RubyGems - chef-provisioning-aws - Versions diffs - 3.0.0.pre.rc1 → 3.0.0.pre.rc2 - Mend

chef-provisioning-aws 3.0.0.pre.rc1 → 3.0.0.pre.rc2

Files changed (19) hide show

checksums.yaml +4 -4
data/Gemfile +1 -0
data/lib/chef/provider/aws_cache_subnet_group.rb +1 -1
data/lib/chef/provider/aws_cloudsearch_domain.rb +11 -5
data/lib/chef/provider/aws_cloudwatch_alarm.rb +1 -1
data/lib/chef/provider/aws_load_balancer.rb +2 -2
data/lib/chef/provisioning/aws_driver/aws_tagger.rb +1 -1
data/lib/chef/provisioning/aws_driver/driver.rb +86 -146
data/lib/chef/provisioning/aws_driver/tagging_strategy/s3.rb +11 -1
data/lib/chef/provisioning/aws_driver/version.rb +1 -1
data/lib/chef/resource/aws_cloudsearch_domain.rb +6 -0
data/lib/chef/resource/aws_rds_parameter_group.rb +1 -1
data/spec/aws_support/matchers/create_an_aws_object.rb +4 -0
data/spec/integration/aws_cache_subnet_group_spec.rb +1 -0
data/spec/integration/aws_cloudwatch_alarm_spec.rb +12 -12
data/spec/integration/aws_rds_parameter_group_spec.rb +2 -3
data/spec/integration/aws_security_group_spec.rb +56 -61
data/spec/integration/load_balancer_spec.rb +19 -66
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: be58e21bd868bb850a868eb9e28d8cddbd845c7a
-  data.tar.gz: a700bfd36411280a8b69193c646ff9d413abe911
+  metadata.gz: e72b88122b55d297b9a6d1deb67b9382e2970b28
+  data.tar.gz: 2524010329c49d98267ccaf4dfe2499ee7909f10
 SHA512:
-  metadata.gz: 3020304e7089b18d519ea75b9fc537174af9b553733d12d1a572bca11433184851da1e7aa1eda5f5ec2f9e0e4c786a80a1238ee7fd9ea7ab0dab9df0ce5e3be4
-  data.tar.gz: a10dac39f023c3fc0bc6ddc5ec7d9c53bc89206d140f44815e86e5853df4f4da8cd819e2a550cd5b0dafe298e851727335505b71bad7d61171c828842f1312ce
+  metadata.gz: cf9349ad907b1570078a37b1d9e8cd2f5607bb251b6e16570ffd1570c59ccc52b4173ef2243dcf5bf56f4525b910f555c6701e72fa2b4d959747212d3d7c8ef7
+  data.tar.gz: 79d095797fb5d984a73cb01e820e88eda254c0958b960e454203e08714b0940353723480157de79228caf11ce932a171ee6ce0bcde65486b2764888d6483875d

data/Gemfile CHANGED

@@ -2,6 +2,7 @@ source "https://rubygems.org"
 gemspec
 gem "chef"
+gem 'rb-readline'
 gem "chef-zero", ">= 4.0"
 gem "rspec", "~> 3.0"

data/lib/chef/provider/aws_cache_subnet_group.rb CHANGED

@@ -2,7 +2,7 @@ require 'chef/provisioning/aws_driver/aws_provider'
 class Chef::Provider::AwsCacheSubnetGroup < Chef::Provisioning::AWSDriver::AWSProvider
   provides :aws_cache_subnet_group
   protected
   def create_aws_object

data/lib/chef/provider/aws_cloudsearch_domain.rb CHANGED

@@ -81,7 +81,12 @@ class Chef::Provider::AwsCloudsearchDomain < Chef::Provisioning::AWSDriver::AWSP
   def update_index_fields?(domain)
     if ! new_resource.index_fields.nil?
-      new_resource.index_fields != index_fields
+      index_fields.each do |index_field|
+        if ! new_resource.index_fields.include?(index_field.to_h[:options])
+          return true
+        end
+      end
+      false
     else
       false
     end
@@ -148,8 +153,9 @@ class Chef::Provider::AwsCloudsearchDomain < Chef::Provisioning::AWSDriver::AWSP
   end
   def scaling_parameters(object)
-    o = get_option(:scaling_parameters)
-    o.merge(desired_instance_type: object[:search_instance_type])
+    scaling_parameters = get_option(:scaling_parameters)
+    scaling_parameters.desired_instance_type = object[:search_instance_type]
+    scaling_parameters
   end
   def access_policies
@@ -157,7 +163,7 @@ class Chef::Provider::AwsCloudsearchDomain < Chef::Provisioning::AWSDriver::AWSP
   end
   def index_fields
-    cs_client.describe_index_fields(domain_name: new_resource.name)[:index_fields]
+    cs_client.describe_index_fields(domain_name: new_resource.name).index_fields
   end
   def get_option(option_name, key=nil)
@@ -171,6 +177,6 @@ class Chef::Provider::AwsCloudsearchDomain < Chef::Provisioning::AWSDriver::AWSP
   end
   def cs_client
-    @cs_client ||= new_resource.driver.cloudsearch(new_resource.cloudsearch_api_version)
+    @cs_client ||= new_resource.driver.cloudsearch
   end
 end

data/lib/chef/provider/aws_cloudwatch_alarm.rb CHANGED

@@ -51,7 +51,7 @@ class Chef::Provider::AwsCloudwatchAlarm < Chef::Provisioning::AWSDriver::AWSPro
           opts[opt].map! do |action|
             if action.kind_of?(String) && !(action =~ /^arn:/)
               aws_object = Chef::Resource::AwsSnsTopic.get_aws_object(action, resource: new_resource)
-              action = aws_object.arn if aws_object
+              action = aws_object.attributes["TopicArn"] if aws_object
             end
             action
           end

