chef-provisioning-aws 3.0.4 → 3.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +16 -5
- data/Rakefile +15 -6
- data/chef-provisioning-aws.gemspec +17 -17
- data/lib/chef/provider/aws_auto_scaling_group.rb +5 -6
- data/lib/chef/provider/aws_cache_cluster.rb +21 -15
- data/lib/chef/provider/aws_cache_replication_group.rb +12 -8
- data/lib/chef/provider/aws_cache_subnet_group.rb +3 -3
- data/lib/chef/provider/aws_cloudsearch_domain.rb +9 -13
- data/lib/chef/provider/aws_cloudwatch_alarm.rb +10 -12
- data/lib/chef/provider/aws_dhcp_options.rb +18 -21
- data/lib/chef/provider/aws_ebs_volume.rb +24 -26
- data/lib/chef/provider/aws_eip_address.rb +10 -13
- data/lib/chef/provider/aws_elasticsearch_domain.rb +19 -18
- data/lib/chef/provider/aws_iam_instance_profile.rb +5 -7
- data/lib/chef/provider/aws_iam_role.rb +14 -17
- data/lib/chef/provider/aws_image.rb +6 -6
- data/lib/chef/provider/aws_instance.rb +5 -5
- data/lib/chef/provider/aws_internet_gateway.rb +8 -11
- data/lib/chef/provider/aws_key_pair.rb +15 -17
- data/lib/chef/provider/aws_launch_configuration.rb +11 -14
- data/lib/chef/provider/aws_load_balancer.rb +1 -2
- data/lib/chef/provider/aws_nat_gateway.rb +6 -7
- data/lib/chef/provider/aws_network_acl.rb +28 -29
- data/lib/chef/provider/aws_network_interface.rb +25 -27
- data/lib/chef/provider/aws_rds_instance.rb +12 -13
- data/lib/chef/provider/aws_rds_parameter_group.rb +8 -8
- data/lib/chef/provider/aws_rds_subnet_group.rb +8 -9
- data/lib/chef/provider/aws_route_table.rb +19 -20
- data/lib/chef/provider/aws_s3_bucket.rb +22 -25
- data/lib/chef/provider/aws_security_group.rb +268 -285
- data/lib/chef/provider/aws_server_certificate.rb +6 -5
- data/lib/chef/provider/aws_sns_topic.rb +4 -6
- data/lib/chef/provider/aws_sqs_queue.rb +3 -4
- data/lib/chef/provider/aws_subnet.rb +29 -34
- data/lib/chef/provider/aws_vpc.rb +108 -116
- data/lib/chef/provider/aws_vpc_peering_connection.rb +11 -11
- data/lib/chef/provisioning/aws_driver.rb +4 -2
- data/lib/chef/provisioning/aws_driver/aws_provider.rb +234 -241
- data/lib/chef/provisioning/aws_driver/aws_rds_resource.rb +5 -7
- data/lib/chef/provisioning/aws_driver/aws_resource.rb +182 -185
- data/lib/chef/provisioning/aws_driver/aws_resource_with_entry.rb +17 -17
- data/lib/chef/provisioning/aws_driver/aws_taggable.rb +13 -15
- data/lib/chef/provisioning/aws_driver/aws_tagger.rb +47 -48
- data/lib/chef/provisioning/aws_driver/credentials.rb +96 -100
- data/lib/chef/provisioning/aws_driver/credentials2.rb +42 -45
- data/lib/chef/provisioning/aws_driver/driver.rb +1349 -1362
- data/lib/chef/provisioning/aws_driver/exceptions.rb +10 -12
- data/lib/chef/provisioning/aws_driver/super_lwrp.rb +60 -60
- data/lib/chef/provisioning/aws_driver/tagging_strategy/auto_scaling.rb +49 -50
- data/lib/chef/provisioning/aws_driver/tagging_strategy/ec2.rb +37 -38
- data/lib/chef/provisioning/aws_driver/tagging_strategy/elasticsearch.rb +14 -15
- data/lib/chef/provisioning/aws_driver/tagging_strategy/elb.rb +29 -31
- data/lib/chef/provisioning/aws_driver/tagging_strategy/rds.rb +39 -40
- data/lib/chef/provisioning/aws_driver/tagging_strategy/s3.rb +41 -43
