kitchen-cloudformation 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3883eee90445d050be51672d83d969ba7074a5f4
-  data.tar.gz: 0ac9b6345cd456d11f9d67f988770a5168b8ab90
+  metadata.gz: 6891d8c196ba95d50531fbb357b0202854d4b63e
+  data.tar.gz: aebccfc91fa225fad525b43639a5ddb850fd6d17
 SHA512:
-  metadata.gz: 2a4cca813dce8b8ebe317982cd2271c34dfe6684a425f705e8850c0ba8e8421dc47cc312087cada8fd9b8363b88892f6952668b041809470bb729403aac4c683
-  data.tar.gz: 312ce9103687fc0f2d47ab0d7f610adbf3ad01f30135c3d0e3d7c61960717d117cddb6e2a1d5dd6c239ec41e2c965991afdac82583b33cc098a667e7e3059612
+  metadata.gz: 1322158e69d5b0c67d1adad03e1ec6d6017c4cf3b37e842a6b1563a8af74daf63179767ad3b6bae417777d6accf8789995f29a72bb66166a1fda30c75089f6e1
+  data.tar.gz: 4d70a45467995a1885d8c212c13386adac17e5ed09de73a33f6ffbc1037eaa46867beb44aecb4d06222d7312ec046fcec5af228b67283284ee12ba21ea4b43c9

data/README.md

@@ -7,8 +7,7 @@ A Test Kitchen Driver for Amazon AWS Cloudformation.
 
 This driver uses the [aws sdk gem][aws_sdk_gem] to create and delete Amazon AWS Cloudformation stacks to orchestrate your cloud resources for your infrastructure testing, dev or production setup.
 
-It works best using AWS VPC where the servers have fixed IP addresses or in AWS Clasic using known Elastic IP Addresses.
-This allow the IP address of each of the servers to be specified as a hostname in the converge step.
+If you wish to use servers specified as a hostname in the converge step then use a AWS VPC where the servers have fixed IP addresses or Elastic IP Addresses.
 
 So you can deploy and test say a Mongodb High Availability cluster by using cloud formation to create the servers
 and then converge each of the servers in the cluster and run tests.
@@ -20,8 +19,15 @@ This can be used with [kitchen-verifier-awspec](https://github.com/neillturner/k
 There are **no** external system requirements for this driver. However you
 will need access to an [AWS][aws_site] account.
 
+## AWS Configuration Options
+
+key | default value | Notes
+----|---------------|--------
+region|env_var AWS_REGION|The AWS region to use. defaults to 'us-east-1' if no AWS_REGION env var.
+shared_credentials_profile| nil|Specify Credentials Using a Profile Name
 
-## Configuration Options
+
+## CloudFormation Configuration Options
 
 key | default value | Notes
 ----|---------------|--------
@@ -32,8 +38,6 @@ on_failure||Determines what action will be taken if stack creation fails. accept
 parameters|{}|Hash of parameters {key: value} to apply to the templates
 resource_types| [] |The template resource types that you have permissions to work with. Array of Strings.
 role_arn||The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that AWS CloudFormation assumes to create the stack.
-shared_credentials_profile| nil|Specify Credentials Using a Profile Name
-ssl_cert_file| ENV["SSL_CERT_FILE"]|SSL Certificate required on Windows platforms
 stack_name ||Name of the Cloud Formation Stack to create
 stack_policy_body||Structure containing the stack policy body.
 stack_policy_url||Location of a file containing the stack policy.
@@ -44,37 +48,28 @@ timeout_in_minutes|0|Timeout if the stack is not created in the time
 
 See http://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html for parameter details.
 
-## Authenticating with AWS
+### AWS Authentication
 
-There are 3 ways you can authenticate against AWS, and we will try them in the
+In order to connect to AWS, you must specify the AWS access key id and secret key
+for your account. There are 3 ways you do this, and we will try them in the
 following order:
 
 1. You can specify the access key and access secret (and optionally the session
-token) through config.  See the `aws_access_key_id` and `aws_secret_access_key`
-config sections below to see how to specify these in your .kitchen.yml or
-through environment variables.  If you would like to specify your session token
-use the environment variable `AWS_SESSION_TOKEN`.
-1. The shared credentials ini file at `~/.aws/credentials`.  You can specify
-multiple profiles in this file and select one with the `AWS_PROFILE`
-environment variable or the `shared_credentials_profile` driver config.  Read
-[this][credentials_docs] for more information.
-1. From an instance profile when running on EC2.  This accesses the local
-metadata service to discover the local instance's IAM instance profile.
+   token) through config.  The `aws_access_key_id` and `aws_secret_access_key`
+   parameters can be configured in the .kitchen.yml but its recommended to use
+   through environment variables.  If you would like to specify your session token
+   use the environment variable `AWS_SESSION_TOKEN`.
+2. The shared credentials ini file at `~/.aws/credentials`. This is the file
+   populated by `aws configure` command line and used by AWS tools in general, so if
+   you are set up for any other AWS tools, you probably already have this. You can
+   specify multiple profiles in this file and select one with the `AWS_PROFILE`
+   environment variable or the `shared_credentials_profile` driver config.  Read
+   [this][credentials_docs] for more information.
+3. From an instance profile when running on EC2.  This accesses the local
+   metadata service to discover the local instance's IAM instance profile.
 
