chef-provisioning-aws 1.2.1 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +21 -8
- data/lib/chef/provider/aws_cache_cluster.rb +75 -0
- data/lib/chef/provider/aws_cache_replication_group.rb +49 -0
- data/lib/chef/provider/aws_cache_subnet_group.rb +60 -0
- data/lib/chef/provider/aws_instance.rb +4 -1
- data/lib/chef/provider/aws_key_pair.rb +1 -1
- data/lib/chef/provider/aws_network_acl.rb +131 -0
- data/lib/chef/provider/aws_security_group.rb +1 -1
- data/lib/chef/provider/aws_subnet.rb +14 -0
- data/lib/chef/provider/aws_vpc.rb +1 -0
- data/lib/chef/provisioning/aws_driver.rb +4 -0
- data/lib/chef/provisioning/aws_driver/aws_provider.rb +25 -0
- data/lib/chef/provisioning/aws_driver/aws_resource.rb +7 -2
- data/lib/chef/provisioning/aws_driver/driver.rb +59 -24
- data/lib/chef/provisioning/aws_driver/version.rb +1 -1
- data/lib/chef/resource/aws_cache_cluster.rb +37 -0
- data/lib/chef/resource/aws_cache_replication_group.rb +37 -0
- data/lib/chef/resource/aws_cache_subnet_group.rb +28 -0
- data/lib/chef/resource/aws_network_acl.rb +61 -0
- data/lib/chef/resource/aws_subnet.rb +9 -0
- data/spec/aws_support.rb +4 -1
- data/spec/aws_support/matchers/match_an_aws_object.rb +58 -0
- data/spec/integration/aws_cache_subnet_group_spec.rb +32 -0
- data/spec/integration/aws_key_pair_spec.rb +2 -2
- data/spec/integration/aws_network_acl_spec.rb +107 -0
- data/spec/integration/aws_security_group_spec.rb +16 -0
- data/spec/integration/aws_subnet_spec.rb +8 -11
- data/spec/integration/aws_tagged_items_spec.rb +1 -1
- data/spec/integration/aws_vpc_spec.rb +16 -0
- metadata +27 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 77fad1ecfeeb4dabe26c39612eb4c1bde17b8e1a
|
4
|
+
data.tar.gz: 643e9aa5dd7a32eff6c87e5882aeccfc72c971d4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 274e85302ec8c237728a247f79da29e3a7550ba1a8209fbd26e36fd5fe48f3043fe11cc62f393460790d61b77a78049048febc58bc64783c41ff057d80fd8bf2
|
7
|
+
data.tar.gz: 71cfa5429bec399ce37837713521e3653c8d0f4b10f30f2a726b48327fa40e774255b580e932e986cf0e870d7c532340cce360958ca36e6c3ff491866e00cb28
|
data/README.md
CHANGED
@@ -2,11 +2,22 @@
|
|
2
2
|
|
3
3
|
This README is a work in progress. Please add to it!
|
4
4
|
|
5
|
+
# Prerequesites
|
6
|
+
|
7
|
+
## Credentials
|
8
|
+
|
9
|
+
AWS credentials should be specified in your `~/.aws/credentials` file as documented [here](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files). We support the use of profiles as well. If you do not specify a profile then we use the `default` profile.
|
10
|
+
|
11
|
+
You can specify a profile as the middle section of the semi-colon seperated driver url. For example, a driver url of `aws:staging:us-east-1` would use the profile `staging`.
|
12
|
+
|
5
13
|
# Resources
|
6
14
|
|
7
15
|
TODO: List out weird/unique things about resources here. We don't need to document every resource
|
8
16
|
because users can look at the resource model.
|
9
17
|
|
18
|
+
TODO: document `aws_object` and `get_aws_object` and how you can get the aws object for a base
|
19
|
+
chef-provisioning resource like machine or load_balancer
|
20
|
+
|
10
21
|
## aws_vpc
|
11
22
|
|
12
23
|
If you specify `internet_gateway true` the VPC will create and manage its own internet gateway.
