chef-provisioning-aws 1.4.1 → 1.5.0

data/lib/chef/resource/aws_route_table.rb

@@ -91,7 +91,7 @@ class Chef::Resource::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSResource
   attribute :ignore_route_targets, kind_of: [ String, Array ], default: [],
             coerce: proc { |v| [v].flatten }
 
-  attribute :route_table_id, kind_of: String, aws_id_attribute: true, lazy_default: proc {
+  attribute :route_table_id, kind_of: String, aws_id_attribute: true, default: lazy {
     name =~ /^rtb-[a-f0-9]{8}$/ ? name : nil
   }
 

data/lib/chef/resource/aws_security_group.rb

@@ -49,7 +49,7 @@ class Chef::Resource::AwsSecurityGroup < Chef::Provisioning::AWSDriver::AWSResou
   attribute :inbound_rules,  kind_of: [ Array, Hash ]
   attribute :outbound_rules, kind_of: [ Array, Hash ]
 
-  attribute :security_group_id, kind_of: String, aws_id_attribute: true, lazy_default: proc {
+  attribute :security_group_id, kind_of: String, aws_id_attribute: true, default: lazy {
     name =~ /^sg-[a-f0-9]{8}$/ ? name : nil
   }
 

data/lib/chef/resource/aws_sns_topic.rb

@@ -4,7 +4,7 @@ class Chef::Resource::AwsSnsTopic < Chef::Provisioning::AWSDriver::AWSResource
   aws_sdk_type AWS::SNS::Topic
 
   attribute :name, kind_of: String, name_attribute: true
-  attribute :arn,  kind_of: String, lazy_default: proc { driver.build_arn(service: 'sns', resource: name) }
+  attribute :arn,  kind_of: String, default: lazy { driver.build_arn(service: 'sns', resource: name) }
 
   def aws_object
     result = driver.sns.topics[arn]

data/lib/chef/resource/aws_subnet.rb

@@ -86,7 +86,7 @@ class Chef::Resource::AwsSubnet < Chef::Provisioning::AWSDriver::AWSResourceWith
   #
   attribute :network_acl, kind_of: [ String, AwsNetworkAcl, AWS::EC2::NetworkACL ]
 
-  attribute :subnet_id, kind_of: String, aws_id_attribute: true, lazy_default: proc {
+  attribute :subnet_id, kind_of: String, aws_id_attribute: true, default: lazy {
     name =~ /^subnet-[a-f0-9]{8}$/ ? name : nil
   }
 

data/lib/chef/resource/aws_vpc.rb

@@ -128,7 +128,7 @@ class Chef::Resource::AwsVpc < Chef::Provisioning::AWSDriver::AWSResourceWithEnt
   #
   attribute :enable_dns_hostnames, equal_to: [ true, false ]
 
-  attribute :vpc_id, kind_of: String, aws_id_attribute: true, lazy_default: proc {
+  attribute :vpc_id, kind_of: String, aws_id_attribute: true, default: lazy {
     name =~ /^vpc-[a-f0-9]{8}$/ ? name : nil
   }
 

data/lib/chef/resource/aws_vpc_peering_connection.rb

@@ -54,7 +54,7 @@ class Chef::Resource::AwsVpcPeeringConnection < Chef::Provisioning::AWSDriver::A
   #
   attribute :peer_owner_id, kind_of: String
 
-  attribute :vpc_peering_connection_id, kind_of: String, aws_id_attribute: true, lazy_default: proc {
+  attribute :vpc_peering_connection_id, kind_of: String, aws_id_attribute: true, default: lazy {
     name =~ /^pcx-[a-f0-9]{8}$/ ? name : nil
   }
 

data/spec/aws_support.rb

@@ -23,7 +23,7 @@ module AWSSupport
   require 'aws'
   require 'aws_support/deep_matcher/matchable_object'
   require 'aws_support/deep_matcher/matchable_array'
-  DeepMatcher::MatchableObject.matchable_classes << proc { |o| o.class.name =~ /^(AWS|Aws)::(EC2|ELB|IAM|S3|RDS|CloudSearch)($|::)/ }
+  DeepMatcher::MatchableObject.matchable_classes << proc { |o| o.class.name =~ /^(AWS|Aws)::(EC2|ELB|IAM|S3|RDS|CloudSearch|Route53)($|::)/ }
   DeepMatcher::MatchableArray.matchable_classes  << AWS::Core::Data::List
 
   def purge_all
@@ -44,7 +44,7 @@ module AWSSupport
 
   def setup_public_vpc
     aws_vpc 'test_vpc' do
-      cidr_block '10.0.0.0/24'
+      cidr_block '10.0.0.0/16'
       internet_gateway true
       enable_dns_hostnames true
       main_routes '0.0.0.0/0' => :internet_gateway
@@ -72,9 +72,12 @@ module AWSSupport
       outbound_rules [ 22, 80 ] => '0.0.0.0/0'
     end
 
