chef-provisioning-aws 1.3.1 → 1.4.0

data/spec/integration/aws_rds_subnet_group_spec.rb

@@ -0,0 +1,105 @@
+require 'spec_helper'
+require 'aws'
+require 'set'
+
+describe Chef::Resource::AwsRdsSubnetGroup do
+  extend AWSSupport
+
+  when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
+    with_aws "with a VPC with an internet gateway and subnet" do
+
+      #region = ENV['AWS_TEST_DRIVER'][5..-1]
+
+      azs = []
+      driver.ec2.availability_zones.each do |az|
+        azs << az
+      end
+      az_1 = azs[0].name
+      az_2 = azs[1].name
+
+      aws_vpc "test_vpc" do
+        cidr_block '10.0.0.0/24'
+        internet_gateway true
+      end
+
+      aws_subnet "test_subnet" do
+        vpc 'test_vpc'
+        cidr_block "10.0.0.0/26"
+        availability_zone az_1
+      end
+
+      aws_subnet "test_subnet_2" do
+        vpc 'test_vpc'
+        cidr_block "10.0.0.64/26"
+        availability_zone az_2
+      end
+
+      it "creates a database subnet group containing multiple subnets" do
+        expect_recipe {
+          aws_rds_subnet_group "test-db-subnet-group" do
+            description "some_description"
+            subnets ["test_subnet", test_subnet_2.aws_object.id]
+          end
+        }.to create_an_aws_rds_subnet_group("test-db-subnet-group",
+                                              :db_subnet_group_description => "some_description",
+                                              :subnets => Set.new([ {:subnet_status => "Active",
+                                                                     :subnet_identifier => test_subnet_2.aws_object.id,
+                                                                     :subnet_availability_zone => {:name => az_2}},
+                                                                    {:subnet_status => "Active",
+                                                                     :subnet_identifier => test_subnet.aws_object.id,
+                                                                     :subnet_availability_zone => {:name => az_1}}])
+                                           ).and be_idempotent
+      end
+
+      it "creates aws_rds_subnet_group tags" do
+        expect_recipe {
+          aws_rds_subnet_group "test-db-subnet-group" do
+            description "some_description"
+            subnets ["test_subnet", test_subnet_2.aws_object.id]
+            aws_tags key1: 'value'
+          end
+        }.to create_an_aws_rds_subnet_group("test-db-subnet-group")
+        .and have_aws_rds_subnet_group_tags("test-db-subnet-group",
+          {
+            'key1' => 'value'
+          }
+        ).and be_idempotent
+      end
+
+      context "with existing tags" do
+        aws_rds_subnet_group "test-db-subnet-group" do
+          description "some_description"
+          subnets ["test_subnet", test_subnet_2.aws_object.id]
+          aws_tags key1: 'value'
+        end
+
+        it "updates aws_rds_subnet_group tags" do
+          expect_recipe {
+            aws_rds_subnet_group "test-db-subnet-group" do
+              description "some_description"
+              subnets ["test_subnet", test_subnet_2.aws_object.id]
+              aws_tags key1: "value2", key2: nil
+            end
+          }.to have_aws_rds_subnet_group_tags("test-db-subnet-group",
+            {
+              'key1' => 'value2',
+              'key2' => nil
+            }
+          ).and be_idempotent
+        end
+
+        it "removes all aws_rds_subnet_group tags" do
+          expect_recipe {
+            aws_rds_subnet_group "test-db-subnet-group" do
+              description "some_description"
+              subnets ["test_subnet", test_subnet_2.aws_object.id]
+              aws_tags {}
+            end
+          }.to have_aws_rds_subnet_group_tags("test-db-subnet-group", {}
+          ).and be_idempotent
+        end
+      end
+
+    end
+  end
+end