|
@@ -170,12 +181,14 @@ machine_image 'my_image' do
|
|
170
181
|
end
|
171
182
|
|
172
183
|
ruby_block "look up machine_image object" do
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
184
|
+
block do
|
185
|
+
aws_object = Chef::Resource::AwsImage.get_aws_object(
|
186
|
+
'my_image',
|
187
|
+
run_context: run_context,
|
188
|
+
driver: run_context.chef_provisioning.current_driver,
|
189
|
+
managed_entry_store: Chef::Provisioning.chef_managed_entry_store(run_context.cheffish.current_chef_server)
|
190
|
+
)
|
191
|
+
end
|
179
192
|
end
|
180
193
|
```
|
181
194
|
|
@@ -188,10 +201,10 @@ available using a `lazy` attribute modifier or in a `ruby_block`.
|
|
188
201
|
|
189
202
|
# Running Integration Tests
|
190
203
|
|
191
|
-
To run the integration tests execute `bundle exec
|
204
|
+
To run the integration tests execute `bundle exec rspec`. If you have not set it up,
|
192
205
|
you should see an error message about a missing environment variable `AWS_TEST_DRIVER`. You can add
|
193
206
|
this as a normal environment variable or set it for a single run with `AWS_TEST_DRIVER=aws::eu-west-1
|
194
|
-
bundle exec
|
207
|
+
bundle exec rspec`. The format should match what `with_driver` expects.
|
195
208
|
|
196
209
|
You will also need to have configured your `~/.aws/config` or environment variables with your
|
197
210
|
AWS credentials.
|
@@ -0,0 +1,75 @@
|
|
1
|
+
require 'chef/provisioning/aws_driver/aws_provider'
|
2
|
+
|
3
|
+
class Chef::Provider::AwsCacheCluster < Chef::Provisioning::AWSDriver::AWSProvider
|
4
|
+
|
5
|
+
protected
|
6
|
+
|
7
|
+
def create_aws_object
|
8
|
+
converge_by "create new Elasticache Cluster #{new_resource.name} in #{region}" do
|
9
|
+
driver.create_cache_cluster(desired_options)
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
def update_aws_object(cache_cluster)
|
14
|
+
if update_required?(cache_cluster)
|
15
|
+
converge_by "update Elasticache Cluster #{new_resource.name} in #{region}" do
|
16
|
+
driver.modify_cache_cluster(
|
17
|
+
updatable_options(desired_options).merge(
|
18
|
+
cache_cluster_id: cache_cluster[:cache_cluster_id]
|
19
|
+
)
|
20
|
+
)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
def destroy_aws_object(cache_cluster)
|
26
|
+
converge_by "delete Elasticache Cluster #{new_resource.name} in #{region}" do
|
27
|
+
driver.delete_cache_cluster(
|
28
|
+
cache_cluster_id: cache_cluster[:cache_cluster_id]
|
29
|
+
)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
private
|
34
|
+
|
35
|
+
def driver
|
36
|
+
new_resource.driver.elasticache
|
37
|
+
end
|
38
|
+
|
39
|
+
def desired_options
|
40
|
+
@desired_options ||= begin
|
41
|
+
options = {}
|
42
|
+
options[:cache_cluster_id] = new_resource.cluster_name
|
43
|
+
options[:num_cache_nodes] = new_resource.number_nodes
|
44
|
+
options[:cache_node_type] = new_resource.node_type
|
45
|
+
options[:engine] = new_resource.engine
|
46
|
+
options[:az_mode] = new_resource.az_mode if new_resource.az_mode
|
47
|
+
options[:preferred_availability_zone] =
|
48
|
+
new_resource.preferred_availability_zone if new_resource.preferred_availability_zone
|
49
|
+
options[:preferred_availability_zones] =
|
50
|
+
new_resource.preferred_availability_zones if new_resource.preferred_availability_zones
|
51
|
+
options[:engine_version] = new_resource.engine_version
|
52
|
+
options[:cache_subnet_group_name] =
|
53
|
+
new_resource.subnet_group_name if new_resource.subnet_group_name
|
54
|
+
options[:security_group_ids] = new_resource.security_groups
|
