chef-provisioning-aws 3.0.4 → 3.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +16 -5
- data/Rakefile +15 -6
- data/chef-provisioning-aws.gemspec +17 -17
- data/lib/chef/provider/aws_auto_scaling_group.rb +5 -6
- data/lib/chef/provider/aws_cache_cluster.rb +21 -15
- data/lib/chef/provider/aws_cache_replication_group.rb +12 -8
- data/lib/chef/provider/aws_cache_subnet_group.rb +3 -3
- data/lib/chef/provider/aws_cloudsearch_domain.rb +9 -13
- data/lib/chef/provider/aws_cloudwatch_alarm.rb +10 -12
- data/lib/chef/provider/aws_dhcp_options.rb +18 -21
- data/lib/chef/provider/aws_ebs_volume.rb +24 -26
- data/lib/chef/provider/aws_eip_address.rb +10 -13
- data/lib/chef/provider/aws_elasticsearch_domain.rb +19 -18
- data/lib/chef/provider/aws_iam_instance_profile.rb +5 -7
- data/lib/chef/provider/aws_iam_role.rb +14 -17
- data/lib/chef/provider/aws_image.rb +6 -6
- data/lib/chef/provider/aws_instance.rb +5 -5
- data/lib/chef/provider/aws_internet_gateway.rb +8 -11
- data/lib/chef/provider/aws_key_pair.rb +15 -17
- data/lib/chef/provider/aws_launch_configuration.rb +11 -14
- data/lib/chef/provider/aws_load_balancer.rb +1 -2
- data/lib/chef/provider/aws_nat_gateway.rb +6 -7
- data/lib/chef/provider/aws_network_acl.rb +28 -29
- data/lib/chef/provider/aws_network_interface.rb +25 -27
- data/lib/chef/provider/aws_rds_instance.rb +12 -13
- data/lib/chef/provider/aws_rds_parameter_group.rb +8 -8
- data/lib/chef/provider/aws_rds_subnet_group.rb +8 -9
- data/lib/chef/provider/aws_route_table.rb +19 -20
- data/lib/chef/provider/aws_s3_bucket.rb +22 -25
- data/lib/chef/provider/aws_security_group.rb +268 -285
- data/lib/chef/provider/aws_server_certificate.rb +6 -5
- data/lib/chef/provider/aws_sns_topic.rb +4 -6
- data/lib/chef/provider/aws_sqs_queue.rb +3 -4
- data/lib/chef/provider/aws_subnet.rb +29 -34
- data/lib/chef/provider/aws_vpc.rb +108 -116
- data/lib/chef/provider/aws_vpc_peering_connection.rb +11 -11
- data/lib/chef/provisioning/aws_driver.rb +4 -2
- data/lib/chef/provisioning/aws_driver/aws_provider.rb +234 -241
- data/lib/chef/provisioning/aws_driver/aws_rds_resource.rb +5 -7
- data/lib/chef/provisioning/aws_driver/aws_resource.rb +182 -185
- data/lib/chef/provisioning/aws_driver/aws_resource_with_entry.rb +17 -17
- data/lib/chef/provisioning/aws_driver/aws_taggable.rb +13 -15
- data/lib/chef/provisioning/aws_driver/aws_tagger.rb +47 -48
- data/lib/chef/provisioning/aws_driver/credentials.rb +96 -100
- data/lib/chef/provisioning/aws_driver/credentials2.rb +42 -45
- data/lib/chef/provisioning/aws_driver/driver.rb +1349 -1362
- data/lib/chef/provisioning/aws_driver/exceptions.rb +10 -12
- data/lib/chef/provisioning/aws_driver/super_lwrp.rb +60 -60
- data/lib/chef/provisioning/aws_driver/tagging_strategy/auto_scaling.rb +49 -50
- data/lib/chef/provisioning/aws_driver/tagging_strategy/ec2.rb +37 -38
- data/lib/chef/provisioning/aws_driver/tagging_strategy/elasticsearch.rb +14 -15
- data/lib/chef/provisioning/aws_driver/tagging_strategy/elb.rb +29 -31
- data/lib/chef/provisioning/aws_driver/tagging_strategy/rds.rb +39 -40
- data/lib/chef/provisioning/aws_driver/tagging_strategy/s3.rb +41 -43
- data/lib/chef/provisioning/aws_driver/version.rb +5 -5
- data/lib/chef/provisioning/driver_init/aws.rb +2 -2
- data/lib/chef/resource/aws_auto_scaling_group.rb +1 -1
- data/lib/chef/resource/aws_cache_cluster.rb +9 -12
- data/lib/chef/resource/aws_cache_replication_group.rb +9 -11
- data/lib/chef/resource/aws_cache_subnet_group.rb +8 -10
- data/lib/chef/resource/aws_cloudsearch_domain.rb +4 -5
- data/lib/chef/resource/aws_cloudwatch_alarm.rb +17 -18
- data/lib/chef/resource/aws_dhcp_options.rb +2 -2
- data/lib/chef/resource/aws_ebs_volume.rb +10 -10
- data/lib/chef/resource/aws_eip_address.rb +5 -5
- data/lib/chef/resource/aws_elasticsearch_domain.rb +4 -4
- data/lib/chef/resource/aws_iam_instance_profile.rb +4 -5
- data/lib/chef/resource/aws_iam_role.rb +2 -3
