chef-provisioning-aws 1.6.1 → 1.7.0

data/lib/chef/provisioning/aws_driver/tagging_strategy/elasticsearch.rb

@@ -0,0 +1,40 @@
+require 'chef/provisioning/aws_driver/aws_tagger'
+
+module Chef::Provisioning::AWSDriver::TaggingStrategy
+  class Elasticsearch
+
+    attr_reader :client, :arn, :desired_tags
+
+    def initialize(client, arn, desired_tags)
+      @client = client
+      @arn = arn
+      @desired_tags = desired_tags
+    end
+
+    def current_tags
+      resp = client.list_tags({arn: arn})
+      Hash[resp.tag_list.map {|t| [t.key, t.value]}]
+    rescue ::Aws::ElasticsearchService::Errors::ResourceNotFoundException
+      Hash.new
+    end
+
+    def set_tags(tags)
+      tags = tags.map {|k,v|
+        if v.nil?
+          {key: k}
+        else
+          {key: k, value: v}
+        end
+      }
+      client.add_tags({
+                        arn: arn,
+                        tag_list: tags
+                      })
+    end
+
+    def delete_tags(tag_keys)
+      client.remove_tags({arn: arn,
+                          tag_keys: tag_keys})
+    end
+  end
+end

data/lib/chef/provisioning/aws_driver/version.rb

@@ -1,7 +1,7 @@
 class Chef
 module Provisioning
 module AWSDriver
-  VERSION = '1.6.1'
+  VERSION = '1.7.0'
 end
 end
 end

data/lib/chef/resource/aws_eip_address.rb

@@ -1,5 +1,4 @@
 require 'chef/provisioning/aws_driver/aws_resource_with_entry'
-require 'ipaddr'
 
 class Chef::Resource::AwsEipAddress < Chef::Provisioning::AWSDriver::AWSResourceWithEntry
   aws_sdk_type AWS::EC2::ElasticIp, option_names: [ :public_ip ], id: :public_ip, managed_entry_id_name: 'public_ip', backcompat_data_bag_name: 'eip_addresses'
@@ -10,29 +9,10 @@ class Chef::Resource::AwsEipAddress < Chef::Provisioning::AWSDriver::AWSResource
   attribute :machine,          kind_of: [String, FalseClass]
   attribute :associate_to_vpc, kind_of: [TrueClass, FalseClass]
 
-  #
-  # Desired public IP address to associate with this Chef resource.
-  #
-  # Defaults to 'name' if name is an IP address.
-  #
-  # If the IP address is already allocated to your account, Chef will ensure it is
-  # linked to the current .  Thus, this is a way to associate an existing AWS IP
-  # with Chef:
-  #
-  # ```ruby
-  # aws_eip_address 'frontend_ip' do
-  #   public_ip '205.32.21.0'
-  # end
-  # ```
-  #
-  attribute :public_ip, kind_of: String, aws_id_attribute: true, coerce: proc { |v| IPAddr.new(v); v },
-    default: lazy {
-      begin
-        IPAddr.new(name)
-        name
-      rescue
-      end
-    }
+  # Like other aws_id_attributes, this is read-only - you cannot provide it and expect
+  # aws to honor it
+  attribute :public_ip, kind_of: String, aws_id_attribute: true,
+    default: lazy { name =~ /^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ ? name : nil }
 