data/lib/chef/provider/aws_load_balancer.rb CHANGED

@@ -20,8 +20,8 @@ class Chef::Provider::AwsLoadBalancer < Chef::Provisioning::AWSDriver::AWSProvid
   provides :aws_load_balancer
   def destroy_aws_object(load_balancer)
-    converge_by "delete load balancer #{new_resource.name} (#{load_balancer.name}) in #{region}" do
-      load_balancer.delete
+    converge_by "delete load balancer #{new_resource.name} (#{load_balancer.load_balancer_name}) in #{region}" do
+      new_resource.driver.elb_client.delete_load_balancer(load_balancer_name: load_balancer.load_balancer_name)
     end
   end
 end

data/lib/chef/provisioning/aws_driver/aws_tagger.rb CHANGED

@@ -16,7 +16,7 @@ class AWSTagger
   def_delegators :@tagging_strategy, :desired_tags, :current_tags, :set_tags, :delete_tags
   def converge_tags
-    if desired_tags.nil? || desired_tags.empty?
+    if desired_tags.nil?
       Chef::Log.debug "aws_tags not provided, nothing to converge"
       return
     end

data/lib/chef/provisioning/aws_driver/driver.rb CHANGED

@@ -159,96 +159,10 @@ module AWSDriver
       aws_config_2[:region]
     end
-    def cloudsearch(api_version="20130101")
-      @cloudsearch ||= {}
-      @cloudsearch[api_version] ||= AWS::CloudSearch::Client.const_get("V#{api_version}").new
-      @cloudsearch[api_version]
+    def cloudsearch
+      @cloudsearch ||= Aws::CloudSearch::Client.new(aws_config)
     end
-    def ec2
-      @ec2 ||= AWS::EC2.new(config: aws_config)
-    end
-    AWS_V2_SERVICES.each do |load_name, short_name|
-      class_eval <<-META
-      def #{short_name}_client
-        @#{short_name}_client ||= ::Aws::#{load_name}::Client.new(**aws_config_2)
-      end
-      def #{short_name}_resource
-        @#{short_name}_resource ||= ::Aws::#{load_name}::Resource.new(**(aws_config_2.merge({client: #{short_name}_client})))
-      end
-      META
-    end
-    def elb
-      @elb ||= AWS::ELB.new(config: aws_config)
-    end
-    def elasticache
-      @elasticache ||= AWS::ElastiCache::Client.new(config: aws_config)
-    end
-    def iam
-      @iam ||= AWS::IAM.new(config: aws_config)
-    end
-    def rds
-      @rds ||= ::Aws::RDS::Client.new(aws_config)
-    end
-    def s3
-      @s3 ||= AWS::S3.new(config: aws_config)
-    end
-    def sns
-      @sns ||= Aws::SNS::Client.new(config: aws_config)
-    end
-    def sqs
-      @sqs ||= AWS::SQS::Client.new(config: aws_config)
-    end
-    def auto_scaling
-      @auto_scaling ||= AWS::AutoScaling.new(config: aws_config)
-    end
-    def build_arn(partition: 'aws', service: nil, region: self.region, account_id: self.account_id, resource: nil)
-      "arn:#{partition}:#{service}:#{region}:#{account_id}:#{resource}"
-    end
-    def parse_arn(arn)
-      parts = arn.split(':', 6)
-      {
-        partition: parts[1],
-        service: parts[2],
-        region: parts[3],
-        account_id: parts[4],
-        resource: parts[5]
-      }
-    end
-    def account_id
-      begin
-        # We've got an AWS account root credential or an IAM admin with access rights
-        current_user = iam.client.get_user
-        arn = current_user[:user][:arn]
-      rescue AWS::IAM::Errors::AccessDenied => e
-        # If we don't have access, the error message still tells us our account ID and user ...
-        # https://forums.aws.amazon.com/thread.jspa?messageID=394344
-        if e.to_s !~ /\b(arn:aws:iam::[0-9]{12}:\S*)/
-          raise "IAM error response for GetUser did not include user ARN.  Can't retrieve account ID."
-        end
-        arn = $1
-      end
-      parse_arn(arn)[:account_id]
-    end
-    # For creating things like AWS keypairs exclusively
-    @@chef_default_lock = Mutex.new
     def self.canonicalize_url(driver_url, config)
       [ driver_url, config ]
     end
@@ -281,6 +195,13 @@ module AWSDriver
     def allocate_load_balancer(action_handler, lb_spec, lb_options, machine_specs)
       lb_options = deep_symbolize_keys(lb_options)
       lb_options = AWSResource.lookup_options(lb_options, managed_entry_store: lb_spec.managed_entry_store, driver: self)
+      # renaming lb_options[:port] to lb_options[:load_balancer_port]
+      if lb_options[:listeners]
+        lb_options[:listeners].each do |listener|
+          listener[:load_balancer_port] = listener.delete(:port) if listener[:port]
+        end
+      end
       # We delete the attributes, tags, health check, and sticky sessions here because they are not valid in the create call
       # and must be applied afterward
       lb_attributes = lb_options.delete(:attributes)
@@ -290,10 +211,11 @@ module AWSDriver
       old_elb = nil
       actual_elb = load_balancer_for(lb_spec)
-      if !actual_elb
+      if actual_elb.nil?
         lb_options[:listeners] ||= get_listeners(:http)
         if !lb_options[:subnets] && !lb_options[:availability_zones] && machine_specs
-          lb_options[:subnets] = machine_specs.map { |s| ec2_resource.instances[s.reference['instance_id']].subnet }.uniq
+          lb_options[:subnets] = machine_specs.map { |s| ec2_resource.instance(s.reference['instance_id']).subnet.id }.uniq
         end
         perform_action = proc { |desc, &block| action_handler.perform_action(desc, &block) }
@@ -309,10 +231,20 @@ module AWSDriver
         action_handler.perform_action updates do
           # IAM says the server certificate exists, but ELB throws this error
           Chef::Provisioning::AWSDriver::AWSProvider.retry_with_backoff(::Aws::ElasticLoadBalancing::Errors::CertificateNotFound) do
+            lb_options[:listeners].each do |listener|
+              if listener.has_key?(:server_certificate)
+                listener[:ssl_certificate_id] = listener.delete(:server_certificate)
+                listener[:ssl_certificate_id] = listener[:ssl_certificate_id][:arn]
+              end
+            end
             lb_options[:load_balancer_name]=lb_spec.name
             actual_elb = elb.create_load_balancer(lb_options)
           end
+          # load aws object for load balancer after create
+          actual_elb =load_balancer_for(lb_spec)
           lb_spec.reference = {
             'driver_version' => Chef::Provisioning::AWSDriver::VERSION,
             'allocated_at' => Time.now.utc.to_s,
@@ -401,8 +333,8 @@ module AWSDriver
             action += " (availability zones #{enable_zones.join(', ')})"
             perform_action.call(action) do
               begin
-                elb.client.attach_load_balancer_to_subnets(
-                  load_balancer_name: actual_elb.name,
+                elb.attach_load_balancer_to_subnets(
+                  load_balancer_name: actual_elb.load_balancer_name,
                   subnets: attach_subnets
                 )
               rescue ::Aws::ElasticLoadBalancing::Errors::InvalidConfigurationRequest => e
@@ -410,7 +342,7 @@ module AWSDriver
                     "Amazon does not have an atomic operation which allows this.  You must create a new " +
                     "ELB with the correct subnets and move instances into it.  Tried to attach subets " +
                     "#{attach_subnets.join(', ')} (availability zones #{enable_zones.join(', ')}) to " +
-                    "existing ELB named #{actual_elb.name}"