data/spec/integration/aws_route_table_spec.rb

@@ -17,7 +17,7 @@ describe Chef::Resource::AwsRouteTable do
           end
         }.to create_an_aws_route_table('test_route_table',
           routes: [
-            { destination_cidr_block: '10.0.0.0/24', 'target.id' => 'local', state: :active }
+            { destination_cidr_block: '10.0.0.0/24', gateway_id: 'local', state: "active" }
           ]
         ).and be_idempotent
       end
@@ -30,8 +30,8 @@ describe Chef::Resource::AwsRouteTable do
           end
         }.to create_an_aws_route_table('test_route_table',
           routes: [
-            { destination_cidr_block: '10.0.0.0/24', 'target.id' => 'local', state: :active },
-            { destination_cidr_block: '0.0.0.0/0', 'target.id' => test_vpc.aws_object.internet_gateway.id, state: :active }
+            { destination_cidr_block: '10.0.0.0/24', gateway_id: 'local', state: "active" },
+            { destination_cidr_block: '0.0.0.0/0', gateway_id: test_vpc.aws_object.internet_gateway.id, state: "active" }
           ]
         ).and be_idempotent
       end
@@ -54,7 +54,7 @@ describe Chef::Resource::AwsRouteTable do
                 '172.31.0.0/16' => eni
               )
             end
-  
+
             aws_route_table 'test_route_table' do
               vpc 'test_vpc'
               routes '0.0.0.0/0' => :internet_gateway
@@ -62,12 +62,99 @@ describe Chef::Resource::AwsRouteTable do
             end
           }.to create_an_aws_route_table('test_route_table',
             routes: [
-              { destination_cidr_block: '10.0.0.0/24', 'target.id' => 'local', state: :active },
-              { destination_cidr_block: '172.31.0.0/16', 'target.id' => eni.aws_object.id, state: :blackhole },
-              { destination_cidr_block: '0.0.0.0/0', 'target.id' => test_vpc.aws_object.internet_gateway.id, state: :active },
+              { destination_cidr_block: '10.0.0.0/24', gateway_id: 'local', state: "active" },
+              { destination_cidr_block: '172.31.0.0/16', network_interface_id: eni.aws_object.id, state: "blackhole" },
+              { destination_cidr_block: '0.0.0.0/0', gateway_id: test_vpc.aws_object.internet_gateway.id, state: "active" },
             ]
           ).and be_idempotent
       end
+
+      it "creates aws_route_table tags" do
+        expect_recipe {
+          aws_route_table 'test_route_table' do
+            vpc 'test_vpc'
+            aws_tags key1: "value"
+          end
+        }.to create_an_aws_route_table('test_route_table')
+        .and have_aws_route_table_tags('test_route_table',
+          {
+            'Name' => 'test_route_table',
+            'key1' => 'value'
+          }
+        ).and be_idempotent
+      end
+
+      context "with existing tags" do
+        aws_route_table 'test_route_table' do
+          vpc 'test_vpc'
+          aws_tags key1: "value"
+        end
+
+        it "updates aws_route_table tags" do
+          expect_recipe {
+            aws_route_table 'test_route_table' do
+              vpc 'test_vpc'
+              aws_tags key1: "value2", key2: nil
+            end
+          }.to have_aws_route_table_tags('test_route_table',
+            {
+              'Name' => 'test_route_table',
+              'key1' => 'value2',
+              'key2' => ''
+            }
+          ).and be_idempotent
+        end
+
+        it "removes all aws_route_table tags except Name" do
+          expect_recipe {
+            aws_route_table 'test_route_table' do
+              vpc 'test_vpc'
+              aws_tags {}
+            end
+          }.to have_aws_route_table_tags('test_route_table',
+            {
+              'Name' => 'test_route_table'
+            }
+          ).and be_idempotent
+        end
+      end
+
+    end
+
+    with_aws "with two VPC's with an internet gateway" do
+      aws_vpc "test_vpc" do
+        cidr_block '10.0.0.0/24'
+        internet_gateway true
+      end
+
+      aws_vpc "test_vpc_2" do
+        cidr_block '11.0.0.0/24'
+        internet_gateway false
+      end
+
+      it "aws_route_table 'test_route_table' with routes to differents targets creates a route table" do
+        pcx = nil
+        expect_recipe {
+          pcx = aws_vpc_peering_connection 'test_peering_connection' do
+            vpc 'test_vpc'
+            peer_vpc 'test_vpc_2'
+          end
+
+          aws_route_table 'test_route_table' do
+            vpc 'test_vpc'
+            routes(
+                '100.100.0.0/16' => pcx,
+                '0.0.0.0/0' => :internet_gateway
+            )
+          end
+        }.to create_an_aws_route_table('test_route_table',
+          routes: [
+            { destination_cidr_block: '10.0.0.0/24', gateway_id: 'local', state: "active" },
+            { destination_cidr_block: '100.100.0.0/16', vpc_peering_connection_id: pcx.aws_object.id, state: "active" },
+            { destination_cidr_block: '0.0.0.0/0', gateway_id: test_vpc.aws_object.internet_gateway.id, state: "active" }
+          ]
+        ).and be_idempotent
+      end
     end
   end
 end

