tags to apply to the AWS object
-  #
-  # @param aws_tags [Hash] Should be a hash of keys & values to add.  Keys and values
-  #        can be provided as symbols or strings, but will be stored in AWS as strings.
-  attribute :aws_tags, kind_of: Hash
-
   #
   # Dissociate the ID of this object from Chef.
   #
@@ -19,7 +13,7 @@ class Chef::Provisioning::AWSDriver::AWSResourceWithEntry < Chef::Provisioning::
   #
   def delete_managed_entry(action_handler)
     if should_have_managed_entry?
-      managed_entry_store.delete(self.class.resource_name, name, action_handler)
+      managed_entry_store.delete(self.class.managed_entry_type, name, action_handler)
     end
   end
 
@@ -37,7 +31,7 @@ class Chef::Provisioning::AWSDriver::AWSResourceWithEntry < Chef::Provisioning::
   def save_managed_entry(aws_object, action_handler, existing_entry: nil)
     if should_have_managed_entry?
       managed_entry = existing_entry ||
-                      managed_entry_store.new_entry(self.class.resource_name, name)
+                      managed_entry_store.new_entry(self.class.managed_entry_type, name)
       updated = update_managed_entry(aws_object, managed_entry)
       if updated || !existing_entry
         managed_entry.save(action_handler)

data/lib/chef/provisioning/aws_driver/aws_taggable.rb

@@ -0,0 +1,18 @@
+module Chef::Provisioning::AWSDriver
+# This module is meant to be included in a resource that is taggable
+# This will add the appropriate attribute that can be converged by the provider
+# TODO it would be nice to not have two seperate modules (taggable/tagger)
+#   and just have the provider decorate the resource or vice versa.  Complicated
+#   by resources <-> providers being many-to-many.
+module AWSTaggable
+
+  def self.included(klass)
+    # This should be a hash of tags to apply to the AWS object
+    #
+    # @param aws_tags [Hash] Should be a hash of keys & values to add.  Keys and values
+    #        can be provided as symbols or strings, but will be stored in AWS as strings.
+    klass.attribute :aws_tags, kind_of: Hash
+  end
+
+end
+end

data/lib/chef/provisioning/aws_driver/aws_tagger.rb

@@ -0,0 +1,61 @@
+require 'retryable'
+
+module Chef::Provisioning::AWSDriver
+# Include this module on a class or instance that is responsible for tagging
+# itself.  Fill in the hook methods so it knows how to tag itself.
+class AWSTagger
+  extend Forwardable
+
+  attr_reader :action_handler
+
+  def initialize(tagging_strategy, action_handler)
+    @tagging_strategy = tagging_strategy
+    @action_handler = action_handler
+  end
+
+  def_delegators :@tagging_strategy, :desired_tags, :current_tags, :set_tags, :delete_tags
+
+  def converge_tags
+    if desired_tags.nil?
+      Chef::Log.debug "aws_tags not provided, nothing to converge"
+      return
+    end
+
+    # Duplication and normalization
+    # ::Aws::EC2::Errors::InvalidParameterValue: Tag value cannot be null. Use empty string instead.
+    n_desired_tags = Hash[desired_tags.map {|k,v| [k.to_s, v.to_s]}]
+    n_current_tags = Hash[current_tags.map {|k,v| [k.to_s, v.to_s]}]
+
+    tags_to_set = n_desired_tags.reject {|k,v| n_current_tags[k] && n_current_tags[k] == v}
+    tags_to_delete = n_current_tags.keys - n_desired_tags.keys
+    # We don't want to delete `Name`, just all other tags
+    # Tag keys and values are case sensitive - `Name` is special because it
+    # shows as the name in the console
+    tags_to_delete.delete('Name')
+
+    # Tagging frequently fails so we retry with an exponential backoff, a maximum of 10 seconds
+    Retryable.retryable(
+      :tries => 20,
+      :sleep => lambda { |n| [2**n, 10].min },
+      :on => [AWS::Errors::Base, Aws::Errors::ServiceError,]
+    ) do |retries, exception|
+      if retries > 0
+        Chef::Log.info "Retrying the tagging, previous try failed with #{exception.inspect}"
+      end
+      unless tags_to_set.empty?
+        action_handler.perform_action "creating tags #{tags_to_set}" do
+          set_tags(tags_to_set)
+        end
+        tags_to_set = []
+      end
+      unless tags_to_delete.empty?
+        action_handler.perform_action "deleting tags #{tags_to_delete}" do
+          delete_tags(tags_to_delete)
+        end
+        tags_to_delete = []
+      end
+    end
+  end
+
+end
+end