chef-provisioning-aws 1.5.1 → 1.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6fa67263316335a4b0a9df876a8156ee8623bd18
-  data.tar.gz: 5c09a23f932d5f566d64ba9db95254551549742a
+  metadata.gz: 0c186bb7a22b11f6bc9e02f6cc1a2545b6a9889b
+  data.tar.gz: 8d58524a6a73a86543eb3f6a62d769bf7afe5fe5
 SHA512:
-  metadata.gz: fdbebb79eaad90ed4eb4d850e45351936336f3ad885ec50e83a79fb966f7737b9bea623c40e42eaf461dfce690084cd221077f19abe3faeeade8ac228df984f6
-  data.tar.gz: 10d6a33fc7a463ffd31b0f0efb70cd32433a6814e32fe7a7187757fac2bf530fcd612e7c90866f4a77e8c7f8840a3bc717e0e40bdbd1a45e7e780d05ced668c1
+  metadata.gz: 14c2b8d978b7291fcf5cf52b81f36237df7f0d6dd6f4f2400a999d4f8298301322331444a655fd8b8cfaa5002d52abff00c5c13a608ccf6e8fa717b27e7ee7ae
+  data.tar.gz: 44f55a7e710faf8e72f1874ee3b8109fe8522d63f734a5f4f6b1598ff98089a2b8c1f8aac693aeb312320c7cd5d4fc7933eb4d011a934289d656afc943ab166b

data/Gemfile

@@ -3,6 +3,4 @@ gem "simplecov"
 gemspec
 
 #gem 'chef-provisioning', path: '../chef-provisioning'
-#gem 'chef-provisioning', github: 'chef/chef-provisioning', branch: 'master'
-#gem "pry-byebug"
-#gem "pry-stack_explorer"
+gem 'chef-provisioning', github: 'chef/chef-provisioning', branch: 'master'

data/README.md

@@ -2,7 +2,7 @@
 
 This README is a work in progress.  Please add to it!
 
-# Prerequesites
+# Prerequisites
 
 ## Credentials
 
@@ -127,10 +127,12 @@ are left that AWS can charge for.
 
 # Machine Options
 
-TODO - Finish documenting these
-
 You can pass machine options that will be used by `machine`, `machine_batch` and `machine_image` to
-configure the machine.  These are all the available options:
+configure the machine.
+
+These options are an extension of the [base options](https://github.com/chef/chef-provisioning#machine-options).  Please see that for a list of the `machine_options` shared between drivers.
+
+The full syntax available in the `bootstrap_options` hash is the hash expected by the AWS  [`create_instances`](http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Resource.html#create_instances-instance_method) method.  The options seen below in the example are the default options.
 
 ```ruby
 with_machine_options({
@@ -146,10 +148,11 @@ with_machine_options({
   },
   use_private_ip_for_ssh: false, # DEPRECATED, use `transport_address_location`
   transport_address_location: :public_ip, # `:public_ip` (default), `:private_ip` or `:dns`.  Defines how SSH or WinRM should find an address to communicate with the instance.
+  is_windows: true, # false by default
 })
 ```
 
-This options hash can be supplied to either `with_machine_options` or directly into the `machine_options`
+This options hash can be supplied to either `with_machine_options` at the recipe level or directly into the `machine_options`
 attribute.
 
 # Load Balancer Options

data/Rakefile

@@ -39,7 +39,13 @@ end
 
 desc "travis specific task - runs CI integration tests (regular and super_slow in parallel) and sets up travis specific ENV variables"
 task :travis, [:sub_task] do |t, args|
-  pattern = "load_balancer_spec.rb,machine_image_spec.rb,aws_iam_instance_profile_spec.rb" # This is a comma seperated list
+  pattern = "load_balancer_spec.rb,machine_spec.rb,aws_iam_instance_profile_spec.rb,aws_security_group_spec.rb" # This is a comma seperated list
   pattern = pattern.split(",").map {|p| "spec/integration/**/*#{p}"}.join(",")
   Rake::Task[args[:sub_task]].invoke(pattern)
 end
+
+desc "travis task for machine_image tests - these take so long to run that we only run the first test"
+RSpec::Core::RakeTask.new(:machine_image) do |spec|
+  spec.pattern = 'spec/integration/machine_image_spec.rb'
+  spec.rspec_opts = "-b -t super_slow -e 'machine_image can create an image in the VPC'"
+end

data/chef-provisioning-aws.gemspec

@@ -0,0 +1,37 @@
+$:.unshift(File.dirname(__FILE__) + '/lib')
+require 'chef/provisioning/aws_driver/version'
+
+Gem::Specification.new do |s|
+  s.name = 'chef-provisioning-aws'
+  s.version = Chef::Provisioning::AWSDriver::VERSION
+  s.platform = Gem::Platform::RUBY
+  s.extra_rdoc_files = ['README.md', 'LICENSE' ]
+  s.summary = 'Provisioner for creating aws containers in Chef Provisioning.'
+  s.description = s.summary
+  s.author = 'John Ewart'
+  s.email = 'jewart@getchef.com'
+  s.homepage = 'https://github.com/opscode/chef-provisioning-aws'
+
+  s.add_dependency 'chef-provisioning', '~> 1.4'
+
+  s.add_dependency 'aws-sdk-v1', '>= 1.59.0'
+  s.add_dependency 'aws-sdk', '~> 2.1'
+  s.add_dependency 'retryable', '~> 2.0.1'
+  s.add_dependency 'ubuntu_ami', '~> 0.4.1'
+
+  # chef-zero is only a development dependency because we leverage its RSpec support
+  s.add_development_dependency 'chef-zero', '~> 4.2'
+  s.add_development_dependency 'chef', '~> 12.4'
+  s.add_development_dependency 'rspec', '~> 3.0'
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'pry'
+  s.add_development_dependency 'pry-byebug'
+  s.add_development_dependency 'pry-stack_explorer'
+
+  s.bindir       = "bin"
+  s.executables  = %w( )
+
+  s.require_path = 'lib'
+  s.files = %w(Gemfile Rakefile LICENSE README.md) + Dir.glob("*.gemspec") +
+      Dir.glob("{distro,lib,tasks,spec}/**/*", File::FNM_DOTMATCH).reject {|f| File.directory?(f) }
+end

data/lib/chef/provider/aws_cloudsearch_domain.rb

@@ -10,6 +10,11 @@ class Chef::Provider::AwsCloudsearchDomain < Chef::Provisioning::AWSDriver::AWSP
     end
 
     update_aws_object(domain)
+
+    # TODO: since we don't support updating index fields yet,
+    # it will not be handled by update_aws_object, so we need to
+    # create the index fields here.
+    create_index_fields
   end
 
   def destroy_aws_object(domain)
@@ -121,6 +126,12 @@ class Chef::Provider::AwsCloudsearchDomain < Chef::Provisioning::AWSDriver::AWSP
     cs_client.define_index_field(domain_name: new_resource.name, index_field: field)
   end
 