data/spec/integration/aws_s3_bucket_spec.rb

@@ -0,0 +1,88 @@
+require 'spec_helper'
+require 'securerandom'
+
+def mk_bucket_name
+  bucket_postfix = SecureRandom.hex(8)
+  "chef_provisioning_test_bucket_#{bucket_postfix}"
+end
+
+describe Chef::Resource::AwsS3Bucket do
+  extend AWSSupport
+
+  when_the_chef_12_server "exists", organization: "foo", server_scope: :context do
+    with_aws "when connected to AWS" do
+      bucket_name = mk_bucket_name
+
+      it "aws_s3_bucket '#{bucket_name}' creates a bucket" do
+        expect_recipe {
+          aws_s3_bucket bucket_name
+        }.to create_an_aws_s3_bucket(bucket_name).and be_idempotent
+      end
+
+      it "creates aws_s3_bucket tags" do
+        expect_recipe {
+          aws_s3_bucket bucket_name do
+            aws_tags key1: "value"
+          end
+        }.to create_an_aws_s3_bucket(bucket_name)
+        .and have_aws_s3_bucket_tags(bucket_name,
+          {
+            'key1' => 'value'
+          }
+        ).and be_idempotent
+      end
+
+      context "with existing tags" do
+        aws_s3_bucket bucket_name do
+          aws_tags key1: "value"
+        end
+
+        it "updates aws_s3_bucket tags" do
+          expect_recipe {
+            aws_s3_bucket bucket_name do
+              aws_tags key1: "value2", key2: nil
+            end
+          }.to have_aws_s3_bucket_tags(bucket_name,
+            {
+              'key1' => 'value2',
+              'key2' => ''
+            }
+          ).and be_idempotent
+        end
+
+        it "removes all aws_s3_bucket tags" do
+          expect_recipe {
+            aws_s3_bucket bucket_name do
+              aws_tags {}
+            end
+          }.to have_aws_s3_bucket_tags(bucket_name, {}
+          ).and be_idempotent
+        end
+      end
+
+    end
+
+    with_aws "when a bucket with content exists" do
+      bucket_name = mk_bucket_name
+      with_converge {
+        aws_s3_bucket bucket_name
+
+        ruby_block "upload s3 object" do
+          block do
+            AWS::S3.new.buckets[bucket_name].objects["test-object"].write("test-content")
+          end
+        end
+      }
+
+      it "aws_s3_bucket '#{bucket_name}' with recursive_delete set to true, deletes the bucket" do
+        r = recipe {
+          aws_s3_bucket bucket_name do
+            recursive_delete true
+            action :delete
+          end
+        }
+        expect(r).to destroy_an_aws_s3_bucket(bucket_name)
+      end
+    end
+  end
+end

data/spec/integration/aws_security_group_spec.rb

@@ -56,6 +56,52 @@ describe Chef::Resource::AwsSecurityGroup do
         }.to raise_error(RuntimeError, /Chef::Resource::AwsSecurityGroup\[sg-12345678\] does not exist!/)
       end
 
+      it "creates aws_security_group tags" do
+        expect_recipe {
+          aws_security_group 'test_sg' do
+            aws_tags key1: "value"
+          end
+        }.to create_an_aws_security_group('test_sg')
+        .and have_aws_security_group_tags('test_sg',
+          {
+            'Name' => 'test_sg',
+            'key1' => 'value'
+          }
+        ).and be_idempotent
+      end
+
+      context "with existing tags" do
+        aws_security_group 'test_sg' do
+          aws_tags key1: "value"
+        end
+
+        it "updates aws_security_group tags" do
+          expect_recipe {
+            aws_security_group 'test_sg' do
+              aws_tags key1: "value2", key2: nil
+            end
+          }.to have_aws_security_group_tags('test_sg',
+            {
+              'Name' => 'test_sg',
+              'key1' => 'value2',
+              'key2' => ''
+            }
+          ).and be_idempotent
+        end
+
+        it "removes all aws_security_group tags except Name" do
+          expect_recipe {
+            aws_security_group 'test_sg' do
+              aws_tags {}
+            end
+          }.to have_aws_security_group_tags('test_sg',
+            {
+              'Name' => 'test_sg'
+            }
+          ).and be_idempotent
+        end
+      end
+
     end
 
     with_aws "in a VPC" do
@@ -155,5 +201,6 @@ describe Chef::Resource::AwsSecurityGroup do
         expect(aws_obj.vpc.tags['Name']).to eq('test_vpc1')
       end
     end
+
   end
 end

