kitchen-cloudformation 1.2.0 → 1.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +26 -31
  3. data/kitchen-cloudformation.gemspec +5 -4
  4. data/lib/kitchen/driver/aws/cf_client.rb +51 -31
  5. data/lib/kitchen/driver/cloudformation.rb +20 -13
  6. data/lib/kitchen/driver/cloudformation_version.rb +1 -1
  7. metadata +18 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3883eee90445d050be51672d83d969ba7074a5f4
4
- data.tar.gz: 0ac9b6345cd456d11f9d67f988770a5168b8ab90
3
+ metadata.gz: 6891d8c196ba95d50531fbb357b0202854d4b63e
4
+ data.tar.gz: aebccfc91fa225fad525b43639a5ddb850fd6d17
5
5
  SHA512:
6
- metadata.gz: 2a4cca813dce8b8ebe317982cd2271c34dfe6684a425f705e8850c0ba8e8421dc47cc312087cada8fd9b8363b88892f6952668b041809470bb729403aac4c683
7
- data.tar.gz: 312ce9103687fc0f2d47ab0d7f610adbf3ad01f30135c3d0e3d7c61960717d117cddb6e2a1d5dd6c239ec41e2c965991afdac82583b33cc098a667e7e3059612
6
+ metadata.gz: 1322158e69d5b0c67d1adad03e1ec6d6017c4cf3b37e842a6b1563a8af74daf63179767ad3b6bae417777d6accf8789995f29a72bb66166a1fda30c75089f6e1
7
+ data.tar.gz: 4d70a45467995a1885d8c212c13386adac17e5ed09de73a33f6ffbc1037eaa46867beb44aecb4d06222d7312ec046fcec5af228b67283284ee12ba21ea4b43c9
data/README.md CHANGED
@@ -7,8 +7,7 @@ A Test Kitchen Driver for Amazon AWS Cloudformation.
7
7
 
8
8
  This driver uses the [aws sdk gem][aws_sdk_gem] to create and delete Amazon AWS Cloudformation stacks to orchestrate your cloud resources for your infrastructure testing, dev or production setup.
9
9
 
10
- It works best using AWS VPC where the servers have fixed IP addresses or in AWS Clasic using known Elastic IP Addresses.
11
- This allow the IP address of each of the servers to be specified as a hostname in the converge step.
10
+ If you wish to use servers specified as a hostname in the converge step then use a AWS VPC where the servers have fixed IP addresses or Elastic IP Addresses.
12
11
 
13
12
  So you can deploy and test say a Mongodb High Availability cluster by using cloud formation to create the servers
14
13
  and then converge each of the servers in the cluster and run tests.
@@ -20,8 +19,15 @@ This can be used with [kitchen-verifier-awspec](https://github.com/neillturner/k
20
19
  There are **no** external system requirements for this driver. However you
21
20
  will need access to an [AWS][aws_site] account.
22
21
 
22
+ ## AWS Configuration Options
23
+
24
+ key | default value | Notes
25
+ ----|---------------|--------
26
+ region|env_var AWS_REGION|The AWS region to use. defaults to 'us-east-1' if no AWS_REGION env var.
27
+ shared_credentials_profile| nil|Specify Credentials Using a Profile Name
23
28
 
24
- ## Configuration Options
29
+
30
+ ## CloudFormation Configuration Options
25
31
 
26
32
  key | default value | Notes
27
33
  ----|---------------|--------
@@ -32,8 +38,6 @@ on_failure||Determines what action will be taken if stack creation fails. accept
32
38
  parameters|{}|Hash of parameters {key: value} to apply to the templates
33
39
  resource_types| [] |The template resource types that you have permissions to work with. Array of Strings.
34
40
  role_arn||The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that AWS CloudFormation assumes to create the stack.
35
- shared_credentials_profile| nil|Specify Credentials Using a Profile Name
36
- ssl_cert_file| ENV["SSL_CERT_FILE"]|SSL Certificate required on Windows platforms
37
41
  stack_name ||Name of the Cloud Formation Stack to create
38
42
  stack_policy_body||Structure containing the stack policy body.
39
43
  stack_policy_url||Location of a file containing the stack policy.
@@ -44,37 +48,28 @@ timeout_in_minutes|0|Timeout if the stack is not created in the time
44
48
 
45
49
  See http://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html for parameter details.
46
50
 
