chef-provisioning-aws 1.4.0 → 1.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 19f4ffce05e2b12c1256593ed8132affc94376f8
-  data.tar.gz: e606311b2689000c0e5098087d5debaff8c2997d
+  metadata.gz: e520aad6f6cafb84d380454daf8dd65285e194cd
+  data.tar.gz: b2ec1a747718d0cad0c4bdc9ca6561d1e0daeb6f
 SHA512:
-  metadata.gz: a37d0a594d564b0a6da4f84b8a4d9d6222654e7bc2ddedb68d22d830cdfea1321cfb4b3d024264e14c81a7462b1f47b3c311ebff79972deb8bba2b4558847f57
-  data.tar.gz: 8dd82f47ac3c83b52b124d75a316c1c54a348d755c2e892213cd245fdf5f5cfeabebfb67bc81eed26c9362d62ba6c4dbfa3f07a7ecf40dfcc7d00668d00aa800
+  metadata.gz: 0c3d1891e4c22d14f3b03506f39105a884dae7bc00ad7dc2ace729f5325f7fbc935b29be11631387563529b19efcad224bb0e2447b77a0365dfd5f6969cfcc1c
+  data.tar.gz: a52717acff8c3ccf2945863f616fd8fce022b11fa813b0c8ace68b737be6a797dbb8364cdd94d74884e206357ea786741c657cc1d581ec90502459e8d7e1f6b4

data/lib/chef/provisioning/aws_driver/credentials2.rb

@@ -26,7 +26,8 @@ module AWSDriver
     # Try to load the credentials from an ordered list of sources and return the first one that
     # can be loaded successfully.
     def get_credentials
-      shared_creds = ::Aws::SharedCredentials.new(:profile_name => profile_name)
+      # http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-environment
+      shared_creds = ::Aws::SharedCredentials.new(:profile_name => profile_name, :path => ENV["AWS_CONFIG_FILE"])
       instance_profile_creds = ::Aws::InstanceProfileCredentials.new(:retries => 1)
 
       if ENV["AWS_ACCESS_KEY_ID"] && ENV["AWS_SECRET_ACCESS_KEY"]

data/lib/chef/provisioning/aws_driver/driver.rb

@@ -24,10 +24,11 @@ require 'aws-sdk-v1'
 require 'aws-sdk'
 require 'retryable'
 require 'ubuntu_ami'
+require 'base64'
 
 # loads the entire aws-sdk
 AWS.eager_autoload!
-AWS_V2_SERVICES = {"EC2" => "ec2", "S3" => "s3", "ElasticLoadBalancing" => "elb"}
+AWS_V2_SERVICES = {"EC2" => "ec2", "S3" => "s3", "ElasticLoadBalancing" => "elb", "IAM" => "iam"}
 Aws.eager_autoload!(:services => AWS_V2_SERVICES.keys)
 
 # Need to load the resources after the SDK because `aws_sdk_types` can mess
@@ -691,19 +692,65 @@ EOD
       bootstrap_options[:instance_type] ||= default_instance_type
       image_id = machine_options[:from_image] || bootstrap_options[:image_id] || machine_options[:image_id] || default_ami_for_region(aws_config.region)
       bootstrap_options[:image_id] = image_id
+      bootstrap_options.delete(:key_path)
       if !bootstrap_options[:key_name]
         Chef::Log.debug('No key specified, generating a default one...')
         bootstrap_options[:key_name] = default_aws_keypair(action_handler, machine_spec)
       end
+      if bootstrap_options[:iam_instance_profile] && bootstrap_options[:iam_instance_profile].is_a?(String)
+        bootstrap_options[:iam_instance_profile] = {name: bootstrap_options[:iam_instance_profile]}
+      end
+      if bootstrap_options[:user_data]
+        bootstrap_options[:user_data] = Base64.encode64(bootstrap_options[:user_data])
+      end
 
-      if machine_options[:is_windows]
-        Chef::Log.debug "Setting WinRM userdata..."
-        bootstrap_options[:user_data] = user_data if bootstrap_options[:user_data].nil?
-      else
-        Chef::Log.debug "Non-windows, not setting userdata"
+      # V1 -> V2 backwards compatability support
+      unless bootstrap_options.fetch(:monitoring_enabled, nil).nil?
+        bootstrap_options[:monitoring] = {enabled: bootstrap_options.delete(:monitoring_enabled)}
+      end
+      placement = {}
+      if bootstrap_options[:availability_zone]
+        placement[:availability_zone] = bootstrap_options.delete(:availability_zone)
+      end
+      if bootstrap_options[:placement_group]
+        placement[:group_name] = bootstrap_options.delete(:placement_group)
+      end
+      unless bootstrap_options.fetch(:dedicated_tenancy, nil).nil?
+        placement[:tenancy] = bootstrap_options.delete(:dedicated_tenancy) ? "dedicated" : "default"
+      end
+      unless placement.empty?
+        bootstrap_options[:placement] = placement
+      end
+      if bootstrap_options[:subnet]
+        bootstrap_options[:subnet_id] = bootstrap_options.delete(:subnet)
       end
 