55
|
+
AWSResource.lookup_options(options, resource: new_resource)
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
def updatable_options(options)
|
60
|
+
updatable = [:security_groups, :num_cache_nodes, :engine_version]
|
61
|
+
options.delete_if { |option, _value| !updatable.include?(option) }
|
62
|
+
end
|
63
|
+
|
64
|
+
def update_required?(cache_cluster)
|
65
|
+
current_sg_ids = cache_cluster[:security_groups].map { |sg| sg[:security_group_id] }.sort
|
66
|
+
|
67
|
+
if desired_options[:security_group_ids].sort != current_sg_ids ||
|
68
|
+
desired_options[:num_cache_nodes] != cache_cluster[:num_cache_nodes] ||
|
69
|
+
desired_options[:engine_version] != cache_cluster[:engine_version]
|
70
|
+
true
|
71
|
+
else
|
72
|
+
false
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
require 'chef/provisioning/aws_driver/aws_provider'
|
2
|
+
|
3
|
+
class Chef::Provider::AwsCacheReplicationGroup < Chef::Provisioning::AWSDriver::AWSProvider
|
4
|
+
|
5
|
+
protected
|
6
|
+
|
7
|
+
def create_aws_object
|
8
|
+
converge_by "create new Elasticache Replication Group #{new_resource.name} in #{region}" do
|
9
|
+
driver.create_replication_group(desired_options)
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
def update_aws_object(cache_replication_group)
|
14
|
+
Chef::Log.warn('Updating Elasticache Replication Groups is currently unsupported')
|
15
|
+
end
|
16
|
+
|
17
|
+
def destroy_aws_object(cache_replication_group)
|
18
|
+
converge_by "delete Elasticache Replication group #{new_resource.name} in #{region}" do
|
19
|
+
driver.delete_replication_group(
|
20
|
+
replication_group_id: cache_replication_group[:replication_group_id]
|
21
|
+
)
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
private
|
26
|
+
|
27
|
+
def driver
|
28
|
+
new_resource.driver.elasticache
|
29
|
+
end
|
30
|
+
|
31
|
+
def desired_options
|
32
|
+
@desired_options ||= begin
|
33
|
+
options = {}
|
34
|
+
options[:replication_group_id] = new_resource.group_name
|
35
|
+
options[:replication_group_description] = new_resource.description
|
36
|
+
options[:automatic_failover_enabled] = new_resource.automatic_failover
|
37
|
+
options[:num_cache_clusters] = new_resource.number_cache_clusters
|
38
|
+
options[:cache_node_type] = new_resource.node_type
|
39
|
+
options[:engine] = new_resource.engine
|
40
|
+
options[:engine_version] = new_resource.engine_version
|
41
|
+
options[:preferred_cache_cluster_a_zs] =
|
42
|
+
new_resource.preferred_availability_zones if new_resource.preferred_availability_zones
|
43
|
+
options[:cache_subnet_group_name] =
|
44
|
+
new_resource.subnet_group_name if new_resource.subnet_group_name
|
45
|
+
options[:security_group_ids] = new_resource.security_groups
|
46
|
+
AWSResource.lookup_options(options, resource: new_resource)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
require 'chef/provisioning/aws_driver/aws_provider'
|
2
|
+
|
3
|
+
class Chef::Provider::AwsCacheSubnetGroup < Chef::Provisioning::AWSDriver::AWSProvider
|
4
|
+
|
5
|
+
protected
|
6
|
+
|
7
|
+
def create_aws_object
|
8
|
+
converge_by "create new Elasticache Subnet Group #{new_resource.name} in #{region}" do
|
9
|
+
driver.create_cache_subnet_group(desired_options)
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
def update_aws_object(cache_subnet_group)
|
14
|
+
if update_required?(cache_subnet_group)
|
15
|
+
converge_by "update Elasticache Subnet Group #{new_resource.name} in #{region}" do
|
16
|
+
driver.modify_cache_subnet_group(desired_options)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