- data/lib/chef/resource/aws_image.rb +3 -3
- data/lib/chef/resource/aws_instance.rb +4 -4
- data/lib/chef/resource/aws_internet_gateway.rb +3 -3
- data/lib/chef/resource/aws_key_pair.rb +7 -7
- data/lib/chef/resource/aws_launch_configuration.rb +4 -4
- data/lib/chef/resource/aws_load_balancer.rb +7 -7
- data/lib/chef/resource/aws_nat_gateway.rb +11 -11
- data/lib/chef/resource/aws_network_acl.rb +7 -8
- data/lib/chef/resource/aws_network_interface.rb +9 -9
- data/lib/chef/resource/aws_rds_instance.rb +4 -4
- data/lib/chef/resource/aws_rds_parameter_group.rb +3 -3
- data/lib/chef/resource/aws_rds_subnet_group.rb +4 -4
- data/lib/chef/resource/aws_route53_hosted_zone.rb +37 -40
- data/lib/chef/resource/aws_route53_record_set.rb +22 -24
- data/lib/chef/resource/aws_route_table.rb +7 -7
- data/lib/chef/resource/aws_s3_bucket.rb +7 -7
- data/lib/chef/resource/aws_security_group.rb +10 -10
- data/lib/chef/resource/aws_server_certificate.rb +6 -8
- data/lib/chef/resource/aws_sns_topic.rb +2 -2
- data/lib/chef/resource/aws_sqs_queue.rb +5 -7
- data/lib/chef/resource/aws_subnet.rb +9 -9
- data/lib/chef/resource/aws_vpc.rb +11 -11
- data/lib/chef/resource/aws_vpc_peering_connection.rb +4 -4
- data/spec/aws_support.rb +44 -45
- data/spec/aws_support/aws_resource_run_wrapper.rb +2 -2
- data/spec/aws_support/deep_matcher.rb +2 -3
- data/spec/aws_support/deep_matcher/fuzzy_match_objects.rb +6 -9
- data/spec/aws_support/deep_matcher/match_values_failure_messages.rb +30 -37
- data/spec/aws_support/deep_matcher/matchable_array.rb +0 -1
- data/spec/aws_support/deep_matcher/matchable_object.rb +1 -2
- data/spec/aws_support/deep_matcher/rspec_monkeypatches.rb +4 -4
- data/spec/aws_support/delayed_stream.rb +2 -2
- data/spec/aws_support/matchers/create_an_aws_object.rb +6 -6
- data/spec/aws_support/matchers/destroy_an_aws_object.rb +6 -6
- data/spec/aws_support/matchers/have_aws_object_tags.rb +4 -5
- data/spec/aws_support/matchers/match_an_aws_object.rb +5 -6
- data/spec/aws_support/matchers/update_an_aws_object.rb +6 -7
- data/spec/integration/aws_auto_scaling_group_spec.rb +56 -64
- data/spec/integration/aws_cache_cluster_spec.rb +70 -71
- data/spec/integration/aws_cache_subnet_group_spec.rb +13 -14
- data/spec/integration/aws_cloudsearch_domain_spec.rb +6 -8
- data/spec/integration/aws_cloudwatch_alarm_spec.rb +200 -208
- data/spec/integration/aws_dhcp_options_spec.rb +32 -43
- data/spec/integration/aws_ebs_volume_spec.rb +52 -73
- data/spec/integration/aws_eip_address_spec.rb +24 -31
- data/spec/integration/aws_elasticsearch_domain_spec.rb +31 -33
- data/spec/integration/aws_iam_instance_profile_spec.rb +36 -45
- data/spec/integration/aws_iam_role_spec.rb +39 -46
- data/spec/integration/aws_internet_gateway_spec.rb +64 -75
- data/spec/integration/aws_key_pair_spec.rb +6 -6
- data/spec/integration/aws_launch_configuration_spec.rb +17 -18
- data/spec/integration/aws_nat_gateway_spec.rb +21 -24
- data/spec/integration/aws_network_acl_spec.rb +81 -95
- data/spec/integration/aws_network_interface_spec.rb +28 -43
- data/spec/integration/aws_rds_instance_spec.rb +29 -40
- data/spec/integration/aws_rds_parameter_group_spec.rb +32 -35
- data/spec/integration/aws_rds_subnet_group_spec.rb +30 -40
- data/spec/integration/aws_route53_hosted_zone_spec.rb +205 -205
- data/spec/integration/aws_route_table_spec.rb +118 -136
- data/spec/integration/aws_s3_bucket_spec.rb +19 -27
- data/spec/integration/aws_security_group_spec.rb +369 -388
- data/spec/integration/aws_server_certificate_spec.rb +16 -18
- data/spec/integration/aws_subnet_spec.rb +44 -58
- data/spec/integration/aws_vpc_peering_connection_spec.rb +43 -50
- data/spec/integration/aws_vpc_spec.rb +99 -115
- data/spec/integration/load_balancer_spec.rb +169 -183
- data/spec/integration/machine_batch_spec.rb +24 -31
- data/spec/integration/machine_image_spec.rb +54 -66