+  def create_index_fields
+    new_resource.index_fields.each do |field|
+      create_index_field(field)
+    end
+  end
+
   #
   # API Query Functions
   #

data/lib/chef/provider/aws_internet_gateway.rb

@@ -52,10 +52,14 @@ class Chef::Provider::AwsInternetGateway < Chef::Provisioning::AWSDriver::AWSPro
 
   def attach_vpc(vpc, desired_gateway)
     if vpc.internet_gateway && vpc.internet_gateway != desired_gateway
+      current_driver = self.new_resource.driver
+      current_chef_server = self.new_resource.chef_server
       Cheffish.inline_resource(self, action) do
         aws_vpc vpc.id do
           cidr_block vpc.cidr_block
           internet_gateway false
+          driver current_driver
+          chef_server current_chef_server
         end
       end
     end

data/lib/chef/provider/aws_security_group.rb

@@ -93,14 +93,14 @@ class Chef::Provider::AwsSecurityGroup < Chef::Provisioning::AWSDriver::AWSProvi
 
       authorize: proc do |port_range, protocol, actors|
         names = actors.map { |a| a.is_a?(Hash) ? a[:group_id] : a }
-        converge_by "authorize #{names.join(', ')} to send traffic to group #{new_resource.name} (#{sg.id}) on port_range #{port_range} with protocol #{protocol}" do
+        converge_by "authorize #{names.join(', ')} to send traffic to group #{new_resource.name} (#{sg.id}) on port_range #{port_range.inspect} with protocol #{protocol || 'nil'}" do
           sg.authorize_ingress(protocol, port_range, *actors)
         end
       end,
 
       revoke: proc do |port_range, protocol, actors|
         names = actors.map { |a| a.is_a?(Hash) ? a[:group_id] : a }
-        converge_by "revoke the ability of #{names.join(', ')} to send traffic to group #{new_resource.name} (#{sg.id}) on port_range #{port_range} with protocol #{protocol}" do
+        converge_by "revoke the ability of #{names.join(', ')} to send traffic to group #{new_resource.name} (#{sg.id}) on port_range #{port_range.inspect} with protocol #{protocol || 'nil'}" do
           sg.revoke_ingress(protocol, port_range, *actors)
         end
       end
@@ -122,8 +122,7 @@ class Chef::Provider::AwsSecurityGroup < Chef::Provisioning::AWSDriver::AWSProvi
     when Array
       # [ { port: X, protocol: Y, sources: [ ... ]}]
       new_resource.outbound_rules.each do |rule|
-        port_ranges = get_port_ranges(rule)
-        add_rule(desired_rules, port_ranges, get_actors(vpc, rule[:destinations]))
+        add_rule(desired_rules, get_port_ranges(rule), get_actors(vpc, rule[:destinations]))
       end
 
     else
@@ -137,14 +136,14 @@ class Chef::Provider::AwsSecurityGroup < Chef::Provisioning::AWSDriver::AWSProvi
 
       authorize: proc do |port_range, protocol, actors|
         names = actors.map { |a| a.is_a?(Hash) ? a[:group_id] : a }
-        converge_by "authorize group #{new_resource.name} (#{sg.id}) to send traffic to #{names.join(', ')} on port_range #{port_range} with protocol #{protocol}" do
+        converge_by "authorize group #{new_resource.name} (#{sg.id}) to send traffic to #{names.join(', ')} on port_range #{port_range.inspect} with protocol #{protocol || 'nil'}" do
           sg.authorize_egress(*actors, ports: port_range, protocol: protocol)
         end
       end,
 
       revoke: proc do |port_range, protocol, actors|
         names = actors.map { |a| a.is_a?(Hash) ? a[:group_id] : a }
-        converge_by "revoke the ability of group #{new_resource.name} (#{sg.id}) to send traffic to #{names.join(', ')} on port_range #{port_range} with protocol #{protocol}" do
+        converge_by "revoke the ability of group #{new_resource.name} (#{sg.id}) to send traffic to #{names.join(', ')} on port_range #{port_range.inspect} with protocol #{protocol || 'nil'}" do
           sg.revoke_egress(*actors, ports: port_range, protocol: protocol)
         end
       end
@@ -203,29 +202,43 @@ class Chef::Provider::AwsSecurityGroup < Chef::Provisioning::AWSDriver::AWSProvi
     end
   end
 
+  # When protocol is unspecified (anything besides tcp, udp or icmp) then
+  # you cannot specify ports.  When specifying tcp, udp, or icmp AWS wants
+  # port_range 0..0.  -1..-1 will cause error
   def get_port_ranges(port_spec)
     case port_spec
     when Integer
+      port_spec = 0 if port_spec == -1
       [ { port_range: port_spec..port_spec, protocol: :tcp } ]
     when Range
+      port_spec = 0..0 if port_spec == (-1..-1)
       [ { port_range: port_spec, protocol: :tcp } ]
     when Array
       port_spec.map { |p| get_port_ranges(p) }.flatten
-    when :icmp
-      { port_range: port_spec, protocol: :icmp }
+    when String, Symbol
+      protocol = port_spec.to_s.downcase.to_sym
+      if protocol.to_s =~ /(any|all|-1)/i
+        [ { port_range: -1..-1, protocol: :"-1" } ]
+      else
+        [ { port_range: 0..0, protocol: protocol } ]
+      end
     when Hash
-      port_range = port_spec[:port_range] || port_spec[:ports] || port_spec[:port]
+      port_range = port_spec[:port_range] || port_spec[:ports] || port_spec[:port] || 0
       port_range = port_range..port_range if port_range.is_a?(Integer)
       if port_spec[:protocol]
-        port_range ||= -1..-1
-        [ { port_range: port_range, protocol: port_spec[:protocol].to_s.to_sym || :tcp } ]
+        protocol = port_spec[:protocol].to_s.downcase.to_sym
+        if protocol.to_s =~ /(any|all|-1)/i
+          [ { port_range: -1..-1, protocol: :"-1" } ]
+        else
+          [ { port_range: port_range, protocol: protocol } ]
+        end
       else
         get_port_ranges(port_range)
       end
       # The to_s.to_sym dance is because if you specify a protocol number, AWS symbolifies it,
       # but 26.to_sym doesn't work (so we have to to_s it first).
     when nil
-      [ { port_range: nil, protocol: :any } ]
+      [ { port_range: -1..-1, protocol: :"-1" } ]
     end
   end
 
@@ -251,7 +264,7 @@ class Chef::Provider::AwsSecurityGroup < Chef::Provisioning::AWSDriver::AWSProvi
 
       # load_balancer: <load balancer name>
       elsif actor_spec.keys == [ :load_balancer ]
-        lb = Chef::Resource::AwsLoadBalancer.get_aws_object(actor_spec.values.first, resource: new_resource)
+        lb = Chef::Resource::AwsLoadBalancer.get_aws_object(actor_spec[:load_balancer], resource: new_resource)
         get_actors(vpc, lb)
 
       # security_group: <security group name>
@@ -278,7 +291,7 @@ class Chef::Provider::AwsSecurityGroup < Chef::Provisioning::AWSDriver::AWSProvi
         IPAddr.new(actor_spec)
         # Add /32 to the end of raw IP addresses
         actor_spec =~ /\// ? actor_spec : "#{actor_spec}/32"
-      rescue
+      rescue IPAddr::InvalidAddressError
         Chef::Resource::AwsSecurityGroup.get_aws_object(actor_spec, resource: new_resource)
       end
 

data/lib/chef/provider/aws_subnet.rb

@@ -61,17 +61,28 @@ class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
     if purging
       # TODO possibly convert to http://docs.aws.amazon.com/AWSRubySDK/latest/AWS/EC2/Client.html#terminate_instances-instance_method
       p = Chef::ChefFS::Parallelizer.new(5)
+      current_driver = self.new_resource.driver
+      current_chef_server = self.new_resource.chef_server
       p.parallel_do(subnet.instances.to_a) do |instance|
         Cheffish.inline_resource(self, action) do
           aws_instance instance.id do
             action :purge
+            driver current_driver
+            chef_server current_chef_server
           end
         end
       end
       p.parallel_do(subnet.network_interfaces.to_a) do |network|
-        Cheffish.inline_resource(self, action) do
-          aws_network_interface network do
-            action :purge
+        # It is common during subnet purging for the instance to be terminated but
+        # temporarily hanging around - this causes a `The network interface at device index 0 cannot be detached`
+        # error to be raised when trying to detach
+        retry_with_backoff(AWS::EC2::Errors::OperationNotPermitted) do
+          Cheffish.inline_resource(self, action) do
+            aws_network_interface network do
+              action :purge
+              driver current_driver
+              chef_server current_chef_server
+            end
           end
         end
       end