def destroy_aws_object(cache_subnet_group)
|
22
|
+
converge_by "delete Elasticache Subnet Group #{new_resource.name} in #{region}" do
|
23
|
+
driver.delete_cache_subnet_group(
|
24
|
+
cache_subnet_group_name: cache_subnet_group[:cache_subnet_group_name]
|
25
|
+
)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
private
|
30
|
+
|
31
|
+
def driver
|
32
|
+
new_resource.driver.elasticache
|
33
|
+
end
|
34
|
+
|
35
|
+
def update_cache_subnet_group
|
36
|
+
new_resource.driver.elasticache.modify_cache_subnet_group(desired_options)
|
37
|
+
end
|
38
|
+
|
39
|
+
def desired_options
|
40
|
+
@desired_options ||= begin
|
41
|
+
options = {}
|
42
|
+
options[:cache_subnet_group_name] = new_resource.group_name
|
43
|
+
options[:cache_subnet_group_description] = new_resource.description
|
44
|
+
options[:subnet_ids] = new_resource.subnets
|
45
|
+
AWSResource.lookup_options(options, resource: new_resource)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def update_required?(cache_subnet_group)
|
50
|
+
current_subnet_ids = cache_subnet_group[:subnets]
|
51
|
+
.map { |subnet| subnet[:subnet_identifier] }.sort
|
52
|
+
current_description = cache_subnet_group[:cache_subnet_group_description]
|
53
|
+
if new_resource.description != current_description ||
|
54
|
+
desired_options[:subnet_ids].sort != current_subnet_ids
|
55
|
+
true
|
56
|
+
else
|
57
|
+
false
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
@@ -6,7 +6,10 @@ class Chef::Provider::AwsInstance < Chef::Provisioning::AWSDriver::AWSProvider
|
|
6
6
|
def update_aws_object(instance); end
|
7
7
|
|
8
8
|
def destroy_aws_object(instance)
|
9
|
-
|
9
|
+
message = "delete instance #{new_resource}"
|
10
|
+
message += " in VPC #{instance.vpc.id}" unless instance.vpc.nil?
|
11
|
+
message += " in #{region}"
|
12
|
+
converge_by message do
|
10
13
|
instance.delete
|
11
14
|
end
|
12
15
|
converge_by "waited until instance #{new_resource} is :terminated" do
|
@@ -168,7 +168,7 @@ class Chef::Provider::AwsKeyPair < Chef::Provisioning::AWSDriver::AWSProvider
|
|
168
168
|
|
169
169
|
current_key_pair = new_resource.aws_object
|
170
170
|
if current_key_pair
|
171
|
-
@current_fingerprint = current_key_pair
|
171
|
+
@current_fingerprint = current_key_pair.fingerprint
|
172
172
|
else
|
173
173
|
current_resource.action :destroy
|
174
174
|
end
|
@@ -0,0 +1,131 @@
|
|
1
|
+
require 'chef/provisioning/aws_driver/aws_provider'
|
2
|
+
require 'chef/resource/aws_vpc'
|
3
|
+
require 'retryable'
|
4
|
+
|
5
|
+
class Chef::Provider::AwsNetworkAcl < Chef::Provisioning::AWSDriver::AWSProvider
|
6
|
+
def action_create
|
7
|
+
network_acl = super
|
8
|
+
|
9
|
+
apply_rules(network_acl)
|
10
|
+
end
|
11
|
+
|
12
|
+
protected
|
13
|
+
|
14
|
+
def create_aws_object
|
15
|
+
converge_by "create new Network ACL #{new_resource.name} in #{region}" do
|
16
|
+
options = {}
|
17
|
+
options[:vpc] = new_resource.vpc if new_resource.vpc
|
18
|
+
options = AWSResource.lookup_options(options, resource: new_resource)
|
19
|
+
|
20
|
+
Chef::Log.debug("VPC: #{options[:vpc]}")
|
21
|
+
|
22
|
+
network_acl = new_resource.driver.ec2.network_acls.create(options)
|
23
|
+
Retryable.retryable(:tries => 15, :sleep => 1, :on => AWS::EC2::Errors::InvalidNetworkAclID::NotFound) do
|
24
|
+
network_acl.tags['Name'] = new_resource.name
|
25
|
+
end
|
26
|
+
network_acl
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def update_aws_object(network_acl)
|
31
|
+
if !new_resource.vpc.nil?