       bootstrap_options = AWSResource.lookup_options(bootstrap_options, managed_entry_store: machine_spec.managed_entry_store, driver: self)
+
+      # In the migration from V1 to V2 we still support associate_public_ip_address at the top level
+      # we do this after the lookup because we have to copy any present subnets, etc. into the
+      # network interfaces block
+      unless bootstrap_options.fetch(:associate_public_ip_address, nil).nil?
+        if bootstrap_options[:network_interfaces]
+          raise "If you specify network_interfaces you must specify associate_public_ip_address in that list"
+        end
+        network_interface = {
+          :device_index => 0,
+          :associate_public_ip_address => bootstrap_options.delete(:associate_public_ip_address),
+          :delete_on_termination => true
+        }
+        if bootstrap_options[:subnet_id]
+          network_interface[:subnet_id] = bootstrap_options.delete(:subnet_id)
+        end
+        if bootstrap_options[:private_ip_address]
+          network_interface[:private_ip_address] = bootstrap_options.delete(:private_ip_address)
+        end
+        if bootstrap_options[:security_group_ids]
+          network_interface[:groups] = bootstrap_options.delete(:security_group_ids)
+        end
+        bootstrap_options[:network_interfaces] = [network_interface]
+      end
+
       Chef::Log.debug "AWS Bootstrap options: #{bootstrap_options.inspect}"
       bootstrap_options
     end

data/lib/chef/provisioning/aws_driver/version.rb

@@ -1,7 +1,7 @@
 class Chef
 module Provisioning
 module AWSDriver
-  VERSION = '1.4.0'
+  VERSION = '1.4.1'
 end
 end
 end

data/lib/chef/resource/aws_network_interface.rb

@@ -5,7 +5,7 @@ require 'chef/resource/aws_eip_address'
 class Chef::Resource::AwsNetworkInterface < Chef::Provisioning::AWSDriver::AWSResourceWithEntry
   include Chef::Provisioning::AWSDriver::AWSTaggable
 
-  aws_sdk_type AWS::EC2::NetworkInterface
+  aws_sdk_type AWS::EC2::NetworkInterface, option_names: []
 
   attribute :name,                   kind_of: String, name_attribute: true
 

data/lib/chef/resource/aws_subnet.rb

@@ -16,7 +16,7 @@ require 'chef/provisioning/aws_driver/aws_resource_with_entry'
 class Chef::Resource::AwsSubnet < Chef::Provisioning::AWSDriver::AWSResourceWithEntry
   include Chef::Provisioning::AWSDriver::AWSTaggable
 
-  aws_sdk_type AWS::EC2::Subnet
+  aws_sdk_type AWS::EC2::Subnet, :id => :id
 
   require 'chef/resource/aws_vpc'
   require 'chef/resource/aws_network_acl'

data/spec/integration/machine_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'openssl'
 
 describe Chef::Resource::Machine do
   extend AWSSupport
@@ -53,6 +54,224 @@ describe Chef::Resource::Machine do
         ).and be_idempotent
       end
 