- data/lib/chef/provisioning/aws_driver/version.rb +5 -5
- data/lib/chef/provisioning/driver_init/aws.rb +2 -2
- data/lib/chef/resource/aws_auto_scaling_group.rb +1 -1
- data/lib/chef/resource/aws_cache_cluster.rb +9 -12
- data/lib/chef/resource/aws_cache_replication_group.rb +9 -11
- data/lib/chef/resource/aws_cache_subnet_group.rb +8 -10
- data/lib/chef/resource/aws_cloudsearch_domain.rb +4 -5
- data/lib/chef/resource/aws_cloudwatch_alarm.rb +17 -18
- data/lib/chef/resource/aws_dhcp_options.rb +2 -2
- data/lib/chef/resource/aws_ebs_volume.rb +10 -10
- data/lib/chef/resource/aws_eip_address.rb +5 -5
- data/lib/chef/resource/aws_elasticsearch_domain.rb +4 -4
- data/lib/chef/resource/aws_iam_instance_profile.rb +4 -5
- data/lib/chef/resource/aws_iam_role.rb +2 -3
- data/lib/chef/resource/aws_image.rb +3 -3
- data/lib/chef/resource/aws_instance.rb +4 -4
- data/lib/chef/resource/aws_internet_gateway.rb +3 -3
- data/lib/chef/resource/aws_key_pair.rb +7 -7
- data/lib/chef/resource/aws_launch_configuration.rb +4 -4
- data/lib/chef/resource/aws_load_balancer.rb +7 -7
- data/lib/chef/resource/aws_nat_gateway.rb +11 -11
- data/lib/chef/resource/aws_network_acl.rb +7 -8
- data/lib/chef/resource/aws_network_interface.rb +9 -9
- data/lib/chef/resource/aws_rds_instance.rb +4 -4
- data/lib/chef/resource/aws_rds_parameter_group.rb +3 -3
- data/lib/chef/resource/aws_rds_subnet_group.rb +4 -4
- data/lib/chef/resource/aws_route53_hosted_zone.rb +37 -40
- data/lib/chef/resource/aws_route53_record_set.rb +22 -24
- data/lib/chef/resource/aws_route_table.rb +7 -7
- data/lib/chef/resource/aws_s3_bucket.rb +7 -7
- data/lib/chef/resource/aws_security_group.rb +10 -10
- data/lib/chef/resource/aws_server_certificate.rb +6 -8
- data/lib/chef/resource/aws_sns_topic.rb +2 -2
- data/lib/chef/resource/aws_sqs_queue.rb +5 -7
- data/lib/chef/resource/aws_subnet.rb +9 -9
- data/lib/chef/resource/aws_vpc.rb +11 -11
- data/lib/chef/resource/aws_vpc_peering_connection.rb +4 -4
- data/spec/aws_support.rb +44 -45
- data/spec/aws_support/aws_resource_run_wrapper.rb +2 -2
- data/spec/aws_support/deep_matcher.rb +2 -3
- data/spec/aws_support/deep_matcher/fuzzy_match_objects.rb +6 -9
- data/spec/aws_support/deep_matcher/match_values_failure_messages.rb +30 -37
- data/spec/aws_support/deep_matcher/matchable_array.rb +0 -1
- data/spec/aws_support/deep_matcher/matchable_object.rb +1 -2
- data/spec/aws_support/deep_matcher/rspec_monkeypatches.rb +4 -4
- data/spec/aws_support/delayed_stream.rb +2 -2
- data/spec/aws_support/matchers/create_an_aws_object.rb +6 -6
- data/spec/aws_support/matchers/destroy_an_aws_object.rb +6 -6
- data/spec/aws_support/matchers/have_aws_object_tags.rb +4 -5
- data/spec/aws_support/matchers/match_an_aws_object.rb +5 -6
- data/spec/aws_support/matchers/update_an_aws_object.rb +6 -7
- data/spec/integration/aws_auto_scaling_group_spec.rb +56 -64
- data/spec/integration/aws_cache_cluster_spec.rb +70 -71
- data/spec/integration/aws_cache_subnet_group_spec.rb +13 -14
- data/spec/integration/aws_cloudsearch_domain_spec.rb +6 -8
- data/spec/integration/aws_cloudwatch_alarm_spec.rb +200 -208
