chef-provisioning-aws 2.2.2 → 3.0.0.pre.rc1

data/lib/chef/provisioning/aws_driver/credentials.rb

@@ -98,7 +98,7 @@ module AWSDriver
 
     def load_default
       config_file = ENV['AWS_CONFIG_FILE'] || File.expand_path('~/.aws/config')
-      credentials_file = ENV['AWS_CREDENTIAL_FILE'] || File.expand_path('~/.aws/credentials')
+      credentials_file = ENV['AWS_SHARED_CREDENTIALS_FILE'] || ENV['AWS_CREDENTIAL_FILE'] || File.expand_path('~/.aws/credentials')
       if File.file?(config_file)
         if File.file?(credentials_file)
           load_inis(config_file, credentials_file)

data/lib/chef/provisioning/aws_driver/credentials2.rb

@@ -27,7 +27,11 @@ module AWSDriver
     # can be loaded successfully.
     def get_credentials
       # http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-environment
-      shared_creds = ::Aws::SharedCredentials.new(:profile_name => profile_name, :path => ENV["AWS_CONFIG_FILE"])
+      credentials_file = ENV.fetch('AWS_SHARED_CREDENTIALS_FILE', ENV['AWS_CONFIG_FILE'])
+      shared_creds = ::Aws::SharedCredentials.new(
+        :profile_name => profile_name,
+        :path => credentials_file
+      )
       instance_profile_creds = ::Aws::InstanceProfileCredentials.new(:retries => 1)
 
       if ENV["AWS_ACCESS_KEY_ID"] && ENV["AWS_SECRET_ACCESS_KEY"]

data/lib/chef/provisioning/aws_driver/driver.rb

@@ -20,14 +20,13 @@ require 'chef/provisioning/aws_driver/credentials2'
 require 'chef/provisioning/aws_driver/aws_tagger'
 
 require 'yaml'
-require 'aws-sdk-v1'
 require 'aws-sdk'
 require 'retryable'
 require 'ubuntu_ami'
 require 'base64'
 
 # loads the entire aws-sdk
-AWS.eager_autoload!
+Aws.eager_autoload!
 AWS_V2_SERVICES = {
   "EC2" => "ec2",
   "Route53" => "route53",
@@ -112,11 +111,11 @@ module AWSDriver
       region = nil if region && region.empty?
 
       credentials = profile_name ? aws_credentials[profile_name] : aws_credentials.default
-      @aws_config = AWS.config(
+      @aws_config = Aws.config.update(
         access_key_id:     credentials[:aws_access_key_id],
         secret_access_key: credentials[:aws_secret_access_key],
         region: region || credentials[:region],
-        proxy_uri: credentials[:proxy_uri] || nil,
+        http_proxy: credentials[:proxy_uri] || nil,
         session_token: credentials[:aws_session_token] || nil,
         logger: Chef::Log.logger
       )
@@ -197,7 +196,7 @@ module AWSDriver
     end
 
     def rds
-      @rds ||= AWS::RDS.new(config: aws_config)
+      @rds ||= ::Aws::RDS::Client.new(aws_config)
     end
 
     def s3
@@ -205,11 +204,11 @@ module AWSDriver
     end
 
     def sns
-      @sns ||= AWS::SNS.new(config: aws_config)
+      @sns ||= Aws::SNS::Client.new(config: aws_config)
     end
 
     def sqs
-      @sqs ||= AWS::SQS.new(config: aws_config)
+      @sqs ||= AWS::SQS::Client.new(config: aws_config)
     end
 
     def auto_scaling
@@ -291,10 +290,10 @@ module AWSDriver
 
       old_elb = nil
       actual_elb = load_balancer_for(lb_spec)
-      if !actual_elb || !actual_elb.exists?
+      if !actual_elb
         lb_options[:listeners] ||= get_listeners(:http)
         if !lb_options[:subnets] && !lb_options[:availability_zones] && machine_specs
-          lb_options[:subnets] = machine_specs.map { |s| ec2.instances[s.reference['instance_id']].subnet }.uniq
+          lb_options[:subnets] = machine_specs.map { |s| ec2_resource.instances[s.reference['instance_id']].subnet }.uniq
         end
 
         perform_action = proc { |desc, &block| action_handler.perform_action(desc, &block) }
@@ -309,8 +308,9 @@ module AWSDriver
 