- data/spec/integration/machine_spec.rb +216 -237
- data/spec/persistence_file.txt +219 -0
- data/spec/spec_helper.rb +16 -17
- data/spec/unit/chef/provisioning/aws_driver/credentials_spec.rb +67 -74
- data/spec/unit/chef/provisioning/aws_driver/driver_spec.rb +29 -29
- data/spec/unit/chef/provisioning/aws_driver/route53_spec.rb +13 -15
- metadata +4 -3
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
require
|
|
2
|
-
require
|
|
3
|
-
require
|
|
4
|
-
require
|
|
1
|
+
require "chef/provisioning/aws_driver/aws_provider"
|
|
2
|
+
require "cheffish"
|
|
3
|
+
require "date"
|
|
4
|
+
require "retryable"
|
|
5
5
|
|
|
6
6
|
class Chef::Provider::AwsEbsVolume < Chef::Provisioning::AWSDriver::AWSProvider
|
|
7
7
|
include Chef::Provisioning::AWSDriver::TaggingStrategy::EC2ConvergeTags
|
|
@@ -29,9 +29,7 @@ class Chef::Provider::AwsEbsVolume < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
29
29
|
def action_create
|
|
30
30
|
volume = super
|
|
31
31
|
|
|
32
|
-
|
|
33
|
-
update_attachment(volume)
|
|
34
|
-
end
|
|
32
|
+
update_attachment(volume) unless new_resource.machine.nil?
|
|
35
33
|
end
|
|
36
34
|
|
|
37
35
|
protected
|
|
@@ -41,7 +39,7 @@ class Chef::Provider::AwsEbsVolume < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
41
39
|
converge_by "create #{new_resource} in #{region}" do
|
|
42
40
|
volume = new_resource.driver.ec2_resource.create_volume(initial_options)
|
|
43
41
|
retry_with_backoff(::Aws::EC2::Errors::InvalidVolumeNotFound) do
|
|
44
|
-
new_resource.driver.ec2_resource.create_tags(resources: [volume.volume_id],tags: [{key: "Name", value: new_resource.name}])
|
|
42
|
+
new_resource.driver.ec2_resource.create_tags(resources: [volume.volume_id], tags: [{ key: "Name", value: new_resource.name }])
|
|
45
43
|
end
|
|
46
44
|
volume
|
|
47
45
|
end
|
|
@@ -53,32 +51,32 @@ class Chef::Provider::AwsEbsVolume < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
53
51
|
end
|
|
54
52
|
|
|
55
53
|
def update_aws_object(volume)
|
|
56
|
-
if initial_options.
|
|
54
|
+
if initial_options.key?(:availability_zone)
|
|
57
55
|
if availability_zone != volume.availability_zone
|
|
58
56
|
raise "#{new_resource}.availability_zone is #{availability_zone}, but actual volume has availability_zone_name set to #{volume.availability_zone}. Cannot be modified!"
|
|
59
57
|
end
|
|
60
58
|
end
|
|
61
|
-
if initial_options.
|
|
59
|
+
if initial_options.key?(:size)
|
|
62
60
|
if initial_options[:size] != volume.size
|
|
63
61
|
raise "#{new_resource}.size is #{new_resource.size}, but actual volume has size set to #{volume.size}. Cannot be modified!"
|
|
64
62
|
end
|
|
65
63
|
end
|
|
66
|
-
if initial_options.
|
|
64
|
+
if initial_options.key?(:snapshot_id)
|
|
67
65
|
if initial_options[:snapshot_id] != volume.snapshot_id
|
|
68
66
|
raise "#{new_resource}.snapshot is #{new_resource.snapshot}, but actual volume has snapshot set to #{volume.snapshot_id}. Cannot be modified!"
|
|
69
67
|
end
|
|
70
68
|
end
|
|
71
|
-
if initial_options.
|
|
69
|
+
if initial_options.key?(:iops)
|
|
72
70
|
if initial_options[:iops] != volume.iops
|
|
73
71
|
raise "#{new_resource}.iops is #{new_resource.iops}, but actual volume has iops set to #{volume.iops}. Cannot be modified!"
|
|
74
72
|
end
|
|
75
73
|
end
|
|
76
|
-
if initial_options.
|
|
74
|
+
if initial_options.key?(:volume_type)
|
|
77
75
|
if initial_options[:volume_type] != volume.volume_type
|
|
78
76
|
raise "#{new_resource}.volume_type is #{new_resource.volume_type}, but actual volume has type set to #{volume.type}. Cannot be modified!"
|
|
79
77
|
end
|
|
80
78
|
end
|
|
81
|
-
if initial_options.
|
|
79
|
+
if initial_options.key?(:encrypted)
|
|
82
80
|
if initial_options[:encrypted] != !!volume.encrypted
|
|
83
81
|
raise "#{new_resource}.encrypted is #{new_resource.encrypted}, but actual volume has encrypted set to #{volume.encrypted}. Cannot be modified!"
