chef-provisioning-aws 0.3 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5ec492afa3798bae513c3b61ea626958a6b7e954
-  data.tar.gz: 1b8ecf59b63a169aaa7d744efe491f3f1627065c
+  metadata.gz: 3e941203fbc66689312f07ace28e6ea90413c25b
+  data.tar.gz: fd09857eee368a41188c6c36084aacf061b31eef
 SHA512:
-  metadata.gz: bcbdddb1f0cc451ecd9b345e62fc95d6049e5e1d9c715dff1b000f859a80728d1670fb42064e65b4ca1b2e93d26e9c036177b36d40a3a5802ad67a1e14a344d4
-  data.tar.gz: 8e17c7774db57b2e9774d366ffbe04f301c8bb5d09761a7a9f6fb1892567cd2163a6197a31591ca7a249f8f4216c1f65790a3c91f6e074c45b1a7ad197ab448f
+  metadata.gz: 8421e20240201c3c8e66a03017d700dbdb91c669a092793b003ba5ea24234449ebe8c5c4f9517c6c943ecfd1eb5ad138279fc5548045babb004fbf2455c2ca02
+  data.tar.gz: 08802b5ba314ce4840c4ef883164877c57291a98ae1d76720fff5c58d8e4308adfbb5bb1479d77bc46a3525fd9a5ccad99fc643db317a9b92c71806550cb889f

data/lib/chef/provider/aws_auto_scaling_group.rb

@@ -9,12 +9,12 @@ class Chef::Provider::AwsAutoScalingGroup < Chef::Provider::AwsProvider
         :max_size => new_resource.max_size,
         :availability_zones => availability_zones
       }
-      
+
       auto_scaling_opts[:desired_capacity] = new_resource.desired_capacity if new_resource.desired_capacity
       auto_scaling_opts[:load_balancers] = new_resource.load_balancers if new_resource.load_balancers
-       
-      converge_by "Creating new Auto Scaling group #{new_resource.name} in #{new_resource.region_name}" do
-        @existing_group = auto_scaling.groups.create(
+
+      converge_by "Creating new Auto Scaling group #{new_resource.name} in #{new_driver.aws_config.region}" do
+        @existing_group = new_driver.auto_scaling.groups.create(
           new_resource.name,
           auto_scaling_opts
         )
@@ -26,7 +26,7 @@ class Chef::Provider::AwsAutoScalingGroup < Chef::Provider::AwsProvider
 
   action :delete do
     if existing_group
-      converge_by "Deleting Auto Scaling group #{new_resource.name} in #{new_resource.region_name}" do
+      converge_by "Deleting Auto Scaling group #{new_resource.name} in #{new_driver.aws_config.region}" do
         existing_group.delete!
       end
     end
@@ -35,12 +35,12 @@ class Chef::Provider::AwsAutoScalingGroup < Chef::Provider::AwsProvider
   end
 
   def availability_zones
-    @availability_zones ||= ec2.availability_zones.reduce([]) { |result, az| result << az }
+    @availability_zones ||= new_driver.ec2.availability_zones.reduce([]) { |result, az| result << az }
   end
 
   def existing_group
     @existing_group ||= begin
-                          eg = auto_scaling.groups[new_resource.name]
+                          eg = new_driver.auto_scaling.groups[new_resource.name]
                           eg.exists? ? eg : nil
                         end
   end

data/lib/chef/provider/aws_ebs_volume.rb

@@ -6,9 +6,9 @@ class Chef::Provider::AwsEbsVolume < Chef::Provider::AwsProvider
 
   action :create do
     if existing_volume == nil
-      converge_by "Creating new EBS volume #{fqn} in #{new_resource.region_name}" do
+      converge_by "Creating new EBS volume #{fqn} in #{new_driver.aws_config.region}" do
 
-        ebs = ec2.volumes.create(
+        ebs = new_driver.ec2.volumes.create(
             :availability_zone => new_resource.availability_zone,
             :size => new_resource.size.to_i
         )
@@ -27,7 +27,7 @@ class Chef::Provider::AwsEbsVolume < Chef::Provider::AwsProvider
 
   action :delete do
     if existing_volume
-      converge_by "Deleting EBS volume #{fqn} in #{new_resource.region_name}" do
+      converge_by "Deleting EBS volume #{fqn} in #{new_driver.aws_config.region}" do
         existing_volume.delete
       end
     end
@@ -39,7 +39,7 @@ class Chef::Provider::AwsEbsVolume < Chef::Provider::AwsProvider
   def existing_volume
     @existing_volume ||=  new_resource.volume_id == nil ? nil : begin
       Chef::Log.debug("Loading volume #{new_resource.volume_id}")
-      volume = ec2.volumes[new_resource.volume_id]
+      volume = new_driver.ec2.volumes[new_resource.volume_id]
       if [:deleted, :deleting, :error].include? volume.status
         nil
       else

data/lib/chef/provider/aws_eip_address.rb

@@ -6,8 +6,8 @@ class Chef::Provider::AwsEipAddress < Chef::Provider::AwsProvider
 
   action :create do
     if existing_ip == nil
-      converge_by "Creating new EIP address in #{new_resource.region_name}" do
-        eip = ec2.elastic_ips.create :vpc => new_resource.associate_to_vpc
+      converge_by "Creating new EIP address in #{new_driver.aws_config.region}" do
+        eip = new_driver.ec2.elastic_ips.create :vpc => new_resource.associate_to_vpc
         new_resource.public_ip eip.public_ip
         new_resource.domain eip.domain
         new_resource.instance_id eip.instance_id
@@ -22,7 +22,7 @@ class Chef::Provider::AwsEipAddress < Chef::Provider::AwsProvider
 