|
32
|
+
desired_vpc = Chef::Resource::AwsVpc.get_aws_object_id(new_resource.vpc, resource: new_resource)
|
33
|
+
if desired_vpc != network_acl.vpc_id
|
34
|
+
raise "Network ACL VPC cannot be changed after being created! Desired VPC for #{new_resource.to_s} was #{new_resource.vpc} (#{desired_vpc}) and actual VPC is #{network_acl.vpc_id}"
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def destroy_aws_object(network_acl)
|
40
|
+
# TODO if purging, do we need to destory the linked subnets?
|
41
|
+
converge_by "delete #{new_resource.to_s} in #{region}" do
|
42
|
+
network_acl.delete
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
private
|
47
|
+
|
48
|
+
def apply_rules(network_acl)
|
49
|
+
current_rules = network_acl.entries.map { |entry| entry_to_hash(entry) }
|
50
|
+
inbound_rules = new_resource.inbound_rules
|
51
|
+
outbound_rules = new_resource.outbound_rules
|
52
|
+
# AWS requires a deny all rule at the end. Delete here so we don't
|
53
|
+
# try to compare.
|
54
|
+
current_rules.delete_if { |rule| rule[:rule_number] == 32767 }
|
55
|
+
|
56
|
+
current_inbound_rules = current_rules.select { |rule| rule[:egress] == false }
|
57
|
+
# If inbound_rules is nil, leave rules alone. If empty array, delete all.
|
58
|
+
if inbound_rules
|
59
|
+
desired_inbound_rules = inbound_rules.map { |rule| rule[:egress] = false; rule }
|
60
|
+
compare_and_apply_rules(network_acl, :ingress, current_inbound_rules, desired_inbound_rules)
|
61
|
+
end
|
62
|
+
|
63
|
+
current_outbound_rules = current_rules.select { |rule| rule[:egress] == true }
|
64
|
+
if outbound_rules
|
65
|
+
desired_outbound_rules = outbound_rules.map { |rule| rule[:egress] = true; rule }
|
66
|
+
compare_and_apply_rules(network_acl, :egress, current_outbound_rules, desired_outbound_rules)
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
def compare_and_apply_rules(network_acl, direction, current_rules, desired_rules)
|
71
|
+
replace_rules = []
|
72
|
+
|
73
|
+
# Get the desired rules in a comparable state
|
74
|
+
desired_rules.clone.each do |desired_rule|
|
75
|
+
matching_rule = current_rules.select { |r| r[:rule_number] == desired_rule[:rule_number]}.first
|
76
|
+
if matching_rule
|
77
|
+
# Anything unhandled will be removed
|
78
|
+
current_rules.delete(matching_rule)
|
79
|
+
# Anything unhandled will be added
|
80
|
+
desired_rules.delete(desired_rule)
|
81
|
+
|
82
|
+
if matching_rule.merge(desired_rule) != matching_rule
|
83
|
+
# Replace anything with a matching rule number but different attributes
|
84
|
+
replace_rules << desired_rule
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
unless replace_rules.empty? && desired_rules.empty? && current_rules.empty?
