chef-provisioning-aws 1.3.1 → 1.4.0

data/lib/chef/resource/aws_rds_subnet_group.rb

@@ -0,0 +1,29 @@
+require 'chef/provisioning/aws_driver/aws_rds_resource'
+require 'chef/provisioning/aws_driver/aws_taggable'
+require 'chef/resource/aws_subnet'
+
+class Chef::Resource::AwsRdsSubnetGroup < Chef::Provisioning::AWSDriver::AWSRDSResource
+  include Chef::Provisioning::AWSDriver::AWSTaggable
+
+  aws_sdk_type AWS::RDS
+
+  attribute :name, kind_of: String, name_attribute: true
+  attribute :description, kind_of: String, required: true
+  attribute :subnets,
+            kind_of: [ String, Array, AwsSubnet, AWS::EC2::Subnet ],
+            required: true,
+            coerce: proc { |v| [v].flatten }
+
+  def aws_object
+    driver.rds.client
+      .describe_db_subnet_groups(db_subnet_group_name: name)[:db_subnet_groups].first
+  rescue AWS::RDS::Errors::DBSubnetGroupNotFoundFault
+    # triggered by describe_db_subnet_groups when the group can't
+    # be found
+    nil
+  end
+
+  def rds_tagging_type
+    "subgrp"
+  end
+end

data/lib/chef/resource/aws_route_table.rb

@@ -13,7 +13,8 @@ require 'chef/provisioning/aws_driver/aws_resource_with_entry'
 # - http://docs.aws.amazon.com/AWSRubySDK/latest/AWS/EC2/RouteTable.html
 #
 class Chef::Resource::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSResourceWithEntry
-  aws_sdk_type AWS::EC2::RouteTable
+  include Chef::Provisioning::AWSDriver::AWSTaggable
+  aws_sdk_type ::Aws::EC2::RouteTable
 
   require 'chef/resource/aws_vpc'
 
@@ -63,7 +64,8 @@ class Chef::Resource::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSResource
   # - { internet_gateway: <AWS Internet Gateway ID or object> }
   # - { instance: <Chef machine name or resource, AWS Instance ID or object> }
   # - { network_interface: <AWS Network Interface ID or object> }
-  # - <AWS Internet Gateway, Instance or Network Interface <ID or object)>
+  # - { vpc_peering_connection: <AWS VPC Peering Connection ID or object> }
+  # - <AWS Internet Gateway, Instance, Network Interface or a VPC Peering Connection <ID or object)>
   # - Chef machine name
   # - Chef machine resource
   #
@@ -95,11 +97,11 @@ class Chef::Resource::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSResource
 
   def aws_object
     driver, id = get_driver_and_id
-    result = driver.ec2.route_tables[id] if id
+    result = driver.ec2_resource.route_table(id) if id
     begin
       # try accessing it to find out if it exists
-      result.vpc if result
-    rescue AWS::EC2::Errors::InvalidRouteTableID::NotFound
+      result.vpc_id if result
+    rescue ::Aws::EC2::Errors::InvalidRouteTableIDNotFound
       result = nil
     end
     result

data/lib/chef/resource/aws_s3_bucket.rb

@@ -1,12 +1,15 @@
 require 'chef/provisioning/aws_driver/aws_resource'
 
 class Chef::Resource::AwsS3Bucket < Chef::Provisioning::AWSDriver::AWSResource
+  include Chef::Provisioning::AWSDriver::AWSTaggable
+
   aws_sdk_type AWS::S3::Bucket, id: :name
 
   attribute :name, :kind_of => String, :name_attribute => true
   attribute :options, :kind_of => Hash, :default => {}
   attribute :enable_website_hosting, :kind_of => [TrueClass, FalseClass], :default => false
   attribute :website_options, :kind_of => Hash, :default => {}
+  attribute :recursive_delete, :kind_of => [TrueClass, FalseClass], :default => false
 
   def aws_object
     result = driver.s3.buckets[name]

data/lib/chef/resource/aws_security_group.rb

@@ -3,6 +3,8 @@ require 'chef/resource/aws_vpc'
 require 'chef/provisioning/aws_driver/exceptions'
 
 class Chef::Resource::AwsSecurityGroup < Chef::Provisioning::AWSDriver::AWSResource
+  include Chef::Provisioning::AWSDriver::AWSTaggable
+
   aws_sdk_type AWS::EC2::SecurityGroup,
                id: :id,
                option_names: [:security_group, :security_group_id, :security_group_name]
@@ -11,13 +13,6 @@ class Chef::Resource::AwsSecurityGroup < Chef::Provisioning::AWSDriver::AWSResou
   attribute :vpc,           kind_of: [ String, AwsVpc, AWS::EC2::VPC ]
   attribute :description,   kind_of: String
 