   action :delete do
     if existing_ip
-      converge_by "Deleting EIP Address #{new_resource.name} in #{new_resource.region_name}" do
+      converge_by "Deleting EIP Address #{new_resource.name} in #{new_driver.aws_config.region}" do
         #if it's attached to something in a vpc, disassociate first
         if existing_ip.instance_id != nil && existing_ip.domain == 'vpc'
           existing_ip.disassociate
@@ -34,11 +34,11 @@ class Chef::Provider::AwsEipAddress < Chef::Provider::AwsProvider
   end
 
   action :associate do
-    converge_by "Associating EIP Address #{new_resource.name} in #{new_resource.region_name}" do
+    converge_by "Associating EIP Address #{new_resource.name} in #{new_driver.aws_config.region}" do
       if existing_ip == nil
         action_create
       end
-        eip = ec2.elastic_ips[new_resource.public_ip]
+        eip = new_driver.ec2.elastic_ips[new_resource.public_ip]
       begin
         spec = Chef::Provisioning::ChefMachineSpec.get(new_resource.machine)
         if spec == nil
@@ -55,7 +55,7 @@ class Chef::Provider::AwsEipAddress < Chef::Provider::AwsProvider
   end
 
   action :disassociate do
-    converge_by "Disassociating EIP Address #{new_resource.name} in #{new_resource.region_name}" do
+    converge_by "Disassociating EIP Address #{new_resource.name} in #{new_driver.aws_config.region}" do
       begin
         if existing_ip != nil
           existing_ip.disassociate
@@ -73,7 +73,7 @@ class Chef::Provider::AwsEipAddress < Chef::Provider::AwsProvider
   def existing_ip
     new_resource.hydrate
     @existing_ip ||=  new_resource.public_ip == nil ? nil : begin
-      eip = ec2.elastic_ips[new_resource.public_ip]
+      eip = new_driver.ec2.elastic_ips[new_resource.public_ip]
       eip
     rescue => e
       Chef::Application.fatal!("Error looking for EIP Address: #{e}")

data/lib/chef/provider/aws_key_pair.rb

@@ -18,7 +18,7 @@ class Chef::Provider::AwsKeyPair < Chef::Provider::AwsProvider
 
   action :delete do
     if current_resource_exists?
-      ec2.key_pairs[new_resource.name].delete
+      new_driver.ec2.key_pairs[new_resource.name].delete
     end
   end
 
@@ -79,8 +79,8 @@ class Chef::Provider::AwsKeyPair < Chef::Provider::AwsProvider
       if !new_fingerprints.any? { |f| compare_public_key f }
         if new_resource.allow_overwrite
           converge_by "update #{key_description} to match local key at #{new_resource.private_key_path}" do
-            ec2.key_pairs[new_resource.name].delete
-            ec2.key_pairs.import(new_resource.name, Cheffish::KeyFormatter.encode(desired_key, :format => :openssh))
+            new_driver.ec2.key_pairs[new_resource.name].delete
+            new_driver.ec2.key_pairs.import(new_resource.name, Cheffish::KeyFormatter.encode(desired_key, :format => :openssh))
           end
         else
           raise "#{key_description} with fingerprint #{@current_fingerprint} does not match local key fingerprint(s) #{new_fingerprints}, and allow_overwrite is false!"
@@ -92,7 +92,7 @@ class Chef::Provider::AwsKeyPair < Chef::Provider::AwsProvider
 
       # Create key
       converge_by "create #{key_description} from local key at #{new_resource.private_key_path}" do
-        ec2.key_pairs.import(new_resource.name, Cheffish::KeyFormatter.encode(desired_key, :format => :openssh))
+        new_driver.ec2.key_pairs.import(new_resource.name, Cheffish::KeyFormatter.encode(desired_key, :format => :openssh))
       end
     end
   end
@@ -136,7 +136,7 @@ class Chef::Provider::AwsKeyPair < Chef::Provider::AwsProvider
 
   def existing_keypair
     @existing_keypair ||= begin
-      ec2.key_pairs[fqn]
+      new_driver.ec2.key_pairs[fqn]
     rescue
       nil
     end
@@ -175,7 +175,7 @@ class Chef::Provider::AwsKeyPair < Chef::Provider::AwsProvider
   def load_current_resource
     @current_resource = Chef::Resource::AwsKeyPair.new(new_resource.name, run_context)
 
-    current_key_pair = ec2.key_pairs[new_resource.name]
+    current_key_pair = new_driver.ec2.key_pairs[new_resource.name]
     if current_key_pair && current_key_pair.exists?
       @current_fingerprint = current_key_pair ? current_key_pair.fingerprint : nil
     else

data/lib/chef/provider/aws_launch_config.rb

@@ -3,8 +3,8 @@ require 'chef/provider/aws_provider'
 class Chef::Provider::AwsLaunchConfig < Chef::Provider::AwsProvider
   action :create do
     if existing_launch_config.nil?
-      converge_by "Creating new Launch Config #{id} in #{new_resource.region_name}" do
-        @existing_launch_config = auto_scaling.launch_configurations.create(
+      converge_by "Creating new Launch Config #{id} in #{new_driver.aws_config.region}" do
+        @existing_launch_config = new_driver.auto_scaling.launch_configurations.create(
           new_resource.name,
           new_resource.image,
           new_resource.instance_type
@@ -17,7 +17,7 @@ class Chef::Provider::AwsLaunchConfig < Chef::Provider::AwsProvider
 