+      it "base64 encodes the user data", :super_slow do
+        uniq = Random.rand(100)
+        expect_recipe {
+          machine "test_machine_#{uniq}" do
+            machine_options bootstrap_options: {
+              subnet_id: 'test_public_subnet',
+              key_name: 'test_key_pair',
+              user_data: 'echo \'foo\''
+            }
+            action :allocate
+          end
+        }.to create_an_aws_instance("test_machine_#{uniq}"
+        ).and be_idempotent
+        expect(
+          driver.ec2_client.describe_instance_attribute(
+            instance_id: driver.ec2_resource.instances(filters: [{name: "tag:Name", values:["test_machine_#{uniq}"]}]).first.id,
+            attribute: "userData"
+          ).user_data.value
+        ).to eq("ZWNobyAnZm9vJw==\n")
+      end
+
+      it "respects the network_interfaces block with maximum attributes", :super_slow do
+        private_ip_address_start = Random.rand(30)+10
+        expect_recipe {
+          machine "test_machine" do
+            machine_options bootstrap_options: {
+              key_name: 'test_key_pair',
+              instance_type: 'm3.medium',
+              network_interfaces: [
+                {
+                  # Cannot set associate_public_ip_address and network_interface_id
+                  # network_interface_id: "eth0",
+                  device_index: 0,
+                  subnet_id: test_public_subnet.aws_object.id,
+                  description: "network interface description",
+                  private_ip_address: "10.0.0.#{private_ip_address_start}",
+                  delete_on_termination: true,
+                  groups: [test_security_group.aws_object.id],
+                  private_ip_addresses: [
+                    {
+                      private_ip_address: "10.0.0.#{private_ip_address_start+1}",
+                      primary: false
+                    },
+                    {
+                      private_ip_address: "10.0.0.#{private_ip_address_start+2}",
+                      primary: false
+                    }
+                  ],
+                  # cannot specify both `private_ip_addresses` and `secondary_private_ip_address_count`
+                  #secondary_private_ip_address_count: 2,
+                  associate_public_ip_address: true
+                }
+              ]
+            }
+            action :ready
+          end
+        }.to create_an_aws_instance("test_machine",
+          network_interfaces: [{
+            network_interface_id: /^eni-/,
+            subnet_id: test_public_subnet.aws_object.id,
+            vpc_id: test_vpc.aws_object.id,
+            description: "network interface description",
+            status: "in-use",
+            private_ip_address: "10.0.0.#{private_ip_address_start}",
+            groups: [{group_name: 'test_security_group'}],
+            attachment: {
+              device_index: 0,
+              delete_on_termination: true,
+              status: "attached"
+            },
+            private_ip_addresses: [
+              {
+                private_ip_address: "10.0.0.#{private_ip_address_start}",
+                primary: true,
+                # the action must be :ready to give the public ip time to be assigned
+                association: {
+                  public_ip: /\d+/
+                }
+              },
+              {
+                private_ip_address: "10.0.0.#{private_ip_address_start+1}",
+                primary: false
+              },
+              {
+                private_ip_address: "10.0.0.#{private_ip_address_start+2}",
+                primary: false
+              }
+            ]
+          }]
+        ).and be_idempotent
+      end
+
+      it "converts associate_public_ip_address at the top level to the network interface", :super_slow do
+        private_ip_address_start = Random.rand(30)+10
+        expect_recipe {
+          machine "test_machine" do
+            machine_options bootstrap_options: {
+              key_name: 'test_key_pair',
+              instance_type: 'm3.medium',
+              associate_public_ip_address: true,
+              subnet_id: test_public_subnet.aws_object.id,
+              security_group_ids: [test_security_group.aws_object.id],
+              private_ip_address: "10.0.0.#{private_ip_address_start}"
+            }
+            action :ready
+          end
+        }.to create_an_aws_instance("test_machine",
+          network_interfaces: [{
+            network_interface_id: /^eni-/,
+            subnet_id: test_public_subnet.aws_object.id,
+            vpc_id: test_vpc.aws_object.id,
+            status: "in-use",
+            private_ip_address: "10.0.0.#{private_ip_address_start}",
+            groups: [{group_name: 'test_security_group'}],
+            attachment: {
+              device_index: 0,
+              delete_on_termination: true,
+              status: "attached"
+            },
+            private_ip_addresses: [
+              {
+                private_ip_address: "10.0.0.#{private_ip_address_start}",
+                primary: true,
+                association: {
+                  public_ip: /\d+/
+                }
+              }
+            ]
+          }]
+        ).and be_idempotent
+      end
+
+      context "with a placement group" do
+        before(:context) {
+          driver.ec2_client.create_placement_group({
+            group_name: "agroup",
+            strategy: "cluster"
+          })
+        }
+
+        # Must do after the context so we have waited for the instance to terminate
+        after(:context) {
+          driver.ec2_client.delete_placement_group group_name: "agroup"
+        }
+
+        it "converts V1 keys to V2 keys", :super_slow do
+          expect_recipe {
+            machine "test_machine" do
+              machine_options bootstrap_options: {
+                key_name: 'test_key_pair',
+                instance_type: 'm4.large',
+                monitoring_enabled: false,
+                availability_zone: test_public_subnet.aws_object.availability_zone_name,
+                placement_group: "agroup",
+                dedicated_tenancy: false, # cannot do true, was getting API error
+                subnet: 'test_public_subnet'
+              }
+              action :allocate
+            end
+          }.to create_an_aws_instance("test_machine",
+            monitoring: {state: "disabled"},
+            placement: {
+              availability_zone: test_public_subnet.aws_object.availability_zone_name,
+              group_name: "agroup",
+              tenancy: "default",
+            },
+            subnet_id: test_public_subnet.aws_object.id
+          ).and be_idempotent
+        end
+	  end
+
+      context "with a custom iam role" do
+        # TODO when we have IAM support, use the resources
+        before(:context) do
+          assume_role_policy_document = '{"Version":"2008-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":["ec2.amazonaws.com"]},"Action":["sts:AssumeRole"]}]}'
+          driver.iam_client.create_role({
+            role_name: "machine_test_custom_role",
+            assume_role_policy_document: assume_role_policy_document
+          }).role
+          driver.iam_client.create_instance_profile({
+            instance_profile_name: "machine_test_custom_role"
+          })
+          driver.iam_client.add_role_to_instance_profile({
+            instance_profile_name: "machine_test_custom_role",
+            role_name: "machine_test_custom_role"
+          })
+          sleep 5 # grrrrrr, the resource should take care of the polling for us
+        end
+
+        after(:context) do
+          driver.iam_client.remove_role_from_instance_profile({
+            instance_profile_name: "machine_test_custom_role",
+            role_name: "machine_test_custom_role"
+          })
+          driver.iam_client.delete_instance_profile({
+            instance_profile_name: "machine_test_custom_role"
+          })
+          driver.iam_client.delete_role({
+            role_name: "machine_test_custom_role"
+          })
+        end
+
+        it "converts iam_instance_profile from a string to a hash", :super_slow do
+          expect_recipe {
+            machine 'test_machine' do
+              machine_options bootstrap_options: {
+                subnet_id: 'test_public_subnet',
+                key_name: 'test_key_pair',
+                iam_instance_profile: "machine_test_custom_role"
+              }
+              action :allocate
+            end
+          }.to create_an_aws_instance('test_machine',
+            iam_instance_profile: {arn: /machine_test_custom_role/}
+          ).and be_idempotent
+        end
+      end
+
       it "machine with from_image option is created from correct image", :super_slow do
         expect_recipe {
 