47
- ## Authenticating with AWS
51
+ ### AWS Authentication
48
52
 
49
- There are 3 ways you can authenticate against AWS, and we will try them in the
53
+ In order to connect to AWS, you must specify the AWS access key id and secret key
54
+ for your account. There are 3 ways you do this, and we will try them in the
50
55
  following order:
51
56
 
52
57
  1. You can specify the access key and access secret (and optionally the session
53
- token) through config. See the `aws_access_key_id` and `aws_secret_access_key`
54
- config sections below to see how to specify these in your .kitchen.yml or
55
- through environment variables. If you would like to specify your session token
56
- use the environment variable `AWS_SESSION_TOKEN`.
57
- 1. The shared credentials ini file at `~/.aws/credentials`. You can specify
58
- multiple profiles in this file and select one with the `AWS_PROFILE`
59
- environment variable or the `shared_credentials_profile` driver config. Read
60
- [this][credentials_docs] for more information.
61
- 1. From an instance profile when running on EC2. This accesses the local
62
- metadata service to discover the local instance's IAM instance profile.
58
+ token) through config. The `aws_access_key_id` and `aws_secret_access_key`
59
+ parameters can be configured in the .kitchen.yml but its recommended to use
60
+ through environment variables. If you would like to specify your session token
61
+ use the environment variable `AWS_SESSION_TOKEN`.
62
+ 2. The shared credentials ini file at `~/.aws/credentials`. This is the file
63
+ populated by `aws configure` command line and used by AWS tools in general, so if
64
+ you are set up for any other AWS tools, you probably already have this. You can
65
+ specify multiple profiles in this file and select one with the `AWS_PROFILE`
66
+ environment variable or the `shared_credentials_profile` driver config. Read
67
+ [this][credentials_docs] for more information.
68
+ 3. From an instance profile when running on EC2. This accesses the local
69
+ metadata service to discover the local instance's IAM instance profile.
63
70
 
64
71
  This precedence order is taken from http://docs.aws.amazon.com/sdkforruby/api/index.html#Configuration
65
72
 
66
- ```
67
- In summary it searches the following locations for credentials:
68
-
69
- ENV['AWS_ACCESS_KEY_ID'] and ENV['AWS_SECRET_ACCESS_KEY']
70
- The shared credentials ini file at ~/.aws/credentials
71
- From an instance profile when running on EC2
72
-
73
- and it searches the following locations for a region:
74
-
75
- ENV['AWS_REGION']
76
- ```
77
-
78
73
  The first method attempted that works will be used. IE, if you want to auth
79
74
  using the instance profile, you must not set any of the access key configs
80
75
  or environment variables, and you must not specify a `~/.aws/credentials`
@@ -85,13 +80,13 @@ through CI we no longer recommend storing the AWS credentials in the
85
80
  `.kitchen.yml` file. Instead, specify them as environment variables or in the
86
81
  `~/.aws/credentials` file.
87
82
 
83
+
88
84
  ## SSL Certificate File Issues
89
85
 
90
86
  On windows you can get errors `SSLv3 read server certificate B: certificate verify failed`
91
87
  as per https://github.com/aws/aws-sdk-core-ruby/issues/93 .
92
88
 
93
- To overcome this problem set the parameter `ssl_cert_file` or the environment variable `SSL_CERT_FILE`
94
- to a a SSL CA bundle.
89
+ To overcome this problem set the environment variable `SSL_CERT_FILE` to a a SSL CA bundle.
95
90
 