   action :delete do
     if existing_launch_config
-      converge_by "Deleting Launch Config #{id} in #{new_resource.region_name}" do
+      converge_by "Deleting Launch Config #{id} in #{new_driver.aws_config.region}" do
         begin
           existing_launch_config.delete
         rescue AWS::AutoScaling::Errors::ResourceInUse
@@ -32,7 +32,7 @@ class Chef::Provider::AwsLaunchConfig < Chef::Provider::AwsProvider
 
   def existing_launch_config
     @existing_launch_config ||= begin
-                                  elc = auto_scaling.launch_configurations[new_resource.name]
+                                  elc = new_driver.auto_scaling.launch_configurations[new_resource.name]
                                   elc.exists? ? elc : nil
                                 end
   end

data/lib/chef/provider/aws_provider.rb

@@ -1,89 +1,22 @@
 require 'chef/provider/lwrp_base'
-require 'chef/provisioning/aws_driver/credentials'
 
 class Chef::Provider::AwsProvider < Chef::Provider::LWRPBase
   use_inline_resources
 
-  attr_reader :credentials
-
   # All these need to implement whyrun
   def whyrun_supported?
     true
   end
 
-  def from_hash hash
-    hash.each do |k,v|
-      begin
-        self.instance_variable_set("@#{k}", v)
-      rescue NameError => ne
-        # nothing...
-      end
-    end
-    self
-  end
-
-  def resource_from_databag(fqn, chef_server = Cheffish.default_chef_server)
-    chef_api = Cheffish.chef_server_api(chef_server)
-    begin
-      data = chef_api.get("/data/#{databag_name}/#{fqn}")
-     rescue Net::HTTPServerException => e
-      if e.response.code == '404'
-        nil
-      else
-        raise
-      end
-    end
-  end
-
-  def initialize(*args)
-    super
-    # TODO - temporary, needs to be better
-    @credentials = Chef::Provisioning::AWSDriver::Credentials.new
-    @credentials.load_default
-    credentials = @credentials.default
-    AWS.config(:access_key_id => credentials[:aws_access_key_id],
-               :secret_access_key => credentials[:aws_secret_access_key])
-  end
-
-  def self.databag_name
-    raise 'Class does not implement databag name'
-  end
-
   def fqn
     if id
       id
     else
-      "#{new_resource.name}_#{new_resource.region_name}"
+      "#{new_resource.name}_#{new_driver.aws_config.region}"
     end
   end
 
-  # AWS objects we might need
-  def ec2
-    @ec2 ||= aws_init { AWS::EC2.new }
-  end
-
-  def sns
-    @sns ||= aws_init { AWS::SNS.new }
-  end
-
-  def sqs
-    @sqs ||= aws_init { AWS::SQS.new }
-  end
-
-  def s3
-    @s3 ||= aws_init { AWS::S3.new }
-  end
-
-  def auto_scaling
-    @auto_scaling ||= aws_init { AWS::AutoScaling.new }
-  end
-
-  private
-  def aws_init
-    credentials = @credentials.default
-    region = new_resource.region_name || credentials[:region]
-    # Pivot region
-    AWS.config(:region => region)
-    yield
+  def new_driver
+    run_context.chef_provisioning.driver_for(new_resource.driver)
   end
 end

data/lib/chef/provider/aws_s3_bucket.rb

@@ -5,7 +5,7 @@ class Chef::Provider::AwsS3Bucket < Chef::Provider::AwsProvider
   action :create do
     if existing_bucket == nil
       converge_by "Creating new S3 bucket #{fqn}" do
-        bucket = s3.buckets.create(fqn)
+        bucket = new_driver.s3.buckets.create(fqn)
         bucket.tags['Name'] = new_resource.name
       end
     end
@@ -38,7 +38,7 @@ class Chef::Provider::AwsS3Bucket < Chef::Provider::AwsProvider
 
   def existing_bucket
     Chef::Log.debug("Checking for S3 bucket #{fqn}")
-    @existing_bucket ||= s3.buckets[fqn] if s3.buckets[fqn].exists?
+    @existing_bucket ||= new_driver.s3.buckets[fqn] if new_driver.s3.buckets[fqn].exists?
   end
 
   def modifies_website_configuration?

data/lib/chef/provider/aws_security_group.rb

@@ -5,7 +5,7 @@ class Chef::Provider::AwsSecurityGroup < Chef::Provider::AwsProvider
 
   action :create do
     if existing_sg == nil
-      converge_by "Creating new SG #{new_resource.name} in #{new_resource.region_name}" do
+      converge_by "Creating new SG #{new_resource.name} in #{new_driver.aws_config.region}" do
         opts = {
             :description => new_resource.description,
             :vpc => nil
@@ -14,14 +14,14 @@ class Chef::Provider::AwsSecurityGroup < Chef::Provider::AwsProvider
         if new_resource.vpc_id
           opts[:vpc] = new_resource.vpc_id
         elsif new_resource.vpc_name
-          existing_vpc = ec2.vpcs.with_tag('Name', new_resource.vpc_name).first
+          existing_vpc = new_driver.ec2.vpcs.with_tag('Name', new_resource.vpc_name).first
           Chef::Log.debug("Existing VPC: #{existing_vpc.inspect}")
           if existing_vpc
             opts[:vpc] = existing_vpc
           end
         end
 
