chef-provisioning-aws 1.9.0 → 1.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5474ba34beb9fa261bd2c3abbe9561772bd36877
-  data.tar.gz: 602d8d0ce78d094d41e0982e97ddd42654528777
+  metadata.gz: a6942ab3aca17cfa681e5023c373ceca03447728
+  data.tar.gz: 937b97d44672eb3c4aa85e2730211b09f03d218e
 SHA512:
-  metadata.gz: e410f83858985cc03647c57e074aafd8ad8ec7d9db663c0ed02c477823a33b70f06a7152b815c47298a35fbb8ef319565686fa7cade07db53100d4aea164322f
-  data.tar.gz: d42f36a75e6644ffc964e6cfc794e8cab50ca7622553e9310669d2630a5e5478a674581adcaadbf3f0e3003e5487efaa7b1a2a559ae03d2c73ef1438a34e3da0
+  metadata.gz: 7a265b44bc28a8f62cc24c2d054cb4d1a9aec99b72c3a7f219f5e07498fb3e4923cdc3ffada912945df7968c5ba7f8a952de12255d764bd7da7abcda6d16467c
+  data.tar.gz: 7bb902bc96c98c8116f033416ad68823f93265396deb41c43ff8cdea6787e88f7bfe9207216c025d2e204d78d89e7c3db329575c145298035f1a6c3d637d055f

data/README.md

@@ -391,10 +391,12 @@ aws_subnet 'my_subnet' do
 end
 
 machine 'my_machine' do
-  machine_options bootstrap_options: {
-    subnet_id: 'my_subnet',
-    security_group_ids: ['my_sg']
-  }
+  machine_options(
+    bootstrap_options: {
+      subnet_id: 'my_subnet',
+      security_group_ids: ['my_sg']
+    }
+  )
 end
 ```
 

data/lib/chef/provider/aws_auto_scaling_group.rb

@@ -1,7 +1,10 @@
 require 'chef/provisioning/aws_driver/aws_provider'
 require 'set'
+require 'chef/provisioning/aws_driver/tagging_strategy/auto_scaling'
 
 class Chef::Provider::AwsAutoScalingGroup < Chef::Provisioning::AWSDriver::AWSProvider
+  include Chef::Provisioning::AWSDriver::TaggingStrategy::AutoScalingConvergeTags
+
   provides :aws_auto_scaling_group
 
   protected
@@ -12,7 +15,18 @@ class Chef::Provider::AwsAutoScalingGroup < Chef::Provisioning::AWSDriver::AWSPr
       options[:min_size] ||= 1
       options[:max_size] ||= 1
 
-      new_resource.driver.auto_scaling.groups.create( new_resource.name, options )
+      aws_obj = new_resource.driver.auto_scaling.groups.create(
+        new_resource.name, options)
+
+      new_resource.scaling_policies.each do |policy_name, policy|
+        aws_obj.scaling_policies.put(policy_name.to_s, policy)
+      end
+
+      new_resource.notification_configurations.each do |config|
+        aws_obj.notification_configurations.create(config)
+      end
+
+      aws_obj
     end
   end
 

data/lib/chef/provider/aws_cloudwatch_alarm.rb

@@ -0,0 +1,84 @@
+require 'chef/provisioning/aws_driver/aws_provider'
+
+class Chef::Provider::AwsCloudwatchAlarm < Chef::Provisioning::AWSDriver::AWSProvider
+  provides :aws_cloudwatch_alarm
+
+  def create_aws_object
+    converge_by "creating cloudwatch alarm #{new_resource.name} in #{region}" do
+      new_resource.driver.cloudwatch_client.put_metric_alarm(desired_options)
+    end
+  end
+
+  def update_aws_object(alarm)
+    if update_required?(alarm)
+      converge_by "updating cloudwatch alarm #{new_resource.name} in #{region}" do
+        new_resource.driver.cloudwatch_client.put_metric_alarm(desired_options)
+      end
+    end
+  end
+
+  def destroy_aws_object(alarm)
+    converge_by "destroying cloudwatch alarm #{new_resource.name} in #{region}" do
+      alarm.delete
+    end
+  end
+
+  def desired_options
+    @desired_options ||= begin
+      # Because an update is a PUT, we must ensure that any properties not specified
+      # on the resource that are already present on the object stay the same
+      aws_object = new_resource.aws_object
+      opts = {alarm_name: new_resource.name}
+      %i(namespace metric_name comparison_operator
+         evaluation_periods period statistic threshold
+         actions_enabled alarm_description unit).each do |opt|
+        if !new_resource.public_send(opt).nil?