96
91
  A file ca-bundle.crt is supplied inside this gem for this purpose so you can set it to something like:
97
92
  `<RubyHome>/lib/ruby/gems/2.1.0/gems/kitchen-cloudformation-0.0.1/ca-bundle.crt`
data/kitchen-cloudformation.gemspec CHANGED
@@ -5,19 +5,20 @@ require 'kitchen/driver/cloudformation_version.rb'
5
5
  Gem::Specification.new do |gem|
6
6
  gem.name = 'kitchen-cloudformation'
7
7
  gem.version = Kitchen::Driver::CLOUDFORMATION_VERSION
8
- gem.license = 'Apache 2.0'
8
+ gem.license = 'Apache-2.0'
9
9
  gem.authors = ['Neill Turner']
10
10
  gem.email = ['neillwturner@gmail.com']
11
11
  gem.description = 'A Test Kitchen Driver for Amazon AWS CloudFormation'
12
- gem.summary = gem.description
12
+ gem.summary = 'A Test Kitchen Driver for AWS CloudFormation'
13
13
  gem.homepage = 'https://github.com/neillturner/kitchen-cloudformation'
14
14
  candidates = Dir.glob('{lib}/**/*') + ['README.md', 'CHANGELOG.md', 'LICENSE', 'ca-bundle.crt', 'kitchen-cloudformation.gemspec']
15
15
  gem.files = candidates.sort
16
16
  gem.executables = []
17
17
  gem.require_paths = ['lib']
18
- gem.add_dependency 'test-kitchen', '~> 1.4'
18
+ gem.required_ruby_version = '>= 2.2.2'
19
+ gem.add_dependency 'test-kitchen', '~> 1.4', '>= 1.4.1'
19
20
  gem.add_dependency 'excon'
20
21
  gem.add_dependency 'multi_json'
21
- gem.add_dependency 'aws-sdk-v1', '~> 1.59.0'
22
22
  gem.add_dependency 'aws-sdk', '~> 2'
23
+ gem.add_dependency 'retryable', '~> 2.0'
23
24
  end
data/lib/kitchen/driver/aws/cf_client.rb CHANGED
@@ -20,55 +20,75 @@ require 'aws-sdk-core/instance_profile_credentials'
20
20
  module Kitchen
21
21
  module Driver
22
22
  class Aws
23
+ # A class for creating and managing the EC2 client connection
23
24
  #
24
- # A class for creating and managing the Cloud Formation client connection
25
- #
25
+ # @author Tyler Ball <tball@chef.io>
26
26
  class CfClient
27
- def initialize(
27
+ def initialize( # rubocop:disable Metrics/ParameterLists
28
28
  region,
29
29
  profile_name = nil,
30
- ssl_cert_file = nil,
31
- aws_key = {},
32
- session_token = nil
30
+ access_key_id = nil,
31
+ secret_access_key = nil,
32
+ session_token = nil,
33
+ http_proxy = nil,
34
+ retry_limit = nil,
35
+ ssl_verify_peer = true
33
36
  )
34
- access_key_id = aws_key[:access_key_id]
35
- secret_access_key = aws_key[:secret_access_key]
36
37
  creds = self.class.get_credentials(
37
- profile_name, access_key_id, secret_access_key, session_token
38
+ profile_name, access_key_id, secret_access_key, session_token, region
38
39
  )
39
-
40
- ::AWS.config(
40
+ ::Aws.config.update(
41
41
  region: region,
42
42
  credentials: creds,
43
- ssl_ca_bundle: ssl_cert_file
43
+ http_proxy: http_proxy,
44
+ ssl_verify_peer: ssl_verify_peer
44
45
  )
46
+ ::Aws.config.update(retry_limit: retry_limit) unless retry_limit.nil?
45
47
  end
46
48
 
47
49
  # Try and get the credentials from an ordered list of locations
48
50
  # http://docs.aws.amazon.com/sdkforruby/api/index.html#Configuration
49
- def self.get_credentials(profile_name, access_key_id, secret_access_key, session_token)
50
- shared_creds = ::Aws::SharedCredentials.new(profile_name: profile_name)
51
- if access_key_id && secret_access_key
52
- ::Aws::Credentials.new(access_key_id, secret_access_key, session_token)
53
- # TODO: these are deprecated, remove them in the next major version
54
- elsif ENV['AWS_ACCESS_KEY'] && ENV['AWS_SECRET_KEY']
55
- ::Aws::Credentials.new(
56
- ENV['AWS_ACCESS_KEY'],
57
- ENV['AWS_SECRET_KEY'],
58
- ENV['AWS_TOKEN']
59
- )
60
- elsif ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY']
61
- ::Aws::Credentials.new(
62
- ENV['AWS_ACCESS_KEY_ID'],
63
- ENV['AWS_SECRET_ACCESS_KEY'],
64
- ENV['AWS_SESSION_TOKEN']
51
+ # rubocop:disable Metrics/ParameterLists
52
+ def self.get_credentials(profile_name, access_key_id, secret_access_key, session_token,
53
+ region, options = {})
54
+ source_creds =
55
+ if access_key_id && secret_access_key
56
+ ::Aws::Credentials.new(access_key_id, secret_access_key, session_token)
57
+ elsif ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY']
58
+ ::Aws::Credentials.new(
59
+ ENV['AWS_ACCESS_KEY_ID'],
60
+ ENV['AWS_SECRET_ACCESS_KEY'],
61
+ ENV['AWS_SESSION_TOKEN']
62
+ )
63
+ elsif profile_name
64
+ ::Aws::SharedCredentials.new(profile_name: profile_name)
65
+ elsif default_shared_credentials?
66
+ ::Aws::SharedCredentials.new
67
+ else
68
+ ::Aws::InstanceProfileCredentials.new(retries: 1)
69
+ end
70
+
71
+ if options[:assume_role_arn] && options[:assume_role_session_name]
72
+ sts = ::Aws::STS::Client.new(credentials: source_creds, region: region)
73
+
74
+ assume_role_options = (options[:assume_role_options] || {}).merge(
75
+ client: sts,
76
+ role_arn: options[:assume_role_arn],
77
+ role_session_name: options[:assume_role_session_name]
65
78
  )
66
- elsif shared_creds.loadable?
67
- shared_creds
79
+
80
+ ::Aws::AssumeRoleCredentials.new(assume_role_options)
68
81
  else
69
- ::Aws::InstanceProfileCredentials.new(retries: 1)
82
+ source_creds
70
83
  end
71
84
  end
85
+ # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
86
+
87
+ def self.default_shared_credentials?
88
+ ::Aws::SharedCredentials.new.loadable?
89
+ rescue ::Aws::Errors::NoSuchProfileError
90
+ false
91
+ end
72
92
 