data/lib/chef/provider/aws_vpc.rb

@@ -65,31 +65,46 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
   end
 
   def destroy_aws_object(vpc)
+    current_driver = self.new_resource.driver
+    current_chef_server = self.new_resource.chef_server
     if purging
       vpc.subnets.each do |s|
         Cheffish.inline_resource(self, action) do
           aws_subnet s do
             action :purge
+            driver current_driver
+            chef_server current_chef_server
           end
         end
       end
       # If any of the below resources start needing complicated delete logic (dependent resources needing to
       # be deleted) move that logic into `delete_aws_resource` and add the purging logic to the resource
-      vpc.network_acls.each       { |o| o.delete unless o.default? }
+      vpc.network_acls.each do |na|
+        next if na.default?
+        Cheffish.inline_resource(self, action) do
+          aws_network_acl na do
+            action :purge
+            driver current_driver
+            chef_server current_chef_server
+          end
+        end
+      end
       vpc.network_interfaces.each do |ni|
         Cheffish.inline_resource(self, action) do
           aws_network_interface ni do
             action :purge
+            driver current_driver
+            chef_server current_chef_server
           end
         end
       end
-
       vpc.security_groups.each do |sg|
-        unless sg.name == 'default'
-          Cheffish.inline_resource(self, action) do
-            aws_security_group sg do
-              action :purge
-            end
+        next if sg.name == 'default'
+        Cheffish.inline_resource(self, action) do
+          aws_security_group sg do
+            action :purge
+            driver current_driver
+            chef_server current_chef_server
           end
         end
       end
@@ -97,11 +112,12 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
       #SDK V2
       vpc_new_sdk = new_resource.driver.ec2_resource.vpc(vpc.id)
       vpc_new_sdk.route_tables.each do |rt|
-        unless rt.associations.any? { |association| association.main }
-          Cheffish.inline_resource(self, action) do
-            aws_route_table rt do
-              action :purge
-            end
+        next if rt.associations.any? { |association| association.main }
+        Cheffish.inline_resource(self, action) do
+          aws_route_table rt do
+            action :purge
+            driver current_driver
+            chef_server current_chef_server
           end
         end
       end
@@ -126,6 +142,8 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
         Cheffish.inline_resource(self, action) do
           aws_vpc_peering_connection pc_resource do
             action :purge
+            driver current_driver
+            chef_server current_chef_server
           end
         end
       end
@@ -141,6 +159,8 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
           else
             action :detach
           end
+          driver current_driver
+          chef_server current_chef_server
         end
       end
     end
@@ -179,6 +199,8 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
 
   def update_internet_gateway(vpc)
     current_ig = vpc.internet_gateway
+    current_driver = self.new_resource.driver
+    current_chef_server = self.new_resource.chef_server
     case new_resource.internet_gateway
       when String, Chef::Resource::AwsInternetGateway, AWS::EC2::InternetGateway
         new_ig = Chef::Resource::AwsInternetGateway.get_aws_object(new_resource.internet_gateway, resource: new_resource)
@@ -186,6 +208,12 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
           Cheffish.inline_resource(self, action) do
             aws_internet_gateway new_ig do
               vpc vpc.id
+              # We have to set the driver & chef server on all resources because
+              # `with_chef_driver(...) do` gets evaluated at compile-time and these
+              # resources aren't constructed until converge-time.  So the driver has
+              # been reset at this point
+              driver current_driver
+              chef_server current_chef_server
             end
           end
         elsif current_ig != new_ig
@@ -196,9 +224,13 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
               else
                 action :detach
               end
+              driver current_driver
+              chef_server current_chef_server
             end
             aws_internet_gateway new_ig do
               vpc vpc.id
+              driver current_driver
+              chef_server current_chef_server
             end
           end
         end
@@ -208,6 +240,8 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
             aws_internet_gateway "igw-managed-by-#{vpc.id}" do
               vpc vpc.id
               aws_tags 'OwnedByVPC' => vpc.id
+              driver current_driver
+              chef_server current_chef_server
             end
           end
         end
@@ -220,6 +254,8 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
               else
                 action :detach
               end
+              driver current_driver
+              chef_server current_chef_server
             end
           end
         end
@@ -250,10 +286,14 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
     # creating the VPC
     main_route_table ||= vpc.route_tables.main_route_table
     main_routes = new_resource.main_routes
+    current_driver = self.new_resource.driver
+    current_chef_server = self.new_resource.chef_server
     Cheffish.inline_resource(self, action) do
       aws_route_table main_route_table.id do
         vpc vpc
         routes main_routes
+        driver current_driver
+        chef_server current_chef_server
       end
     end
     main_route_table

data/lib/chef/provisioning/aws_driver/driver.rb

@@ -575,15 +575,28 @@ EOD
       end
 
       if instance.state.name != "running"
-        wait_until_machine(action_handler, machine_spec, "finish stopping", instance) { instance.state.name != "stopping" }
+        wait_until_machine(action_handler, machine_spec, "finish stopping", instance) { |instance| instance.state.name != "stopping" }
         if instance.state.name == "stopped"
           action_handler.perform_action "Start #{machine_spec.name} (#{machine_spec.reference['instance_id']}) in #{aws_config.region} ..." do
             instance.start
           end
         end
-        wait_until_ready_machine(action_handler, machine_spec, instance)
+        wait_until_instance_running(action_handler, machine_spec, instance)
       end
 
+      # Windows machines potentially do a bunch of extra stuff - setting hostname,
+      # sending out encrypted password, restarting instance, etc.
+      if machine_spec.reference['is_windows']
+        wait_until_machine(action_handler, machine_spec, "receive 'Windows is ready' message from the AWS console", instance) { |instance|
+          output = instance.console_output.output
+          if output.nil? || output.empty?
+            false
+          else
+            output = Base64.decode64(output)
+            output =~ /Message: Windows is Ready to use/
+          end
+        }
+      end
       wait_for_transport(action_handler, machine_spec, machine_options)
       machine_for(machine_spec, machine_options, instance)
     end
@@ -598,6 +611,19 @@ EOD
       machine_for(machine_spec, machine_spec.reference)
     end
 
+    def stop_machine(action_handler, machine_spec, machine_options)
+      instance = instance_for(machine_spec)
+      if instance && instance.exists?
+        wait_until_machine(action_handler, machine_spec, "finish coming up so we can stop it", instance) { |instance| instance.state.name != "pending" }
+        if instance.state.name == "running"
+          action_handler.perform_action "Stop #{machine_spec.name} (#{instance.id}) in #{aws_config.region} ..." do
+            instance.stop
+          end
+        end
+        wait_until_machine(action_handler, machine_spec, "stop", instance) { |instance| %w[stopped terminated].include?(instance.state.name) }
+      end
+    end
+
     def destroy_machine(action_handler, machine_spec, machine_options)
       d = self
       Provisioning.inline_resource(action_handler) do
@@ -894,15 +920,22 @@ EOD
       endpoint = "http://#{remote_host}:#{port}/wsman"
       type = :plaintext
       pem_bytes = get_private_key(instance.key_name)
-      encrypted_admin_password = wait_for_admin_password(machine_spec)
 
-      decoded = Base64.decode64(encrypted_admin_password)
-      private_key = OpenSSL::PKey::RSA.new(pem_bytes)
-      decrypted_password = private_key.private_decrypt decoded
+      # TODO plaintext password = bad
+      password = machine_spec.reference['winrm_password']
+      if password.nil? || password.empty?
+        encrypted_admin_password = instance.password_data.password_data
+        if encrypted_admin_password.nil? || encrypted_admin_password.empty?
+          raise "You did not specify winrm_password in the machine options and no encrytpted password could be fetched from the instance"
+        end
+        decoded = Base64.decode64(encrypted_admin_password)
+        private_key = OpenSSL::PKey::RSA.new(pem_bytes)
+        password = private_key.private_decrypt decoded
+      end
 
       winrm_options = {
         :user => machine_spec.reference['winrm_username'] || 'Administrator',
-        :pass => decrypted_password,
+        :pass => password,
         :disable_sspi => true,
         :basic_auth_only => true
       }
@@ -910,30 +943,6 @@ EOD
       Chef::Provisioning::Transport::WinRM.new("#{endpoint}", type, winrm_options, {})
     end
 