+                    "existing ELB named #{actual_elb.load_balancer_name}"
                 raise e
               end
             end
@@ -422,8 +354,8 @@ module AWSDriver
             disable_zones = (actual_zones_subnets.map {|s,z| z if detach_subnets.include?(s)}).compact
             action += " (availability zones #{disable_zones.join(', ')})"
             perform_action.call(action) do
-              elb.client.detach_load_balancer_from_subnets(
-                load_balancer_name: actual_elb.name,
+              elb.detach_load_balancer_from_subnets(
+                load_balancer_name: actual_elb.load_balancer_name,
                 subnets: detach_subnets
               )
             end
@@ -434,49 +366,58 @@ module AWSDriver
         if lb_options[:listeners]
           add_listeners = {}
           lb_options[:listeners].each { |l| add_listeners[l[:load_balancer_port]] = l }
-          actual_elb.listeners.each do |listener|
-            desired_listener = add_listeners.delete(listener.port)
-            if desired_listener
+          actual_elb.listener_descriptions.each do |listener_description|
+            listener = listener_description.listener
+            desired_listener = add_listeners.delete(listener.load_balancer_port)
+            if desired_listener
               # listener.(port|protocol|instance_port|instance_protocol) are immutable for the life
               # of the listener - must create a new one and delete old one
               immutable_updates = []
-              if listener.protocol != desired_listener[:protocol].to_sym.downcase
+              if listener.protocol != desired_listener[:protocol].to_s.upcase
                 immutable_updates << "    update protocol from #{listener.protocol.inspect} to #{desired_listener[:protocol].inspect}"
               end
               if listener.instance_port != desired_listener[:instance_port]
                 immutable_updates << "    update instance port from #{listener.instance_port.inspect} to #{desired_listener[:instance_port].inspect}"
               end
-              if listener.instance_protocol != desired_listener[:instance_protocol].to_sym.downcase
+              if listener.instance_protocol != desired_listener[:instance_protocol].to_s.upcase
                 immutable_updates << "    update instance protocol from #{listener.instance_protocol.inspect} to #{desired_listener[:instance_protocol].inspect}"
               end
               if !immutable_updates.empty?
                 perform_action.call(immutable_updates) do
-                  listener.delete
-                  actual_elb.listeners.create(desired_listener)
+                  elb.delete_load_balancer_listeners({load_balancer_name: actual_elb.load_balancer_name, load_balancer_ports: [listener.load_balancer_port]})
+                  elb.create_load_balancer_listeners({ listeners: [desired_listener], load_balancer_name: actual_elb.load_balancer_name })
+                  # actual_elb.listeners.create(desired_listener)
                 end
-              elsif ! server_certificate_eql?(listener.server_certificate,
+              elsif listener.ssl_certificate_id && ! server_certificate_eql?(listener.ssl_certificate_id,
                                               server_cert_from_spec(desired_listener))
                 # Server certificate is mutable - if no immutable changes required a full recreate, update cert
-                perform_action.call("    update server certificate from #{listener.server_certificate} to #{server_cert_from_spec(desired_listener)}") do
-                  listener.server_certificate = server_cert_from_spec(desired_listener)
+                perform_action.call("    update server certificate from #{listener.ssl_certificate_id} to #{server_cert_from_spec(desired_listener)}") do
+                  elb.set_load_balancer_listener_ssl_certificate({
+                    load_balancer_name: actual_elb.load_balancer_name,
+                    load_balancer_port: listener.load_balancer_port,
+                    ssl_certificate_id: server_cert_from_spec(desired_listener)
+                    })
                 end
               end
             else
-              perform_action.call("  remove listener #{listener.port}") do
-                listener.delete
+              perform_action.call("  remove listener #{listener.load_balancer_port}") do
+                elb.delete_load_balancer_listeners({load_balancer_name: actual_elb.load_balancer_name, load_balancer_ports: [listener.load_balancer_port]})
               end
             end
           end
           add_listeners.values.each do |listener|
-            updates = [ "  add listener #{listener[:load_balanacer_port]}" ]
+            updates = [ "  add listener #{listener[:load_balancer_port]}" ]
             updates << "    set protocol to #{listener[:protocol].inspect}"
             updates << "    set instance port to #{listener[:instance_port].inspect}"
             updates << "    set instance protocol to #{listener[:instance_protocol].inspect}"
             updates << "    set server certificate to #{server_cert_from_spec(listener)}" if server_cert_from_spec(listener)
             perform_action.call(updates) do
-              actual_elb.listeners.create(listener)
+              elb.create_load_balancer_listeners({ listeners: [listener], load_balancer_name: actual_elb.load_balancer_name })
             end
           end
         end
@@ -486,13 +427,13 @@ module AWSDriver
       # Update load balancer attributes
       if lb_attributes
-        current = elb.client.describe_load_balancer_attributes(load_balancer_name: actual_elb.name)[:load_balancer_attributes]
+        current = elb.describe_load_balancer_attributes(load_balancer_name: actual_elb.load_balancer_name)[:load_balancer_attributes].to_hash
         # Need to do a deep copy w/ Marshal load/dump to avoid overwriting current
         desired = deep_merge!(lb_attributes, Marshal.load(Marshal.dump(current)))
         if current != desired
           perform_action.call("  updating attributes to #{desired.inspect}") do
-            elb.client.modify_load_balancer_attributes(
-              load_balancer_name: actual_elb.name,
+            elb.modify_load_balancer_attributes(
+              load_balancer_name: actual_elb.load_balancer_name,
               load_balancer_attributes: desired.to_hash
             )
           end
@@ -501,12 +442,12 @@ module AWSDriver
       # Update the load balancer health check, as above
       if health_check
-        current = elb.client.describe_load_balancers(load_balancer_names: [actual_elb.name])[:load_balancer_descriptions][0][:health_check]
+        current = elb.describe_load_balancers(load_balancer_names: [actual_elb.load_balancer_name])[:load_balancer_descriptions][0][:health_check].to_hash
         desired = deep_merge!(health_check, Marshal.load(Marshal.dump(current)))
         if current != desired
           perform_action.call("  updating health check to #{desired.inspect}") do
-            elb.client.configure_health_check(
-              load_balancer_name: actual_elb.name,
+            elb.configure_health_check(
+              load_balancer_name: actual_elb.load_balancer_name,
               health_check: desired.to_hash