73
93
  def create_stack(options)
74
94
  resource.create_stack(options)
data/lib/kitchen/driver/cloudformation.rb CHANGED
@@ -13,12 +13,10 @@
13
13
 
14
14
  require 'benchmark'
15
15
  require 'json'
16
- require 'aws'
17
16
  require 'kitchen'
18
17
  require_relative 'cloudformation_version'
19
18
  require_relative 'aws/cf_client'
20
19
  require_relative 'aws/stack_generator'
21
- # require 'aws-sdk-core/waiters/errors'
22
20
 
23
21
  module Kitchen
24
22
  module Driver
@@ -29,9 +27,14 @@ module Kitchen
29
27
  kitchen_driver_api_version 2
30
28
 
31
29
  plugin_version Kitchen::Driver::CLOUDFORMATION_VERSION
32
-
30
+ default_config :region, ENV['AWS_REGION'] || 'us-east-1'
33
31
  default_config :shared_credentials_profile, nil
34
- default_config :ssl_cert_file, ENV['SSL_CERT_FILE']
32
+ default_config :aws_access_key_id, nil
33
+ default_config :aws_secret_access_key, nil
34
+ default_config :aws_session_token, nil
35
+ default_config :http_proxy, ENV['HTTPS_PROXY'] || ENV['HTTP_PROXY']
36
+ default_config :retry_limit, 3
37
+ default_config :ssl_verify_peer, true
35
38
  default_config :stack_name, nil
36
39
  default_config :template_file, nil
37
40
  default_config :capabilities, nil
@@ -51,23 +54,23 @@ module Kitchen
51
54
  default_config :stack_policy_url, nil
52
55
  default_config :tags, {}
53
56
 
54
- required_config :ssh_key
55
57
  required_config :stack_name
56
58
 
59
+ # rubocop:disable Lint/RescueWithoutErrorClass
57
60
  def create(state)
58
61
  copy_deprecated_configs(state)
59
62
  return if state[:stack_name]
60
63
 
61
- info(Kitchen::Util.outdent!(<<-END))
64
+ info(Kitchen::Util.outdent!(<<-TEXT))
62
65
  Creating CloudFormation Stack <#{config[:stack_name]}>...
63
66
  If you are not using an account that qualifies under the AWS
64
67
  free-tier, you may be charged to run these suites. The charge
65
68
  should be minimal, but neither Test Kitchen nor its maintainers
66
69
  are responsible for your incurred costs.
67
- END
70
+ TEXT
68
71
  begin
69
72
  stack = create_stack
70
- rescue # Exception => e
73
+ rescue
71
74
  error("CloudFormation #{$ERROR_INFO}.") # e.message
72
75
  return
73
76
  end
@@ -109,7 +112,7 @@ module Kitchen
109
112
  sleep(30)
110
113
  stack = cf.get_stack(state[:stack_name])
111
114
  end
112
- rescue # Exception => e
115
+ rescue
113
116
  info("CloudFormation stack <#{state[:stack_name]}> deleted.")
114
117
  state.delete(:stack_name)
115
118
  return
@@ -118,14 +121,18 @@ module Kitchen
118
121
  error("CloudFormation stack <#{stack.stack_name}> failed to deleted.")
119
122
  end
120
123
  end
124
+ # rubocop:enable Lint/RescueWithoutErrorClass
121
125
 