   def aws_object
     driver, public_ip = get_driver_and_id

data/lib/chef/resource/aws_elasticsearch_domain.rb

@@ -0,0 +1,42 @@
+require 'chef/provisioning/aws_driver/aws_resource'
+
+module AWS
+  class Elasticsearch
+    class Domain
+    end
+  end
+end
+
+class Chef::Resource::AwsElasticsearchDomain < Chef::Provisioning::AWSDriver::AWSResource
+  include Chef::Provisioning::AWSDriver::AWSTaggable
+
+  aws_sdk_type ::AWS::Elasticsearch::Domain
+
+  attribute :domain_name, kind_of: String, name_attribute: true
+
+  # Cluster Config
+  attribute :instance_type, kind_of: String
+  attribute :instance_count, kind_of: Integer
+  attribute :dedicated_master_enabled, kind_of: [TrueClass, FalseClass]
+  attribute :dedicated_master_type, kind_of: String
+  attribute :dedicated_master_count, kind_of: Integer
+  attribute :zone_awareness_enabled, kind_of: [TrueClass, FalseClass]
+
+  # EBS Options
+  attribute :ebs_enabled, kind_of: [TrueClass, FalseClass]
+  attribute :volume_type, equal_to: ["standard", "gp2", "io1"]
+  attribute :volume_size, kind_of: Integer
+  attribute :iops, kind_of: Integer
+
+  # Snapshot Options
+  attribute :automated_snapshot_start_hour, kind_of: Integer
+
+  # Access Policies
+  attribute :access_policies, kind_of: String
+
+  def aws_object
+    driver.elasticsearch_client
+      .describe_elasticsearch_domains(domain_names: [domain_name])[:domain_status_list]
+      .find { |d| !d[:deleted] }
+  end
+end

data/lib/chef/resource/aws_rds_instance.rb

@@ -4,7 +4,7 @@ require 'chef/provisioning/aws_driver/aws_taggable'
 class Chef::Resource::AwsRdsInstance < Chef::Provisioning::AWSDriver::AWSRDSResource
   include Chef::Provisioning::AWSDriver::AWSTaggable
 
-  aws_sdk_type AWS::RDS::DBInstance, id: :db_instance_identifier
+  aws_sdk_type ::Aws::RDS::DBInstance, id: :db_instance_identifier
 
   attribute :db_instance_identifier, kind_of: String, name_attribute: true
 
@@ -28,12 +28,17 @@ class Chef::Resource::AwsRdsInstance < Chef::Provisioning::AWSDriver::AWSRDSReso
   attribute :additional_options, kind_of: Hash, default: {}
 
   def aws_object
-    res = driver.rds.instances[name]
-    if res.exists? && ! ['deleted', 'deleting'].include?(res.status)
-      res
-    else
-      nil
-    end
+    result = self.driver.rds_resource.db_instance(name)
+    return nil unless result && result.db_instance_status != 'deleting'
+    result
+  rescue ::Aws::RDS::Errors::DBInstanceNotFound
+    nil
+  end
+
+  def db_instance_status
+    aws_object.db_instance_status if aws_object
+  rescue ::Aws::RDS::Errors::DBInstanceNotFound
+    nil
   end
 
   def rds_tagging_type

data/lib/chef/resource/aws_route53_hosted_zone.rb

@@ -36,7 +36,7 @@ class Chef::Resource::AwsRoute53HostedZone < Chef::Provisioning::AWSDriver::AWSR
   attribute :name, kind_of: String, callbacks: { "domain name cannot end with a dot" => lambda { |n| n !~ /\.$/ } }
 
   # The comment included in the CreateHostedZoneRequest element. String <= 256 characters.
-  attribute :comment, kind_of: String
+  attribute :comment, kind_of: String, default: ""
 
   # the resource name and the AWS ID have to be related here, since they're tightly coupled elsewhere.
   attribute :aws_route53_zone_id, kind_of: String, aws_id_attribute: true,

data/spec/aws_support.rb

@@ -23,7 +23,7 @@ module AWSSupport
   require 'aws'
   require 'aws_support/deep_matcher/matchable_object'
   require 'aws_support/deep_matcher/matchable_array'
-  DeepMatcher::MatchableObject.matchable_classes << proc { |o| o.class.name =~ /^(AWS|Aws)::(EC2|ELB|IAM|S3|RDS|CloudSearch|Route53)($|::)/ }
+  DeepMatcher::MatchableObject.matchable_classes << proc { |o| o.class.name =~ /^(AWS|Aws)::(EC2|ELB|IAM|S3|RDS|CloudSearch|Route53|ElasticsearchService)($|::)/ }
   DeepMatcher::MatchableArray.matchable_classes  << AWS::Core::Data::List
 
   def purge_all
@@ -95,7 +95,7 @@ module AWSSupport
       module_eval(&block)
     end
 