-    def wait_for_admin_password(machine_spec)
-      time_elapsed = 0
-      sleep_time = 10
-      max_wait_time = 900 # 15 minutes
-      encrypted_admin_password = nil
-      instance_id = machine_spec.reference['instance_id']
-
-      Chef::Log.info "waiting for #{machine_spec.name}'s admin password to be available..."
-      while time_elapsed < max_wait_time && encrypted_admin_password.nil?
-        response = ec2.client.get_password_data({ :instance_id => instance_id })
-        encrypted_admin_password = response['password_data'.to_sym]
-
-        if encrypted_admin_password.nil?
-          Chef::Log.info "#{time_elapsed}/#{max_wait_time}s elapsed -- sleeping #{sleep_time} for #{machine_spec.name}'s admin password."
-          sleep(sleep_time)
-          time_elapsed += sleep_time
-        end
-      end
-
-      Chef::Log.info "#{machine_spec.name}'s admin password is available!"
-
-      encrypted_admin_password
-    end
-
     def create_ssh_transport(machine_spec, machine_options, instance)
       ssh_options = ssh_options_for(machine_spec, machine_options, instance)
       username = machine_spec.reference['ssh_username'] || machine_options[:ssh_username] || default_ssh_username
@@ -1053,7 +1062,7 @@ EOD
       end
     end
 
-    def wait_until_ready_machine(action_handler, machine_spec, instance=nil)
+    def wait_until_instance_running(action_handler, machine_spec, instance=nil)
       wait_until_machine(action_handler, machine_spec, "be ready", instance) { |instance|
         instance.state.name == "running"
       }
@@ -1252,7 +1261,7 @@ EOD
         end
         machine_options = Cheffish::MergedConfig.new(machine_options, {:transport_address_location => :private_ip})
       end
-      %w(is_windows ssh_username sudo transport_address_location ssh_gateway).each do |key|
+      %w(is_windows winrm_username winrm_port winrm_password ssh_username sudo transport_address_location ssh_gateway).each do |key|
         machine_spec.reference[key] = machine_options[key.to_sym] if machine_options[key.to_sym]
       end
       instance

data/lib/chef/provisioning/aws_driver/version.rb

@@ -1,7 +1,7 @@
 class Chef
 module Provisioning
 module AWSDriver
-  VERSION = '1.5.1'
+  VERSION = '1.6.0'
 end
 end
 end

data/lib/chef/provisioning/driver_init/aws.rb

@@ -1,3 +1,3 @@
-require 'chef/provisioning/aws_driver/driver'
+require 'chef/provisioning/aws_driver'
 
 Chef::Provisioning.register_driver_class('aws', Chef::Provisioning::AWSDriver::Driver)

data/spec/aws_support.rb

@@ -171,7 +171,9 @@ module AWSSupport
       context.module_eval do
         after :example do
           # Close up delayed streams so they don't print out their garbage later in the run
-          delayed_streams.each { |s| s.close }
+          unless chef_config[:include_output_after_example]
+            delayed_streams.each { |s| s.close }
+          end
 
           # Destroy any objects we know got created during the test
           created_during_test.reverse_each do |resource_name, name|

data/spec/aws_support/deep_matcher/match_values_failure_messages.rb

@@ -43,9 +43,20 @@ module AWSSupport
         if ! actual_setlike.respond_to?(:to_set)
           result << "expected #{identifier || "setlike"} to be castable to a Set, but it isn't!"
         else
-          if ! actual_setlike.to_set == expected_set
-
-            result << "expected #{identifier || "setlike"} to #{description_of(expected_value)}"
+          actual_set = actual_setlike.to_set
+          expected_set.each do |expected|
+            unless actual_set.any? { |actual|
+              match_values_failure_messages(expected, actual, identifier).flatten.empty?
+            }
+              result << "- #{description_of(expected)}"
+            end
+          end
+          actual_set.each do |actual|
+            unless expected_set.any? { |expected|
+              match_values_failure_messages(expected, actual, identifier).flatten.empty?
+            }
+              result << "+ #{description_of(actual)}"
+            end
           end
         end
         result

data/spec/aws_support/matchers/create_an_aws_object.rb

@@ -8,7 +8,7 @@ module AWSSupport
       include RSpec::Matchers::Composable
       include AWSSupport::DeepMatcher
 
-      # @param custom_matcher [Block] A block with 1 argument that will be provided the aws_obect
+      # @param custom_matcher [Block] A block with 1 argument that will be provided the aws_object
       def initialize(example, resource_class, name, expected_values, custom_matcher)
         @example = example
         @resource_class = resource_class

data/spec/integration/aws_security_group_spec.rb

@@ -105,8 +105,14 @@ describe Chef::Resource::AwsSecurityGroup do
     end
 
     with_aws "in a VPC" do
-      aws_vpc 'test_vpc' do
-        cidr_block '10.0.0.0/24'
+      purge_all
+      setup_public_vpc
+
+      load_balancer "testloadbalancer" do
+        load_balancer_options({
+          subnets: ["test_public_subnet"],
+          security_groups: ["test_security_group"]
+        })
       end
 
       it "aws_security_group 'test_sg' with no attributes works" do
@@ -121,35 +127,343 @@ describe Chef::Resource::AwsSecurityGroup do
         ).and be_idempotent
       end
 