             )
           end
@@ -515,8 +456,8 @@ module AWSDriver
       # Update the load balancer sticky sessions
       if sticky_sessions
-        policy_name = "#{actual_elb.name}-sticky-session-policy"
-        policies = elb.client.describe_load_balancer_policies(load_balancer_name: actual_elb.name)
+        policy_name = "#{actual_elb.load_balancer_name}-sticky-session-policy"
+        policies = elb.describe_load_balancer_policies(load_balancer_name: actual_elb.load_balancer_name)
         existing_cookie_policy = policies[:policy_descriptions].detect { |pd| pd[:policy_type_name] == 'AppCookieStickinessPolicyType' && pd[:policy_name] == policy_name}
         existing_cookie_name = existing_cookie_policy ? (existing_cookie_policy[:policy_attribute_descriptions].detect { |pad| pad[:attribute_name] == 'CookieName' })[:attribute_value] : nil
@@ -525,20 +466,20 @@ module AWSDriver
         # Create or update the policy to have the desired cookie_name
         if existing_cookie_policy.nil?
           perform_action.call("  creating sticky sessions with cookie_name #{desired_cookie_name}") do
-            elb.client.create_app_cookie_stickiness_policy(
-              load_balancer_name: actual_elb.name,
+            elb.create_app_cookie_stickiness_policy(
+              load_balancer_name: actual_elb.load_balancer_name,
               policy_name: policy_name,
               cookie_name: desired_cookie_name
             )
           end
         elsif existing_cookie_name && existing_cookie_name != desired_cookie_name
           perform_action.call("  updating sticky sessions from cookie_name #{existing_cookie_name} to cookie_name #{desired_cookie_name}") do
-            elb.client.delete_load_balancer_policy(
-              load_balancer_name: actual_elb.name,
+            elb.delete_load_balancer_policy(
+              load_balancer_name: actual_elb.load_balancer_name,
               policy_name: policy_name
             )
-            elb.client.create_app_cookie_stickiness_policy(
-              load_balancer_name: actual_elb.name,
+            elb.create_app_cookie_stickiness_policy(
+              load_balancer_name: actual_elb.load_balancer_name,
               policy_name: policy_name,
               cookie_name: desired_cookie_name
             )
@@ -546,7 +487,7 @@ module AWSDriver
         end
         # Ensure the policy is attached to the appropriate listener
-        elb_description = elb.client.describe_load_balancers(load_balancer_names: [actual_elb.name])[:load_balancer_descriptions].first
+        elb_description = elb.describe_load_balancers(load_balancer_names: [actual_elb.load_balancer_name])[:load_balancer_descriptions].first
         listeners = elb_description[:listener_descriptions]
         sticky_sessions[:ports].each do |ss_port|
@@ -558,8 +499,8 @@ module AWSDriver
             unless policy_names.include?(policy_name)
               policy_names << policy_name
-              elb.client.set_load_balancer_policies_of_listener(
-                load_balancer_name: actual_elb.name,
+              elb.set_load_balancer_policies_of_listener(
+                load_balancer_name: actual_elb.load_balancer_name,
                 load_balancer_port: ss_port,
                 policy_names: policy_names
               )
@@ -570,22 +511,27 @@ module AWSDriver
       # Update instance list, but only if there are machines specified
       if machine_specs
-        assigned_instance_ids = actual_elb.instances.map { |i| i.instance_id }
-        instances_to_add = machine_specs.select { |s| !assigned_instance_ids.include?(s.reference['instance_id']) }
-        instance_ids_to_remove = assigned_instance_ids - machine_specs.map { |s| s.reference['instance_id'] }
+        instances_to_add = []
+        if actual_elb.instances
+          assigned_instance_ids = actual_elb.instances.map { |i| i.instance_id }
+          instances_to_add = machine_specs.select { |s| !assigned_instance_ids.include?(s.reference['instance_id']) }
+          instance_ids_to_remove = assigned_instance_ids - machine_specs.map { |s| s.reference['instance_id'] }
+        end
         if instances_to_add.size > 0
           perform_action.call("  add machines #{instances_to_add.map { |s| s.name }.join(', ')}") do
             instance_ids_to_add = instances_to_add.map { |s| s.reference['instance_id'] }
-            Chef::Log.debug("Adding instances #{instance_ids_to_add.join(', ')} to load balancer #{actual_elb.name} in region #{region}")
-            actual_elb.instances.add(instance_ids_to_add)
+            Chef::Log.debug("Adding instances #{instance_ids_to_add.join(', ')} to load balancer #{actual_elb.load_balancer_name} in region #{region}")
+            instances_to_add.each do |instance|
+              elb.register_instances_with_load_balancer({ instances: [ { instance_id: instance.reference['instance_id'] }], load_balancer_name: actual_elb.load_balancer_name})
+            end
           end
         end
         if instance_ids_to_remove.size > 0
           perform_action.call("  remove instances #{instance_ids_to_remove}") do
-            actual_elb.instances.remove(instance_ids_to_remove)
+            instances_to_remove = Hash[instance_ids_to_remove.map {|id| [:instance_id, id]}]
+            elb.deregister_instances_from_load_balancer({ instances: [instances_to_remove], load_balancer_name: actual_elb.load_balancer_name})
           end
         end
       end
@@ -599,7 +545,7 @@ module AWSDriver
       # Something went wrong before we could moved instances from the old ELB to the new one
       # Don't delete the old ELB, but warn users there could now be 2 ELBs with the same name
       unless old_elb.nil?
-        Chef::Log.warn("It is possible there are now 2 ELB instances - #{old_elb.name} and #{actual_elb.name}. " +
+        Chef::Log.warn("It is possible there are now 2 ELB instances - #{old_elb.load_balancer_name} and #{actual_elb.load_balancer_name}. " +
         "Determine which is correct and manually clean up the other.")
       end
     end
@@ -613,8 +559,8 @@ module AWSDriver
     end
     def server_cert_to_string(cert)
-      if cert.respond_to?(:arn)
-        cert.arn
+      if cert.is_a?(Hash) && cert.has_key?(:arn)
+        cert[:arn]
       else
         cert
       end
@@ -868,12 +814,6 @@ EOD
       strategy.cleanup_convergence(action_handler, machine_spec)
     end
-    def cloudsearch(api_version="20130101")
-      @cloudsearch ||= {}
-      @cloudsearch[api_version] ||= ::Aws::CloudSearch::Client.const_get("V#{api_version}").new
-      @cloudsearch[api_version]
-    end
     def ec2
       @ec2 ||= ::Aws::EC2::Client.new(aws_config)
     end
@@ -897,7 +837,7 @@ EOD
     end
     def elasticache
-      @elasticache ||= ::Aws::ElastiCache::Client.new(config: aws_config)
+      @elasticache ||= ::Aws::ElastiCache::Client.new(aws_config)
     end
     def iam
@@ -1577,7 +1517,7 @@ EOD
     def converge_elb_tags(aws_object, tags, action_handler)
       elb_strategy = Chef::Provisioning::AWSDriver::TaggingStrategy::ELB.new(
         elb_client,
-        aws_object,
+        aws_object.load_balancer_name,
         tags
       )
       aws_tagger = Chef::Provisioning::AWSDriver::AWSTagger.new(elb_strategy, action_handler)