data/spec/integration/aws_server_certificate_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+
+describe Chef::Resource::AwsServerCertificate do
+  extend AWSSupport
+
+  when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
+    with_aws "without a VPC" do
+
+      cert_string = "-----BEGIN CERTIFICATE-----\nMIIDejCCAmICCQCpupMy/LKfLTANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJV\nUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTENMAsGA1UE\nChMEQ2hlZjEMMAoGA1UECxMDRGV2MQ4wDAYDVQQDEwVUeWxlcjEcMBoGCSqGSIb3\nDQEJARYNdHlsZXJAY2hlZi5pbzAeFw0xNTA4MDQwMDI1NDFaFw0xNjA4MDMwMDI1\nNDFaMH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH\nEwdTZWF0dGxlMQ0wCwYDVQQKEwRDaGVmMQwwCgYDVQQLEwNEZXYxDjAMBgNVBAMT\nBVR5bGVyMRwwGgYJKoZIhvcNAQkBFg10eWxlckBjaGVmLmlvMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4gFxNSzwwwYrYTTOCNVQL/agpIXmQKKtkE7\n+Up+waOdSR2iZvgc4fowAqQQ5dtVtur6LEA2LDlLILE+7MhlBxPc3V99lhi5p/Pv\neGCPI7k9sYT0iPJwiqvW+/nCo93QoNpUUDgb6WpT/RENFESn99nTE5NjxNx560aq\nSxAPHTogJEz3wC8c6mQQoANOuXzNb41wvOCUI7Tku76AQ9uECFUjtYpXpx8komaY\nAPtwzr87LGdSysE75roagews2MzAJgGG16oUBsJzT45MlIyQorN3AjoZ3fze6kop\nOhAWeYUM61rwTq7JtLXtBG/9yJzTd/eWU8c4cSK8zePx48X9TQIDAQABMA0GCSqG\nSIb3DQEBBQUAA4IBAQBXJQSpDkjxyljnSWjBur4XikLlFuEpdAdu0MILM3GnS3rT\ntoCVPG2U1d+KkhYG0Y9TBxHpK+3lDGYNyFYJN0STzL4cFzMgQlmZKFhVi/YJWKYO\nj9baIB3dy2k8b2XdDe3WxyycQpHjHhFPqpOTMGNV/1PwJNZGQEjc/svr8EalxvZB\neMb3Kk94K7yohvhT+Ze//rr4ArlM1zvEv3QMwSuyJBA2gtH7FgFKWohZnubW+3uc\n9W/Ux/3O1+BKDWp6zyqn/b2SSF51Jt3tSCF+hIMKYeJnJojY/AF9tQ+DtE8EKYRD\n/qzXX2MQLbhm1AzLt4PN63r96ADYlHhOJGNa9ocS\n-----END CERTIFICATE-----"
+      private_key_string = "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAz4gFxNSzwwwYrYTTOCNVQL/agpIXmQKKtkE7+Up+waOdSR2i\nZvgc4fowAqQQ5dtVtur6LEA2LDlLILE+7MhlBxPc3V99lhi5p/PveGCPI7k9sYT0\niPJwiqvW+/nCo93QoNpUUDgb6WpT/RENFESn99nTE5NjxNx560aqSxAPHTogJEz3\nwC8c6mQQoANOuXzNb41wvOCUI7Tku76AQ9uECFUjtYpXpx8komaYAPtwzr87LGdS\nysE75roagews2MzAJgGG16oUBsJzT45MlIyQorN3AjoZ3fze6kopOhAWeYUM61rw\nTq7JtLXtBG/9yJzTd/eWU8c4cSK8zePx48X9TQIDAQABAoIBAA8teoaHq9Hy+4cN\nNMlhRCXlIhz0hEdLeUuU/8benOCaj7E+OpdfQ/V+763xw86buOwUyVEdLRkU45qz\ne8+jZEgdOsTx6+RjUIio/XWHUlChhpKKD7xIRtTNdn6dKJAFc/GfphTr1Za/kP7s\nFVHLJ6Gny5kd6WkHWt9LHr84oHJZoSjR6YDYdSTL+NtVTwqsKj4EfNY8JAPJI/xI\n9A9t57pvXzwdiya/vXPGytgwkHC/HHWp2sgFvKtJUzuGH0ETDlys9mvXoVQeZ0d9\njhzwIwWAoyvTY9FsUBTCD0aO8r2ylsDVIo2b2cEAZ0Z77OGMUt4sock88sDIICnO\nZVjhV50CgYEA8hKTHpI5ENFvYrTckrc+PnPw7B7xHCCB84ut/CiwzawYRjUx/mtm\nCYYR1xAXdEFrBC21i4Ri8LAIrAQiFGydg2oh4ZQcnEMGKZ0F2VXlsidVNN2tW/50\n8kEaPHPVeP6Trt2kPtpQnhDcuQXbPmOgPBIY2j6nu/Go25e8eICkfhsCgYEA23iy\n8Og1SWZlV5b3ZFyolZiZ9kp0cwyXUGWxUZyw33gBmK6BFkscflI1vfNutxnTDjNl\nALLRoAeIApvXTMFOMUPJsDk90pO7rdlfLznU27lKPyCDkvDGmjCvGGDXrnvi+cc3\ngB3ERfrLJCMoMk9lyg7/KEzzsIjvtTRO79atCLcCgYAGT/+wI2YDj0KVU1wRI2An\nJsTYk3H8Jsjcvf66faEmq98yLX7xQIG3q9xZPF0wNeiBgmOikMA3wI9pVO5ClBaD\nb8gUZtVcKc9GVIbrhPbpb2ckasdzh64rBxGVE/w0HIdjXvpCfVTu2ke3N3ThKp3q\nExq8zjd3ijS6DTnn9orTkwKBgQCxVwpgl4HXWaIx8I7ezfB7UN+3n9oQzO/HyyRI\n6fAR4oqHsRolxXO0rwE2B+pCkd907hqDQfsY8Hz6fqquHtTsAfaLKvXFnhJdG/RJ\n2NUi5soT0FYA+gXAue4CKN6e4wQ5CLzUDTl3wns7LB1i6b06VHvhOK0AzOXE6guO\nyUzwaQKBgDCrGz6IrxEUWl6C14xNNRZBvYTY9oCQpUnup1gMxATJZm4KelKvtKz2\nU1MXpc1i395e+E+tjNAQg0JcBmwkHOMl8c/oAESWPxi11ezalGtUXjIgjBkqqNUE\n/uFqRpNFGwI09JolIqhBTgPWFq6MuuPDJ9IIGJZDQoGEBKmu0k2r\n-----END RSA PRIVATE KEY-----"
+
+      it "creates a cert" do
+        expect_recipe {
+          aws_server_certificate "test-cert" do
+            certificate_body cert_string
+            private_key private_key_string
+          end
+        }.to create_an_aws_server_certificate("test-cert",
+                                              :certificate_body => cert_string#.delete("\n")
+                                             ).and be_idempotent
+      end
+    end
+  end
+end