-    if ENV['AWS_TEST_DRIVER']
+    if ENV['AWS_TEST_DRIVER']  && !ENV['AWS_TEST_DRIVER'].empty?
       aws_driver = Chef::Provisioning.driver_for_url(ENV['AWS_TEST_DRIVER'])
       when_the_repository "exists #{description ? "and #{description}" : ""}", *tags, &context_block
     else

data/spec/integration/aws_eip_address_spec.rb

@@ -13,10 +13,38 @@ describe Chef::Resource::AwsEipAddress do
         ).and be_idempotent
       end
 
-      describe 'action :delete' do
-        with_converge {
-          aws_eip_address "test_eip"
+      it "raises an error trying to reference an eip that does not exist" do
+        r = recipe {
+          aws_eip_address "0.0.0.0"
         }
+        expect {r.converge}.to raise_error(/Chef::Resource::AwsEipAddress\[0.0.0.0\] does not exist!/)
+      end
+
+      context "with an existing aws_eip_address" do
+        aws_eip_address "test_eip"
+
+        it "can reference the ip address by id in the name field" do
+          expect_recipe {
+            aws_eip_address test_eip.aws_object.public_ip
+          }.to match_an_aws_eip_address(test_eip.aws_object.public_ip,
+            public_ip: test_eip.aws_object.public_ip
+          ).and be_idempotent
+        end
+
+        it "can reference the ip address in the public_ip field" do
+          expect_recipe {
+            aws_eip_address "random_identifier" do
+              public_ip test_eip.aws_object.public_ip
+            end
+          }.to match_an_aws_eip_address("random_identifier",
+            public_ip: test_eip.aws_object.public_ip
+          ).and be_idempotent
+        end
+      end
+
+      describe 'action :delete' do
+        aws_eip_address "test_eip"
+
         it "deletes the elastic ip" do
           # TODO all the `with_*` and `expect_*` methods from Cheffish
           # automatically converge the block - we don't want to do that,
@@ -44,27 +72,13 @@ describe Chef::Resource::AwsEipAddress do
         end
 
         it "associates an EIP with a machine" do
-          test_machine_aws_obj = nil
-          expect_recipe {
-            ruby_block 'look up test machine' do
-              block do
-                test_machine_aws_obj = Chef::Resource::AwsInstance.get_aws_object(
-                  'test_machine',
-                  run_context: run_context,
-                  driver: run_context.chef_provisioning.current_driver,
-                  managed_entry_store: Chef::Provisioning.chef_managed_entry_store(run_context.cheffish.current_chef_server)
-                )
-              end
-            end
-          }
-
           expect_recipe {
             aws_eip_address "test_eip" do
               associate_to_vpc true
               machine "test_machine"
             end
           }.to create_an_aws_eip_address('test_eip',
-            instance_id: test_machine_aws_obj.id
+            instance_id: test_machine.aws_object.id
           ).and be_idempotent
         end
 