-      it "aws_security_group 'test_sg' with inbound and outbound rules works" do
+      it "can specify rules as a mapping from source/destination to port and protocol" do
         expect_recipe {
           aws_security_group 'test_sg' do
+            # We need to define a list of ports and its easier to use a method than
+            # have to add a new number when changing this test
+            def counter()
+              @ip_counter ||= 0
+              @ip_counter += 1
+            end
+
             vpc 'test_vpc'
-            inbound_rules '0.0.0.0/0' => 22
-            outbound_rules 22 => '0.0.0.0/0'
+            inbound_rules(
+              "10.0.0.#{counter}/32" => { port_range: -1..-1, protocol: -1 },
+              "10.0.0.#{counter}/32" => { port: -1, protocol: -1 },
+              "10.0.0.#{counter}/32" => { port: 1002, protocol: -1 },
+              "10.0.0.#{counter}/32" => { ports: 1003..1003, protocol: -1 },
+              "10.0.0.#{counter}/32" => { port_range: 1004..1005, protocol: -1 },
+              "10.0.0.#{counter}/32" => { port_range: [1006, 1007, 1108], protocol: -1 },
+              # If the protocol isn't `-1` and you don't specify all the ports
+              # aws wants `port_range` to be nil
+              "10.0.0.#{counter}/32" => { ports: nil, protocol: :tcp },
+              "10.0.0.#{counter}/32" => { port_range: 0..65535, protocol: :udp },
+              "10.0.0.#{counter}/32" => { port_range: -1, protocol: :icmp },
+              "10.0.0.#{counter}/32" => { port_range: 1..2, protocol: :icmp },
+              "10.0.0.#{counter}/32" => { port_range: 1011, protocol: :any },
+              "10.0.0.#{counter}/32" => { port_range: 1012, protocol: nil },
+              "10.0.0.#{counter}/32" => { port: 1013 },
+              "10.0.0.#{counter}/32" => { port: 1014..1014 },
+              "10.0.0.#{counter}/32" => { port: [1015, 1016, 1117] },
+              "10.0.0.#{counter}/32" => { port: :icmp },
+              "10.0.0.#{counter}/32" => { port: 'tCp' },
+              "10.0.0.#{counter}/32" => { port: nil },
+              "10.0.0.#{counter}/32" => { protocol: -1 },
+              "10.0.0.#{counter}/32" => { protocol: :any },
+              "10.0.0.#{counter}/32" => { protocol: 'UDP' },
+              "10.0.0.#{counter}/32" => { protocol: nil },
+              "10.0.0.#{counter}/32" => 1020,
+              "10.0.0.#{counter}/32" => 1021..1023,
+              "10.0.0.#{counter}/32" => [1024, 1025, 1125],
+              "10.0.0.#{counter}/32" => :icmp,
+              "10.0.0.#{counter}/32" => 'Icmp',
+              "10.0.0.#{counter}/32" => :tcp,
+              "10.0.0.#{counter}/32" => 'UDP',
+              "10.0.0.#{counter}/32" => nil,
+              "10.0.0.#{counter}/32" => -1,
+              "10.0.0.#{counter}/32" => :"-1",
+              ["10.0.0.#{counter}/32", "10.0.0.#{counter}/32"] => :all,
+              'test_security_group' => 1200,
+              test_security_group.aws_object.id => 1201,
+              test_security_group.aws_object => 1202,
+              test_security_group => 1203,
+              # cannot get the ID from the v1 api object
+              #testloadbalancer.aws_object.id => 1205,
+              testloadbalancer.aws_object => 1206,
+              # Cannot specify a LoadBalancer resource, only AwsLoadBalancer
+              #testloadbalancer => 1207,
+              {group_name: 'test_security_group'} => 1208,
+              {load_balancer: 'testloadbalancer'} => 1209,
+              {security_group: 'test_security_group'} => 1210,
+            )
+            outbound_rules(
+              { port_range: -1..-1, protocol: -1 } => "10.0.0.#{counter}/32",
+              { port: -1, protocol: -1 } => "10.0.0.#{counter}/32",
+              { port: 1002, protocol: -1 } => "10.0.0.#{counter}/32",
+              { ports: 1003..1003, protocol: -1 } => "10.0.0.#{counter}/32",
+              { port_range: 1004..1005, protocol: -1 } => "10.0.0.#{counter}/32",
+              { port_range: [1006, 1007, 1108], protocol: -1 } => "10.0.0.#{counter}/32",
+              # If the protocol isn't `-1` and you don't specify all the ports
+              # aws wants `port_range` to be nil{ ports: nil, protocol: :tcp } => "10.0.0.#{counter}/32",
+              { port_range: 0..65535, protocol: :udp } => "10.0.0.#{counter}/32",
+              { port_range: -1, protocol: :icmp } => "10.0.0.#{counter}/32",
+              { port_range: 1..2, protocol: :icmp } => "10.0.0.#{counter}/32",
+              { port_range: 1011, protocol: :any } => "10.0.0.#{counter}/32",
+              { port_range: 1012, protocol: nil } => "10.0.0.#{counter}/32",
+              { port: 1013 } => "10.0.0.#{counter}/32",
+              { port: 1014..1014 } => "10.0.0.#{counter}/32",
+              { port: [1015, 1016, 1117] } => "10.0.0.#{counter}/32",
+              { port: :icmp } => "10.0.0.#{counter}/32",
+              { port: 'tCp' } => "10.0.0.#{counter}/32",
+              { port: nil } => "10.0.0.#{counter}/32",
+              { protocol: -1 } => "10.0.0.#{counter}/32",
+              { protocol: :any } => "10.0.0.#{counter}/32",
+              { protocol: 'UDP' } => "10.0.0.#{counter}/32",
+              { protocol: nil } => "10.0.0.#{counter}/32",
+              1020 => "10.0.0.#{counter}/32",
+              1021..1023 => "10.0.0.#{counter}/32",
+              [1024, 1025, 1125] => "10.0.0.#{counter}/32",
+              :icmp => "10.0.0.#{counter}/32",
+              'Icmp' => "10.0.0.#{counter}/32",
+              :tcp => "10.0.0.#{counter}/32",
+              'UDP' => "10.0.0.#{counter}/32",
+              nil => "10.0.0.#{counter}/32",
+              -1 => "10.0.0.#{counter}/32",
+              :"-1" => "10.0.0.#{counter}/32",
+              :all => ["10.0.0.#{counter}/32", "10.0.0.#{counter}/32"],
+              1200 => 'test_security_group',
+              1201 => test_security_group.aws_object.id,
+              1202 => test_security_group.aws_object,
+              1203 => test_security_group,
+              # cannot get the ID from the v1 api object
+              #1205 => testloadbalancer.aws_object.id,
+              1206 => testloadbalancer.aws_object,
+              # Cannot specify a LoadBalancer resource, only AwsLoadBalancer
+              #1207 => testloadbalancer,
+              1208 => {group_name: 'test_security_group'},
+              1209 => {load_balancer: 'testloadbalancer'},
+              1210 => {security_group: 'test_security_group'},
+            )
           end
         }.to create_an_aws_security_group('test_sg',
           vpc_id: test_vpc.aws_object.id,
-          ip_permissions_list: [
-            { groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}],  ip_protocol: "tcp", from_port: 22, to_port: 22},
+          ip_permissions_list: Set[
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.1/32"}, {:cidr_ip=>"10.0.0.11/32"}, {:cidr_ip=>"10.0.0.19/32"}, {:cidr_ip=>"10.0.0.2/32"}, {:cidr_ip=>"10.0.0.20/32"}, {:cidr_ip=>"10.0.0.3/32"}, {:cidr_ip=>"10.0.0.30/32"}, {:cidr_ip=>"10.0.0.32/32"}, {:cidr_ip=>"10.0.0.33/32"}, {:cidr_ip=>"10.0.0.34/32"}, {:cidr_ip=>"10.0.0.4/32"}, {:cidr_ip=>"10.0.0.5/32"}, {:cidr_ip=>"10.0.0.6/32"}], :ip_protocol=>"-1"},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.17/32"}, {:cidr_ip=>"10.0.0.18/32"}, {:cidr_ip=>"10.0.0.22/32"}, {:cidr_ip=>"10.0.0.28/32"}, {:cidr_ip=>"10.0.0.31/32"}, {:cidr_ip=>"10.0.0.7/32"}], :ip_protocol=>"tcp", :from_port=>0, :to_port=>0},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.8/32"}], :ip_protocol=>"udp", :from_port=>0, :to_port=>65535},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.9/32"}], :ip_protocol=>"icmp", :from_port=>-1, :to_port=>-1},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.10/32"}], :ip_protocol=>"icmp", :from_port=>1, :to_port=>2},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.12/32"}], :ip_protocol=>"tcp", :from_port=>1012, :to_port=>1012},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.13/32"}], :ip_protocol=>"tcp", :from_port=>1013, :to_port=>1013},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.14/32"}], :ip_protocol=>"tcp", :from_port=>1014, :to_port=>1014},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.15/32"}], :ip_protocol=>"tcp", :from_port=>1117, :to_port=>1117},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.15/32"}], :ip_protocol=>"tcp", :from_port=>1015, :to_port=>1015},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.15/32"}], :ip_protocol=>"tcp", :from_port=>1016, :to_port=>1016},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.16/32"}, {:cidr_ip=>"10.0.0.26/32"}, {:cidr_ip=>"10.0.0.27/32"}], :ip_protocol=>"icmp", :from_port=>0, :to_port=>0},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.21/32"}, {:cidr_ip=>"10.0.0.29/32"}], :ip_protocol=>"udp", :from_port=>0, :to_port=>0},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.23/32"}], :ip_protocol=>"tcp", :from_port=>1020, :to_port=>1020},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.24/32"}], :ip_protocol=>"tcp", :from_port=>1021, :to_port=>1023},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.25/32"}], :ip_protocol=>"tcp", :from_port=>1024, :to_port=>1024},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.25/32"}], :ip_protocol=>"tcp", :from_port=>1025, :to_port=>1025},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.25/32"}], :ip_protocol=>"tcp", :from_port=>1125, :to_port=>1125},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1200, :to_port=>1200},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1201, :to_port=>1201},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1202, :to_port=>1202},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1203, :to_port=>1203},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1206, :to_port=>1206},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1208, :to_port=>1208},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1209, :to_port=>1209},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1210, :to_port=>1210}
           ],
-          ip_permissions_list_egress: [{groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}], ip_protocol: "tcp", from_port: 22, to_port: 22 }]
+          ip_permissions_list_egress: Set[
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.35/32"}, {:cidr_ip=>"10.0.0.36/32"}, {:cidr_ip=>"10.0.0.37/32"}, {:cidr_ip=>"10.0.0.38/32"}, {:cidr_ip=>"10.0.0.39/32"}, {:cidr_ip=>"10.0.0.40/32"}, {:cidr_ip=>"10.0.0.44/32"}, {:cidr_ip=>"10.0.0.52/32"}, {:cidr_ip=>"10.0.0.53/32"}, {:cidr_ip=>"10.0.0.63/32"}, {:cidr_ip=>"10.0.0.65/32"}, {:cidr_ip=>"10.0.0.66/32"}, {:cidr_ip=>"10.0.0.67/32"}], :ip_protocol=>"-1"},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.41/32"}], :ip_protocol=>"udp", :from_port=>0, :to_port=>65535},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.42/32"}], :ip_protocol=>"icmp", :from_port=>-1, :to_port=>-1},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.43/32"}], :ip_protocol=>"icmp", :from_port=>1, :to_port=>2},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.45/32"}], :ip_protocol=>"tcp", :from_port=>1012, :to_port=>1012},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.46/32"}], :ip_protocol=>"tcp", :from_port=>1013, :to_port=>1013},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.47/32"}], :ip_protocol=>"tcp", :from_port=>1014, :to_port=>1014},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.48/32"}], :ip_protocol=>"tcp", :from_port=>1015, :to_port=>1015},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.48/32"}], :ip_protocol=>"tcp", :from_port=>1016, :to_port=>1016},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.48/32"}], :ip_protocol=>"tcp", :from_port=>1117, :to_port=>1117},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.49/32"}, {:cidr_ip=>"10.0.0.59/32"}, {:cidr_ip=>"10.0.0.60/32"}], :ip_protocol=>"icmp", :from_port=>0, :to_port=>0},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.50/32"}, {:cidr_ip=>"10.0.0.51/32"}, {:cidr_ip=>"10.0.0.55/32"}, {:cidr_ip=>"10.0.0.61/32"}, {:cidr_ip=>"10.0.0.64/32"}], :ip_protocol=>"tcp", :from_port=>0, :to_port=>0},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.54/32"}, {:cidr_ip=>"10.0.0.62/32"}], :ip_protocol=>"udp", :from_port=>0, :to_port=>0},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.56/32"}], :ip_protocol=>"tcp", :from_port=>1020, :to_port=>1020},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.57/32"}], :ip_protocol=>"tcp", :from_port=>1021, :to_port=>1023},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.58/32"}], :ip_protocol=>"tcp", :from_port=>1024, :to_port=>1024},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.58/32"}], :ip_protocol=>"tcp", :from_port=>1025, :to_port=>1025},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.58/32"}], :ip_protocol=>"tcp", :from_port=>1125, :to_port=>1125},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1200, :to_port=>1200},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1201, :to_port=>1201},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1202, :to_port=>1202},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1203, :to_port=>1203},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1206, :to_port=>1206},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1208, :to_port=>1208},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1209, :to_port=>1209},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1210, :to_port=>1210}
+          ]
         ).and be_idempotent
       end
 