- data/spec/integration/aws_dhcp_options_spec.rb +32 -43
- data/spec/integration/aws_ebs_volume_spec.rb +52 -73
- data/spec/integration/aws_eip_address_spec.rb +24 -31
- data/spec/integration/aws_elasticsearch_domain_spec.rb +31 -33
- data/spec/integration/aws_iam_instance_profile_spec.rb +36 -45
- data/spec/integration/aws_iam_role_spec.rb +39 -46
- data/spec/integration/aws_internet_gateway_spec.rb +64 -75
- data/spec/integration/aws_key_pair_spec.rb +6 -6
- data/spec/integration/aws_launch_configuration_spec.rb +17 -18
- data/spec/integration/aws_nat_gateway_spec.rb +21 -24
- data/spec/integration/aws_network_acl_spec.rb +81 -95
- data/spec/integration/aws_network_interface_spec.rb +28 -43
- data/spec/integration/aws_rds_instance_spec.rb +29 -40
- data/spec/integration/aws_rds_parameter_group_spec.rb +32 -35
- data/spec/integration/aws_rds_subnet_group_spec.rb +30 -40
- data/spec/integration/aws_route53_hosted_zone_spec.rb +205 -205
- data/spec/integration/aws_route_table_spec.rb +118 -136
- data/spec/integration/aws_s3_bucket_spec.rb +19 -27
- data/spec/integration/aws_security_group_spec.rb +369 -388
- data/spec/integration/aws_server_certificate_spec.rb +16 -18
- data/spec/integration/aws_subnet_spec.rb +44 -58
- data/spec/integration/aws_vpc_peering_connection_spec.rb +43 -50
- data/spec/integration/aws_vpc_spec.rb +99 -115
- data/spec/integration/load_balancer_spec.rb +169 -183
- data/spec/integration/machine_batch_spec.rb +24 -31
- data/spec/integration/machine_image_spec.rb +54 -66
- data/spec/integration/machine_spec.rb +216 -237
- data/spec/persistence_file.txt +219 -0
- data/spec/spec_helper.rb +16 -17
- data/spec/unit/chef/provisioning/aws_driver/credentials_spec.rb +67 -74
- data/spec/unit/chef/provisioning/aws_driver/driver_spec.rb +29 -29
- data/spec/unit/chef/provisioning/aws_driver/route53_spec.rb +13 -15
- metadata +4 -3
@@ -1,21 +1,21 @@
|
|
1
|
-
require
|
1
|
+
require "spec_helper"
|
2
2
|
|
3
3
|
describe Chef::Resource::AwsKeyPair do
|
4
4
|
extend AWSSupport
|
5
5
|
|
6
|
-
when_the_chef_12_server "exists", organization:
|
6
|
+
when_the_chef_12_server "exists", organization: "foo", server_scope: :context do
|
7
7
|
with_aws "when connected to AWS" do
|
8
8
|
before :each do
|
9
|
-
driver.ec2.delete_key_pair(
|
9
|
+
driver.ec2.delete_key_pair(key_name: "test_key_pair")
|
10
10
|
end
|
11
11
|
|
12
12
|
it "aws_key_pair 'test_key_pair' creates a key pair" do
|
13
|
-
expect(recipe
|
14
|
-
aws_key_pair
|
13
|
+
expect(recipe do
|
14
|
+
aws_key_pair "test_key_pair" do
|
15
15
|
private_key_options format: :pem, type: :rsa, regenerate_if_different: true
|
16
16
|
allow_overwrite true
|
17
17
|
end
|
18
|
-
|
18
|
+
end).to create_an_aws_key_pair("test_key_pair").and be_idempotent
|
19
19
|
end
|
20
20
|
end
|
21
21
|
end
|
@@ -1,11 +1,11 @@
|
|
1
|
-
require
|
1
|
+
require "spec_helper"
|
2
2
|
|
3
3
|
describe Chef::Resource::AwsLaunchConfiguration do
|
4
4
|
extend AWSSupport
|
5
5
|
|
6
|
-
when_the_chef_12_server "exists", organization:
|
6
|
+
when_the_chef_12_server "exists", organization: "foo", server_scope: :context do
|
7
7
|
with_aws "when connected to AWS" do