data/spec/integration/aws_elasticsearch_domain_spec.rb

@@ -0,0 +1,119 @@
+require 'spec_helper'
+
+def policy(user)
+  <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Sid": "test-policy",
+      "Principal": {
+        "AWS": "#{user}"
+      },
+      "Action": "es:*",
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+end
+
+def all_options_domain(name)
+  aws_elasticsearch_domain name do
+    instance_type "m3.medium.elasticsearch"
+    instance_count 2
+    dedicated_master_enabled true
+    dedicated_master_type "m3.medium.elasticsearch"
+    dedicated_master_count 2
+    zone_awareness_enabled true
+    ebs_enabled true
+    volume_type "io1"
+    volume_size 35
+    iops 1000
+    automated_snapshot_start_hour 2
+    access_policies policy(driver.iam_client.get_user.user.arn)
+    aws_tags key1: "value"
+  end
+end
+
+describe Chef::Resource::AwsElasticsearchDomain do
+  extend AWSSupport
+
+  let(:all_options_result) do
+    {created: true,
+     elasticsearch_cluster_config: {
+       instance_type: "m3.medium.elasticsearch",
+       instance_count: 2,
+       dedicated_master_enabled: true,
+       dedicated_master_type: "m3.medium.elasticsearch",
+       zone_awareness_enabled: true
+     },
+     ebs_options: {
+       ebs_enabled: true,
+       volume_size: 35,
+       volume_type: "io1",
+       iops: 1000
+     },
+     snapshot_options: {
+       automated_snapshot_start_hour: 2
+     }
+    }
+  end
+
+  when_the_chef_12_server "exists", organization: "foo", server_scope: :context do
+    with_aws "when connected to AWS" do
+      time = DateTime.now.strftime('%Q')
+
+      it "returns nil when aws_object is called for something that does not exist" do
+        r = nil
+        converge {
+          r = aws_elasticsearch_domain "wont-exist" do
+            action :nothing
+          end
+        }
+        expect(r.aws_object).to eq(nil)
+      end
+
+      it "aws_elasticsearch_domain 'test-#{time}' creates a elasticsearch domain" do
+        expect_recipe {
+          all_options_domain("test-#{time}")
+        }.to create_an_aws_elasticsearch_domain("test-#{time}", all_options_result).and be_idempotent
+      end
+
+      context "with an existing elasticsearch domain" do
+        aws_elasticsearch_domain "test-#{time}-2"
+
+        it "can update all options" do
+          expect_recipe {
+            all_options_domain("test-#{time}-2")
+          }.to update_an_aws_elasticsearch_domain("test-#{time}-2", all_options_result)
+        end
+
+        it "updates the aws_tags" do
+          expect_recipe {
+            all_options_domain("test-#{time}-2")
+          }.to have_aws_elasticsearch_domain_tags("test-#{time}-2", {'key1' => 'value'})
+        end
+
+        it "removes all aws_elasticsearch_domain tags" do
+          expect_recipe {
+            aws_elasticsearch_domain "test-#{time}-2" do
+              aws_tags {}
+            end
+          }.to have_aws_elasticsearch_domain_tags("test-#{time}-2", {}).and be_idempotent
+        end
+
+
+        it "destroys an elasticsearch domain" do
+          r = recipe {
+            aws_elasticsearch_domain "test-#{time}-2" do
+              action :destroy
+            end
+          }
+          expect(r).to destroy_an_aws_elasticsearch_domain("test-#{time}-2")
+        end
+      end
+    end
+  end
+end

data/spec/integration/aws_key_pair_spec.rb

@@ -12,7 +12,8 @@ describe Chef::Resource::AwsKeyPair do
       it "aws_key_pair 'test_key_pair' creates a key pair" do
         expect(recipe {
           aws_key_pair 'test_key_pair' do
-            private_key_options format: :der, type: :rsa
+            private_key_options format: :pem, type: :rsa, regenerate_if_different: true
+            allow_overwrite true
           end
         }).to create_an_aws_key_pair('test_key_pair').and be_idempotent
       end

data/spec/integration/aws_rds_instance_spec.rb

@@ -53,9 +53,9 @@ describe Chef::Resource::AwsRdsInstance do
                                         db_instance_class: "db.t1.micro",
                                         master_username: "thechief",
                                        ).and be_idempotent
-        i = driver.rds.client.describe_db_instances(:db_instance_identifier => "test-rds-instance")[:db_instances].first
-        expect(i[:db_subnet_group][:db_subnet_group_name]).to eq("test-db-subnet-group")
-        expect(i[:publicly_accessible]).to eq(false)
+        r = driver.rds_resource.db_instance("test-rds-instance")
+        expect(r.db_subnet_group.db_subnet_group_name).to eq("test-db-subnet-group")
+        expect(r.publicly_accessible).to eq(false)
       end
 
       it "aws_rds_instance prefers explicit options" do

data/spec/integration/aws_route53_hosted_zone_spec.rb

@@ -64,6 +64,17 @@ describe Chef::Resource::AwsRoute53HostedZone do
             }.to create_an_aws_route53_hosted_zone(zone_name,
                                                    config: { comment: expected_comment }).and be_idempotent
           end
+
+          it "updates the zone comment when none is given" do
+            expect_recipe {
+              aws_route53_hosted_zone zone_name do
+                comment "Initial comment."
+              end
+              aws_route53_hosted_zone zone_name do
+              end
+            }.to create_an_aws_route53_hosted_zone(zone_name,
+                                                   config: { comment: nil }).and be_idempotent
+          end
         end
 
         context "RecordSets" do

data/spec/integration/aws_route_table_spec.rb

@@ -8,6 +8,10 @@ describe Chef::Resource::AwsRouteTable do
       purge_all
       setup_public_vpc
 