data/lib/chef/provisioning/aws_driver/tagging_strategy/s3.rb CHANGED

@@ -22,16 +22,26 @@ class S3
   end
   def set_tags(tags)
+    return if @is_set_tag
+    # It will also run from delete_tags to prevent two times execution of same api class variable is defined
+    @is_set_tag = true
     # http://docs.aws.amazon.com/sdkforruby/api/Aws/S3/Client.html#put_bucket_tagging-instance_method
     s3_client.put_bucket_tagging({
       bucket: bucket_name,
       tagging: {
-        tag_set: tags.map {|k,v| {key: k, value: v} }
+        tag_set: desired_tags.map {|k,v| {key: k.to_s, value: v.to_s} }
       }
     })
   end
   def delete_tags(tag_keys)
+    if desired_tags.empty?
+      s3_client.delete_bucket_tagging({
+        bucket: bucket_name
+      })
+    else
+      set_tags(desired_tags)
+    end
     # S3 doesn't have a client action for deleting individual tags, just ALL tags.  But the
     # put_bucket_tagging method will set the tags to what is provided so we don't need to
     # worry about this

data/lib/chef/provisioning/aws_driver/version.rb CHANGED

@@ -1,7 +1,7 @@
 class Chef
 module Provisioning
 module AWSDriver
-  VERSION = '3.0.0-rc1'
+  VERSION = '3.0.0-rc2'
 end
 end
 end

data/lib/chef/resource/aws_cloudsearch_domain.rb CHANGED

@@ -43,4 +43,10 @@ class Chef::Resource::AwsCloudsearchDomain < Chef::Provisioning::AWSDriver::AWSR
   def aws_object
     driver.cloudsearch.describe_domains(domain_names: [name])[:domain_status_list].find {|d| !d[:deleted] }
   end
+  def cloudsearch_api_version(arg=nil)
+    unless arg.nil?
+      Chef::Log.warn("The ':cloudsearch_api_version' has been deprecated since it has been removed in AWS SDK version 2.")
+    end
+  end
 end

data/lib/chef/resource/aws_rds_parameter_group.rb CHANGED

@@ -24,7 +24,7 @@ class Chef::Resource::AwsRdsParameterGroup < Chef::Provisioning::AWSDriver::AWSR
       parameters += more_results[:parameters]
       marker = more_results[:marker]
     end
-    # object[:parameters] = parameters
+    driver.rds.reset_db_parameter_group(db_parameter_group_name: name, parameters: parameters)
     object
   rescue ::Aws::RDS::Errors::DBParameterGroupNotFound

data/spec/aws_support/matchers/create_an_aws_object.rb CHANGED

@@ -52,6 +52,10 @@ module AWSSupport
         example.instance_exec aws_object, &custom_matcher if custom_matcher
+        # We get response as a Struct for aws_cache_subnet_group resource.
+        # Hence converting it into a hash.
+        aws_object = aws_object.to_hash if resource_name == :aws_cache_subnet_group
         # Check existence
         if aws_object.nil?
           differences << "#{resource_name}[#{name}] was not created!"