         action_handler.perform_action updates do
           # IAM says the server certificate exists, but ELB throws this error
-          Chef::Provisioning::AWSDriver::AWSProvider.retry_with_backoff(AWS::ELB::Errors::CertificateNotFound) do
-            actual_elb = elb.load_balancers.create(lb_spec.name, lb_options)
+          Chef::Provisioning::AWSDriver::AWSProvider.retry_with_backoff(::Aws::ElasticLoadBalancing::Errors::CertificateNotFound) do
+            lb_options[:load_balancer_name]=lb_spec.name
+            actual_elb = elb.create_load_balancer(lb_options)
           end
 
           lb_spec.reference = {
@@ -334,12 +334,12 @@ module AWSDriver
 
         # Update security groups
         if lb_options[:security_groups]
-          current = actual_elb.security_group_ids
+          current = actual_elb.security_groups
           desired = lb_options[:security_groups]
           if current != desired
             perform_action.call("  updating security groups to #{desired.to_a}") do
-              elb.client.apply_security_groups_to_load_balancer(
-                load_balancer_name: actual_elb.name,
+              elb_client.apply_security_groups_to_load_balancer(
+                load_balancer_name: actual_elb.load_balancer_name,
                 security_groups: desired.to_a
               )
             end
@@ -362,7 +362,7 @@ module AWSDriver
           # an unecessary ones
           actual_zones_subnets = {}
           actual_elb.subnets.each do |subnet|
-            actual_zones_subnets[subnet.id] = subnet.availability_zone.name
+            actual_zones_subnets[subnet] = Chef::Resource::AwsSubnet.get_aws_object(subnet, driver: self).availability_zone
           end
 
           # Only 1 of subnet or AZ will be populated b/c of our check earlier
@@ -376,7 +376,7 @@ module AWSDriver
                 {:name => 'availabilityZone', :values => [zone]},
                 {:name => 'defaultForAz', :values => ['true']}
               ]
-              default_subnet = ec2.client.describe_subnets(:filters => filters)[:subnet_set]
+              default_subnet = ec2_client.describe_subnets(:filters => filters)[:subnets]
               if default_subnet.size != 1
                 raise "Could not find default subnet in availability zone #{zone}"
               end
@@ -385,7 +385,7 @@ module AWSDriver
             end
           end
           unless lb_options[:subnets].nil? || lb_options[:subnets].empty?
-            subnet_query = ec2.client.describe_subnets(:subnet_ids => lb_options[:subnets])[:subnet_set]
+            subnet_query = ec2_client.describe_subnets(:subnet_ids => lb_options[:subnets])[:subnets]
             # AWS raises an error on an unknown subnet, but not an unknown AZ
             subnet_query.each do |subnet|
               zone = subnet[:availability_zone].downcase
@@ -405,7 +405,7 @@ module AWSDriver
                   load_balancer_name: actual_elb.name,
                   subnets: attach_subnets
                 )
-              rescue AWS::ELB::Errors::InvalidConfigurationRequest => e
+              rescue ::Aws::ElasticLoadBalancing::Errors::InvalidConfigurationRequest => e
                 Chef::Log.error "You cannot currently move from 1 subnet to another in the same availability zone. " +
                     "Amazon does not have an atomic operation which allows this.  You must create a new " +
                     "ELB with the correct subnets and move instances into it.  Tried to attach subets " +
@@ -433,7 +433,7 @@ module AWSDriver
         # Update listeners - THIS IS NOT ATOMIC
         if lb_options[:listeners]
           add_listeners = {}
-          lb_options[:listeners].each { |l| add_listeners[l[:port]] = l }
+          lb_options[:listeners].each { |l| add_listeners[l[:load_balancer_port]] = l }
           actual_elb.listeners.each do |listener|
             desired_listener = add_listeners.delete(listener.port)
             if desired_listener
@@ -470,7 +470,7 @@ module AWSDriver
             end
           end
           add_listeners.values.each do |listener|
-            updates = [ "  add listener #{listener[:port]}" ]
+            updates = [ "  add listener #{listener[:load_balanacer_port]}" ]
             updates << "    set protocol to #{listener[:protocol].inspect}"
             updates << "    set instance port to #{listener[:instance_port].inspect}"
             updates << "    set instance protocol to #{listener[:instance_protocol].inspect}"
@@ -640,10 +640,10 @@ module AWSDriver
       return if lb_spec == nil
 
       actual_elb = load_balancer_for(lb_spec)
-      if actual_elb && actual_elb.exists?
+      if actual_elb
         # Remove ELB from AWS
         action_handler.perform_action "Deleting EC2 ELB #{lb_spec.id}" do
-          actual_elb.delete
+          elb.delete_load_balancer({load_balancer_name: actual_elb.load_balancer_name })
         end
       end
 