+          opts[opt] = new_resource.public_send(opt)
+        elsif aws_object && !aws_object.public_send(opt).nil?
+          opts[opt] = aws_object.public_send(opt)
+        end
+      end
+      if !new_resource.dimensions.nil?
+        opts[:dimensions] = new_resource.dimensions
+      elsif aws_object && !aws_object.dimensions.nil?
+        opts[:dimensions] = aws_object.dimensions.map! {|d| d.to_h}
+      end
+      # Normally we would just use `lookup_options` here but because these parameters
+      # don't necessarily sound like sns topics we manually do it
+      %i{insufficient_data_actions ok_actions alarm_actions}.each do |opt|
+        if !new_resource.public_send(opt).nil?
+          opts[opt] = new_resource.public_send(opt)
+          opts[opt].map! do |action|
+            if action.kind_of?(String) && !(action =~ /^arn:/)
+              aws_object = Chef::Resource::AwsSnsTopic.get_aws_object(action, resource: new_resource)
+              action = aws_object.arn if aws_object
+            end
+            action
+          end
+        elsif aws_object && !aws_object.public_send(opt).nil?
+          opts[opt] = aws_object.public_send(opt)
+        end
+      end
+      opts
+    end
+  end
+
+  def update_required?(alarm)
+    %i{namespace metric_name comparison_operator
+       evaluation_periods period statistic threshold
+       actions_enabled alarm_description unit}.each do |opt|
+      if alarm.public_send(opt) != desired_options[opt]
+        return true
+      end
+    end
+    unless (Set.new(alarm.dimensions.map {|d| d.to_h}) ^ Set.new(desired_options[:dimensions])).empty?
+      return true
+    end
+    %i(insufficient_data_actions ok_actions alarm_actions).each do |opt|
+      unless (Set.new(alarm.public_send(opt)) ^ Set.new(desired_options[opt])).empty?
+        return true
+      end
+    end
+    return false
+  end
+end

data/lib/chef/provider/aws_ebs_volume.rb

@@ -14,7 +14,7 @@ class Chef::Provider::AwsEbsVolume < Chef::Provisioning::AWSDriver::AWSProvider
     end
   end
 
-  class VolumeStatusTimeoutError < TimeoutError
+  class VolumeStatusTimeoutError < ::Timeout::Error
     def initialize(new_resource, initial_status, expected_status)
       super("timed out waiting for #{new_resource} status to change from #{initial_status} to #{expected_status}!")
     end

data/lib/chef/provider/aws_image.rb

@@ -7,7 +7,7 @@ class Chef::Provider::AwsImage < Chef::Provisioning::AWSDriver::AWSProvider
   provides :aws_image
 
   def destroy_aws_object(image)
-    instance_id = image.tags['from-instance']
+    instance_id = image.tags.map {|t| [t.key, t.value] }.to_h['from-instance']
     Chef::Log.debug("Found from-instance tag [#{instance_id}] on #{image.id}")
     unless instance_id
       # This is an old image and doesn't have the tag added - lets try and find it from the block device mapping
@@ -21,15 +21,23 @@ class Chef::Provider::AwsImage < Chef::Provisioning::AWSDriver::AWSProvider
         end
       end
     end
-    converge_by "delete image #{new_resource} in #{region}" do
-      image.delete
+    converge_by "deregister image #{new_resource} in #{region}" do
+      image.deregister
     end
     if instance_id
       # As part of the image creation process, the source instance was automatically
       # destroyed - we just need to make sure that has completed successfully
-      instance = new_resource.driver.ec2.instances[instance_id]
+      instance = new_resource.driver.ec2_resource.instance(instance_id)
       converge_by "waiting until instance #{instance.id} is :terminated" do
-        wait_for_status(instance, :terminated, [AWS::EC2::Errors::InvalidInstanceID::NotFound, AWS::Core::Resource::NotFound])
+        if instance.exists?
+          instance.wait_until_terminated do |w|
+            w.delay = 5
+            w.max_attempts = 60
+            w.before_wait do |attempts, response|
+              action_handler.report_progress "waited #{(attempts-1)*5}/#{60*5}s for #{instance.id} status to terminate..."