-  # This should be a hash of tags to apply to the AWS object
-  # TODO this is duplicated from AWSResourceWithEntry
-  #
-  # @param aws_tags [Hash] Should be a hash of keys & values to add.  Keys and values
-  #        can be provided as symbols or strings, but will be stored in AWS as strings.
-  attribute :aws_tags, kind_of: Hash
-
   #
   # Accepts rules in the format:
   # [

data/lib/chef/resource/aws_server_certificate.rb

@@ -0,0 +1,21 @@
+require 'chef/provisioning/aws_driver/aws_resource'
+
+class Chef::Resource::AwsServerCertificate < Chef::Provisioning::AWSDriver::AWSResource
+  aws_sdk_type AWS::IAM::ServerCertificate
+
+  attribute :name, kind_of: String, name_attribute: true
+
+  attribute :certificate_body, kind_of: String
+  attribute :private_key, kind_of: String
+
+  def aws_object
+    begin
+      cert = driver.iam.server_certificates[name]
+      # this will trigger a AWS::IAM::Errors::NoSuchEntity if the cert does not exist
+      cert.arn
+      cert
+    rescue AWS::IAM::Errors::NoSuchEntity
+      nil
+    end
+  end
+end

data/lib/chef/resource/aws_subnet.rb

@@ -14,6 +14,8 @@ require 'chef/provisioning/aws_driver/aws_resource_with_entry'
 # - http://docs.aws.amazon.com/AWSRubySDK/latest/AWS/EC2/Subnet.html
 #
 class Chef::Resource::AwsSubnet < Chef::Provisioning::AWSDriver::AWSResourceWithEntry
+  include Chef::Provisioning::AWSDriver::AWSTaggable
+
   aws_sdk_type AWS::EC2::Subnet
 
   require 'chef/resource/aws_vpc'

data/lib/chef/resource/aws_vpc.rb

@@ -26,7 +26,10 @@ require 'chef/provisioning/aws_driver/aws_resource_with_entry'
 # - http://docs.aws.amazon.com/AWSRubySDK/latest/AWS/EC2/VPC.html
 #
 class Chef::Resource::AwsVpc < Chef::Provisioning::AWSDriver::AWSResourceWithEntry
-  aws_sdk_type AWS::EC2::VPC
+  include Chef::Provisioning::AWSDriver::AWSTaggable
+  aws_sdk_type AWS::EC2::VPC,
+               id: :id,
+               option_names: [:vpc, :vpc_id, :peer_vpc_id]
 
   require 'chef/resource/aws_dhcp_options'
   require 'chef/resource/aws_route_table'

data/lib/chef/resource/aws_vpc_peering_connection.rb

@@ -0,0 +1,73 @@
+require 'chef/provisioning/aws_driver/aws_resource_with_entry'
+
+#
+# An AWS peering connection, specifying which VPC to peer.
+#
+# `name` is not guaranteed unique for an AWS account; therefore, Chef will
+# store the vpc peering connection ID associated with this name in your Chef server in the
+# data bag `data/aws_vpc_peering_connection/<name>`.
+#
+# API documentation for the AWS Ruby SDK for VPC Peering Connections can be found here:
+#
+# - http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Types/VpcPeeringConnectionVpcInfo.html
+#
+class Chef::Resource::AwsVpcPeeringConnection < Chef::Provisioning::AWSDriver::AWSResourceWithEntry
+  aws_sdk_type ::Aws::EC2::VpcPeeringConnection
+  actions :accept, :create, :destroy, :purge, :nothing
+
+  require 'chef/resource/aws_vpc'
+
+  #
+  # The name of this peering connection.
+  #
+  attribute :name, kind_of: String, name_attribute: true
+
+  #
+  # The Local VPC to peer
+  #
+  # May be one of:
+  # - The name of an `aws_vpc` Chef resource.
+  # - An actual `aws_vpc` resource.
+  # - An AWS `VPC` object.
+  #
+  # This is required for new peering connections.
+  #
+  attribute :vpc, kind_of: [ String, AwsVpc, AWS::EC2::VPC ]
+
+  #
+  # The VPC to peer
+  #
+  # May be one of:
+  # - The name of an `aws_vpc` Chef resource.
+  # - An actual `aws_vpc` resource.
+  # - An AWS `VPC` object.
+  # - The id of an AWS `VPC`.
+  #
+  # This is required for new peering connections.
+  #
+  attribute :peer_vpc, kind_of: [ String, AwsVpc, AWS::EC2::VPC ]
+
+  #
+  # The target VPC account id to peer
+  #
+  # If not specified, will be assumed that the target VPC belongs to the current account.
+  #
+  attribute :peer_owner_id, kind_of: String
+
+  attribute :vpc_peering_connection_id, kind_of: String, aws_id_attribute: true, lazy_default: proc {
+    name =~ /^pcx-[a-f0-9]{8}$/ ? name : nil
+  }
+
+  def aws_object
+    driver, id = get_driver_and_id
+    result = driver.ec2_resource.vpc_peering_connection(id) if id
+
+    begin
+      # try accessing it to find out if it exists
+      result.requester_vpc if result
+    rescue ::Aws::EC2::Errors::InvalidVpcPeeringConnectionIDNotFound
+      result = nil
+    end
+    result
+  end
+end