|
|
84
82
|
end
|
|
@@ -93,7 +91,7 @@ class Chef::Provider::AwsEbsVolume < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
93
91
|
private
|
|
94
92
|
|
|
95
93
|
def expected_instance
|
|
96
|
-
|
|
94
|
+
unless defined?(@expected_instance)
|
|
97
95
|
if new_resource.machine == false
|
|
98
96
|
@expected_instance = nil
|
|
99
97
|
else
|
|
@@ -106,13 +104,13 @@ class Chef::Provider::AwsEbsVolume < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
106
104
|
def initial_options
|
|
107
105
|
@initial_options ||= begin
|
|
108
106
|
options = {}
|
|
109
|
-
options[:availability_zone] = availability_zone
|
|
110
|
-
options[:size] = new_resource.size
|
|
111
|
-
options[:snapshot_id] = new_resource.snapshot
|
|
112
|
-
options[:iops] = new_resource.iops
|
|
113
|
-
options[:volume_type] = new_resource.volume_type
|
|
114
|
-
options[:encrypted] = new_resource.encrypted
|
|
115
|
-
options[:encrypted] = !!options[:encrypted]
|
|
107
|
+
options[:availability_zone] = availability_zone unless new_resource.availability_zone.nil?
|
|
108
|
+
options[:size] = new_resource.size unless new_resource.size.nil?
|
|
109
|
+
options[:snapshot_id] = new_resource.snapshot unless new_resource.snapshot.nil?
|
|
110
|
+
options[:iops] = new_resource.iops unless new_resource.iops.nil?
|
|
111
|
+
options[:volume_type] = new_resource.volume_type unless new_resource.volume_type.nil?
|
|
112
|
+
options[:encrypted] = new_resource.encrypted unless new_resource.encrypted.nil?
|
|
113
|
+
options[:encrypted] = !!options[:encrypted] unless options[:encrypted].nil?
|
|
116
114
|
|
|
117
115
|
AWSResource.lookup_options(options, resource: new_resource)
|
|
118
116
|
end
|
|
@@ -135,7 +133,7 @@ class Chef::Provider::AwsEbsVolume < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
135
133
|
when "available"
|
|
136
134
|
attach(volume)
|
|
137
135
|
when nil
|
|
138
|
-
raise VolumeNotFoundError
|
|
136
|
+
raise VolumeNotFoundError, new_resource
|
|
139
137
|
else
|
|
140
138
|
raise VolumeInvalidStatusError.new(new_resource, status)
|
|
141
139
|
end
|
|
@@ -159,7 +157,7 @@ class Chef::Provider::AwsEbsVolume < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
159
157
|
Chef::Log.info("waiting for #{new_resource} status to change to #{expected_status}...")
|
|
160
158
|
}
|
|
161
159
|
|
|
162
|
-
Retryable.retryable(:
|
|
160
|
+
Retryable.retryable(tries: 120, sleep: 2, on: VolumeStatusTimeoutError, ensure: log_callback) do
|
|
163
161
|
status = new_resource.driver.ec2_resource.volume(volume.id).state
|
|
164
162
|
expected_status = "in-use" if expected_status.to_s.eql?("in_use")
|
|
165
163
|
raise VolumeStatusTimeoutError.new(new_resource, status, expected_status) if status != expected_status.to_s
|
|
@@ -203,10 +201,10 @@ class Chef::Provider::AwsEbsVolume < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
203
201
|
|
|
204
202
|
converge_by "wait for #{new_resource} in #{region} to delete" do
|
|
205
203
|
log_callback = proc {
|
|
206
|
-
Chef::Log.info(
|
|
204
|
+
Chef::Log.info("waiting for volume to delete...")
|
|
207
205
|
}
|
|
208
206
|
|
|
209
|
-
Retryable.retryable(:
|
|
207
|
+
Retryable.retryable(tries: 30, sleep: 2, on: VolumeStatusTimeoutError, ensure: log_callback) do
|
|
210
208
|
result = new_resource.driver.ec2_resource.volume(volume.id) if volume.id
|
|
211
209
|
raise VolumeStatusTimeoutError.new(new_resource, "exists", "deleted") if new_resource.exists?(result)
|
|
212
210
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
require
|
|
2
|
-
require
|
|
3
|
-
require
|
|
4
|
-
require
|
|
1
|
+
require "chef/provisioning/aws_driver/aws_provider"
|
|
2
|
+
require "chef/resource/aws_instance"
|
|
3
|
+
require "chef/provisioning/machine_spec"
|
|
4
|
+
require "cheffish"
|
|
5
5
|
|
|
6
6
|
class Chef::Provider::AwsEipAddress < Chef::Provisioning::AWSDriver::AWSProvider
|
|
7
7
|
provides :aws_eip_address
|
|
@@ -9,9 +9,7 @@ class Chef::Provider::AwsEipAddress < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
9
9
|
def action_create
|
|
10
10
|
elastic_ip = super
|
|
11
11
|
|
|
12
|
-
|
|
13
|
-
update_association(elastic_ip)
|
|
14
|
-
end
|
|
12
|
+
update_association(elastic_ip) unless new_resource.machine.nil?