122
126
  def cf
123
127
  @cf ||= Aws::CfClient.new(
124
- '',
128
+ config[:region],
125
129
  config[:shared_credentials_profile],
126
- config[:ssl_cert_file],
127
- { access_key_id: nil, secret_access_key: nil },
128
- nil
130
+ config[:aws_access_key_id],
131
+ config[:aws_secret_access_key],
132
+ config[:aws_session_token],
133
+ config[:http_proxy],
134
+ config[:retry_limit],
135
+ config[:ssl_verify_peer]
129
136
  )
130
137
  end
131
138
 
data/lib/kitchen/driver/cloudformation_version.rb CHANGED
@@ -14,6 +14,6 @@
14
14
  module Kitchen
15
15
  module Driver
16
16
  # Version string for CloudFormation Test Kitchen driver
17
- CLOUDFORMATION_VERSION = '1.2.0'.freeze
17
+ CLOUDFORMATION_VERSION = '1.3.0'.freeze
18
18
  end
19
19
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kitchen-cloudformation
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Neill Turner
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-03-17 00:00:00.000000000 Z
11
+ date: 2017-09-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: test-kitchen
@@ -17,6 +17,9 @@ dependencies:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
19
  version: '1.4'
20
+ - - ">="
21
+ - !ruby/object:Gem::Version
22
+ version: 1.4.1
20
23
  type: :runtime
21
24
  prerelease: false
22
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -24,6 +27,9 @@ dependencies:
24
27
  - - "~>"
25
28
  - !ruby/object:Gem::Version
26
29
  version: '1.4'
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: 1.4.1
27
33
  - !ruby/object:Gem::Dependency
28
34
  name: excon
29
35
  requirement: !ruby/object:Gem::Requirement
@@ -53,33 +59,33 @@ dependencies:
53
59
  - !ruby/object:Gem::Version
54
60
  version: '0'
55
61
  - !ruby/object:Gem::Dependency
56
- name: aws-sdk-v1
62
+ name: aws-sdk
57
63
  requirement: !ruby/object:Gem::Requirement
58
64
  requirements:
59
65
  - - "~>"
60
66
  - !ruby/object:Gem::Version
61
- version: 1.59.0
67
+ version: '2'
62
68
  type: :runtime
63
69
  prerelease: false
64
70
  version_requirements: !ruby/object:Gem::Requirement
65
71
  requirements:
66
72
  - - "~>"
67
73
  - !ruby/object:Gem::Version
68
- version: 1.59.0
74
+ version: '2'
69
75
  - !ruby/object:Gem::Dependency
70
- name: aws-sdk
76
+ name: retryable
71
77
  requirement: !ruby/object:Gem::Requirement
72
78
  requirements:
73
79
  - - "~>"
74
80
  - !ruby/object:Gem::Version
75
- version: '2'
81
+ version: '2.0'
76
82
  type: :runtime
77
83
  prerelease: false
78
84
  version_requirements: !ruby/object:Gem::Requirement
79
85
  requirements:
80
86
  - - "~>"
81
87
  - !ruby/object:Gem::Version
82
- version: '2'
88
+ version: '2.0'
83
89
  description: A Test Kitchen Driver for Amazon AWS CloudFormation
84
90
  email:
85
91
  - neillwturner@gmail.com
@@ -98,7 +104,7 @@ files:
98
104
  - lib/kitchen/driver/cloudformation_version.rb
99
105
  homepage: https://github.com/neillturner/kitchen-cloudformation
100
106
  licenses:
101
- - Apache 2.0
107
+ - Apache-2.0
102
108
  metadata: {}
103
109
  post_install_message:
104
110
  rdoc_options: []
@@ -108,7 +114,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
108
114
  requirements:
109
115
  - - ">="
110
116
  - !ruby/object:Gem::Version
111
- version: '0'
117
+ version: 2.2.2
112
118
  required_rubygems_version: !ruby/object:Gem::Requirement
113
119
  requirements:
114
120
  - - ">="
@@ -116,8 +122,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
116
122
  version: '0'
117
123
  requirements: []
118
124
  rubyforge_project:
119
- rubygems_version: 2.4.5.1
125
+ rubygems_version: 2.6.13
120
126
  signing_key:
121
127
  specification_version: 4
122
- summary: A Test Kitchen Driver for Amazon AWS CloudFormation
128
+ summary: A Test Kitchen Driver for AWS CloudFormation
123
129
  test_files: []