+      aws_network_interface 'test_network_interface' do
+        subnet 'test_public_subnet'
+      end
+
       it "aws_route_table 'test_route_table' with no parameters except VPC creates a route table" do
         expect_recipe {
           aws_route_table 'test_route_table' do
@@ -15,7 +19,7 @@ describe Chef::Resource::AwsRouteTable do
           end
         }.to create_an_aws_route_table('test_route_table',
           routes: [
-            { destination_cidr_block: '10.0.0.0/24', gateway_id: 'local', state: "active" }
+            { destination_cidr_block: '10.0.0.0/16', gateway_id: 'local', state: "active" }
           ]
         ).and be_idempotent
       end
@@ -27,29 +31,20 @@ describe Chef::Resource::AwsRouteTable do
             routes '0.0.0.0/0' => :internet_gateway
           end
         }.to create_an_aws_route_table('test_route_table',
-          routes: [
-            { destination_cidr_block: '10.0.0.0/24', gateway_id: 'local', state: "active" },
+          routes: Set[
+            { destination_cidr_block: '10.0.0.0/16', gateway_id: 'local', state: "active" },
             { destination_cidr_block: '0.0.0.0/0', gateway_id: test_vpc.aws_object.internet_gateway.id, state: "active" }
           ]
         ).and be_idempotent
       end
 
       it "ignores routes whose target matches ignore_route_targets" do
-        eni = nil
         expect_recipe {
-            aws_subnet 'test_subnet' do
-              vpc 'test_vpc'
-            end
-
-            eni = aws_network_interface 'test_network_interface' do
-              subnet 'test_subnet'
-            end
-
             aws_route_table 'test_route_table' do
               vpc 'test_vpc'
               routes(
                 '0.0.0.0/0' => :internet_gateway,
-                '172.31.0.0/16' => eni
+                '172.31.0.0/16' => test_network_interface
               )
             end
 
@@ -59,33 +54,19 @@ describe Chef::Resource::AwsRouteTable do
               ignore_route_targets ['^eni-']
             end
           }.to create_an_aws_route_table('test_route_table',
-            routes: [
-              { destination_cidr_block: '10.0.0.0/24', gateway_id: 'local', state: "active" },
-              { destination_cidr_block: '172.31.0.0/16', network_interface_id: eni.aws_object.id, state: "blackhole" },
+            routes: Set[
+              { destination_cidr_block: '10.0.0.0/16', gateway_id: 'local', state: "active" },
+              { destination_cidr_block: '172.31.0.0/16', network_interface_id: test_network_interface.aws_object.id, state: "blackhole" },
               { destination_cidr_block: '0.0.0.0/0', gateway_id: test_vpc.aws_object.internet_gateway.id, state: "active" },
             ]
           ).and be_idempotent
       end
 
-      it "creates aws_route_table tags" do
-        expect_recipe {
-          aws_route_table 'test_route_table' do
-            vpc 'test_vpc'
-            aws_tags key1: "value"
-          end
-        }.to create_an_aws_route_table('test_route_table')
-        .and have_aws_route_table_tags('test_route_table',
-          {
-            'Name' => 'test_route_table',
-            'key1' => 'value'
-          }
-        ).and be_idempotent
-      end
-
       context "with an existing routing table" do
         aws_route_table 'test_route_table' do
           vpc 'test_vpc'
-          routes '0.0.0.0/0' => :internet_gateway
+          routes '0.0.0.0/0' => :internet_gateway,
+                 '1.0.0.0/8' => :internet_gateway
         end
 