-        sg = ec2.security_groups.create(new_resource.name, opts)
+        sg = new_driver.ec2.security_groups.create(new_resource.name, opts)
         new_resource.security_group_id sg.group_id
         new_resource.save
       end
@@ -33,7 +33,7 @@ class Chef::Provider::AwsSecurityGroup < Chef::Provider::AwsProvider
 
   action :delete do
     if existing_sg
-      converge_by "Deleting SG #{new_resource.name} in #{new_resource.region_name}" do
+      converge_by "Deleting SG #{new_resource.name} in #{new_driver.aws_config.region}" do
         existing_sg.delete
       end
     end
@@ -47,7 +47,7 @@ class Chef::Provider::AwsSecurityGroup < Chef::Provider::AwsProvider
     if new_resource.inbound_rules
       new_resource.inbound_rules.each do |rule|
         begin
-          converge_by "Updating SG #{new_resource.name} in #{new_resource.region_name} to allow inbound #{rule[:protocol]}/#{rule[:ports]} from #{rule[:sources]}" do
+          converge_by "Updating SG #{new_resource.name} in #{new_driver.aws_config.region} to allow inbound #{rule[:protocol]}/#{rule[:ports]} from #{rule[:sources]}" do
             security_group.authorize_ingress(rule[:protocol], rule[:ports], *rule[:sources])
           end
         rescue AWS::EC2::Errors::InvalidPermission::Duplicate
@@ -60,7 +60,7 @@ class Chef::Provider::AwsSecurityGroup < Chef::Provider::AwsProvider
     if new_resource.outbound_rules
       new_resource.outbound_rules.each do |rule|
         begin
-          converge_by "Updating SG #{new_resource.name} in #{new_resource.region_name} to allow outbound #{rule[:protocol]}/#{rule[:ports]} to #{rule[:destinations]}" do
+          converge_by "Updating SG #{new_resource.name} in #{new_driver.aws_config.region} to allow outbound #{rule[:protocol]}/#{rule[:ports]} to #{rule[:destinations]}" do
             security_group.authorize_egress( *rule[:destinations], :protocol => rule[:protocol], :ports => rule[:ports])
           end
         rescue AWS::EC2::Errors::InvalidPermission::Duplicate
@@ -73,7 +73,7 @@ class Chef::Provider::AwsSecurityGroup < Chef::Provider::AwsProvider
   def existing_sg
     @existing_sg ||= begin
       if id != nil
-        ec2.security_groups[id]
+        new_driver.ec2.security_groups[id]
       else
         nil
       end

data/lib/chef/provider/aws_sns_topic.rb

@@ -5,8 +5,8 @@ class Chef::Provider::AwsSnsTopic < Chef::Provider::AwsProvider
 
   action :create do
     if existing_topic == nil
-      converge_by "Creating new SNS topic #{fqn} in #{new_resource.region_name}" do
-        sns.topics.create(fqn)
+      converge_by "Creating new SNS topic #{fqn} in #{new_driver.aws_config.region}" do
+        new_driver.sns.topics.create(fqn)
 
         new_resource.created_at DateTime.now.to_s
         new_resource.save
@@ -16,7 +16,7 @@ class Chef::Provider::AwsSnsTopic < Chef::Provider::AwsProvider
 
   action :delete do
     if existing_topic
-      converge_by "Deleting SNS topic #{fqn} in #{new_resource.region_name}" do
+      converge_by "Deleting SNS topic #{fqn} in #{new_driver.aws_config.region}" do
         existing_topic.delete
       end
     end
@@ -26,7 +26,7 @@ class Chef::Provider::AwsSnsTopic < Chef::Provider::AwsProvider
 
   def existing_topic
     @existing_topic ||= begin
-      sns.topics.named(fqn)
+      new_driver.sns.topics.named(fqn)
     rescue
       nil
     end

data/lib/chef/provider/aws_sqs_queue.rb

@@ -5,10 +5,10 @@ class Chef::Provider::AwsSqsQueue < Chef::Provider::AwsProvider
 
   action :create do
     if existing_queue == nil
-      converge_by "Creating new SQS queue #{fqn} in #{new_resource.region_name}" do
+      converge_by "Creating new SQS queue #{fqn} in #{new_driver.aws_config.region}" do
         loop do
           begin
-            sqs.queues.create(fqn)
+            new_driver.sqs.queues.create(fqn)
             break
           rescue AWS::SQS::Errors::QueueDeletedRecently
             sleep 5
@@ -23,7 +23,7 @@ class Chef::Provider::AwsSqsQueue < Chef::Provider::AwsProvider
 
   action :delete do
     if existing_queue
-      converge_by "Deleting SQS queue #{fqn} in #{new_resource.region_name}" do
+      converge_by "Deleting SQS queue #{fqn} in #{new_driver.aws_config.region}" do
         existing_queue.delete
       end
     end
@@ -33,7 +33,7 @@ class Chef::Provider::AwsSqsQueue < Chef::Provider::AwsProvider
 
   def existing_queue
     @existing_queue ||= begin
-      sqs.queues.named(fqn)
+      new_driver.sqs.queues.named(fqn)
     rescue
       nil
     end

data/lib/chef/provider/aws_subnet.rb

@@ -7,10 +7,10 @@ class Chef::Provider::AwsSubnet < Chef::Provider::AwsProvider
     fail "Can't create a Subnet without a CIDR block" if new_resource.cidr_block.nil?
 