data/spec/integration/aws_cache_subnet_group_spec.rb CHANGED

@@ -22,6 +22,7 @@ describe Chef::Resource::AwsCacheSubnetGroup do
             subnets [ 'test_subnet' ]
           end
         }.to create_an_aws_cache_subnet_group('test-subnet-group',
+          vpc_id: test_vpc.aws_object.id,
           subnets: [
             { subnet_identifier: test_subnet.aws_object.id }
           ]

data/spec/integration/aws_cloudwatch_alarm_spec.rb CHANGED

@@ -77,9 +77,9 @@ describe Chef::Resource::AwsCloudwatchAlarm do
               value: "bar2"
             }
           ],
-          insufficient_data_actions: [mytesttopic1.aws_object.arn],
-          ok_actions: [mytesttopic1.aws_object.arn],
-          alarm_actions: [mytesttopic1.aws_object.arn],
+          insufficient_data_actions: [mytesttopic1.aws_object.attributes["TopicArn"]],
+          ok_actions: [mytesttopic1.aws_object.attributes["TopicArn"]],
+          alarm_actions: [mytesttopic1.aws_object.attributes["TopicArn"]],
           actions_enabled: false,
           alarm_description: "description",
           unit: "Percent",
@@ -142,9 +142,9 @@ describe Chef::Resource::AwsCloudwatchAlarm do
                 value: "bar2"
               }
             ],
-            insufficient_data_actions: [mytesttopic1.aws_object.arn],
-            ok_actions: [mytesttopic1.aws_object.arn],
-            alarm_actions: [mytesttopic1.aws_object.arn],
+            insufficient_data_actions: [mytesttopic1.aws_object.attributes["TopicArn"]],
+            ok_actions: [mytesttopic1.aws_object.attributes["TopicArn"]],
+            alarm_actions: [mytesttopic1.aws_object.attributes["TopicArn"]],
             actions_enabled: false,
             alarm_description: "description",
             unit: "Percent",
@@ -217,9 +217,9 @@ describe Chef::Resource::AwsCloudwatchAlarm do
                 value: "bar3"
               }
             ],
-            insufficient_data_actions: [mytesttopic2.aws_object.arn],
-            ok_actions: Set[mytesttopic1.aws_object.arn, mytesttopic2.aws_object.arn],
-            alarm_actions: [mytesttopic2.aws_object.arn],
+            insufficient_data_actions: [mytesttopic2.aws_object.attributes["TopicArn"]],
+            ok_actions: Set[mytesttopic1.aws_object.attributes["TopicArn"], mytesttopic2.aws_object.attributes["TopicArn"]],
+            alarm_actions: [mytesttopic2.aws_object.attributes["TopicArn"]],
             actions_enabled: true,
             alarm_description: "description2",
             unit: "Bits",
@@ -245,9 +245,9 @@ describe Chef::Resource::AwsCloudwatchAlarm do
               value: "bar3"
             }
           ],
-          insufficient_data_actions: [mytesttopic2.aws_object.arn],
-          ok_actions: Set[mytesttopic1.aws_object.arn, mytesttopic2.aws_object.arn],
-          alarm_actions: [mytesttopic2.aws_object.arn],
+          insufficient_data_actions: [mytesttopic2.aws_object.attributes["TopicArn"]],
+          ok_actions: Set[mytesttopic1.aws_object.attributes["TopicArn"], mytesttopic2.aws_object.attributes["TopicArn"]],
+          alarm_actions: [mytesttopic2.aws_object.attributes["TopicArn"]],
           actions_enabled: true,
           alarm_description: "description2",
           unit: "Gigabytes",

data/spec/integration/aws_rds_parameter_group_spec.rb CHANGED

@@ -46,8 +46,7 @@ describe Chef::Resource::AwsRdsParameterGroup do
                                               )
         expect(results.parameters).to eq([{:parameter_name => "max_connections", :parameter_value => "250", :apply_method => "pending-reboot"}])
-        results.aws_object[:parameters].each do |parameter|
+        results.parameters.each do |parameter|
           expect(parameter[:parameter_value]).to eq("250") if parameter[:parameter_name] == "max_connections"
         end
       end
@@ -82,7 +81,7 @@ describe Chef::Resource::AwsRdsParameterGroup do
             end
           }
           expect(results_2.parameters).to eq(updated_parameters)
-          results_2.aws_object[:parameters].each do |parameter|
+          results_2.parameters.each do |parameter|
             expect(parameter[:parameter_value]).to eq(final_max_connection_value) if parameter[:parameter_name] == "max_connections"
             expect(parameter[:parameter_value]).to eq(final_application_name_value) if parameter[:parameter_name] == "application_name"