         it "updates an existing routing table" do
@@ -93,12 +74,12 @@ describe Chef::Resource::AwsRouteTable do
             aws_route_table 'test_route_table' do
               vpc 'test_vpc'
               routes '0.0.0.0/0' => :internet_gateway,
-                    '10.1.0.0/24' => :internet_gateway
+                    '2.0.0.0/8' => :internet_gateway
             end
           }.to update_an_aws_route_table('test_route_table',
-            routes: [
-              { destination_cidr_block: '10.1.0.0/24', gateway_id: test_vpc.aws_object.internet_gateway.id, state: "active" },
-              { destination_cidr_block: '10.0.0.0/24', gateway_id: 'local', state: "active" },
+            routes: Set[
+              { destination_cidr_block: '2.0.0.0/8', gateway_id: test_vpc.aws_object.internet_gateway.id, state: "active" },
+              { destination_cidr_block: '10.0.0.0/16', gateway_id: 'local', state: "active" },
               { destination_cidr_block: '0.0.0.0/0', gateway_id: test_vpc.aws_object.internet_gateway.id, state: "active" },
             ]
           ).and be_idempotent
@@ -119,19 +100,34 @@ describe Chef::Resource::AwsRouteTable do
             aws_route_table 'test_route_table' do
               vpc 'test_vpc'
               routes '0.0.0.0/0'   => :internet_gateway,
-                     '10.1.0.0/16' => 'test_machine'
+                     '11.0.0.0/8' => 'test_machine'
             end
 
           }.to create_an_aws_route_table('test_route_table',
-            routes: [
+            routes: Set[
                 { destination_cidr_block: '10.0.0.0/16', gateway_id: 'local', state: "active" },
-                { destination_cidr_block: '10.1.0.0/16', instance_id: test_machine.aws_object.id, state: "active" },
+                { destination_cidr_block: '11.0.0.0/8', instance_id: test_machine.aws_object.id, state: "active" },
                 { destination_cidr_block: '0.0.0.0/0', gateway_id: test_vpc.aws_object.internet_gateway.id, state: "active" },
               ]
           ).and be_idempotent
         end
       end
 
+      it "creates aws_route_table tags" do
+        expect_recipe {
+          aws_route_table 'test_route_table' do
+            vpc 'test_vpc'
+            aws_tags key1: "value"
+          end
+        }.to create_an_aws_route_table('test_route_table')
+        .and have_aws_route_table_tags('test_route_table',
+          {
+            'Name' => 'test_route_table',
+            'key1' => 'value'
+          }
+        ).and be_idempotent
+      end
+
       context "with existing tags" do
         aws_route_table 'test_route_table' do
           vpc 'test_vpc'
@@ -170,7 +166,7 @@ describe Chef::Resource::AwsRouteTable do
     end
 
     with_aws "with two VPC's with an internet gateway" do
-      aws_vpc "test_vpc" do
+      aws_vpc "test_vpc_1" do
         cidr_block '10.0.0.0/24'
         internet_gateway true
       end
@@ -184,22 +180,22 @@ describe Chef::Resource::AwsRouteTable do
         pcx = nil
         expect_recipe {
           pcx = aws_vpc_peering_connection 'test_peering_connection' do
-            vpc 'test_vpc'
+            vpc 'test_vpc_1'
             peer_vpc 'test_vpc_2'
           end
 
           aws_route_table 'test_route_table' do
-            vpc 'test_vpc'
+            vpc 'test_vpc_1'
             routes(
                 '100.100.0.0/16' => pcx,
                 '0.0.0.0/0' => :internet_gateway
             )
           end
         }.to create_an_aws_route_table('test_route_table',
-          routes: [
+          routes: Set[
             { destination_cidr_block: '10.0.0.0/24', gateway_id: 'local', state: "active" },
             { destination_cidr_block: '100.100.0.0/16', vpc_peering_connection_id: pcx.aws_object.id, state: "active" },
-            { destination_cidr_block: '0.0.0.0/0', gateway_id: test_vpc.aws_object.internet_gateway.id, state: "active" }
+            { destination_cidr_block: '0.0.0.0/0', gateway_id: test_vpc_1.aws_object.internet_gateway.id, state: "active" }
           ]
         ).and be_idempotent
       end