     if existing_subnet == nil
-      converge_by "Creating new Subnet #{fqn} in VPC #{new_resource.vpc} in #{new_resource.region_name}" do
+      converge_by "Creating new Subnet #{fqn} in VPC #{new_resource.vpc} in #{new_driver.aws_config.region}" do
         opts = { :vpc => vpc_id }
         opts[:availability_zone] = new_resource.availability_zone if new_resource.availability_zone
-        subnet = ec2.subnets.create(new_resource.cidr_block, opts)
+        subnet = new_driver.ec2.subnets.create(new_resource.cidr_block, opts)
         subnet.tags['Name'] = new_resource.name
         subnet.tags['VPC'] = new_resource.vpc
         new_resource.subnet_id subnet.id
@@ -21,7 +21,7 @@ class Chef::Provider::AwsSubnet < Chef::Provider::AwsProvider
 
   action :delete do
     if existing_subnet
-      converge_by "Deleting subnet #{fqn} in VPC #{new_resource.vpc} in #{new_resource.region_name}" do
+      converge_by "Deleting subnet #{fqn} in VPC #{new_resource.vpc} in #{new_driver.aws_config.region}" do
         existing_subnet.delete
       end
     end
@@ -31,7 +31,7 @@ class Chef::Provider::AwsSubnet < Chef::Provider::AwsProvider
 
   def vpc_id
     @vpc_id ||= begin
-      ec2.vpcs.with_tag('Name', new_resource.vpc).first
+      new_driver.ec2.vpcs.with_tag('Name', new_resource.vpc).first
     rescue
       nil
     end
@@ -39,7 +39,7 @@ class Chef::Provider::AwsSubnet < Chef::Provider::AwsProvider
 
   def existing_subnet
       @subnet_id ||= begin
-      ec2.subnets.with_tag('Name', new_resource.name).first
+      new_driver.ec2.subnets.with_tag('Name', new_resource.name).first
     rescue
       nil
     end

data/lib/chef/provider/aws_vpc.rb

@@ -7,9 +7,9 @@ class Chef::Provider::AwsVpc < Chef::Provider::AwsProvider
     fail "Can't create a VPC without a CIDR block" if new_resource.cidr_block.nil?
 
     if existing_vpc == nil
-      converge_by "Creating new VPC #{fqn} in #{new_resource.region_name}" do
+      converge_by "Creating new VPC #{fqn} in #{new_driver.aws_config.region}" do
         opts = { :instance_tenancy => :default}
-        vpc = ec2.vpcs.create(new_resource.cidr_block, opts)
+        vpc = new_driver.ec2.vpcs.create(new_resource.cidr_block, opts)
         vpc.tags['Name'] = new_resource.name
         new_resource.vpc_id vpc.id
         new_resource.save
@@ -19,7 +19,7 @@ class Chef::Provider::AwsVpc < Chef::Provider::AwsProvider
 
   action :delete do
     if existing_vpc
-      converge_by "Deleting VPC #{fqn} in #{new_resource.region_name}" do
+      converge_by "Deleting VPC #{fqn} in #{new_driver.aws_config.region}" do
         existing_vpc.delete
       end
     end
@@ -29,7 +29,7 @@ class Chef::Provider::AwsVpc < Chef::Provider::AwsProvider
 
   def existing_vpc
     @existing_vpc ||= begin
-      ec2.vpcs.with_tag('Name', new_resource.name).first
+      new_driver.ec2.vpcs.with_tag('Name', new_resource.name).first
     rescue
       nil
     end

data/lib/chef/provisioning/aws_driver/driver.rb

@@ -29,7 +29,7 @@ module AWSDriver
 
     include Chef::Mixin::ShellOut
 
-    attr_reader :region
+    attr_reader :aws_config
 
     # URL scheme:
     # aws:profilename:region
@@ -47,45 +47,58 @@ module AWSDriver
       region = nil if region && region.empty?
 
       credentials = profile_name ? aws_credentials[profile_name] : aws_credentials.default
-      @region = region || credentials[:region]
-      # TODO: fix credentials here
-      AWS.config(:access_key_id => credentials[:aws_access_key_id],
-                 :secret_access_key => credentials[:aws_secret_access_key],
-                 :region => @region)
+      @aws_config = AWS::Core::Configuration.new(
+        access_key_id:     credentials[:aws_access_key_id],
+        secret_access_key: credentials[:aws_secret_access_key],
+        region: region || credentials[:region]
+      )
     end
 
     def self.canonicalize_url(driver_url, config)
       [ driver_url, config ]
     end
 
-
     # Load balancer methods
     def allocate_load_balancer(action_handler, lb_spec, lb_options, machine_specs)
       lb_options ||= {}
-      if lb_options[:security_group_id]
-        security_group = ec2.security_groups[:security_group_id]
-      elsif lb_options[:security_group_name]
-        security_group = ec2.security_groups.filter('group-name', lb_options[:security_group_name])
+      if lb_options[:security_group_ids]
+        security_groups = ec2.security_groups.filter('group-id', lb_options[:security_group_ids]).to_a
+      elsif lb_options[:security_group_names]
+        security_groups = ec2.security_groups.filter('group-name', lb_options[:security_group_names]).to_a
+      else
+        security_groups = []
       end
+      security_group_ids = security_groups.map { |sg| sg.id }
 
-      availability_zones = lb_options[:availability_zones]
+      availability_zones = lb_options[:availability_zones] || []
+      subnets = lb_options[:subnets] || []
       listeners = lb_options[:listeners]
+      scheme = lb_options[:scheme]
 
       validate_listeners(listeners)
+      if !availability_zones.empty? && !subnets.empty?
+        raise "You cannot specify both `availability_zones` and `subnets`"
+      end
 
       lb_optionals = {}
-      lb_optionals[:security_groups] = [security_group] if security_group
-      lb_optionals[:availability_zones] = availability_zones if availability_zones
+      lb_optionals[:security_groups] = security_group_ids unless security_group_ids.empty?
+      lb_optionals[:availability_zones] = availability_zones unless availability_zones.empty?
+      lb_optionals[:subnets] = subnets unless subnets.empty?
       lb_optionals[:listeners] = listeners if listeners
+      lb_optionals[:scheme] = scheme if scheme
 