|
8
|
-
let(:image_filters)
|
8
|
+
let(:image_filters) do
|
9
9
|
{
|
10
10
|
filters: [
|
11
11
|
{
|
@@ -26,44 +26,43 @@ describe Chef::Resource::AwsLaunchConfiguration do
|
|
26
26
|
}
|
27
27
|
]
|
28
28
|
}
|
29
|
-
|
29
|
+
end
|
30
30
|
|
31
31
|
it "creates a minimum aws_launch_configuration" do
|
32
|
-
expect_recipe
|
32
|
+
expect_recipe do
|
33
33
|
ami = driver.ec2_client.describe_images(image_filters).images[0].image_id
|
34
34
|
aws_launch_configuration "my-launch-configuration" do
|
35
35
|
image ami
|
36
|
-
instance_type
|
36
|
+
instance_type "t2.micro"
|
37
37
|
end
|
38
|
-
|
38
|
+
end.to create_an_aws_launch_configuration("my-launch-configuration").and be_idempotent
|
39
39
|
end
|
40
40
|
|
41
41
|
it "accepts base64 encoded user data" do
|
42
|
-
expect_recipe
|
42
|
+
expect_recipe do
|
43
43
|
ami = driver.ec2_client.describe_images(image_filters).images[0].image_id
|
44
44
|
aws_launch_configuration "my-launch-configuration" do
|
45
45
|
image ami
|
46
|
-
instance_type
|
47
|
-
options(
|
46
|
+
instance_type "t2.micro"
|
47
|
+
options(
|
48
48
|
user_data: Base64.encode64("echo 1")
|
49
|
-
|
49
|
+
)
|
50
50
|
end
|
51
|
-
|
51
|
+
end.to create_an_aws_launch_configuration("my-launch-configuration").and be_idempotent
|
52
52
|
end
|
53
53
|
|
54
54
|
it "accepts regular user data" do
|
55
|
-
expect_recipe
|
55
|
+
expect_recipe do
|
56
56
|
ami = driver.ec2_client.describe_images(image_filters).images[0].image_id
|
57
57
|
aws_launch_configuration "my-launch-configuration" do
|
58
58
|
image ami
|
59
|
-
instance_type
|
60
|
-
options(
|
59
|
+
instance_type "t2.micro"
|
60
|
+
options(
|
61
61
|
user_data: "echo 1"
|
62
|
-
|
62
|
+
)
|
63
63
|
end
|
64
|
-
|
64
|
+
end.to create_an_aws_launch_configuration("my-launch-configuration").and be_idempotent
|
65
65
|
end
|
66
|
-
|
67
66
|
end
|
68
67
|
end
|
69
68
|
end
|
@@ -1,46 +1,43 @@
|
|
1
|
-
require
|
2
|
-
require
|
1
|
+
require "spec_helper"
|
2
|
+
require "chef/resource/aws_nat_gateway"
|
3
3
|
|
4
4
|
describe Chef::Resource::AwsNatGateway do
|
5
5
|
extend AWSSupport
|
6
6
|
|
7
|
-
when_the_chef_12_server
|
8
|
-
with_aws
|
7
|
+
when_the_chef_12_server "exists", organization: "foo", server_scope: :context do
|
8
|
+
with_aws "with a VPC" do
|
9
9
|
purge_all
|
10
10
|
setup_public_vpc
|
11
11
|
|
12
12
|
aws_eip_address "test_eip"
|
13
13
|
|
14
|
-
describe
|
15
|
-
it
|
16
|
-
expect_recipe
|
14
|
+
describe "action :create" do # , :super_slow do
|
15
|
+
it "creates an aws_nat_gateway in the specified subnet" do
|
16
|
+
expect_recipe do
|
17
17
|
sub_id = test_public_subnet.aws_object.id
|
18
|
-
aws_nat_gateway
|
18
|
+
aws_nat_gateway "test_nat_gateway" do
|
19
19
|
subnet sub_id
|
20
|
-
eip_address
|
20
|
+
eip_address "test_eip"
|
21
21
|
end
|
22
|
-
|
23
|
-
|
24
|
-
).and be_idempotent
|
22
|
+
end.to create_an_aws_nat_gateway("test_nat_gateway",
|
23
|
+
subnet_id: test_public_subnet.aws_object.id).and be_idempotent
|
25
24
|
end
|
26
25
|
end
|
27
26
|
|
28
|
-
describe
|
29
|
-
context
|
30
|
-
aws_nat_gateway
|
31
|
-
subnet
|
32
|
-
eip_address
|
27
|
+