|
|
15
13
|
end
|
|
16
14
|
|
|
17
15
|
protected
|
|
@@ -22,7 +20,7 @@ class Chef::Provider::AwsEipAddress < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
22
20
|
if associate_to_vpc.nil?
|
|
23
21
|
if desired_instance.is_a?(::Aws::EC2::Instance) || desired_instance.is_a?(::Aws::EC2::Instance)
|
|
24
22
|
associate_to_vpc = !!desired_instance.vpc_id
|
|
25
|
-
Chef::Log.debug "Since associate_to_vpc is not specified and instance #{new_resource.machine} (#{desired_instance.id}) and #{associate_to_vpc ?
|
|
23
|
+
Chef::Log.debug "Since associate_to_vpc is not specified and instance #{new_resource.machine} (#{desired_instance.id}) and #{associate_to_vpc ? 'is' : 'is not'} in a VPC, setting associate_to_vpc to #{associate_to_vpc}."
|
|
26
24
|
end
|
|
27
25
|
end
|
|
28
26
|
new_resource.driver.ec2.allocate_address vpc: new_resource.associate_to_vpc
|
|
@@ -30,7 +28,7 @@ class Chef::Provider::AwsEipAddress < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
30
28
|
end
|
|
31
29
|
|
|
32
30
|
def update_aws_object(elastic_ip)
|
|
33
|
-
|
|
31
|
+
unless new_resource.associate_to_vpc.nil?
|
|
34
32
|
if new_resource.associate_to_vpc != (elastic_ip.domain == "vpc")
|
|
35
33
|
raise "#{new_resource}.associate_to_vpc = #{new_resource.associate_to_vpc}, but actual IP address has vpc? set to #{(elastic_ip.domain == 'vpc')}. Cannot be modified!"
|
|
36
34
|
end
|
|
@@ -38,7 +36,7 @@ class Chef::Provider::AwsEipAddress < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
38
36
|
end
|
|
39
37
|
|
|
40
38
|
def destroy_aws_object(elastic_ip)
|
|
41
|
-
#if it's attached to something in a vpc, disassociate first
|
|
39
|
+
# if it's attached to something in a vpc, disassociate first
|
|
42
40
|
if !elastic_ip.instance_id.nil? && elastic_ip.domain == "vpc"
|
|
43
41
|
converge_by "dissociate Elastic IP address #{new_resource.name} (#{elastic_ip.public_ip}) from #{elastic_ip.instance_id}" do
|
|
44
42
|
new_resource.driver.ec2.disassociate_address public_ip: elastic_ip.public_ip
|
|
@@ -52,7 +50,7 @@ class Chef::Provider::AwsEipAddress < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
52
50
|
private
|
|
53
51
|
|
|
54
52
|
def desired_instance
|
|
55
|
-
|
|
53
|
+
unless defined?(@desired_instance)
|
|
56
54
|
if new_resource.machine == false
|
|
57
55
|
@desired_instance = false
|
|
58
56
|
else
|
|
@@ -77,12 +75,11 @@ class Chef::Provider::AwsEipAddress < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
77
75
|
# If we were told to set the association to false, disassociate it.
|
|
78
76
|
#
|
|
79
77
|
else
|
|
80
|
-
|
|
78
|
+
unless elastic_ip.association_id.nil?
|
|
81
79
|
converge_by "disassociate Elastic IP address #{new_resource.name} (#{elastic_ip.public_ip}) from #{elastic_ip.instance_id} in #{region}" do
|
|
82
80
|
new_resource.driver.ec2.disassociate_address public_ip: elastic_ip.public_ip
|
|
83
81
|
end
|
|
84
82
|
end
|
|
85
83
|
end
|
|
86
84
|
end
|
|
87
|
-
|
|
88
85
|
end
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
require
|
|
2
|
-
require
|
|
1
|
+
require "chef/provisioning/aws_driver/aws_provider"
|
|
2
|
+
require "chef/provisioning/aws_driver/tagging_strategy/elasticsearch"
|
|
3
3
|
|
|
4
4
|
class Chef::Provider::AwsElasticsearchDomain < Chef::Provisioning::AWSDriver::AWSProvider
|
|
5
5
|
provides :aws_elasticsearch_domain
|
|
@@ -10,15 +10,15 @@ class Chef::Provider::AwsElasticsearchDomain < Chef::Provisioning::AWSDriver::AW
|
|
|
10
10
|
end
|
|
11
11
|
end
|
|
12
12
|
|
|
13
|
-
def destroy_aws_object(
|
|
13
|
+
def destroy_aws_object(_domain)
|
|
14
14
|
converge_by "destroy Elasticsearch domain #{new_resource.domain_name}" do
|
|
15
|
-
es_client.delete_elasticsearch_domain(
|
|
15
|
+
es_client.delete_elasticsearch_domain(domain_name: new_resource.domain_name)
|
|
16
16
|
end
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
def update_aws_object(domain)
|
|
20
20
|
updates = required_updates(domain)
|
|
21
|
-
|
|
21
|
+
unless updates.empty?