@@ -868,6 +868,96 @@ EOD
       strategy.cleanup_convergence(action_handler, machine_spec)
     end
 
+    def cloudsearch(api_version="20130101")
+      @cloudsearch ||= {}
+      @cloudsearch[api_version] ||= ::Aws::CloudSearch::Client.const_get("V#{api_version}").new
+      @cloudsearch[api_version]
+    end
+
+    def ec2
+      @ec2 ||= ::Aws::EC2::Client.new(aws_config)
+    end
+
+    AWS_V2_SERVICES.each do |load_name, short_name|
+      class_eval <<-META
+
+      def #{short_name}_client
+        @#{short_name}_client ||= ::Aws::#{load_name}::Client.new(**aws_config_2)
+      end
+
+      def #{short_name}_resource
+        @#{short_name}_resource ||= ::Aws::#{load_name}::Resource.new(**(aws_config_2.merge({client: #{short_name}_client})))
+      end
+
+      META
+    end
+
+    def elb
+      @elb ||= ::Aws::ElasticLoadBalancing::Client.new(aws_config)
+    end
+
+    def elasticache
+      @elasticache ||= ::Aws::ElastiCache::Client.new(config: aws_config)
+    end
+
+    def iam
+      @iam ||= ::Aws::IAM::Client.new(aws_config)
+    end
+
+    def rds
+      @rds ||= ::Aws::RDS::Client.new(aws_config)
+    end
+
+    def s3_client
+      @s3 ||= ::Aws::S3::Client.new( aws_config)
+    end
+
+    def sns
+      @sns ||= ::Aws::SNS::Client.new(aws_config)
+    end
+
+    def sqs
+      @sqs ||= ::Aws::SQS::Client.new(aws_config)
+    end
+
+    def auto_scaling
+      @auto_scaling ||= ::Aws::AutoScaling.new(config: aws_config)
+    end
+
+    def build_arn(partition: 'aws', service: nil, region: aws_config[:region], account_id: self.account_id, resource: nil)
+      "arn:#{partition}:#{service}:#{region}:#{account_id}:#{resource}"
+    end
+
+    def parse_arn(arn)
+      parts = arn.split(':', 6)
+      {
+        partition: parts[1],
+        service: parts[2],
+        region: parts[3],
+        account_id: parts[4],
+        resource: parts[5]
+      }
+    end
+
+    def account_id
+      begin
+        # We've got an AWS account root credential or an IAM admin with access rights
+        current_user = iam.get_user
+        arn = current_user[:user][:arn]
+      rescue ::Aws::IAM::Errors::AccessDenied => e
+        # If we don't have access, the error message still tells us our account ID and user ...
+        # https://forums.aws.amazon.com/thread.jspa?messageID=394344
+        if e.to_s !~ /\b(arn:aws:iam::[0-9]{12}:\S*)/
+          raise "IAM error response for GetUser did not include user ARN.  Can't retrieve account ID."
+        end
+        arn = $1
+      end
+      parse_arn(arn)[:account_id]
+    end
+
+    # For creating things like AWS keypairs exclusively
+    @@chef_default_lock = Mutex.new
+
     def machine_for(machine_spec, machine_options, instance = nil)
       instance ||= instance_for(machine_spec)
 
@@ -982,9 +1072,9 @@ EOD
     def keypair_for(bootstrap_options)
       if bootstrap_options[:key_name]
         keypair_name = bootstrap_options[:key_name]
-        actual_key_pair = ec2.key_pairs[keypair_name]
+        actual_key_pair = ec2_resource.key_pair(keypair_name)
         if !actual_key_pair.exists?
-          ec2.key_pairs.create(keypair_name)
+          ec2_resource.key_pairs.create(keypair_name)
         end
         actual_key_pair
       end
@@ -1367,7 +1457,7 @@ EOD
       instance ||= instance_for(machine_spec)
       sleep_time = 10
       transport = transport_for(machine_spec, machine_options, instance)
-      unless transport.available?
+      unless instance.state.name.eql?("running")
         if action_handler.should_perform_actions
           action_handler.report_progress "waiting for #{machine_spec.name} (#{instance.id} on #{driver_url}) to be connectable (transport up and running) ..."
           max_wait_time = Chef::Config.chef_provisioning[:machine_max_wait_time] || 120
@@ -1487,7 +1577,7 @@ EOD
     def converge_elb_tags(aws_object, tags, action_handler)
       elb_strategy = Chef::Provisioning::AWSDriver::TaggingStrategy::ELB.new(
         elb_client,
-        aws_object.name,
+        aws_object,
         tags
       )
       aws_tagger = Chef::Provisioning::AWSDriver::AWSTagger.new(elb_strategy, action_handler)
@@ -1553,7 +1643,7 @@ EOD
           from.delete(:instance_port)
           from.delete(:instance_protocol)
           to = get_listener(to)
-          to.delete(:port)
+          to.delete(:load_balancer_port)
           to.delete(:protocol)
           to.merge(from)
         end
@@ -1573,21 +1663,21 @@ EOD
       when Hash
         result.merge!(listener)
       when Array
-        result[:port] = listener[0] if listener.size >= 1
+        result[:load_balancer_port] = listener[0] if listener.size >= 1
         result[:protocol] = listener[1] if listener.size >= 2
       when Symbol,String
         result[:protocol] = listener
       when Integer
-        result[:port] = listener
+        result[:load_balancer_port] = listener
       else
         raise "Invalid listener #{listener}"
       end
 