data/spec/acceptance/aws_ebs_volume/nodes/ettores-mbp.lan.json

@@ -0,0 +1,3 @@
+{
+  "name": "ettores-mbp.lan"
+}

data/spec/aws_support.rb

@@ -23,7 +23,7 @@ module AWSSupport
   require 'aws'
   require 'aws_support/deep_matcher/matchable_object'
   require 'aws_support/deep_matcher/matchable_array'
-  DeepMatcher::MatchableObject.matchable_classes << proc { |o| o.class.name =~ /^AWS::(EC2|ELB)($|::)/ }
+  DeepMatcher::MatchableObject.matchable_classes << proc { |o| o.class.name =~ /^(AWS|Aws)::(EC2|ELB|IAM|S3|RDS|CloudSearch)($|::)/ }
   DeepMatcher::MatchableArray.matchable_classes  << AWS::Core::Data::List
 
   def purge_all
@@ -66,6 +66,12 @@ module AWSSupport
       end.converge
     end
 
+    aws_security_group 'test_security_group' do
+      vpc 'test_vpc'
+      inbound_rules '0.0.0.0/0' => [ 22, 80 ]
+      outbound_rules [ 22, 80 ] => '0.0.0.0/0'
+    end
+
     aws_subnet 'test_public_subnet' do
       vpc 'test_vpc'
       map_public_ip_on_launch true
@@ -118,8 +124,11 @@ module AWSSupport
       # Destroys it after the last example in the context runs.  Objects created
       # in the order declared, and destroyed in reverse order.
       #
-      Chef::Provisioning::AWSDriver::Resources.constants.each do |resource_class|
-        resource_class = Chef::Provisioning::AWSDriver::Resources.const_get(resource_class)
+      aws_resources = Chef::Provisioning::AWSDriver::Resources.constants
+      aws_resources.map! {|r| Chef::Provisioning::AWSDriver::Resources.const_get(r) }
+
+      aws_resources += [Chef::Resource::Machine, Chef::Resource::MachineImage, Chef::Resource::MachineBatch, Chef::Resource::LoadBalancer]
+      aws_resources.each do |resource_class|
         resource_name = resource_class.resource_name
         # def aws_vpc(name, &block)
         define_method(resource_name) do |name, &block|
@@ -168,11 +177,19 @@ module AWSSupport
 
           # Destroy any objects we know got created during the test
           created_during_test.reverse_each do |resource_name, name|
-            (recipe do
-              public_send(resource_name, name) do
-                action :purge
-              end
-            end).converge
+            begin
+              (recipe do
+                public_send(resource_name, name) do
+                  action :purge
+                end
+              end).converge
+            rescue ::Chef::Exceptions::ValidationFailed
+              (recipe do
+                public_send(resource_name, name) do
+                  action :destroy
+                end
+              end).converge
+            end
           end
         end
       end

data/spec/aws_support/aws_resource_run_wrapper.rb

@@ -33,7 +33,11 @@ module AWSSupport
       name = self.name
       example.recipe do
         public_send(resource_type, name) do
-          action :purge
+          if allowed_actions.include?(:purge)
+            action :purge
+          else
+            action :destroy
+          end
         end
       end.converge
     end

data/spec/aws_support/deep_matcher/match_values_failure_messages.rb

@@ -2,6 +2,7 @@ module AWSSupport
   module DeepMatcher
     module MatchValuesFailureMessages
 
+      require 'set'
       require 'rspec/matchers'
       require 'rspec/matchers/composable'
       require 'aws_support/deep_matcher'
@@ -19,6 +20,8 @@ module AWSSupport
           else
             return []
           end
+        elsif Set === expected
+          return match_sets_failure_messages(expected, actual, identifier)
         elsif Hash === expected
           return match_hashes_failure_messages(expected, actual, identifier) if Hash === actual
           return match_hash_and_object_failure_messages(expected, actual, identifier) if MatchableObject === actual
@@ -35,6 +38,19 @@ module AWSSupport
         end
       end
 
+      def match_sets_failure_messages(expected_set, actual_setlike, identifier)
+        result = []
+        if ! actual_setlike.respond_to?(:to_set)
+          result << "expected #{identifier || "setlike"} to be castable to a Set, but it isn't!"
+        else
+          if ! actual_setlike.to_set == expected_set
+
+            result << "expected #{identifier || "setlike"} to #{description_of(expected_value)}"
+          end
+        end
+        result
+      end
+
       def match_hashes_failure_messages(expected_hash, actual_hash, identifier)
         result = []
 