|
|
22
22
|
converge_by updates do
|
|
23
23
|
es_client.update_elasticsearch_domain_config(update_payload)
|
|
24
24
|
end
|
|
@@ -30,7 +30,8 @@ class Chef::Provider::AwsElasticsearchDomain < Chef::Provisioning::AWSDriver::AW
|
|
|
30
30
|
strategy = Chef::Provisioning::AWSDriver::TaggingStrategy::Elasticsearch.new(
|
|
31
31
|
es_client,
|
|
32
32
|
new_resource.aws_object.arn,
|
|
33
|
-
new_resource.aws_tags
|
|
33
|
+
new_resource.aws_tags
|
|
34
|
+
)
|
|
34
35
|
Chef::Provisioning::AWSDriver::AWSTagger.new(strategy, action_handler)
|
|
35
36
|
end
|
|
36
37
|
end
|
|
@@ -52,7 +53,7 @@ class Chef::Provider::AwsElasticsearchDomain < Chef::Provisioning::AWSDriver::AW
|
|
|
52
53
|
end
|
|
53
54
|
|
|
54
55
|
def update_payload
|
|
55
|
-
payload = {domain_name: new_resource.domain_name}
|
|
56
|
+
payload = { domain_name: new_resource.domain_name }
|
|
56
57
|
payload.merge!(ebs_options) if ebs_options_present?
|
|
57
58
|
payload.merge!(cluster_options) if cluster_options_present?
|
|
58
59
|
payload.merge!(snapshot_options) if snapshot_options_present?
|
|
@@ -60,34 +61,34 @@ class Chef::Provider::AwsElasticsearchDomain < Chef::Provisioning::AWSDriver::AW
|
|
|
60
61
|
payload
|
|
61
62
|
end
|
|
62
63
|
|
|
63
|
-
EBS_OPTIONS = %i
|
|
64
|
+
EBS_OPTIONS = %i{ebs_enabled volume_type volume_size iops}.freeze
|
|
64
65
|
def ebs_options
|
|
65
66
|
opts = EBS_OPTIONS.inject({}) do |accum, i|
|
|
66
|
-
new_resource.send(i).nil? ? accum : accum.merge(
|
|
67
|
+
new_resource.send(i).nil? ? accum : accum.merge(i => new_resource.send(i))
|
|
67
68
|
end
|
|
68
|
-
{ebs_options: opts}
|
|
69
|
+
{ ebs_options: opts }
|
|
69
70
|
end
|
|
70
71
|
|
|
71
72
|
def ebs_options_present?
|
|
72
|
-
EBS_OPTIONS.any? {|i| !new_resource.send(i).nil? }
|
|
73
|
+
EBS_OPTIONS.any? { |i| !new_resource.send(i).nil? }
|
|
73
74
|
end
|
|
74
75
|
|
|
75
76
|
def ebs_options_changed?(object)
|
|
76
77
|
changed?(ebs_options[:ebs_options], object.ebs_options)
|
|
77
78
|
end
|
|
78
79
|
|
|
79
|
-
CLUSTER_OPTIONS = %i
|
|
80
|
-
dedicated_master_type dedicated_master_count zone_awareness_enabled
|
|
80
|
+
CLUSTER_OPTIONS = %i{instance_type instance_count dedicated_master_enabled
|
|
81
|
+
dedicated_master_type dedicated_master_count zone_awareness_enabled}.freeze
|
|
81
82
|
|
|
82
83
|
def cluster_options
|
|
83
84
|
opts = CLUSTER_OPTIONS.inject({}) do |accum, i|
|
|
84
|
-
new_resource.send(i).nil? ? accum : accum.merge(
|
|
85
|
+
new_resource.send(i).nil? ? accum : accum.merge(i => new_resource.send(i))
|
|
85
86
|
end
|
|
86
|
-
{elasticsearch_cluster_config: opts}
|
|
87
|
+
{ elasticsearch_cluster_config: opts }
|
|
87
88
|
end
|
|
88
89
|
|
|
89
90
|
def cluster_options_present?
|
|
90
|
-
CLUSTER_OPTIONS.any? {|i| !new_resource.send(i).nil? }
|
|
91
|
+
CLUSTER_OPTIONS.any? { |i| !new_resource.send(i).nil? }
|
|
91
92
|
end
|
|
92
93
|
|
|
93
94
|
def cluster_options_changed?(object)
|
|
@@ -96,14 +97,14 @@ class Chef::Provider::AwsElasticsearchDomain < Chef::Provisioning::AWSDriver::AW
|
|
|
96
97
|
|
|
97
98
|
def snapshot_options
|
|
98
99
|
if !new_resource.automated_snapshot_start_hour.nil?