data/spec/integration/aws_subnet_spec.rb

@@ -18,7 +18,7 @@ describe Chef::Resource::AwsSubnet do
         vpc 'test_vpc'
       end
 
-      it "aws_subnet 'test_subnet' with no parameters except VPC creates a route table" do
+      it "aws_subnet 'test_subnet' with no parameters except VPC creates a subnet" do
         expect_recipe {
           aws_subnet 'test_subnet' do
             vpc 'test_vpc'
@@ -29,7 +29,7 @@ describe Chef::Resource::AwsSubnet do
         ).and be_idempotent
       end
 
-      it "aws_subnet 'test_subnet' with all parameters creates a route table" do
+      it "aws_subnet 'test_subnet' with all parameters creates a subnet" do
         az = driver.ec2.availability_zones.first.name
         expect_recipe {
           aws_subnet 'test_subnet' do
@@ -48,6 +48,55 @@ describe Chef::Resource::AwsSubnet do
           'network_acl.id' => test_network_acl.aws_object.id
         ).and be_idempotent
       end
+
+      it "creates aws_subnet tags" do
+        expect_recipe {
+          aws_subnet 'test_subnet' do
+            vpc 'test_vpc'
+            aws_tags key1: "value"
+          end
+        }.to create_an_aws_subnet('test_subnet')
+        .and have_aws_subnet_tags('test_subnet',
+          {
+            'Name' => 'test_subnet',
+            'key1' => 'value'
+          }
+        ).and be_idempotent
+      end
+
+      context "with existing tags" do
+        aws_subnet 'test_subnet' do
+          vpc 'test_vpc'
+          aws_tags key1: "value"
+        end
+
+        it "updates aws_subnet tags" do
+          expect_recipe {
+            aws_subnet 'test_subnet' do
+              aws_tags key1: "value2", key2: nil
+            end
+          }.to have_aws_subnet_tags('test_subnet',
+            {
+              'Name' => 'test_subnet',
+              'key1' => 'value2',
+              'key2' => ''
+            }
+          ).and be_idempotent
+        end
+
+        it "removes all aws_subnet tags except Name" do
+          expect_recipe {
+            aws_subnet 'test_subnet' do
+              aws_tags {}
+            end
+          }.to have_aws_subnet_tags('test_subnet',
+            {
+              'Name' => 'test_subnet'
+            }
+          ).and be_idempotent
+        end
+      end
+
     end
   end
 end