+    azs = driver.ec2_client.describe_availability_zones.availability_zones.map {|r| r.zone_name}
     aws_subnet 'test_public_subnet' do
       vpc 'test_vpc'
+      cidr_block '10.0.0.0/24'
       map_public_ip_on_launch true
+      availability_zone azs.first
     end
   end
 
@@ -96,11 +99,6 @@ module AWSSupport
       aws_driver = Chef::Provisioning.driver_for_url(ENV['AWS_TEST_DRIVER'])
       when_the_repository "exists #{description ? "and #{description}" : ""}", *tags, &context_block
     else
-#       warn <<EOM
-# --------------------------------------------------------------------------------------------------------------------------
-# AWS_TEST_DRIVER not set ... cannot run AWS test.  Set AWS_TEST_DRIVER=aws or aws:profile:region to run tests that hit AWS.
-# --------------------------------------------------------------------------------------------------------------------------
-# EOM
       skip "AWS_TEST_DRIVER not set ... cannot run AWS tests.  Set AWS_TEST_DRIVER=aws or aws:profile:region to run tests that hit AWS." do
         context description, *tags, &context_block
       end
@@ -202,11 +200,11 @@ module AWSSupport
     Chef::Provisioning::AWSDriver::Resources.constants.each do |resource_class|
       resource_class = Chef::Provisioning::AWSDriver::Resources.const_get(resource_class)
       resource_name = resource_class.resource_name
-      define_method("update_an_#{resource_name}") do |name, expected_updates={}|
-        AWSSupport::Matchers::UpdateAnAWSObject.new(self, resource_class, name, expected_updates)
+      define_method("update_an_#{resource_name}") do |name, expected_updates={}, &block|
+        AWSSupport::Matchers::UpdateAnAWSObject.new(self, resource_class, name, expected_updates, block)
       end
-      define_method("create_an_#{resource_name}") do |name, expected_values={}|
-        AWSSupport::Matchers::CreateAnAWSObject.new(self, resource_class, name, expected_values)
+      define_method("create_an_#{resource_name}") do |name, expected_values={}, &block|
+        AWSSupport::Matchers::CreateAnAWSObject.new(self, resource_class, name, expected_values, block)
       end
       define_method("have_#{resource_name}_tags") do |name, expected_tags={}|
         AWSSupport::Matchers::HaveAWSObjectTags.new(self, resource_class, name, expected_tags)
@@ -214,8 +212,8 @@ module AWSSupport
       define_method("destroy_an_#{resource_name}") do |name, expected_values={}|
         AWSSupport::Matchers::DestroyAnAWSObject.new(self, resource_class, name)
       end
-      define_method("match_an_#{resource_name}") do |name, expected_values={}|
-        AWSSupport::Matchers::MatchAnAWSObject.new(self, resource_class, name, expected_values)
+      define_method("match_an_#{resource_name}") do |name, expected_values={}, &block|
+        AWSSupport::Matchers::MatchAnAWSObject.new(self, resource_class, name, expected_values, block)
       end
     end
 

data/spec/aws_support/matchers/create_an_aws_object.rb

@@ -8,17 +8,21 @@ module AWSSupport
       include RSpec::Matchers::Composable
       include AWSSupport::DeepMatcher
 
-      def initialize(example, resource_class, name, expected_values)
+      # @param custom_matcher [Block] A block with 1 argument that will be provided the aws_obect
+      def initialize(example, resource_class, name, expected_values, custom_matcher)
         @example = example
         @resource_class = resource_class
         @name = name
         @expected_values = expected_values
+        @custom_matcher = custom_matcher
       end
 
       attr_reader :example
       attr_reader :resource_class
       attr_reader :name
       attr_reader :expected_values
+      attr_reader :custom_matcher
+
       def resource_name
         @resource_class.resource_name
       end
@@ -46,6 +50,8 @@ module AWSSupport
         resource.managed_entry_store Chef::Provisioning.chef_managed_entry_store
         aws_object = resource.aws_object
 
+        example.instance_exec aws_object, &custom_matcher if custom_matcher
+
         # Check existence
         if aws_object.nil?
           differences << "#{resource_name}[#{name}] was not created!"