|
|
99
|
-
{snapshot_options: { automated_snapshot_start_hour: new_resource.automated_snapshot_start_hour }}
|
|
100
|
+
{ snapshot_options: { automated_snapshot_start_hour: new_resource.automated_snapshot_start_hour } }
|
|
100
101
|
else
|
|
101
102
|
{}
|
|
102
103
|
end
|
|
103
104
|
end
|
|
104
105
|
|
|
105
106
|
def snapshot_options_present?
|
|
106
|
-
!
|
|
107
|
+
!new_resource.automated_snapshot_start_hour.nil?
|
|
107
108
|
end
|
|
108
109
|
|
|
109
110
|
def snapshot_options_changed?(object)
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "chef/provisioning/aws_driver/aws_provider"
|
|
2
2
|
|
|
3
3
|
class Chef::Provider::AwsInstanceProfile < Chef::Provisioning::AWSDriver::AWSProvider
|
|
4
4
|
provides :aws_iam_instance_profile
|
|
@@ -9,7 +9,6 @@ class Chef::Provider::AwsInstanceProfile < Chef::Provisioning::AWSDriver::AWSPro
|
|
|
9
9
|
update_attached_role(iam_instance_profile)
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
|
|
13
12
|
protected
|
|
14
13
|
|
|
15
14
|
def detach_role(iam_instance_profile)
|
|
@@ -28,19 +27,19 @@ class Chef::Provider::AwsInstanceProfile < Chef::Provisioning::AWSDriver::AWSPro
|
|
|
28
27
|
detach_role(iam_instance_profile)
|
|
29
28
|
converge_by "associating role #{role} with instance profile #{new_resource.name}" do
|
|
30
29
|
# Despite having collection methods for roles, instance profile can only have single role associated
|
|
31
|
-
iam_instance_profile.add_role(
|
|
30
|
+
iam_instance_profile.add_role(
|
|
32
31
|
role_name: role
|
|
33
|
-
|
|
32
|
+
)
|
|
34
33
|
end
|
|
35
34
|
end
|
|
36
35
|
end
|
|
37
36
|
|
|
38
37
|
def create_aws_object
|
|
39
38
|
converge_by "create IAM instance profile #{new_resource.name}" do
|
|
40
|
-
new_resource.driver.iam_resource.create_instance_profile(
|
|
39
|
+
new_resource.driver.iam_resource.create_instance_profile(
|
|
41
40
|
path: new_resource.path || "/",
|
|
42
41
|
instance_profile_name: new_resource.name
|
|
43
|
-
|
|
42
|
+
)
|
|
44
43
|
end
|
|
45
44
|
end
|
|
46
45
|
|
|
@@ -56,5 +55,4 @@ class Chef::Provider::AwsInstanceProfile < Chef::Provisioning::AWSDriver::AWSPro
|
|
|
56
55
|
iam_instance_profile.delete
|
|
57
56
|
end
|
|
58
57
|
end
|
|
59
|
-
|
|
60
58
|
end
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
require
|
|
2
|
-
require
|
|
1
|
+
require "chef/provisioning/aws_driver/aws_provider"
|
|
2
|
+
require "chef/json_compat"
|
|
3
3
|
|
|
4
4
|
class Chef::Provider::AwsIamRole < Chef::Provisioning::AWSDriver::AWSProvider
|
|
5
5
|
provides :aws_iam_role
|
|
@@ -15,20 +15,18 @@ class Chef::Provider::AwsIamRole < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
15
15
|
def action_create
|
|
16
16
|
role = super
|
|
17
17
|
|
|
18
|
-
|
|
19
|
-
update_inline_policy(role)
|
|
20
|
-
end
|
|
18
|
+
update_inline_policy(role) unless new_resource.inline_policies.nil?
|
|
21
19
|
end
|
|
22
20
|
|
|
23
21
|
protected
|
|
24
22
|
|
|
25
23
|
def create_aws_object
|
|
26
24
|
converge_by "create IAM Role #{new_resource.name}" do
|
|
27
|
-
iam_resource.create_role(
|
|
25
|
+
iam_resource.create_role(
|
|
28
26
|
path: new_resource.path,
|
|
29
27
|
role_name: new_resource.name,
|
|
30
28
|
assume_role_policy_document: new_resource.assume_role_policy_document
|
|
31
|
-
|
|
29
|
+
)
|
|
32
30
|
end
|
|
33
31
|
iam_resource.role(new_resource.name)
|
|
34
32
|
end
|
|
@@ -39,10 +37,10 @@ class Chef::Provider::AwsIamRole < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
39
37
|
end
|
|
40
38
|
if new_resource.assume_role_policy_document && policy_update_required?(role.assume_role_policy_document, new_resource.assume_role_policy_document)
|
|
41
39
|
converge_by "update IAM Role #{role.name} assume_role_policy_document" do
|
|
42
|
-
iam_client.update_assume_role_policy(
|
|
40
|
+
iam_client.update_assume_role_policy(
|
|
43
41
|
role_name: new_resource.name,
|
|
44
42
|
policy_document: new_resource.assume_role_policy_document
|
|
45
|
-
|
|
43
|
+
)
|
|
46