|
90
|
+
action_handler.report_progress "update Network ACL #{new_resource.name} #{direction.to_s} rules"
|
91
|
+
replace_rules(network_acl, replace_rules)
|
92
|
+
add_rules(network_acl, desired_rules)
|
93
|
+
remove_rules(network_acl, current_rules)
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
def replace_rules(network_acl, rules)
|
98
|
+
rules.each do |rule|
|
99
|
+
action_handler.report_progress " update #{rule_direction(rule)} rule #{rule[:rule_number]}"
|
100
|
+
network_acl.replace_entry(rule)
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
104
|
+
def add_rules(network_acl, rules)
|
105
|
+
rules.each do |rule|
|
106
|
+
action_handler.report_progress " add #{rule_direction(rule)} rule #{rule[:rule_number]}"
|
107
|
+
network_acl.create_entry(rule)
|
108
|
+
end
|
109
|
+
end
|
110
|
+
|
111
|
+
def remove_rules(network_acl, rules)
|
112
|
+
rules.each do |rule|
|
113
|
+
action_handler.report_progress " remove #{rule_direction(rule)} rule #{rule[:rule_number]}"
|
114
|
+
network_acl.delete_entry(rule_direction(rule).to_sym, rule[:rule_number])
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
118
|
+
def rule_direction(rule)
|
119
|
+
rule[:egress] == true ? 'egress' : 'ingress'
|
120
|
+
end
|
121
|
+
|
122
|
+
def entry_to_hash(entry)
|
123
|
+
options = [
|
124
|
+
:rule_number, :action, :protocol, :cidr_block, :egress,
|
125
|
+
:port_range, :icmp_code, :icmp_type
|
126
|
+
]
|
127
|
+
entry_hash = {}
|
128
|
+
options.each { |option| entry_hash.merge!(option => entry.send(option.to_sym)) }
|
129
|
+
entry_hash
|
130
|
+
end
|
131
|
+
end
|
@@ -148,7 +148,7 @@ class Chef::Provider::AwsSecurityGroup < Chef::Provisioning::AWSDriver::AWSProvi
|
|
148
148
|
actual_rules = {}
|
149
149
|
actual_rules_list.each do |rule|
|
150
150
|
port_range = {
|
151
|
-
port_range: rule[:from_port] ? rule[:from_port]..rule[:to_port] :
|
151
|
+
port_range: rule[:from_port] ? rule[:from_port]..rule[:to_port] : -1..-1,
|
152
152
|
protocol: rule[:ip_protocol].to_s.to_sym
|
153
153
|
}
|
154
154
|
add_rule(actual_rules, [ port_range ], rule[:groups]) if rule[:groups]
|
@@ -15,6 +15,8 @@ class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
|
|
15
15
|
if new_resource.route_table != nil
|
16
16
|
update_route_table(subnet)
|
17
17
|
end
|
18
|
+
|
19
|
+
update_network_acl(subnet)
|
18
20
|
end
|
19
21
|
|
20
22
|
protected
|
@@ -124,4 +126,16 @@ class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
|
|
124
126
|
end
|
125
127
|
end
|
126
128
|
end
|
129
|
+
|
130
|
+
def update_network_acl(subnet)
|
131
|
+
if new_resource.network_acl
|
132
|
+
network_acl_id =
|
133
|
+
AWSResource.lookup_options({ network_acl: new_resource.network_acl }, resource: new_resource)[:network_acl]
|
134
|
+
if subnet.network_acl.id != network_acl_id
|
135
|
+
converge_by "update network acl of subnet #{new_resource.name} to #{new_resource.network_acl}" do
|
136
|
+
subnet.network_acl = network_acl_id
|
137
|
+
end
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|
127
141
|
end
|