-      it "aws_security_group 'test_sg' with inbound and outbound rules allowing all ports works when protocol specified" do
+      it "can specify rules as a hash" do
         expect_recipe {
-        aws_security_group 'test_sg' do
-          vpc 'test_vpc'
-          inbound_rules('0.0.0.0/0' => { port_range: -1..-1, protocol: -1 })
-          outbound_rules({ port_range: -1..-1, protocol: -1 } => '0.0.0.0/0')
-        end
+          aws_security_group 'test_sg' do
+            # We need to define a list of ports and its easier to use a method than
+            # have to add a new number when changing this test
+            def counter()
+              @ip_counter ||= 0
+              @ip_counter += 1
+            end
+
+            vpc 'test_vpc'
+            inbound_rules([
+              { sources: "10.0.0.#{counter}/32", port_range: -1..-1, protocol: -1 },
+              { sources: "10.0.0.#{counter}/32", port: -1, protocol: -1 },
+              { sources: "10.0.0.#{counter}/32", port: 1002, protocol: -1 },
+              { sources: "10.0.0.#{counter}/32", ports: 1003..1003, protocol: -1 },
+              { sources: "10.0.0.#{counter}/32", port_range: 1004..1005, protocol: -1 },
+              { sources: "10.0.0.#{counter}/32", port_range: [1006, 1007, 1108], protocol: -1 },
+              # If the protocol isn't `-1` and you don't specify all the ports
+              # aws wants `port_range` to be nil
+              { sources: "10.0.0.#{counter}/32", ports: nil, protocol: :tcp },
+              { sources: "10.0.0.#{counter}/32", port_range: 0..65535, protocol: :udp },
+              { sources: "10.0.0.#{counter}/32", port_range: -1, protocol: :icmp },
+              { sources: "10.0.0.#{counter}/32", port_range: 1..2, protocol: :icmp },
+              { sources: "10.0.0.#{counter}/32", port_range: 1011, protocol: :any },
+              { sources: "10.0.0.#{counter}/32", port_range: 1012, protocol: nil },
+              { sources: "10.0.0.#{counter}/32", port: 1013 },
+              { sources: "10.0.0.#{counter}/32", port: 1014..1014 },
+              { sources: "10.0.0.#{counter}/32", port: [1015, 1016, 1117] },
+              { sources: "10.0.0.#{counter}/32", port: :icmp },
+              { sources: "10.0.0.#{counter}/32", port: 'tCp' },
+              { sources: "10.0.0.#{counter}/32", port: nil },
+              { sources: "10.0.0.#{counter}/32", protocol: -1 },
+              { sources: "10.0.0.#{counter}/32", protocol: :any },
+              { sources: "10.0.0.#{counter}/32", protocol: 'UDP' },
+              { sources: "10.0.0.#{counter}/32", protocol: nil },
+              { sources: "10.0.0.#{counter}/32", port_range: 1020 },
+              { sources: "10.0.0.#{counter}/32", port_range: 1021..1023 },
+              { sources: "10.0.0.#{counter}/32", port_range: [1024, 1025, 1125] },
+              { sources: "10.0.0.#{counter}/32", port_range: :icmp },
+              { sources: "10.0.0.#{counter}/32", port_range: 'Icmp' },
+              { sources: "10.0.0.#{counter}/32", port_range: :tcp },
+              { sources: "10.0.0.#{counter}/32", port_range: 'UDP' },
+              { sources: "10.0.0.#{counter}/32", port_range: nil },
+              { sources: "10.0.0.#{counter}/32", port_range: -1 },
+              { sources: "10.0.0.#{counter}/32", port_range: :"-1" },
+              { sources: ["10.0.0.#{counter}/32", "10.0.0.#{counter}/32"], port_range: :all },
+              { sources: 'test_security_group', port: 1200 },
+              { sources: test_security_group.aws_object.id, port: 1201 },
+              { sources: test_security_group.aws_object, port: 1202 },
+              { sources: test_security_group, port: 1203 },
+              # cannot get the ID from the v1 api object
+              #testloadbalancer.aws_object.id => 1205,
+              { sources: testloadbalancer.aws_object, port: 1206 },
+              # Cannot specify a LoadBalancer resource, only AwsLoadBalancer
+              #testloadbalancer => 1207,
+              { sources: {group_name: 'test_security_group'}, port: 1208 },
+              { sources: {load_balancer: 'testloadbalancer'}, port: 1209 },
+              { sources: {security_group: 'test_security_group'}, port: 1210 },
+            ])
+            outbound_rules([
+              { port_range: -1..-1, protocol: -1, destinations: "10.0.0.#{counter}/32" },
+              { port: -1, protocol: -1, destinations: "10.0.0.#{counter}/32" },
+              { port: 1002, protocol: -1, destinations: "10.0.0.#{counter}/32" },
+              { ports: 1003..1003, protocol: -1, destinations: "10.0.0.#{counter}/32" },
+              { port_range: 1004..1005, protocol: -1, destinations: "10.0.0.#{counter}/32" },
+              { port_range: [1006, 1007, 1108], protocol: -1, destinations: "10.0.0.#{counter}/32" },
+              # If the protocol isn't `-1` and you don't specify all the ports
+              # aws wants `port_range` to be nil{ ports: nil, protocol: :tcp } => "10.0.0.#{counter}/32",
+              { port_range: 0..65535, protocol: :udp, destinations: "10.0.0.#{counter}/32" },
+              { port_range: -1, protocol: :icmp, destinations: "10.0.0.#{counter}/32" },
+              { port_range: 1..2, protocol: :icmp, destinations: "10.0.0.#{counter}/32" },
+              { port_range: 1011, protocol: :any, destinations: "10.0.0.#{counter}/32" },
+              { port_range: 1012, protocol: nil, destinations: "10.0.0.#{counter}/32" },
+              { port: 1013, destinations: "10.0.0.#{counter}/32" },
+              { port: 1014..1014, destinations: "10.0.0.#{counter}/32" },
+              { port: [1015, 1016, 1117], destinations: "10.0.0.#{counter}/32" },
+              { port: :icmp, destinations: "10.0.0.#{counter}/32" },
+              { port: 'tCp', destinations: "10.0.0.#{counter}/32" },
+              { port: nil, destinations: "10.0.0.#{counter}/32" },
+              { protocol: -1, destinations: "10.0.0.#{counter}/32" },
+              { protocol: :any, destinations: "10.0.0.#{counter}/32" },
+              { protocol: 'UDP', destinations: "10.0.0.#{counter}/32" },
+              { protocol: nil, destinations: "10.0.0.#{counter}/32" },
+              { port_range: 1020, destinations: "10.0.0.#{counter}/32" },
+              { port_range: 1021..1023, destinations: "10.0.0.#{counter}/32" },
+              { port_range: [1024, 1025, 1125], destinations: "10.0.0.#{counter}/32" },
+              { port_range: :icmp, destinations: "10.0.0.#{counter}/32" },
+              { port_range: 'Icmp', destinations: "10.0.0.#{counter}/32" },
+              { port_range: :tcp, destinations: "10.0.0.#{counter}/32" },
+              { port_range: 'UDP', destinations: "10.0.0.#{counter}/32" },
+              { port_range: nil, destinations: "10.0.0.#{counter}/32" },
+              { port_range: -1, destinations: "10.0.0.#{counter}/32" },
+              { port_range: :"-1", destinations: "10.0.0.#{counter}/32" },
+              { port_range: :all, destinations: ["10.0.0.#{counter}/32", "10.0.0.#{counter}/32"] },
+              { port: 1200, destinations: 'test_security_group' },
+              { port: 1201, destinations: test_security_group.aws_object.id },
+              { port: 1202, destinations: test_security_group.aws_object },
+              { port: 1203, destinations: test_security_group },
+              # cannot get the ID from the v1 api object
+              #{ port: 1205, destinations: testloadbalancer.aws_object.id },