+            end
+          end
+        end
       end
     end
   end

data/lib/chef/provider/aws_launch_configuration.rb

@@ -7,14 +7,14 @@ class Chef::Provider::AwsLaunchConfiguration < Chef::Provisioning::AWSDriver::AW
   protected
 
   def create_aws_object
-    image = Chef::Resource::AwsImage.get_aws_object_id(new_resource.image, resource: new_resource)
+    image_id = Chef::Resource::AwsImage.get_aws_object_id(new_resource.image, resource: new_resource)
     instance_type = new_resource.instance_type || new_resource.driver.default_instance_type
     options = AWSResource.lookup_options(new_resource.options || options, resource: new_resource)
 
     converge_by "create launch configuration #{new_resource.name} in #{region}" do
       new_resource.driver.auto_scaling.launch_configurations.create(
         new_resource.name,
-        image,
+        image_id,
         instance_type,
         options
       )
@@ -23,8 +23,8 @@ class Chef::Provider::AwsLaunchConfiguration < Chef::Provisioning::AWSDriver::AW
 
   def update_aws_object(launch_configuration)
     if new_resource.image
-      image = Chef::Resource::AwsImage.get_aws_object_id(new_resource.image, resource: new_resource)
-      if image != launch_configuration.image_id
+      image_id = Chef::Resource::AwsImage.get_aws_object_id(new_resource.image, resource: new_resource)
+      if image_id != launch_configuration.image_id
         raise "#{new_resource.to_s}.image = #{new_resource.image} (#{image.id}), but actual launch configuration has image set to #{launch_configuration.image_id}.  Cannot be modified!"
       end
     end

data/lib/chef/provider/aws_nat_gateway.rb

@@ -0,0 +1,57 @@
+#require 'chef/provisioning/aws_driver/aws_provider'
+require 'retryable'
+
+class Chef::Provider::AwsNatGateway < Chef::Provisioning::AWSDriver::AWSProvider
+
+  provides :aws_nat_gateway
+
+  protected
+
+  def create_aws_object
+    if new_resource.subnet.nil?
+      raise "Nat Gateway create action for '#{new_resource.name}' requires the 'subnet' attribute."
+    end
+    subnet = Chef::Resource::AwsSubnet.get_aws_object(new_resource.subnet, resource: new_resource)
+
+    if new_resource.eip_address.nil?
+      # TODO Ideally it would be nice to automatically manage an eip address but
+      # the lack of tagging support and the limited SDK interaction with these two
+      # resources makes that too hard right now. So we force the user to manage their
+      # eip address as a seperate resource.
+      raise "Nat Gateway create action for '#{new_resource.name}' requires the 'eip_address' attribute."
+    end
+    eip_address = Chef::Resource::AwsEipAddress.get_aws_object(new_resource.eip_address, resource: new_resource)
+
+    converge_by "create nat gateway #{new_resource.name} in region #{region} for subnet #{subnet}" do
+      options = {
+          subnet_id: subnet.id,
+          allocation_id: eip_address.allocation_id
+      }
+
+      nat_gateway = new_resource.driver.ec2_resource.create_nat_gateway(options)
+      wait_for_state(nat_gateway, ['available'])
+      nat_gateway
+    end
+  end
+
+  def update_aws_object(nat_gateway)
+    subnet_id = Chef::Resource::AwsSubnet.get_aws_object_id(new_resource.subnet, resource: new_resource) if new_resource.subnet
+    if subnet_id != nat_gateway.subnet_id
+      raise "Nat gateway subnet cannot be changed after being created! Desired subnet for #{new_resource.name} (#{nat_gateway.id}) was \"#{nat_gateway.subnet_id}\" and actual description is \"#{subnet_id}\""
+    end
+
+    if new_resource.eip_address
+      eip_address = Chef::Resource::AwsEipAddress.get_aws_object(new_resource.eip_address, resource: new_resource)
+      if eip_address.nil? or eip_address.allocation_id != nat_gateway.nat_gateway_addresses.first.allocation_id
+        raise "Nat gateway elastic ip address cannot be changed after being created! Desired elastic ip address for #{new_resource.name} (#{nat_gateway.id}) was \"#{nat_gateway.nat_gateway_addresses.first.allocation_id}\" and actual description is \"#{eip_address.allocation_id}\""
+      end
+    end
+  end
+
+  def destroy_aws_object(nat_gateway)
+    converge_by "delete nat gateway #{new_resource.name} in region #{region} for subnet #{nat_gateway.subnet_id}" do
+      nat_gateway.delete
+      wait_for_state(nat_gateway, ['deleted'])
+    end
+  end
+end

data/lib/chef/provider/aws_network_interface.rb

@@ -8,7 +8,7 @@ class Chef::Provider::AwsNetworkInterface < Chef::Provisioning::AWSDriver::AWSPr
 
   provides :aws_network_interface
 
-  class NetworkInterfaceStatusTimeoutError < TimeoutError
+  class NetworkInterfaceStatusTimeoutError < ::Timeout::Error
     def initialize(new_resource, initial_status, expected_status)
       super("timed out waiting for #{new_resource} status to change from #{initial_status} to #{expected_status}!")