data/spec/integration/aws_security_group_spec.rb CHANGED

@@ -108,20 +108,18 @@ describe Chef::Resource::AwsSecurityGroup do
           ).and be_idempotent
         end
       end
     end
     with_aws "in a VPC" do
       purge_all
       setup_public_vpc
-      # TODO Uncomment and test spec once the load balancer resource is fixed as per version 2
-      # load_balancer "testloadbalancer" do
-      #   load_balancer_options({
-      #     subnets: ["test_public_subnet"],
-      #     security_groups: ["test_security_group"]
-      #   })
-      # end
+      load_balancer "testloadbalancer" do
+        load_balancer_options({
+          subnets: ["test_public_subnet"],
+          security_groups: ["test_security_group"]
+        })
+      end
       it "aws_security_group 'test_sg' with no attributes works" do
         expect_recipe {
@@ -219,60 +217,57 @@ describe Chef::Resource::AwsSecurityGroup do
         ).and be_idempotent
       end
+      it "adds inbound and outbound_rules for source load_balancer" do
+        expect_recipe {
+          aws_security_group 'test_sg' do
+            vpc 'test_vpc'
+            inbound_rules(
+              testloadbalancer.aws_object => 1206,
+              {load_balancer: 'testloadbalancer'} => 1207,
+            )
+            outbound_rules(
+              1206 => testloadbalancer.aws_object,
+              1207 => {load_balancer: 'testloadbalancer'},
+            )
+          end
+        }.to create_an_aws_security_group('test_sg',
+            vpc_id: test_vpc.aws_object.id,
+            ip_permissions: [
+                              set_ip_pemissions_mock_object(from_port: 1207, to_port: 1207, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
+                              set_ip_pemissions_mock_object(from_port: 1206, to_port: 1206, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)])
+                            ],
+            ip_permissions_egress: [
+                              set_ip_pemissions_mock_object(from_port: 1207, to_port: 1207, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
+                              set_ip_pemissions_mock_object(from_port: 1206, to_port: 1206, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)])
+                            ]
+        ).and be_idempotent
+      end
-      # TODO : ADD when load balancer resource is fixed as per version 2
-            # it "adds inbound and outbound_rules for source load_balancer" do
-      #   expect_recipe {
-      #     aws_security_group 'test_sg' do
-      #       vpc 'test_vpc'
-      #       inbound_rules(
-      #         testloadbalancer.aws_object => 1206,
-      #         {load_balancer: 'testloadbalancer'} => 1207,
-      #       )
-      #       outbound_rules(
-      #         1206 => testloadbalancer.aws_object,
-      #         1207 => {load_balancer: 'testloadbalancer'},
-      #       )
-      #     end
-      #   }.to create_an_aws_security_group('test_sg',
-      #       vpc_id: test_vpc.aws_object.id,
-      #       ip_permissions: [
-      #                         set_ip_pemissions_mock_object(from_port: 1206, to_port: 1206, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
-      #                         set_ip_pemissions_mock_object(from_port: 1207, to_port: 1207, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)])
-      #                       ],
-      #       ip_permissions_egress: [
-      #                         set_ip_pemissions_mock_object(from_port: 1206, to_port: 1206, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
-      #                         set_ip_pemissions_mock_object(from_port: 1207, to_port: 1207, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)])
-      #                       ]
-      #   ).and be_idempotent
-      # end
-      # it "adds inbound and outbound_rules for source load_balancer specified in hash" do
-      #   expect_recipe {
-      #     aws_security_group 'test_sg' do
-      #       vpc 'test_vpc'
-      #       inbound_rules([
-      #         { port: 1206, sources: testloadbalancer.aws_object },
-      #         { port: 1207, sources: {load_balancer: 'testloadbalancer'}}
-      #       ])
-      #       outbound_rules([
-      #         { port: 1206, destinations: testloadbalancer.aws_object },
-      #         { port: 1207, destinations: {load_balancer: 'testloadbalancer'}}
-      #       ])
-      #     end
-      #   }.to create_an_aws_security_group('test_sg',
-      #       vpc_id: test_vpc.aws_object.id,
-      #       ip_permissions: [
-      #                         set_ip_pemissions_mock_object(from_port: 1206, to_port: 1206, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
-      #                         set_ip_pemissions_mock_object(from_port: 1207, to_port: 1207, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)])
-      #                       ],
-      #       ip_permissions_egress: [
-      #                         set_ip_pemissions_mock_object(from_port: 1206, to_port: 1206, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
-      #                         set_ip_pemissions_mock_object(from_port: 1207, to_port: 1207, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)])
-      #                       ]
-      #   ).and be_idempotent
-      # end
+      it "adds inbound and outbound_rules for source load_balancer specified in hash" do
+        expect_recipe {
+          aws_security_group 'test_sg' do
+            vpc 'test_vpc'
+            inbound_rules([
+              { port: 1206, sources: testloadbalancer.aws_object },
+              { port: 1207, sources: {load_balancer: 'testloadbalancer'}}
+            ])
+            outbound_rules([
+              { port: 1206, destinations: testloadbalancer.aws_object },
+              { port: 1207, destinations: {load_balancer: 'testloadbalancer'}}
+            ])
+          end
+        }.to create_an_aws_security_group('test_sg',
+            vpc_id: test_vpc.aws_object.id,
+            ip_permissions: [
+                              set_ip_pemissions_mock_object(from_port: 1207, to_port: 1207, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
+                              set_ip_pemissions_mock_object(from_port: 1206, to_port: 1206, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)])
+                            ],
+            ip_permissions_egress: [
+                              set_ip_pemissions_mock_object(from_port: 1207, to_port: 1207, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)]),
+                              set_ip_pemissions_mock_object(from_port: 1206, to_port: 1206, ip_protocol: "tcp", ip_ranges: [], user_id_group_pairs: [Aws::EC2::Types::UserIdGroupPair.new(group_id: test_security_group.aws_object.id, group_name: nil, peering_status: nil, user_id: test_security_group.aws_object.owner_id, vpc_id: nil, vpc_peering_connection_id: nil)])
+                            ]
+        ).and be_idempotent
+      end
       it "can specify rules as a mapping from source/destination to port and protocol" do
         expect_recipe {