44
|
end
|
|
47
45
|
end
|
|
48
46
|
end
|
|
@@ -64,28 +62,28 @@ class Chef::Provider::AwsIamRole < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
64
62
|
private
|
|
65
63
|
|
|
66
64
|
def update_inline_policy(role)
|
|
67
|
-
desired_inline_policies = Hash[new_resource.inline_policies.map {|k, v| [k.to_s, v]}]
|
|
68
|
-
current_inline_policies = Hash[role.policies.map {|p| [p.name, p.policy_document]}]
|
|
65
|
+
desired_inline_policies = Hash[new_resource.inline_policies.map { |k, v| [k.to_s, v] }]
|
|
66
|
+
current_inline_policies = Hash[role.policies.map { |p| [p.name, p.policy_document] }]
|
|
69
67
|
|
|
70
|
-
policies_to_put = desired_inline_policies.reject {|k,v| current_inline_policies[k] && !policy_update_required?(current_inline_policies[k], v)}
|
|
68
|
+
policies_to_put = desired_inline_policies.reject { |k, v| current_inline_policies[k] && !policy_update_required?(current_inline_policies[k], v) }
|
|
71
69
|
policies_to_delete = current_inline_policies.keys - desired_inline_policies.keys
|
|
72
70
|
|
|
73
71
|
policies_to_put.each do |policy_name, policy|
|
|
74
72
|
converge_by "Adding or updating inline Role policy #{policy_name}" do
|
|
75
|
-
iam_client.put_role_policy(
|
|
73
|
+
iam_client.put_role_policy(
|
|
76
74
|
role_name: role.name,
|
|
77
75
|
policy_name: policy_name,
|
|
78
76
|
policy_document: policy
|
|
79
|
-
|
|
77
|
+
)
|
|
80
78
|
end
|
|
81
79
|
end
|
|
82
80
|
|
|
83
81
|
policies_to_delete.each do |policy_name|
|
|
84
82
|
converge_by "Deleting inline Role policy #{policy_name}" do
|
|
85
|
-
iam_client.delete_role_policy(
|
|
83
|
+
iam_client.delete_role_policy(
|
|
86
84
|
role_name: role.name,
|
|
87
85
|
policy_name: policy_name
|
|
88
|
-
|
|
86
|
+
)
|
|
89
87
|
end
|
|
90
88
|
end
|
|
91
89
|
end
|
|
@@ -94,5 +92,4 @@ class Chef::Provider::AwsIamRole < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
94
92
|
# We parse the JSON into a hash to get rid of whitespace and ordering issues
|
|
95
93
|
Chef::JSONCompat.parse(URI.decode(current_policy)) != Chef::JSONCompat.parse(desired_policy)
|
|
96
94
|
end
|
|
97
|
-
|
|
98
95
|
end
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
require
|
|
2
|
-
require
|
|
1
|
+
require "chef/provisioning/aws_driver/aws_provider"
|
|
2
|
+
require "chef/provisioning/aws_driver/tagging_strategy/ec2"
|
|
3
3
|
|
|
4
4
|
class Chef::Provider::AwsImage < Chef::Provisioning::AWSDriver::AWSProvider
|
|
5
5
|
include Chef::Provisioning::AWSDriver::TaggingStrategy::EC2ConvergeTags
|
|
@@ -7,11 +7,11 @@ class Chef::Provider::AwsImage < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
7
7
|
provides :aws_image
|
|
8
8
|
|
|
9
9
|
def destroy_aws_object(image)
|
|
10
|
-
instance_id = image.tags.map {|t| [t.key, t.value] }.to_h[
|
|
10
|
+
instance_id = image.tags.map { |t| [t.key, t.value] }.to_h["from-instance"]
|
|
11
11
|
Chef::Log.debug("Found from-instance tag [#{instance_id}] on #{image.id}")
|
|
12
12
|
unless instance_id
|
|
13
13
|
# This is an old image and doesn't have the tag added - lets try and find it from the block device mapping
|
|
14
|
-
image.block_device_mappings.map do |
|
|
14
|
+
image.block_device_mappings.map do |_dev, opts|
|
|
15
15
|
snapshot = new_resource.driver.ec2_resource.snapshot(opts[:snapshot_id])
|
|
16
16
|
desc = snapshot.description
|
|
17
17
|
m = /CreateImage\(([^\)]+)\)/.match(desc)
|
|
@@ -33,8 +33,8 @@ class Chef::Provider::AwsImage < Chef::Provisioning::AWSDriver::AWSProvider
|
|
|
33
33
|
instance.wait_until_terminated do |w|
|
|
34
34
|
w.delay = 5
|
|
35
35
|
w.max_attempts = 60
|
|
36
|
-
w.before_wait do |attempts,
|
|
37
|
-
action_handler.report_progress "waited #{(attempts-1)*5}/#{60*5}s for #{instance.id} status to terminate..."
|
|
36
|
+
w.before_wait do |attempts, _response|
|
|
37
|
+
action_handler.report_progress "waited #{(attempts - 1) * 5}/#{60 * 5}s for #{instance.id} status to terminate..."
|
|
38
38
|
end
|
|
39
39
|
end
|
|
40
40
|
end
|