@@ -62,6 +78,9 @@ module AWSSupport
         different = false
 
         expected_list = expected_list.map { |v| ExpectedValue.new(v) }
+        unless actual_list.class <= Array
+          actual_list = actual_list.to_a
+        end
         Diff::LCS.sdiff(expected_list, actual_list) do |change|
           case change.action
           when '='

data/spec/aws_support/matchers/create_an_aws_object.rb

@@ -32,7 +32,7 @@ module AWSSupport
 
         # Converge
         begin
-          recipe.converge
+          recipe.converge unless recipe.converged?
         rescue
           differences += [ "error trying to create #{resource_name}[#{name}]!\n#{($!.backtrace.map { |line| "- #{line}\n" } + [ recipe.output_for_failure_message ]).join("")}" ]
         end

data/spec/aws_support/matchers/destroy_an_aws_object.rb

@@ -38,7 +38,7 @@ module AWSSupport
 
         # Converge
         begin
-          recipe.converge
+          recipe.converge unless recipe.converged?
         rescue
           differences += [ "error trying to delete #{resource_name}[#{name}]!\n#{($!.backtrace.map { |line| "- #{line}\n" } + [ recipe.output_for_failure_message ]).join("")}" ]
         end

data/spec/aws_support/matchers/have_aws_object_tags.rb

@@ -34,9 +34,9 @@ module AWSSupport
 
         # Check existence
         if @aws_object.nil?
-          differences << "#{resource_name}[#{name}] did not exist!"
+          differences << "#{resource.to_s} did not exist!"
         else
-          differences += match_hashes_failure_messages(expected_tags, aws_object_tags, "#{resource_name}[#{name}]")
+          differences += match_hashes_failure_messages(expected_tags, aws_object_tags(resource), resource.to_s)
         end
 
         differences
@@ -44,20 +44,14 @@ module AWSSupport
 
       private
 
-      def aws_object_tags
-        if @aws_object.is_a? AWS::ELB::LoadBalancer
-          resp = @example.driver.elb.client.describe_tags load_balancer_names: [@aws_object.name]
-          tags = {}
-          resp.data[:tag_descriptions] && resp.data[:tag_descriptions].each do |td|
-            td[:tags].each do |t|
-              tags[t[:key]] = t[:value]
-            end
-          end
-          tags
-        else
-          @aws_object.tags.to_h
-        end
+      def aws_object_tags(resource)
+        # Okay, its annoying to have to lookup the provider for a resource and duplicate a bunch of code here.
+        # But I don't want to move the `converge_tags` method into the resource and until the resource & provider
+        # are combined, this is my best idea.
+        provider = resource.provider_for_action(:create)
+        provider.aws_tagger.current_tags
       end
+
     end
   end
 end

data/spec/aws_support/matchers/match_an_aws_object.rb

@@ -33,7 +33,7 @@ module AWSSupport
 
         # Converge
         begin
-          recipe.converge
+          recipe.converge unless recipe.converged?
         rescue
           differences += [ "error trying to converge #{resource_name}[#{name}]!\n#{($!.backtrace.map { |line| "- #{line}\n" } + [ recipe.output_for_failure_message ]).join("")}" ]
         end

data/spec/aws_support/matchers/update_an_aws_object.rb

@@ -42,7 +42,7 @@ module AWSSupport
 
         # Converge
         begin
-          recipe.converge
+          recipe.converge unless recipe.converged?
         rescue
           differences += [ "error trying to update #{resource_name}[#{name}]!\n#{($!.backtrace.map { |line| "- #{line}\n" } + [ recipe.output_for_failure_message ]).join("")}" ]
         end

data/spec/integration/aws_cloudsearch_domain_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+
+describe Chef::Resource::AwsCloudsearchDomain do
+  extend AWSSupport
+  when_the_chef_12_server "exists", organization: "foo", server_scope: :context do
+    with_aws "when connected to AWS" do
+
+      # Cloudsearch can take forevvvver to delete so we need to randomize our names
+      time = DateTime.now.strftime('%Q')
+
+      it "aws_cloudsearch_domain 'test-#{time}' creates a cloudsearch domain" do
+        expect_recipe {
+          aws_cloudsearch_domain "test-#{time}" do
+            multi_az false
+          end
+        }.to create_an_aws_cloudsearch_domain("test-#{time}", {}).and be_idempotent
+      end
+
+      it "returns nil when aws_object is called for something that does not exist" do
+        r = nil
+        converge {
+          r = aws_cloudsearch_domain "wont-exist" do
+            action :nothing
+          end
+        }
+        expect(r.aws_object).to eq(nil)
+      end
+
+    end
+  end
+end