@@ -113,6 +332,48 @@ describe Chef::Resource::Machine do
           end
         }.converge }.to_not raise_error
       end
+
+      # https://github.com/chef/chef-provisioning-aws/pull/295
+      context "with a custom key" do
+        let(:private_key) {
+          k = OpenSSL::PKey::RSA.new(2048)
+          f = Pathname.new(private_key_path)
+          f.write(k.to_pem)
+          k
+        }
+        let(:public_key) {private_key.public_key}
+        let(:private_key_path) {
+          Pathname.new(ENV['HOME']).join(".ssh", key_pair_name).expand_path
+        }
+        let(:key_pair_name) { "test_key_pair_#{Random.rand(100)}" }
+
+        before do
+          driver.ec2_client.import_key_pair({
+            key_name: key_pair_name, # required
+            public_key_material: "#{public_key.ssh_type} #{[public_key.to_blob].pack('m0')}", # required
+          })
+        end
+
+        after do
+          driver.ec2_client.delete_key_pair({
+            key_name: key_pair_name, # required
+          })
+          Pathname.new(private_key_path).delete
+        end
+
+        it "strips key_path from the bootstrap options when creating the machine", :super_slow do
+          expect_recipe {
+            machine 'test_machine' do
+              machine_options bootstrap_options: {
+                key_name: key_pair_name,
+                key_path: private_key_path
+              }
+            end
+          }.to create_an_aws_instance('test_machine'
+          ).and be_idempotent
+        end
+      end
+
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-provisioning-aws
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.4.1
 platform: ruby
 authors:
 - John Ewart
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-09-16 00:00:00.000000000 Z
+date: 2015-09-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-provisioning
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.4'
 - !ruby/object:Gem::Dependency
   name: aws-sdk-v1
   requirement: !ruby/object:Gem::Requirement
@@ -233,7 +233,6 @@ files:
 - lib/chef/resource/aws_subnet.rb
 - lib/chef/resource/aws_vpc.rb
 - lib/chef/resource/aws_vpc_peering_connection.rb
-- spec/acceptance/aws_ebs_volume/nodes/ettores-mbp.lan.json
 - spec/aws_support.rb
 - spec/aws_support/aws_resource_run_wrapper.rb
 - spec/aws_support/deep_matcher.rb
@@ -290,9 +289,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.4.7
 signing_key: 
 specification_version: 4
 summary: Provisioner for creating aws containers in Chef Provisioning.
 test_files: []
-has_rdoc: 

data/spec/acceptance/aws_ebs_volume/nodes/ettores-mbp.lan.json

@@ -1,3 +0,0 @@
-{
-  "name": "ettores-mbp.lan"
-}