+              { port: 1206, destinations: testloadbalancer.aws_object },
+              # Cannot specify a LoadBalancer resource, only AwsLoadBalancer
+              #{ port: 1207, destinations: testloadbalancer },
+              { port: 1208, destinations: {group_name: 'test_security_group'} },
+              { port: 1209, destinations: {load_balancer: 'testloadbalancer'} },
+              { port: 1210, destinations: {security_group: 'test_security_group'} },
+            ])
+          end
         }.to create_an_aws_security_group('test_sg',
           vpc_id: test_vpc.aws_object.id,
-          ip_permissions_list: [
-            { groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}],  ip_protocol: "-1"}
+          ip_permissions_list: Set[
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.1/32"}, {:cidr_ip=>"10.0.0.11/32"}, {:cidr_ip=>"10.0.0.19/32"}, {:cidr_ip=>"10.0.0.2/32"}, {:cidr_ip=>"10.0.0.20/32"}, {:cidr_ip=>"10.0.0.3/32"}, {:cidr_ip=>"10.0.0.32/32"}, {:cidr_ip=>"10.0.0.33/32"}, {:cidr_ip=>"10.0.0.34/32"}, {:cidr_ip=>"10.0.0.4/32"}, {:cidr_ip=>"10.0.0.5/32"}, {:cidr_ip=>"10.0.0.6/32"}], :ip_protocol=>"-1"},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.17/32"}, {:cidr_ip=>"10.0.0.18/32"}, {:cidr_ip=>"10.0.0.22/32"}, {:cidr_ip=>"10.0.0.28/32"}, {:cidr_ip=>"10.0.0.30/32"}, {:cidr_ip=>"10.0.0.31/32"}, {:cidr_ip=>"10.0.0.7/32"}], :ip_protocol=>"tcp", :from_port=>0, :to_port=>0},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.8/32"}], :ip_protocol=>"udp", :from_port=>0, :to_port=>65535},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.9/32"}], :ip_protocol=>"icmp", :from_port=>-1, :to_port=>-1},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.10/32"}], :ip_protocol=>"icmp", :from_port=>1, :to_port=>2},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.12/32"}], :ip_protocol=>"tcp", :from_port=>1012, :to_port=>1012},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.13/32"}], :ip_protocol=>"tcp", :from_port=>1013, :to_port=>1013},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.14/32"}], :ip_protocol=>"tcp", :from_port=>1014, :to_port=>1014},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.15/32"}], :ip_protocol=>"tcp", :from_port=>1117, :to_port=>1117},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.15/32"}], :ip_protocol=>"tcp", :from_port=>1015, :to_port=>1015},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.15/32"}], :ip_protocol=>"tcp", :from_port=>1016, :to_port=>1016},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.16/32"}, {:cidr_ip=>"10.0.0.26/32"}, {:cidr_ip=>"10.0.0.27/32"}], :ip_protocol=>"icmp", :from_port=>0, :to_port=>0},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.21/32"}, {:cidr_ip=>"10.0.0.29/32"}], :ip_protocol=>"udp", :from_port=>0, :to_port=>0},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.23/32"}], :ip_protocol=>"tcp", :from_port=>1020, :to_port=>1020},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.24/32"}], :ip_protocol=>"tcp", :from_port=>1021, :to_port=>1023},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.25/32"}], :ip_protocol=>"tcp", :from_port=>1024, :to_port=>1024},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.25/32"}], :ip_protocol=>"tcp", :from_port=>1025, :to_port=>1025},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.25/32"}], :ip_protocol=>"tcp", :from_port=>1125, :to_port=>1125},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1200, :to_port=>1200},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1201, :to_port=>1201},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1202, :to_port=>1202},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1203, :to_port=>1203},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1206, :to_port=>1206},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1208, :to_port=>1208},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1209, :to_port=>1209},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1210, :to_port=>1210}
           ],
-          ip_permissions_list_egress: [{ groups: [], ip_ranges: [{cidr_ip: "0.0.0.0/0"}],  ip_protocol: "-1"}]
+          ip_permissions_list_egress: Set[
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.35/32"}, {:cidr_ip=>"10.0.0.36/32"}, {:cidr_ip=>"10.0.0.37/32"}, {:cidr_ip=>"10.0.0.38/32"}, {:cidr_ip=>"10.0.0.39/32"}, {:cidr_ip=>"10.0.0.40/32"}, {:cidr_ip=>"10.0.0.44/32"}, {:cidr_ip=>"10.0.0.52/32"}, {:cidr_ip=>"10.0.0.53/32"}, {:cidr_ip=>"10.0.0.65/32"}, {:cidr_ip=>"10.0.0.66/32"}, {:cidr_ip=>"10.0.0.67/32"}], :ip_protocol=>"-1"},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.41/32"}], :ip_protocol=>"udp", :from_port=>0, :to_port=>65535},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.42/32"}], :ip_protocol=>"icmp", :from_port=>-1, :to_port=>-1},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.43/32"}], :ip_protocol=>"icmp", :from_port=>1, :to_port=>2},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.45/32"}], :ip_protocol=>"tcp", :from_port=>1012, :to_port=>1012},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.46/32"}], :ip_protocol=>"tcp", :from_port=>1013, :to_port=>1013},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.47/32"}], :ip_protocol=>"tcp", :from_port=>1014, :to_port=>1014},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.48/32"}], :ip_protocol=>"tcp", :from_port=>1015, :to_port=>1015},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.48/32"}], :ip_protocol=>"tcp", :from_port=>1016, :to_port=>1016},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.48/32"}], :ip_protocol=>"tcp", :from_port=>1117, :to_port=>1117},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.49/32"}, {:cidr_ip=>"10.0.0.59/32"}, {:cidr_ip=>"10.0.0.60/32"}], :ip_protocol=>"icmp", :from_port=>0, :to_port=>0},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.50/32"}, {:cidr_ip=>"10.0.0.51/32"}, {:cidr_ip=>"10.0.0.55/32"}, {:cidr_ip=>"10.0.0.61/32"}, {:cidr_ip=>"10.0.0.63/32"}, {:cidr_ip=>"10.0.0.64/32"}], :ip_protocol=>"tcp", :from_port=>0, :to_port=>0},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.54/32"}, {:cidr_ip=>"10.0.0.62/32"}], :ip_protocol=>"udp", :from_port=>0, :to_port=>0},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.56/32"}], :ip_protocol=>"tcp", :from_port=>1020, :to_port=>1020},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.57/32"}], :ip_protocol=>"tcp", :from_port=>1021, :to_port=>1023},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.58/32"}], :ip_protocol=>"tcp", :from_port=>1024, :to_port=>1024},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.58/32"}], :ip_protocol=>"tcp", :from_port=>1025, :to_port=>1025},
+            {:groups=>[], :ip_ranges=>Set[{:cidr_ip=>"10.0.0.58/32"}], :ip_protocol=>"tcp", :from_port=>1125, :to_port=>1125},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1200, :to_port=>1200},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1201, :to_port=>1201},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1202, :to_port=>1202},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1203, :to_port=>1203},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1206, :to_port=>1206},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1208, :to_port=>1208},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1209, :to_port=>1209},
+            {:groups=>[{:group_id=>test_security_group.aws_object.id}], :ip_ranges=>[], :ip_protocol=>"tcp", :from_port=>1210, :to_port=>1210}
+          ]
         ).and be_idempotent
       end
     end