data/spec/integration/load_balancer_spec.rb CHANGED

@@ -45,7 +45,7 @@ describe Chef::Resource::LoadBalancer do
                   :protocol => :https,
                   :instance_port => 81,
                   :instance_protocol => :http,
-                  :ssl_certificate_id => load_balancer_cert.aws_object.arn
+                  :ssl_certificate_id => load_balancer_cert.aws_object.server_certificate_metadata.arn
                 }
               ],
               subnets: ["test_public_subnet"],
@@ -91,33 +91,9 @@ describe Chef::Resource::LoadBalancer do
               # availability_zones: [test_public_subnet.aws_object.availability_zone_name]
            })
           end
-        }.to create_an_aws_load_balancer('test-load-balancer', {
-          listeners: Set[
-            {
-              :port => 80,
-              :protocol => :http,
-              :instance_port => 80,
-              :instance_protocol => :http,
-            },
-            {
-              :port => 443,
-              :protocol => :https,
-              :instance_port => 81,
-              :instance_protocol => :http,
-              :server_certificate => {arn: load_balancer_cert.aws_object.arn}
-            }
-          ],
-          subnets: [test_public_subnet.aws_object],
-          security_groups: [test_security_group.aws_object],
-          health_check: {
-            target: "HTTP:80/",
-            interval: 10,
-            timeout: 5,
-            unhealthy_threshold: 2,
-            healthy_threshold: 2
-          },
-          scheme: "internal"
-        }).and be_idempotent
+        }.to create_an_aws_load_balancer('test-load-balancer',
+          driver.elb_client.describe_load_balancers(load_balancer_names: ["test-load-balancer"])[0][0]
+        ).and be_idempotent
         expect(
           driver.elb_client.describe_load_balancer_attributes(load_balancer_name: "test-load-balancer").to_h
         ).to eq(load_balancer_attributes: {
@@ -184,7 +160,7 @@ describe Chef::Resource::LoadBalancer do
                 :protocol => :https,
                 :instance_port => 80,
                 :instance_protocol => :http,
-                :ssl_certificate_id => load_balancer_cert.aws_object.arn
+                :ssl_certificate_id => load_balancer_cert.aws_object.server_certificate_metadata.arn
             }],
             subnets: ["test_public_subnet"],
             security_groups: ["test_security_group"],
@@ -230,14 +206,14 @@ describe Chef::Resource::LoadBalancer do
                     :protocol => :https,
                     :instance_port => 8080,
                     :instance_protocol => :http,
-                    :ssl_certificate_id => load_balancer_cert.aws_object.arn
+                    :ssl_certificate_id => load_balancer_cert.aws_object.server_certificate_metadata.arn
                 },
                 {
                     :port => 8443,
                     :protocol => :https,
                     :instance_port => 80,
                     :instance_protocol => :http,
-                    :ssl_certificate_id => load_balancer_cert_2.aws_object.arn
+                    :ssl_certificate_id => load_balancer_cert_2.aws_object.server_certificate_metadata.arn
                 }],
                 subnets: ["test_public_subnet2"],
                 security_groups: ["test_security_group2"],
@@ -274,32 +250,7 @@ describe Chef::Resource::LoadBalancer do
                 }
              })
             end
-          }.to update_an_aws_load_balancer('test-load-balancer', {
-            listeners: [{
-                :port => 443,
-                :protocol => :https,
-                :instance_port => 8080,
-                :instance_protocol => :http,
-                :server_certificate => {arn: load_balancer_cert.aws_object.arn}
-            },
-            {
-                :port => 8443,
-                :protocol => :https,
-                :instance_port => 80,
-                :instance_protocol => :http,
-                :server_certificate => {arn: load_balancer_cert_2.aws_object.arn}
-            }],
-            subnets: [test_public_subnet2.aws_object],
-            security_groups: [test_security_group2.aws_object],
-            health_check: {
-              target: "HTTP:8080/",
-              interval: 15,
-              timeout: 4,
-              unhealthy_threshold: 3,
-              healthy_threshold: 3
-            },
-            scheme: "internal"
-          }).and be_idempotent
+          }.to update_an_aws_load_balancer('test-load-balancer', driver.elb_client.describe_load_balancers(load_balancer_names: ["test-load-balancer"])[0][0]).and be_idempotent
           expect(
             driver.elb_client.describe_load_balancer_attributes(load_balancer_name: "test-load-balancer").to_h
@@ -360,9 +311,10 @@ describe Chef::Resource::LoadBalancer do
               })
               machines ['test_load_balancer_machine1']
             end
-          }.to create_an_aws_load_balancer('test-load-balancer',
-            :instances => [{id: test_load_balancer_machine1.aws_object.id}]
-          ).and be_idempotent
+          }.to create_an_aws_load_balancer('test-load-balancer') { |aws_object|
+            ids = aws_object.instances.map {|i| i.instance_id}
+            expect([test_load_balancer_machine1.aws_object.id]).to eq(ids)
+          }.and be_idempotent
         end
         it "can reference machines by name or id" do
@@ -375,8 +327,7 @@ describe Chef::Resource::LoadBalancer do
               machines ['test_load_balancer_machine1', test_load_balancer_machine2.aws_object.id]
             end
           }.to create_an_aws_load_balancer('test-load-balancer') { |aws_object|
-            instances = aws_object.instances
-            ids = instances.map {|i| i.id}
+            ids = aws_object.instances.map {|i| i.instance_id}
             expect(ids.to_set).to eq([test_load_balancer_machine1.aws_object.id, test_load_balancer_machine2.aws_object.id].to_set)
           }.and be_idempotent
         end
@@ -399,9 +350,10 @@ describe Chef::Resource::LoadBalancer do
                 })
                 machines ['test_load_balancer_machine2']
               end
-            }.to match_an_aws_load_balancer('test-load-balancer',
-              :instances => [{id: test_load_balancer_machine2.aws_object.id}]
-            ).and be_idempotent
+            }.to match_an_aws_load_balancer('test-load-balancer') { |aws_object|
+              ids = aws_object.instances.map {|i| i.instance_id}
+              expect([test_load_balancer_machine2.aws_object.id]).to eq(ids)
+            }.and be_idempotent
           end
         end
       end
@@ -427,7 +379,8 @@ describe Chef::Resource::LoadBalancer do
             aws_tags key1: "value"
             load_balancer_options subnets: ["test_public_subnet"]
           end
-        }.to create_an_aws_load_balancer('test-load-balancer')
+        }.to create_an_aws_load_balancer('test-load-balancer',
+          driver.elb_client.describe_load_balancers(load_balancer_names: ["test-load-balancer"])[0][0])
         .and have_aws_load_balancer_tags('test-load-balancer',
           {
             'key1' => 'value'

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-provisioning-aws
 version: !ruby/object:Gem::Version
-  version: 3.0.0.pre.rc1
+  version: 3.0.0.pre.rc2
 platform: ruby
 authors:
 - Tyler Ball
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-10-13 00:00:00.000000000 Z
+date: 2017-11-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-provisioning