       # If either port or protocol are set, set the other
-      if result[:port] && !result[:protocol]
-        result[:protocol] = PROTOCOL_DEFAULTS[result[:port]]
-      elsif result[:protocol] && !result[:port]
-        result[:port] = PORT_DEFAULTS[result[:protocol]]
+      if result[:load_balancer_port] && !result[:protocol]
+        result[:protocol] = PROTOCOL_DEFAULTS[result[:load_balancer_port]]
+      elsif result[:protocol] && !result[:load_balancer_port]
+        result[:load_balancer_port] = PORT_DEFAULTS[result[:protocol]]
       end
       if result[:instance_port] && !result[:instance_protocol]
         result[:instance_protocol] = PROTOCOL_DEFAULTS[result[:instance_port]]
@@ -1596,7 +1686,7 @@ EOD
       end
 
       # If instance_port is still unset, copy port/protocol over
-      result[:instance_port] ||= result[:port]
+      result[:instance_port] ||= result[:load_balancer_port]
       result[:instance_protocol] ||= result[:protocol]
 
       result

data/lib/chef/provisioning/aws_driver/tagging_strategy/rds.rb

@@ -12,7 +12,7 @@ module Chef::Provisioning::AWSDriver::TaggingStrategy
     def aws_tagger
       @aws_tagger ||= begin
         rds_strategy = Chef::Provisioning::AWSDriver::TaggingStrategy::RDS.new(
-          new_resource.driver.rds.client,
+          new_resource.driver.rds,
           construct_arn(new_resource),
           new_resource.aws_tags
         )
@@ -26,15 +26,15 @@ module Chef::Provisioning::AWSDriver::TaggingStrategy
     # http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html#USER_Tagging.ARN
     def construct_arn(new_resource)
       @arn ||= begin
-        region = new_resource.driver.region
+        region = new_resource.driver.aws_config[:region]
         name = new_resource.name
         rds_type = new_resource.rds_tagging_type
         # Taken from example on https://forums.aws.amazon.com/thread.jspa?threadID=108012
         account_id = begin
-          u = new_resource.driver.iam.client.get_user
+          u = new_resource.driver.iam.get_user
           # We've got an AWS account root credential or an IAM admin with access rights
           u[:user][:arn].match('^arn:aws:iam::([0-9]{12}):.*$')[1]
-        rescue AWS::IAM::Errors::AccessDenied => e
+        rescue ::Aws::IAM::Errors::AccessDenied => e
           # We've got an AWS IAM Credential
           e.to_s.match('^User: arn:aws:iam::([0-9]{12}):.*$')[1]
         end

data/lib/chef/provisioning/aws_driver/tagging_strategy/s3.rb

@@ -16,7 +16,7 @@ class S3
       bucket: bucket_name
     })
     Hash[resp.tag_set.map {|t| [t.key, t.value]}]
-  rescue Aws::S3::Errors::NoSuchTagSet => e
+  rescue ::Aws::S3::Errors::NoSuchTagSet => e
     # Instead of returning nil or empty, AWS raises an error :)
     {}
   end

data/lib/chef/provisioning/aws_driver/version.rb

@@ -1,7 +1,7 @@
 class Chef
 module Provisioning
 module AWSDriver
-  VERSION = '2.2.2'
+  VERSION = '3.0.0-rc1'
 end
 end
 end

data/lib/chef/resource/aws_auto_scaling_group.rb

@@ -3,7 +3,7 @@ require 'chef/provisioning/aws_driver/aws_resource'
 class Chef::Resource::AwsAutoScalingGroup < Chef::Provisioning::AWSDriver::AWSResource
   include Chef::Provisioning::AWSDriver::AWSTaggable
 