data/spec/aws_support/matchers/have_aws_object_tags.rb

@@ -27,7 +27,7 @@ module AWSSupport
         differences = []
 
         # Check for object existence and properties
-        resource = resource_class.new(name, nil)
+        resource = resource_class.new(name, recipe.client.run_context)
         resource.driver example.driver
         resource.managed_entry_store Chef::Provisioning.chef_managed_entry_store
         @aws_object = resource.aws_object

data/spec/aws_support/matchers/match_an_aws_object.rb

@@ -13,17 +13,21 @@ module AWSSupport
       include RSpec::Matchers::Composable
       include AWSSupport::DeepMatcher
 
-      def initialize(example, resource_class, name, expected_values)
+      # @param custom_matcher [Block] A block with 1 argument that will be provided the aws_obect
+      def initialize(example, resource_class, name, expected_values, custom_matcher)
         @example = example
         @resource_class = resource_class
         @name = name
         @expected_values = expected_values
+        @custom_matcher = custom_matcher
       end
 
       attr_reader :example
       attr_reader :resource_class
       attr_reader :name
       attr_reader :expected_values
+      attr_reader :custom_matcher
+
       def resource_name
         @resource_class.resource_name
       end
@@ -44,6 +48,8 @@ module AWSSupport
         resource.managed_entry_store Chef::Provisioning.chef_managed_entry_store
         aws_object = resource.aws_object
 
+        example.instance_exec aws_object, &custom_matcher if custom_matcher
+
         # Check existence
         if aws_object.nil?
           differences << "#{resource_name}[#{name}] AWS object did not exist!"

data/spec/aws_support/matchers/update_an_aws_object.rb

@@ -10,11 +10,13 @@ module AWSSupport
 
       require 'chef/provisioning'
 
-      def initialize(example, resource_class, name, expected_updates)
+      # @param custom_matcher [Block] A block with 1 argument that will be provided the aws_obect
+      def initialize(example, resource_class, name, expected_updates, custom_matcher)
         @example = example
         @resource_class = resource_class
         @name = name
         @expected_updates = expected_updates
+        @custom_matcher = custom_matcher
 
         # Grab the "before" value
         resource = resource_class.new(name, nil)
@@ -27,10 +29,12 @@ module AWSSupport
       attr_reader :resource_class
       attr_reader :name
       attr_reader :expected_updates
+      attr_reader :custom_matcher
+      attr_reader :had_initial_value
+
       def resource_name
         @resource_class.resource_name
       end
-      attr_reader :had_initial_value
 
       def match_failure_messages(recipe)
         differences = []
@@ -56,6 +60,8 @@ module AWSSupport
         resource.managed_entry_store Chef::Provisioning.chef_managed_entry_store
         aws_object = resource.aws_object
 
+        example.instance_exec aws_object, &custom_matcher if custom_matcher
+
         # Check to see if properties have the expected values
         differences += match_values_failure_messages(expected_updates, aws_object, "#{resource_name}[#{name}]")
 

data/spec/integration/aws_eip_address_spec.rb

@@ -0,0 +1,74 @@
+require 'spec_helper'
+
+describe Chef::Resource::AwsEipAddress do
+  extend AWSSupport
+
+  when_the_chef_12_server "exists", organization: 'foo', server_scope: :context do
+    with_aws "when connected to AWS" do
+
+      it "aws_eip_address 'test_eip' creates an elastic ip" do
+        expect_recipe {
+          aws_eip_address "test_eip"
+        }.to create_an_aws_eip_address('test_eip',
+        ).and be_idempotent
+      end
+
+      describe 'action :delete' do
+        with_converge {
+          aws_eip_address "test_eip"
+        }
+        it "deletes the elastic ip" do
+          # TODO all the `with_*` and `expect_*` methods from Cheffish
+          # automatically converge the block - we don't want to do that,
+          # we want to let the `destroy_an*` matcher do that
+          r = recipe {
+            aws_eip_address "test_eip" do
+              action :destroy
+            end
+          }
+          expect(r).to destroy_an_aws_eip_address('test_eip'
+          ).and be_idempotent
+        end
+      end
+
+      context "with existing machines", :super_slow do
+        purge_all
+        setup_public_vpc
+
+        machine 'test_machine' do
+          machine_options bootstrap_options: {
+            subnet_id: 'test_public_subnet',
+            key_name: 'test_key_pair'
+          }
+          action :ready # The box has to be online for AWS to accept it as routable
+        end
+
+        it "associates an EIP with a machine" do
+          test_machine_aws_obj = nil
+          expect_recipe {
+            ruby_block 'look up test machine' do
+              block do
+                test_machine_aws_obj = Chef::Resource::AwsInstance.get_aws_object(
+                  'test_machine',
+                  run_context: run_context,
+                  driver: run_context.chef_provisioning.current_driver,
+                  managed_entry_store: Chef::Provisioning.chef_managed_entry_store(run_context.cheffish.current_chef_server)
+                )
+              end
+            end
+          }
+
+          expect_recipe {
+            aws_eip_address "test_eip" do
+              associate_to_vpc true
+              machine "test_machine"
+            end
+          }.to create_an_aws_eip_address('test_eip',
+            instance_id: test_machine_aws_obj.id
+          ).and be_idempotent
+        end
+
+      end
+    end
+  end
+end