+      old_elb = nil
       actual_elb = load_balancer_for(lb_spec)
       if !actual_elb.exists?
         perform_action = proc { |desc, &block| action_handler.perform_action(desc, &block) }
 
-        updates = [ "Create load balancer #{lb_spec.name} in #{@region}" ]
-        updates << "  enable availability zones #{availability_zones.join(', ')}" if availability_zones && availability_zones.size > 0
+        security_group_names = security_groups.map { |sg| sg.name }.join(",")
+
+        updates = [ "Create load balancer #{lb_spec.name} in #{aws_config.region}" ]
+        updates << "  enable availability zones #{availability_zones.join(', ')}" if availability_zones.size > 0
+        updates << "  attach subnets #{subnets.join(', ')}" if subnets.size > 0
         updates << "  with listeners #{listeners.join(', ')}" if listeners && listeners.size > 0
-        updates << "  with security group #{security_group.name}" if security_group
+        updates << "  with security groups #{security_group_names}" if security_group_names
 
         action_handler.perform_action updates do
           actual_elb = elb.load_balancers.create(lb_spec.name, lb_optionals)
@@ -100,25 +113,113 @@ module AWSDriver
         # Header gets printed the first time we make an update
         perform_action = proc do |desc, &block|
           perform_action = proc { |desc, &block| action_handler.perform_action(desc, &block) }
-          action_handler.perform_action [ "Update load balancer #{lb_spec.name} in #{@region}", desc ].flatten, &block
+          action_handler.perform_action [ "Update load balancer #{lb_spec.name} in #{aws_config.region}", desc ].flatten, &block
         end
 
-        # Update availability zones
-        enable_zones = (availability_zones || []).dup
-        disable_zones = []
-        actual_elb.availability_zones.each do |availability_zone|
-          if !enable_zones.delete(availability_zone.name)
-            disable_zones << availability_zone.name
+        # TODO: refactor this whole giant method into many smaller method calls
+        # Update scheme - scheme is immutable once set, so if it is changing we need to delete the old
+        # ELB and create a new one
+        if scheme && scheme.downcase != actual_elb.scheme
+          desc = ["  updating scheme to #{scheme}"]
+          desc << "  WARN: scheme is immutable, so deleting and re-creating the ELB"
+          perform_action.call(desc) do
+            old_elb = actual_elb
+            actual_elb = elb.load_balancers.create(lb_spec.name, lb_optionals)
           end
         end
-        if enable_zones.size > 0
-          perform_action.call("  enable availability zones #{enable_zones.join(', ')}") do
-            actual_elb.availability_zones.enable(*enable_zones)
+
+        # Update security groups
+        if security_group_ids.empty?
+            Chef::Log.debug("No Security Groups specified. Load_balancer[#{actual_elb.name}] cannot have " +
+            "empty Security Groups, so assuming it only currently has the default Security Group.  No action taken.")
+        else
+          current = actual_elb.security_group_ids
+          desired = security_group_ids
+          if current != desired
+            perform_action.call("  updating security groups to #{desired.to_a}") do
+              elb.client.apply_security_groups_to_load_balancer(
+                load_balancer_name: actual_elb.name,
+                security_groups: desired.to_a
+              )
+            end
           end
         end
-        if disable_zones.size > 0
-          perform_action.call("  disable availability zones #{disable_zones.join(', ')}") do
-            actual_elb.availability_zones.disable(*disable_zones)
+
+        # A subnet always belongs to an availability zone.  When specifying a ELB spec, you can either
+        # specify subnets OR AZs but not both.  You cannot specify multiple subnets in the same AZ.
+        # You must specify at least 1 subnet or AZ.  On an update you cannot remove all subnets
+        # or AZs - it must belong to one.
+        if !availability_zones.empty? && !subnets.empty?
+          # We do this check here because there is no atomic call we can make to specify both
+          # subnets and AZs at the same time
+          raise "You cannot specify both `availability_zones` and `subnets`"
+        end
+        # Users can switch from availability zones to subnets or vice versa.  To ensure we do not
+        # unassign all (which causes an AWS error) we first add all available ones, then remove
+        # an unecessary ones
+        actual_zones_subnets = {}
+        actual_elb.subnets.each do |subnet|
+          actual_zones_subnets[subnet.id] = subnet.availability_zone.name
+        end
+
+        # Only 1 of subnet or AZ will be populated b/c of our check earlier
+        desired_subnets_zones = {}
+        availability_zones.each do |zone|
+          # If the user specifies availability zone, we find the default subnet for that
+          # AZ because this duplicates the create logic
+          zone = zone.downcase
+          filters = [
+            {:name => 'availabilityZone', :values => [zone]},
+            {:name => 'defaultForAz', :values => ['true']}
+          ]
+          default_subnet = ec2.client.describe_subnets(:filters => filters)[:subnet_set]
+          if default_subnet.size != 1
+            raise "Could not find default subnet in availability zone #{zone}"
+          end
+          default_subnet = default_subnet[0]
+          desired_subnets_zones[default_subnet[:subnet_id]] = zone
+        end
+        unless subnets.empty?
+          subnet_query = ec2.client.describe_subnets(:subnet_ids => subnets)[:subnet_set]
+          # AWS raises an error on an unknown subnet, but not an unknown AZ
+          subnet_query.each do |subnet|
+            zone = subnet[:availability_zone].downcase
+            desired_subnets_zones[subnet[:subnet_id]] = zone
+          end
+        end
+
+        # We only bother attaching subnets, because doing this automatically attaches the AZ
+        attach_subnets = desired_subnets_zones.keys - actual_zones_subnets.keys
+        unless attach_subnets.empty?
+          action = "  attach subnets #{attach_subnets.join(', ')}"
+          enable_zones = (desired_subnets_zones.map {|s,z| z if attach_subnets.include?(s)}).compact
+          action += " (availability zones #{enable_zones.join(', ')})"
+          perform_action.call(action) do
+            begin
+              elb.client.attach_load_balancer_to_subnets(
+                load_balancer_name: actual_elb.name,
+                subnets: attach_subnets
+              )
+            rescue AWS::ELB::Errors::InvalidConfigurationRequest
+              raise "You cannot currently move from 1 subnet to another in the same availability zone. " +
+                  "Amazon does not have an atomic operation which allows this.  You must create a new " +
+                  "ELB with the correct subnets and move instances into it.  Tried to attach subets " +
+                  "#{attach_subnets.join(', ')} (availability zones #{enable_zones.join(', ')}) to " +
+                  "existing ELB named #{actual_elb.name}"
+            end
+          end
+        end
+
+        detach_subnets = actual_zones_subnets.keys - desired_subnets_zones.keys
+        unless detach_subnets.empty?
+          action = "  detach subnets #{detach_subnets.join(', ')}"
+          disable_zones = (actual_zones_subnets.map {|s,z| z if detach_subnets.include?(s)}).compact
+          action += " (availability zones #{disable_zones.join(', ')})"
+          perform_action.call(action) do
+            elb.client.detach_load_balancer_from_subnets(
+              load_balancer_name: actual_elb.name,
+              subnets: detach_subnets
+            )
           end
         end
 