describe "action :delete" do
|
28
|
+
context "when there is a nat_gateway" do
|
29
|
+
aws_nat_gateway "test_nat_gateway" do
|
30
|
+
subnet "test_public_subnet"
|
31
|
+
eip_address "test_eip"
|
33
32
|
end
|
34
33
|
|
35
|
-
it
|
36
|
-
r = recipe
|
37
|
-
aws_nat_gateway
|
34
|
+
it "deletes the nat gateway and does not delete the eip address" do
|
35
|
+
r = recipe do
|
36
|
+
aws_nat_gateway "test_nat_gateway" do
|
38
37
|
action :destroy
|
39
38
|
end
|
40
|
-
|
41
|
-
expect(r).to destroy_an_aws_nat_gateway(
|
42
|
-
).and match_an_aws_eip_address('test_eip'
|
43
|
-
).and be_idempotent
|
39
|
+
end
|
40
|
+
expect(r).to destroy_an_aws_nat_gateway("test_nat_gateway").and match_an_aws_eip_address("test_eip").and be_idempotent
|
44
41
|
end
|
45
42
|
end
|
46
43
|
end
|
@@ -1,166 +1,152 @@
|
|
1
|
-
require
|
1
|
+
require "spec_helper"
|
2
2
|
|
3
3
|
describe Chef::Resource::AwsNetworkAcl do
|
4
4
|
extend AWSSupport
|
5
5
|
|
6
|
-
when_the_chef_12_server "exists", organization:
|
6
|
+
when_the_chef_12_server "exists", organization: "foo", server_scope: :context do
|
7
7
|
with_aws "with a VPC" do
|
8
8
|
aws_vpc "test_vpc" do
|
9
|
-
cidr_block
|
9
|
+
cidr_block "10.0.0.0/24"
|
10
10
|
internet_gateway true
|
11
11
|
end
|
12
12
|
|
13
13
|
it "aws_network_acl 'test_network_acl' with no parameters except VPC creates a network acl" do
|
14
|
-
expect_recipe
|
15
|
-
aws_network_acl
|
16
|
-
vpc
|
14
|
+
expect_recipe do
|
15
|
+
aws_network_acl "test_network_acl" do
|
16
|
+
vpc "test_vpc"
|
17
17
|
end
|
18
|
-
|
19
|
-
|
20
|
-
).and be_idempotent
|
18
|
+
end.to create_an_aws_network_acl("test_network_acl",
|
19
|
+
vpc_id: test_vpc.aws_object.id).and be_idempotent
|
21
20
|
end
|
22
21
|
|
23
22
|
it "aws_network_acl 'test_network_acl' with all parameters creates a network acl" do
|
24
|
-
expect_recipe
|
25
|
-
aws_network_acl
|
26
|
-
vpc
|
23
|
+
expect_recipe do
|
24
|
+
aws_network_acl "test_network_acl" do
|
25
|
+
vpc "test_vpc"
|
27
26
|
inbound_rules(
|
28
27
|
[
|
29
|
-
{ rule_number: 100, rule_action: :deny, protocol: "-1", cidr_block:
|
30
|
-
{ rule_number: 200, rule_action: :allow, protocol: "-1", cidr_block:
|
28
|
+
{ rule_number: 100, rule_action: :deny, protocol: "-1", cidr_block: "10.0.0.0/24" },
|
29
|
+
{ rule_number: 200, rule_action: :allow, protocol: "-1", cidr_block: "0.0.0.0/0" },
|
31
30
|
{ rule_number: 300,
|
32
31
|
rule_action: :allow,
|
33
32
|
protocol: "6",
|
34
33
|
port_range:
|
35
34
|
{
|
36
|
-
:
|
37
|
-
:
|
35
|
+
from: 22,
|
36
|
+
to: 23
|
38
37
|
},
|
39
|
-
cidr_block:
|
38
|
+
cidr_block: "172.31.0.0/22" }
|
40
39
|
]
|
41
40
|
)
|
42
41
|
outbound_rules(
|
43
42
|
[
|
44
|
-
{ rule_number: 500, rule_action: :allow, protocol: "-1", cidr_block:
|
43
|
+
{ rule_number: 500, rule_action: :allow, protocol: "-1", cidr_block: "0.0.0.0/0" }
|
45
44
|
]
|
46
45
|
)
|
47
46
|
end
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
).and be_idempotent
|
47
|
+
end.to create_an_aws_network_acl("test_network_acl",
|
48
|
+
vpc_id: test_vpc.aws_object.id,
|
49
|
+
entries:
|
50
|
+
[
|
51
|
+