data/spec/integration/aws_iam_instance_profile_spec.rb

@@ -0,0 +1,159 @@
+require 'spec_helper'
+require 'securerandom'
+
+def mk_role_name
+  name_postfix = SecureRandom.hex(8)
+  "chef_provisioning_test_iam_role_#{name_postfix}"
+end
+
+def ec2_principal
+<<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+end
+
+describe Chef::Resource::AwsIamRole do
+  extend AWSSupport
+
+  when_the_chef_12_server "exists", organization: "foo", server_scope: :context do
+    with_aws "when connected to AWS" do
+
+      let(:instance_name) {
+        name_postfix = SecureRandom.hex(8)
+        "cp_test_iam_instance_profile_#{name_postfix}"
+      }
+
+      it "creates an aws_iam_instance_profile with minimum attributes" do
+        expect_recipe {
+          aws_iam_instance_profile instance_name do
+            path "/"
+          end
+        }.to create_an_aws_iam_instance_profile(instance_name,
+          path: "/"
+        ).and be_idempotent
+      end
+
+      context "with an existing aws_iam_role" do
+        let(:role_name) {
+          name_postfix = SecureRandom.hex(8)
+          "cp_test_iam_role_#{name_postfix}"
+        }
+
+        # See aws_iam_role_spec.rb for explanation
+        before(:each) do
+          converge {
+            aws_iam_role role_name do
+              path "/"
+              assume_role_policy_document ec2_principal
+            end
+          }
+        end
+
+        after(:each) do
+          converge {
+            aws_iam_role role_name do
+              action :destroy
+            end
+          }
+        end
+
+        it "creates an aws_iam_instance_profile with maximum attributes" do
+          expect_recipe {
+            aws_iam_instance_profile instance_name do
+              path "/"
+              role role_name
+            end
+          }.to create_an_aws_iam_instance_profile(instance_name,
+            path: "/",
+            roles: [{name: role_name}]
+          ).and be_idempotent
+        end
+
+        context "with an existing aws_iam_instance_profile with an attached role" do
+          before(:each) do
+            converge {
+              aws_iam_instance_profile instance_name do
+                path "/"
+                role role_name
+              end
+            }
+          end
+
+          after(:each) do
+            converge {
+              aws_iam_instance_profile instance_name do
+                action :destroy
+              end
+            }
+          end
+
+          it "removes the relationship when the role is deleted" do
+            expect_recipe {
+              aws_iam_role role_name do
+                action :destroy
+              end
+            }.to match_an_aws_iam_instance_profile(instance_name,
+              roles: []
+            ).and be_idempotent
+          end
+
+          it "removes the relationship when the instance_profile is deleted" do
+            expect_recipe {
+              aws_iam_instance_profile instance_name do
+                action :destroy
+              end
+            }.to match_an_aws_iam_role(role_name,
+              instance_profiles: []
+            ).and be_idempotent
+          end
+
+          context "with a second aws_iam_role" do
+            before(:each) do
+              converge {
+                aws_iam_role "#{role_name}2" do
+                  path "/"
+                  assume_role_policy_document ec2_principal
+                end
+              }
+            end
+
+            after(:each) do
+              converge {
+                aws_iam_instance_profile instance_name do
+                  action :destroy
+                end
+              }
+            end
+
+            it "updates the attached role" do
+              expect_recipe {
+                aws_iam_instance_profile instance_name do
+                  path "/"
+                  role "#{role_name}2"
+                end
+              }.to update_an_aws_iam_instance_profile(instance_name,
+                path: "/",
+                roles: [{name: "#{role_name}2"}]
+              ).and be_idempotent
+            end
+          end
+
+        end
+      end
+
+    end
+
+  end
+end