     end

data/lib/chef/provider/aws_route_table.rb

@@ -72,7 +72,7 @@ class Chef::Provider::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSProvider
     current_routes = {}
     route_table.routes.each do |route|
       # Ignore the automatic local route
-      route_target = route.gateway_id || route.instance_id || route.network_interface_id || route.vpc_peering_connection_id
+      route_target = route.gateway_id || route.nat_gateway_id || route.instance_id || route.network_interface_id || route.vpc_peering_connection_id
       next if route_target == 'local'
       next if ignore_route_targets.find { |target| route_target.match(/#{target}/) }
       current_routes[route.destination_cidr_block] = route
@@ -85,7 +85,7 @@ class Chef::Provider::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSProvider
       # If we already have a route to that CIDR block, replace it.
       if current_routes[destination_cidr_block]
         current_route = current_routes.delete(destination_cidr_block)
-        current_target = current_route.gateway_id || current_route.instance_id || current_route.network_interface_id || current_route.vpc_peering_connection_id
+        current_target = current_route.gateway_id || current_route.nat_gateway_id || current_route.instance_id || current_route.network_interface_id || current_route.vpc_peering_connection_id
         if current_target != target
           action_handler.perform_action "reroute #{destination_cidr_block} to #{route_target} (#{target}) instead of #{current_target}" do
             current_route.replace(options)
@@ -100,7 +100,7 @@ class Chef::Provider::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSProvider
 
     # Delete anything that's left (that wasn't replaced)
     current_routes.values.each do |current_route|
-      current_target = current_route.gateway_id || current_route.instance_id || current_route.network_interface_id || current_route.vpc_peering_connection_id
+      current_target = current_route.gateway_id || current_route.nat_gateway_id || current_route.instance_id || current_route.network_interface_id || current_route.vpc_peering_connection_id
       action_handler.perform_action "remove route sending #{current_route.destination_cidr_block} to #{current_target}" do
         current_route.delete
       end
@@ -140,6 +140,8 @@ class Chef::Provider::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSProvider
       end
     when /^igw-[A-Fa-f0-9]{8}$/, Chef::Resource::AwsInternetGateway, AWS::EC2::InternetGateway
       route_target = { internet_gateway: route_target }
+    when /^nat-[A-Fa-f0-9]{17}$/, Chef::Resource::AwsNatGateway, Aws::EC2::NatGateway
+      route_target = { nat_gateway: route_target }
     when /^eni-[A-Fa-f0-9]{8}$/, Chef::Resource::AwsNetworkInterface, AWS::EC2::NetworkInterface
       route_target = { network_interface: route_target }
     when /^pcx-[A-Fa-f0-9]{8}$/, Chef::Resource::AwsVpcPeeringConnection, ::Aws::EC2::VpcPeeringConnection
@@ -169,6 +171,8 @@ class Chef::Provider::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSProvider
         updated_route_target[:network_interface_id] = Chef::Resource::AwsNetworkInterface.get_aws_object_id(value, resource: new_resource)
       when :internet_gateway
         updated_route_target[:gateway_id] = Chef::Resource::AwsInternetGateway.get_aws_object_id(value, resource: new_resource)
+      when :nat_gateway
+        updated_route_target[:nat_gateway_id] = Chef::Resource::AwsNatGateway.get_aws_object_id(value, resource: new_resource)
       when :vpc_peering_connection
         updated_route_target[:vpc_peering_connection_id] = Chef::Resource::AwsVpcPeeringConnection.get_aws_object_id(value, resource: new_resource)
       when :virtual_private_gateway

data/lib/chef/provider/aws_vpc.rb

@@ -68,6 +68,26 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
     current_driver = self.new_resource.driver
     current_chef_server = self.new_resource.chef_server
     if purging
+      #SDK V2
+      nat_gateways = new_resource.driver.ec2_client.describe_nat_gateways({
+          :filter => [
+              { name: 'vpc-id', values: [vpc.id] },
+              { name: 'state', values: ['available', 'pending'] }
+          ]
+      }).nat_gateways
+
+      nat_gateways.each do |nat_gw|
+        nat_gw_resource = new_resource.driver.ec2_resource.nat_gateway(nat_gw.nat_gateway_id)
+        Cheffish.inline_resource(self, action) do
+          aws_nat_gateway nat_gw_resource do
+            action :purge
+            driver current_driver
+            chef_server current_chef_server
+          end