{ rule_number: 500, protocol: "-1", rule_action: "allow", egress: true, cidr_block: "0.0.0.0/0" },
|
52
|
+
{ rule_number: 32_767, protocol: "-1", rule_action: "deny", egress: true, cidr_block: "0.0.0.0/0" },
|
53
|
+
{ rule_number: 100, protocol: "-1", rule_action: "deny", egress: false, cidr_block: "10.0.0.0/24" },
|
54
|
+
{ rule_number: 200, protocol: "-1", rule_action: "allow", egress: false, cidr_block: "0.0.0.0/0" },
|
55
|
+
{ rule_number: 300, protocol: "6", rule_action: "allow", egress: false, cidr_block: "172.31.0.0/22", port_range: { from: 22, to: 23 } },
|
56
|
+
{ rule_number: 32_767, protocol: "-1", rule_action: "deny", egress: false, cidr_block: "0.0.0.0/0" }
|
57
|
+
]).and be_idempotent
|
60
58
|
end
|
61
59
|
|
62
|
-
context
|
63
|
-
aws_network_acl
|
64
|
-
vpc
|
65
|
-
inbound_rules(rule_number: 100, rule_action: :deny, protocol: "-1", cidr_block:
|
66
|
-
outbound_rules(rule_number: 500, rule_action: :allow, protocol: "-1", cidr_block:
|
60
|
+
context "when rules are empty" do
|
61
|
+
aws_network_acl "test_network_acl" do
|
62
|
+
vpc "test_vpc"
|
63
|
+
inbound_rules(rule_number: 100, rule_action: :deny, protocol: "-1", cidr_block: "10.0.0.0/24")
|
64
|
+
outbound_rules(rule_number: 500, rule_action: :allow, protocol: "-1", cidr_block: "0.0.0.0/0")
|
67
65
|
end
|
68
66
|
|
69
67
|
it "aws_network_acl 'test_network_acl' removes current rules" do
|
70
|
-
expect_recipe
|
71
|
-
aws_network_acl
|
72
|
-
vpc
|
68
|
+
expect_recipe do
|
69
|
+
aws_network_acl "test_network_acl" do
|
70
|
+
vpc "test_vpc"
|
73
71
|
inbound_rules []
|
74
72
|
outbound_rules []
|
75
73
|
end
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
).and be_idempotent
|
74
|
+
end.to create_an_aws_network_acl("test_network_acl",
|
75
|
+
vpc_id: test_vpc.aws_object.id,
|
76
|
+
entries:
|
77
|
+
[
|
78
|
+
{ rule_number: 32_767, protocol: "-1", rule_action: "deny", egress: true, cidr_block: "0.0.0.0/0" },
|
79
|
+
{ rule_number: 32_767, protocol: "-1", rule_action: "deny", egress: false, cidr_block: "0.0.0.0/0" }
|
80
|
+
]).and be_idempotent
|
84
81
|
end
|
85
82
|
end
|
86
83
|
|
87
|
-
context
|
88
|
-
aws_network_acl
|
89
|
-
vpc
|
90
|
-
inbound_rules(rule_number: 100, rule_action: :deny, protocol: "-1", cidr_block:
|
91
|
-
outbound_rules(rule_number: 500, rule_action: :allow, protocol: "-1", cidr_block:
|
84
|
+
context "when rules are nil" do
|
85
|
+
aws_network_acl "test_network_acl" do
|
86
|
+
vpc "test_vpc"
|
87
|
+
inbound_rules(rule_number: 100, rule_action: :deny, protocol: "-1", cidr_block: "10.0.0.0/24")
|
88
|
+
outbound_rules(rule_number: 500, rule_action: :allow, protocol: "-1", cidr_block: "0.0.0.0/0")
|
92
89
|
end
|
93
90
|
|
94
91
|
it "aws_network_acl 'test_network_acl' with a nil rules array leaves current rules alone" do
|
95
|
-
expect_recipe
|
96
|
-
aws_network_acl
|
97
|
-
vpc
|
92
|
+
expect_recipe do
|
93
|
+
aws_network_acl "test_network_acl" do
|
94
|
+
vpc "test_vpc"
|
98
95
|
inbound_rules nil
|
99
96
|
outbound_rules nil
|
100
97
|
end
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
).and be_idempotent
|
98
|
+
end.to match_an_aws_network_acl("test_network_acl",
|
99
|
+