-  aws_sdk_type AWS::AutoScaling::Group
+  aws_sdk_type ::Aws::AutoScaling::AutoScalingGroup
 
   attribute :name,                        kind_of: String,  name_attribute: true
   attribute :options,                     kind_of: Hash,    default: {}
@@ -17,7 +17,7 @@ class Chef::Resource::AwsAutoScalingGroup < Chef::Provisioning::AWSDriver::AWSRe
   attribute :scaling_policies,            kind_of: Hash,    default: {}
 
   def aws_object
-    result = driver.auto_scaling.groups[name]
+    result = driver.auto_scaling_resource.group(name)
     result && result.exists? ? result : nil
   end
 end

data/lib/chef/resource/aws_cache_cluster.rb

@@ -6,7 +6,7 @@ require 'chef/resource/aws_security_group'
 # @see http://docs.aws.amazon.com/AWSRubySDK/latest/AWS/ElastiCache/Client/V20140930.html#create_cache_cluster-instance_method
 class Chef::Resource::AwsCacheCluster < Chef::Provisioning::AWSDriver::AWSResource
   # Note: There isn't actually an SDK class for Elasticache.
-  aws_sdk_type AWS::ElastiCache
+  aws_sdk_type ::Aws::ElastiCache
 
   # See http://docs.aws.amazon.com/AWSRubySDK/latest/AWS/ElastiCache/Client/V20140930.html#create_cache_cluster-instance_method
   # for information on possible values for each attribute. Values are passed
@@ -63,9 +63,9 @@ class Chef::Resource::AwsCacheCluster < Chef::Provisioning::AWSDriver::AWSResour
 
   # Security Groups
   #
-  # @param :security_groups [String, Array, AwsSecurityGroup, AWS::EC2::SecurityGroup] one or more VPC security groups associated with the cache cluster.
+  # @param :security_groups [String, Array, AwsSecurityGroup, ::Aws::EC2::SecurityGroup] one or more VPC security groups associated with the cache cluster.
   attribute :security_groups,
-            kind_of: [ String, Array, AwsSecurityGroup, AWS::EC2::SecurityGroup ],
+            kind_of: [ String, Array, AwsSecurityGroup, ::Aws::EC2::SecurityGroup ],
             required: true,
             coerce: proc { |v| [v].flatten }
 
@@ -74,7 +74,7 @@ class Chef::Resource::AwsCacheCluster < Chef::Provisioning::AWSDriver::AWSResour
       driver.elasticache
         .describe_cache_clusters(cache_cluster_id: cluster_name)
         .data[:cache_clusters].first
-    rescue AWS::ElastiCache::Errors::CacheClusterNotFound
+    rescue ::Aws::ElastiCache::Errors::CacheClusterNotFound
       nil
     end
   end

data/lib/chef/resource/aws_cache_replication_group.rb

@@ -5,7 +5,7 @@ require 'chef/resource/aws_security_group'
 # @see See http://docs.aws.amazon.com/AWSRubySDK/latest/AWS/ElastiCache/Client/V20140930.html#create_replication_group-instance_method
 class Chef::Resource::AwsCacheReplicationGroup < Chef::Provisioning::AWSDriver::AWSResource
   # Note: There isn't actually an SDK class for Elasticache.
-  aws_sdk_type AWS::ElastiCache
+  aws_sdk_type ::Aws::ElastiCache
 
   # See http://docs.aws.amazon.com/AWSRubySDK/latest/AWS/ElastiCache/Client/V20140930.html#create_replication_group-instance_method
   # for information on possible values for each attribute. Values are passed
@@ -56,7 +56,7 @@ class Chef::Resource::AwsCacheReplicationGroup < Chef::Provisioning::AWSDriver::
   #
   # @param
   attribute :security_groups,
-            kind_of: [ String, Array, AwsSecurityGroup, AWS::EC2::SecurityGroup ],
+            kind_of: [ String, Array, AwsSecurityGroup, ::Aws::EC2::SecurityGroup ],
             required: true,
             coerce: proc { |v| [v].flatten }
 
@@ -72,7 +72,7 @@ class Chef::Resource::AwsCacheReplicationGroup < Chef::Provisioning::AWSDriver::
       driver.elasticache
         .describe_replication_groups(replication_group_id: group_name)
         .data[:replication_groups].first
-    rescue AWS::ElastiCache::Errors::ReplicationGroupNotFoundFault
+    rescue ::Aws::ElastiCache::Errors::ReplicationGroupNotFoundFault
       nil
     end
   end