@@ -171,24 +272,39 @@ module AWSDriver
         end
       end
 
-      # Update instance list
-      actual_instance_ids = Set.new(actual_elb.instances.map { |i| i.instance_id })
-
-      instances_to_add = machine_specs.select { |s| !actual_instance_ids.include?(s.location['instance_id']) }
-      instance_ids_to_remove = actual_instance_ids - machine_specs.map { |s| s.location['instance_id'] }
+      # Update instance list, but only if there are machines specified
+      actual_instance_ids = actual_elb.instances.map { |i| i.instance_id }
 
-      if instances_to_add.size > 0
-        perform_action.call("  add machines #{instances_to_add.map { |s| s.name }.join(', ')}") do
-          instance_ids_to_add = instances_to_add.map { |s| s.location['instance_id'] }
-          Chef::Log.debug("Adding instances #{instance_ids_to_add.join(', ')} to load balancer #{actual_elb.name} in region #{@region}")
-          actual_elb.instances.add(instance_ids_to_add)
+      if machine_specs
+        instances_to_add = machine_specs.select { |s| !actual_instance_ids.include?(s.location['instance_id']) }
+        instance_ids_to_remove = actual_instance_ids - machine_specs.map { |s| s.location['instance_id'] }
+  
+        if instances_to_add.size > 0
+          perform_action.call("  add machines #{instances_to_add.map { |s| s.name }.join(', ')}") do
+            instance_ids_to_add = instances_to_add.map { |s| s.location['instance_id'] }
+            Chef::Log.debug("Adding instances #{instance_ids_to_add.join(', ')} to load balancer #{actual_elb.name} in region #{aws_config.region}")
+            actual_elb.instances.add(instance_ids_to_add)
+          end
+        end
+  
+        if instance_ids_to_remove.size > 0
+          perform_action.call("  remove instances #{instance_ids_to_remove}") do
+            actual_elb.instances.remove(instance_ids_to_remove)
+          end
         end
       end
 
-      if instance_ids_to_remove.size > 0
-        perform_action.call("  remove instances #{instance_ids_to_remove}") do
-          actual_elb.instances.remove(instance_ids_to_remove)
-        end
+      # We have successfully switched all our instances to the (possibly) new LB
+      # so it is safe to delete the old one.
+      unless old_elb.nil?
+        old_elb.delete
+      end
+    ensure
+      # Something went wrong before we could moved instances from the old ELB to the new one
+      # Don't delete the old ELB, but warn users there could now be 2 ELBs with the same name
+      unless old_elb.nil?
+        Chef::Log.warn("It is possible there are now 2 ELB instances - #{old_elb.id} and #{actual_elb.id}. " +
+        "Determine which is correct and manually clean up the other.")
       end
     end
 
@@ -295,7 +411,7 @@ EOD
       if actual_instance == nil || !actual_instance.exists? || actual_instance.status == :terminated
         bootstrap_options = bootstrap_options_for(action_handler, machine_spec, machine_options)
 