vpc_id: test_vpc.aws_object.id,
|
100
|
+
entries:
|
101
|
+
[
|
102
|
+
{ rule_number: 500, protocol: "-1", rule_action: "allow", egress: true, cidr_block: "0.0.0.0/0" },
|
103
|
+
{ rule_number: 32_767, protocol: "-1", rule_action: "deny", egress: true, cidr_block: "0.0.0.0/0" },
|
104
|
+
{ rule_number: 100, protocol: "-1", rule_action: "deny", egress: false, cidr_block: "10.0.0.0/24" },
|
105
|
+
{ rule_number: 32_767, protocol: "-1", rule_action: "deny", egress: false, cidr_block: "0.0.0.0/0" }
|
106
|
+
]).and be_idempotent
|
111
107
|
end
|
112
108
|
end
|
113
109
|
|
114
110
|
it "creates aws_network_acl tags" do
|
115
|
-
expect_recipe
|
116
|
-
aws_network_acl
|
117
|
-
vpc
|
111
|
+
expect_recipe do
|
112
|
+
aws_network_acl "test_network_acl" do
|
113
|
+
vpc "test_vpc"
|
118
114
|
aws_tags key1: "value"
|
119
115
|
end
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
'key1' => 'value'
|
125
|
-
}
|
126
|
-
).and be_idempotent
|
116
|
+
end.to create_an_aws_network_acl("test_network_acl")
|
117
|
+
.and have_aws_network_acl_tags("test_network_acl",
|
118
|
+
"Name" => "test_network_acl",
|
119
|
+
"key1" => "value").and be_idempotent
|
127
120
|
end
|
128
121
|
|
129
122
|
context "with existing tags" do
|
130
|
-
aws_network_acl
|
131
|
-
vpc
|
123
|
+
aws_network_acl "test_network_acl" do
|
124
|
+
vpc "test_vpc"
|
132
125
|
aws_tags key1: "value"
|
133
126
|
end
|
134
127
|
|
135
128
|
it "updates aws_network_acl tags" do
|
136
|
-
expect_recipe
|
137
|
-
aws_network_acl
|
138
|
-
vpc
|
129
|
+
expect_recipe do
|
130
|
+
aws_network_acl "test_network_acl" do
|
131
|
+
vpc "test_vpc"
|
139
132
|
aws_tags key1: "value2", key2: nil
|
140
133
|
end
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
'key2' => ''
|
146
|
-
}
|
147
|
-
).and be_idempotent
|
134
|
+
end.to have_aws_network_acl_tags("test_network_acl",
|
135
|
+
"Name" => "test_network_acl",
|
136
|
+
"key1" => "value2",
|
137
|
+
"key2" => "").and be_idempotent
|
148
138
|
end
|
149
139
|
|
150
140
|
it "removes all aws_network_acl tags except Name" do
|
151
|
-
expect_recipe
|
152
|
-
aws_network_acl
|
153
|
-
vpc
|
141
|
+
expect_recipe do
|
142
|
+
aws_network_acl "test_network_acl" do
|
143
|
+
vpc "test_vpc"
|
154
144
|
aws_tags({})
|
155
145
|
end
|
156
|
-
|
157
|
-
|
158
|
-
'Name' => 'test_network_acl'
|
159
|
-
}
|
160
|
-
).and be_idempotent
|
146
|
+
end.to have_aws_network_acl_tags("test_network_acl",
|
147
|
+
"Name" => "test_network_acl").and be_idempotent
|
161
148
|
end
|
162
149
|
end
|
163
|
-
|
164
150
|
end
|
165
151
|
end
|
166
152
|
end
|
@@ -1,94 +1,79 @@
|
|
1
1
|
describe "AwsNetworkInterface" do
|
2
2
|
extend AWSSupport
|
3
3
|
|
4
|
-
when_the_chef_12_server "exists", organization:
|
4
|
+
when_the_chef_12_server "exists", organization: "foo", server_scope: :context do
|
5
5
|
with_aws "when connected to AWS" do
|
6
|
-
|
7
6
|
context "setting up public VPC" do
|
8
|
-
|
9
7
|
purge_all
|
10
8
|
setup_public_vpc
|
11
9
|
|
12
10
|
context "with machines", :super_slow do
|
13
|
-
|
14
11
|
machine "test_machine" do
|
15
12
|
machine_options bootstrap_options: {
|
16
|
-
subnet_id:
|
17