+        end
+      end
+
+      #SDK V1
       vpc.subnets.each do |s|
         Cheffish.inline_resource(self, action) do
           aws_subnet s do

data/lib/chef/provisioning/aws_driver.rb

@@ -6,6 +6,7 @@ require "chef/resource/aws_cache_cluster"
 require "chef/resource/aws_cache_replication_group"
 require "chef/resource/aws_cache_subnet_group"
 require "chef/resource/aws_cloudsearch_domain"
+require "chef/resource/aws_cloudwatch_alarm"
 require "chef/resource/aws_dhcp_options"
 require "chef/resource/aws_ebs_volume"
 require "chef/resource/aws_eip_address"
@@ -18,6 +19,7 @@ require "chef/resource/aws_internet_gateway"
 require "chef/resource/aws_key_pair"
 require "chef/resource/aws_launch_configuration"
 require "chef/resource/aws_load_balancer"
+require "chef/resource/aws_nat_gateway"
 require "chef/resource/aws_network_acl"
 require "chef/resource/aws_network_interface"
 require "chef/resource/aws_rds_instance"

data/lib/chef/provisioning/aws_driver/aws_provider.rb

@@ -13,7 +13,7 @@ class AWSProvider < Chef::Provider::LWRPBase
 
   AWSResource = Chef::Provisioning::AWSDriver::AWSResource
 
-  class StatusTimeoutError < TimeoutError
+  class StatusTimeoutError < ::Timeout::Error
     def initialize(aws_object, initial_status, expected_status)
       super("timed out waiting for #{aws_object.id} status to change from #{initial_status.inspect} to #{expected_status.inspect}!")
     end

data/lib/chef/provisioning/aws_driver/driver.rb

@@ -36,6 +36,8 @@ AWS_V2_SERVICES = {
   "ElasticsearchService" => "elasticsearch",
   "IAM" => "iam",
   "RDS" => "rds",
+  "CloudWatch" => "cloudwatch",
+  "AutoScaling" => "auto_scaling"
 }
 Aws.eager_autoload!(:services => AWS_V2_SERVICES.keys)
 
@@ -536,16 +538,17 @@ module AWSDriver
       image_options = (image_options || {}).to_h.dup
       machine_options = (machine_options || {}).to_h.dup
       aws_tags = image_options.delete(:aws_tags) || {}
-      if actual_image.nil? || !actual_image.exists? || actual_image.state == :failed
+      if actual_image.nil? || !actual_image.exists? || actual_image.state.to_sym == :failed
         action_handler.perform_action "Create image #{image_spec.name} from machine #{machine_spec.name} with options #{image_options.inspect}" do
           image_options[:name] ||= image_spec.name
           image_options[:instance_id] ||= machine_spec.reference['instance_id']
           image_options[:description] ||= "Image #{image_spec.name} created from machine #{machine_spec.name}"
           Chef::Log.debug "AWS Image options: #{image_options.inspect}"
-          actual_image = ec2.images.create(image_options.to_hash)
+          image_type = ec2_client.create_image(image_options.to_hash)
+          actual_image = ec2_resource.image(image_type.image_id)
           image_spec.reference = {
             'driver_version' => Chef::Provisioning::AWSDriver::VERSION,
-            'image_id' => actual_image.id,
+            'image_id' => actual_image.image_id,
             'allocated_at' => Time.now.to_i,
             'from-instance' => image_options[:instance_id]
           }
@@ -565,7 +568,7 @@ module AWSDriver
         aws_tags = image_options.delete(:aws_tags) || {}
         aws_tags['from-instance'] = image_spec.reference['from-instance'] if image_spec.reference['from-instance']
         converge_ec2_tags(actual_image, aws_tags, action_handler)
-        if actual_image.state != :available
+        if actual_image.state.to_sym != :available
           action_handler.report_progress 'Waiting for image to be ready ...'
           wait_until_ready_image(action_handler, image_spec, actual_image)
         end
@@ -1242,7 +1245,7 @@ EOD
     end
 
     def wait_until_ready_image(action_handler, image_spec, image=nil)
-      wait_until_image(action_handler, image_spec, image) { image.state == :available }
+      wait_until_image(action_handler, image_spec, image) { |image| image.state.to_sym == :available }
       action_handler.report_progress "Image #{image_spec.name} is now ready"
     end
 
@@ -1259,6 +1262,8 @@ EOD
             :matching => /did not become ready within/
           ) do |retries, exception|
             action_handler.report_progress "been waiting #{retries*sleep_time}/#{max_wait_time} -- sleeping #{sleep_time} seconds for #{image_spec.name} (#{image.id} on #{driver_url}) to become ready ..."
+            # We have to manually reload the instance each loop, otherwise data is stale
+            image.reload
             unless yield(image)
               raise "Image #{image.id} did not become ready within #{max_wait_time} seconds"
             end