-        action_handler.perform_action "Create #{machine_spec.name} with AMI #{bootstrap_options[:image_id]} in #{@region}" do
+        action_handler.perform_action "Create #{machine_spec.name} with AMI #{bootstrap_options[:image_id]} in #{aws_config.region}" do
           Chef::Log.debug "Creating instance with bootstrap options #{bootstrap_options}"
 
           instance = ec2.instances.create(bootstrap_options.to_hash)
@@ -339,7 +455,7 @@ EOD
       if instance.status != :running
         wait_until_machine(action_handler, machine_spec, instance) { instance.status != :stopping }
         if instance.status == :stopped
-          action_handler.perform_action "Start #{machine_spec.name} (#{machine_spec.location['instance_id']}) in #{@region} ..." do
+          action_handler.perform_action "Start #{machine_spec.name} (#{machine_spec.location['instance_id']}) in #{aws_config.region} ..." do
             instance.start
           end
         end
@@ -364,7 +480,7 @@ EOD
       instance = instance_for(machine_spec)
       if instance && instance.exists?
         # TODO do we need to wait_until(action_handler, machine_spec, instance) { instance.status != :shutting_down } ?
-        action_handler.perform_action "Terminate #{machine_spec.name} (#{machine_spec.location['instance_id']}) in #{@region} ..." do
+        action_handler.perform_action "Terminate #{machine_spec.name} (#{machine_spec.location['instance_id']}) in #{aws_config.region} ..." do
           instance.terminate
           machine_spec.location = nil
         end
@@ -376,6 +492,30 @@ EOD
       strategy.cleanup_convergence(action_handler, machine_spec)
     end
 
+    def ec2
+      @ec2 ||= AWS::EC2.new(config: aws_config)
+    end
+
+    def elb
+      @elb ||= AWS::ELB.new(config: aws_config)
+    end
+
+    def sns
+      @sns ||= AWS::SNS.new(config: aws_config)
+    end
+
+    def sqs
+      @sqs ||= AWS::SQS.new(config: aws_config)
+    end
+
+    def s3
+      @s3 ||= AWS::S3.new(config: aws_config)
+    end
+
+    def auto_scaling
+      @auto_scaling ||= AWS::AutoScaling.new(config: aws_config)
+    end
+
     private
 
     # For creating things like AWS keypairs exclusively
@@ -397,7 +537,7 @@ EOD
 
     def bootstrap_options_for(action_handler, machine_spec, machine_options)
       bootstrap_options = (machine_options[:bootstrap_options] || {}).to_h.dup
-      image_id = bootstrap_options[:image_id] || machine_options[:image_id] || default_ami_for_region(@region)
+      image_id = bootstrap_options[:image_id] || machine_options[:image_id] || default_ami_for_region(aws_config.region)
       bootstrap_options[:image_id] = image_id
       if !bootstrap_options[:key_name]
         Chef::Log.debug('No key specified, generating a default one...')
@@ -415,14 +555,6 @@ EOD
       bootstrap_options
     end
 
-    def ec2
-      @ec2 ||= AWS.ec2
-    end
-
-    def elb
-      @elb ||= AWS::ELB.new
-    end
-
     def default_ssh_username
       'ubuntu'
     end
@@ -747,13 +879,11 @@ EOD
     def default_aws_keypair(action_handler, machine_spec)
       driver = self
       default_key_name = default_aws_keypair_name(machine_spec)
-      _region = region
       updated = @@chef_default_lock.synchronize do
         Provisioning.inline_resource(action_handler) do
           aws_key_pair default_key_name do
             driver driver
             allow_overwrite true
-            region_name _region
           end
         end
       end

data/lib/chef/provisioning/aws_driver/version.rb

@@ -1,7 +1,7 @@
 class Chef
 module Provisioning
 module AWSDriver
-  VERSION = '0.3'
+  VERSION = '0.4.0'
 end
 end
 end

data/lib/chef/resource/aws_key_pair.rb

@@ -4,15 +4,9 @@ require 'chef/resource/aws_resource'
 class Chef::Resource::AwsKeyPair < Chef::Resource::AwsResource
   self.resource_name = 'aws_key_pair'
 
-  def initialize(*args)
-    super
-    @driver = run_context.chef_provisioning.current_driver
-  end
-
   actions :create, :delete, :nothing
   default_action :create
 
-  attribute :driver
   # Private key to use as input (will be generated if it does not exist)
   attribute :private_key_path, :kind_of => String
   # Public key to use as input (will be generated if it does not exist)

data/lib/chef/resource/aws_resource.rb

@@ -1,10 +1,10 @@
 # Common AWS resource - contains metadata that all AWS resources will need
 class Chef::Resource::AwsResource < Chef::Resource::ChefDataBagResource
-  stored_attribute :region_name
+  stored_attribute :driver
 
   def initialize(*args)
     super
-    @region_name = run_context.chef_provisioning.current_data_center
+    @driver = run_context.chef_provisioning.current_driver
   end
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-provisioning-aws
 version: !ruby/object:Gem::Version
-  version: '0.3'
+  version: 0.4.0
 platform: ruby
 authors:
 - John Ewart
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-26 00:00:00.000000000 Z
+date: 2015-03-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef
@@ -136,7 +136,6 @@ files:
 - lib/chef/resource/aws_sqs_queue.rb
 - lib/chef/resource/aws_subnet.rb
 - lib/chef/resource/aws_vpc.rb
-- spec/acceptance/aws_ebs_volume/nodes/ettores-mbp.lan.json
 - spec/chef_zero_rspec_helper.rb
 - spec/spec_helper.rb
 - spec/unit/aws_driver/credentials_spec.rb
@@ -161,9 +160,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.2
 signing_key: 
 specification_version: 4
 summary: Provisioner for creating aws containers in Chef Provisioning.
 test_files: []
-has_rdoc: 

data/spec/acceptance/aws_ebs_volume/nodes/ettores-mbp.lan.json

@@ -1,3 +0,0 @@
-{
-  "name": "ettores-mbp.lan"
-}