|
-
security_group_ids: [
|
13
|
+
subnet_id: "test_public_subnet",
|
14
|
+
security_group_ids: ["test_security_group"]
|
18
15
|
}
|
19
16
|
action :ready
|
20
17
|
end
|
21
18
|
|
22
19
|
it "creates an aws_network_interface resource with maximum attributes" do
|
23
|
-
expect_recipe
|
20
|
+
expect_recipe do
|
24
21
|
sub_id = test_public_subnet.aws_object.id
|
25
22
|
sg_id = test_security_group.aws_object.id
|
26
23
|
machine_id = test_machine.aws_object.id
|
27
|
-
aws_network_interface
|
24
|
+
aws_network_interface "test_network_interface" do
|
28
25
|
subnet sub_id
|
29
|
-
private_ip_address
|
26
|
+
private_ip_address "10.0.0.25"
|
30
27
|
description "test_network_interface"
|
31
28
|
security_groups [sg_id]
|
32
29
|
machine machine_id
|
33
30
|
device_index 1
|
34
31
|
end
|
35
|
-
|
36
|
-
).and be_idempotent
|
32
|
+
end.to create_an_aws_network_interface("test_network_interface").and be_idempotent
|
37
33
|
end
|
38
34
|
end
|
39
35
|
|
40
36
|
it "creates aws_network_interface tags" do
|
41
|
-
expect_recipe
|
42
|
-
aws_network_interface
|
43
|
-
subnet
|
37
|
+
expect_recipe do
|
38
|
+
aws_network_interface "test_network_interface" do
|
39
|
+
subnet "test_public_subnet"
|
44
40
|
aws_tags key1: "value"
|
45
41
|
end
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
'key1' => 'value'
|
51
|
-
}
|
52
|
-
).and be_idempotent
|
42
|
+
end.to create_an_aws_network_interface("test_network_interface")
|
43
|
+
.and have_aws_network_interface_tags("test_network_interface",
|
44
|
+
"Name" => "test_network_interface",
|
45
|
+
"key1" => "value").and be_idempotent
|
53
46
|
end
|
54
47
|
|
55
48
|
context "with existing tags" do
|
56
|
-
aws_network_interface
|
57
|
-
subnet
|
49
|
+
aws_network_interface "test_network_interface" do
|
50
|
+
subnet "test_public_subnet"
|
58
51
|
aws_tags key1: "value"
|
59
52
|
end
|
60
53
|
|
61
54
|
it "updates aws_network_interface tags" do
|
62
|
-
expect_recipe
|
63
|
-
aws_network_interface
|
64
|
-
subnet
|
55
|
+
expect_recipe do
|
56
|
+
aws_network_interface "test_network_interface" do
|
57
|
+
subnet "test_public_subnet"
|
65
58
|
aws_tags key1: "value2", key2: nil
|
66
59
|
end
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
'key2' => ''
|
72
|
-
}
|
73
|
-
).and be_idempotent
|
60
|
+
end.to have_aws_network_interface_tags("test_network_interface",
|
61
|
+
"Name" => "test_network_interface",
|
62
|
+
"key1" => "value2",
|
63
|
+
"key2" => "").and be_idempotent
|
74
64
|
end
|
75
65
|
|
76
66
|
it "removes all aws_network_interface tags except Name" do
|
77
|
-
expect_recipe
|
78
|
-
aws_network_interface
|
79
|
-
subnet
|
67
|
+
expect_recipe do
|
68
|
+
aws_network_interface "test_network_interface" do
|
69
|
+
subnet "test_public_subnet"
|
80
70
|
aws_tags({})
|
81
71
|
end
|
82
|
-
|
83
|
-
|
84
|
-
'Name' => 'test_network_interface'
|
85
|
-
}
|
86
|
-
).and be_idempotent
|
72
|
+
end.to have_aws_network_interface_tags("test_network_interface",
|
73
|
+
"Name" => "test_network_interface").and be_idempotent
|
87
74
|
end
|
88
75
|
end
|
89
|
-
|
90
76
|
end
|
91
|
-
|
92
77
|
end
|
93
78
|
end
|
94
79
|
end
|