data/spec/integration/load_balancer_spec.rb

@@ -302,9 +302,11 @@ describe Chef::Resource::LoadBalancer do
               })
               machines ['test_load_balancer_machine1', test_load_balancer_machine2.aws_object.id]
             end
-          }.to create_an_aws_load_balancer('test-load-balancer',
-            :instances => [{id: test_load_balancer_machine1.aws_object.id}, {id: test_load_balancer_machine2.aws_object.id}]
-          ).and be_idempotent
+          }.to create_an_aws_load_balancer('test-load-balancer') { |aws_object|
+            instances = aws_object.instances
+            ids = instances.map {|i| i.id}
+            expect(ids.to_set).to eq([test_load_balancer_machine1.aws_object.id, test_load_balancer_machine2.aws_object.id].to_set)
+          }.and be_idempotent
         end
 
         context "with an existing load_balancer with machine1 attached" do

data/spec/integration/machine_image_spec.rb

@@ -7,7 +7,8 @@ describe Chef::Resource::MachineImage do
     with_aws "with a VPC and a public subnet" do
       before :all do
         chef_config[:log_level] = :warn
-        Chef::Config.chef_provisioning[:machine_max_wait_time] = 240
+        chef_config[:include_output_after_example] = true
+        Chef::Config.chef_provisioning[:machine_max_wait_time] = 300
         Chef::Config.chef_provisioning[:image_max_wait_time] = 600
       end
 
@@ -21,6 +22,9 @@ describe Chef::Resource::MachineImage do
               subnet_id: 'test_public_subnet',
               key_name: 'test_key_pair',
               instance_type: 'm3.medium'
+            },
+            ssh_options: {
+              timeout: 60
             }
           end
         }.to create_an_aws_image('test_machine_image',
@@ -36,6 +40,9 @@ describe Chef::Resource::MachineImage do
               subnet_id: 'test_public_subnet',
               key_name: 'test_key_pair',
               instance_type: 'm3.medium'
+            },
+            ssh_options: {
+              timeout: 60
             }
           end
         }
@@ -70,6 +77,9 @@ describe Chef::Resource::MachineImage do
             machine_options bootstrap_options: {
               key_name: 'test_key_pair',
               instance_type: 'm3.medium'
+            },
+            ssh_options: {
+              timeout: 60
             }
             aws_tags key1: "value"
           end
@@ -86,6 +96,9 @@ describe Chef::Resource::MachineImage do
           machine_options bootstrap_options: {
             key_name: 'test_key_pair',
             instance_type: 'm3.medium'
+          },
+          ssh_options: {
+            timeout: 60
           }
           aws_tags key1: "value"
         end

data/spec/integration/machine_spec.rb

@@ -188,10 +188,14 @@ describe Chef::Resource::Machine do
 
       context "with a placement group" do
         before(:context) {
-          driver.ec2_client.create_placement_group({
-            group_name: "agroup",
-            strategy: "cluster"
-          })
+          begin
+            driver.ec2_client.create_placement_group({
+              group_name: "agroup",
+              strategy: "cluster"
+            })
+          rescue Aws::EC2::Errors::InvalidPlacementGroupDuplicate
+            # We don't need to create it because it already exists
+          end
         }
 
         # Must do after the context so we have waited for the instance to terminate
@@ -293,6 +297,46 @@ describe Chef::Resource::Machine do
         ).and be_idempotent
       end
 
+      context "with an existing machine", :super_slow do
+        machine 'test_machine' do
+          machine_options bootstrap_options: {
+            subnet_id: 'test_public_subnet',
+            key_name: 'test_key_pair'
+          }
+          action :allocate
+        end
+
+        it "stops the machine with the :stop action" do
+          expect_recipe {
+            machine 'test_machine' do
+              action :stop
+            end
+          }.to update_an_aws_instance('test_machine',
+            state: {:name => "stopped"}
+          ).and be_idempotent
+        end
+
+        it "starts a machine that has been stopped" do
+          expect_recipe {
+            machine 'test_machine' do
+              action :stop
+            end
+            machine 'test_machine' do
+              action :ready
+            end
+          }.to update_an_aws_instance('test_machine',
+            state: {:name => "running"}
+          )
+        end
+      end
+
+      it "doesn't create a machine if the initial action is :stop", :super_slow do
+        expect_recipe {
+          machine 'test_machine' do
+            action :stop
+          end
+        }.not_to create_an_aws_instance('test_machine')
+      end
     end
 
     with_aws "Without a VPC" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-provisioning-aws
 version: !ruby/object:Gem::Version
-  version: 1.5.1
+  version: 1.6.0
 platform: ruby
 authors:
 - John Ewart
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-13 00:00:00.000000000 Z
+date: 2015-10-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-provisioning
@@ -190,6 +190,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- chef-provisioning-aws.gemspec
 - lib/chef/provider/aws_auto_scaling_group.rb
 - lib/chef/provider/aws_cache_cluster.rb
 - lib/chef/provider/aws_cache_replication_group.rb