 This precedence order is taken from http://docs.aws.amazon.com/sdkforruby/api/index.html#Configuration
 
-```
-In summary it searches the following locations for credentials:
-
-   ENV['AWS_ACCESS_KEY_ID'] and ENV['AWS_SECRET_ACCESS_KEY']
-   The shared credentials ini file at ~/.aws/credentials
-   From an instance profile when running on EC2
-
-and it searches the following locations for a region:
-
-   ENV['AWS_REGION']
-```
-
 The first method attempted that works will be used.  IE, if you want to auth
 using the instance profile, you must not set any of the access key configs
 or environment variables, and you must not specify a `~/.aws/credentials`
@@ -85,13 +80,13 @@ through CI we no longer recommend storing the AWS credentials in the
 `.kitchen.yml` file.  Instead, specify them as environment variables or in the
 `~/.aws/credentials` file.
 
+
 ## SSL Certificate File Issues
 
 On windows you can get errors `SSLv3 read server certificate B: certificate verify failed`
 as per https://github.com/aws/aws-sdk-core-ruby/issues/93 .
 
-To overcome this problem set the parameter `ssl_cert_file` or the environment variable `SSL_CERT_FILE`
-to a a SSL CA bundle.
+To overcome this problem set the environment variable `SSL_CERT_FILE` to a a SSL CA bundle.
 
 A file ca-bundle.crt is supplied inside this gem for this purpose so you can set it to something like:
 `<RubyHome>/lib/ruby/gems/2.1.0/gems/kitchen-cloudformation-0.0.1/ca-bundle.crt`

data/kitchen-cloudformation.gemspec

@@ -5,19 +5,20 @@ require 'kitchen/driver/cloudformation_version.rb'
 Gem::Specification.new do |gem|
   gem.name          = 'kitchen-cloudformation'
   gem.version       = Kitchen::Driver::CLOUDFORMATION_VERSION
-  gem.license       = 'Apache 2.0'
+  gem.license       = 'Apache-2.0'
   gem.authors       = ['Neill Turner']
   gem.email         = ['neillwturner@gmail.com']
   gem.description   = 'A Test Kitchen Driver for Amazon AWS CloudFormation'
-  gem.summary       = gem.description
+  gem.summary       = 'A Test Kitchen Driver for AWS CloudFormation'
   gem.homepage      = 'https://github.com/neillturner/kitchen-cloudformation'
   candidates = Dir.glob('{lib}/**/*') + ['README.md', 'CHANGELOG.md', 'LICENSE', 'ca-bundle.crt', 'kitchen-cloudformation.gemspec']
   gem.files         = candidates.sort
   gem.executables   = []
   gem.require_paths = ['lib']
-  gem.add_dependency 'test-kitchen', '~> 1.4'
+  gem.required_ruby_version = '>= 2.2.2'
+  gem.add_dependency 'test-kitchen', '~> 1.4', '>= 1.4.1'
   gem.add_dependency 'excon'
   gem.add_dependency 'multi_json'
-  gem.add_dependency 'aws-sdk-v1', '~> 1.59.0'
   gem.add_dependency 'aws-sdk', '~> 2'
+  gem.add_dependency 'retryable', '~> 2.0'
 end

data/lib/kitchen/driver/aws/cf_client.rb

@@ -20,55 +20,75 @@ require 'aws-sdk-core/instance_profile_credentials'
 module Kitchen
   module Driver
     class Aws
+      # A class for creating and managing the EC2 client connection
       #
-      # A class for creating and managing the Cloud Formation client connection
-      #
+      # @author Tyler Ball <tball@chef.io>
       class CfClient
-        def initialize(
+        def initialize( # rubocop:disable Metrics/ParameterLists
           region,
           profile_name = nil,
-          ssl_cert_file = nil,
-          aws_key = {},
-          session_token = nil
+          access_key_id = nil,
+          secret_access_key = nil,
+          session_token = nil,
+          http_proxy = nil,
+          retry_limit = nil,
+          ssl_verify_peer = true
         )
-          access_key_id = aws_key[:access_key_id]
-          secret_access_key = aws_key[:secret_access_key]
           creds = self.class.get_credentials(
-            profile_name, access_key_id, secret_access_key, session_token
+            profile_name, access_key_id, secret_access_key, session_token, region
           )
-
-          ::AWS.config(
+          ::Aws.config.update(
             region: region,
             credentials: creds,
-            ssl_ca_bundle: ssl_cert_file
+            http_proxy: http_proxy,
+            ssl_verify_peer: ssl_verify_peer
           )
+          ::Aws.config.update(retry_limit: retry_limit) unless retry_limit.nil?
         end
 
         # Try and get the credentials from an ordered list of locations
         # http://docs.aws.amazon.com/sdkforruby/api/index.html#Configuration
-        def self.get_credentials(profile_name, access_key_id, secret_access_key, session_token)
-          shared_creds = ::Aws::SharedCredentials.new(profile_name: profile_name)
-          if access_key_id && secret_access_key
-            ::Aws::Credentials.new(access_key_id, secret_access_key, session_token)
-          # TODO: these are deprecated, remove them in the next major version
-          elsif ENV['AWS_ACCESS_KEY'] && ENV['AWS_SECRET_KEY']
-            ::Aws::Credentials.new(
-              ENV['AWS_ACCESS_KEY'],
-              ENV['AWS_SECRET_KEY'],
-              ENV['AWS_TOKEN']
-            )
-          elsif ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY']
-            ::Aws::Credentials.new(
-              ENV['AWS_ACCESS_KEY_ID'],
-              ENV['AWS_SECRET_ACCESS_KEY'],
-              ENV['AWS_SESSION_TOKEN']
+        # rubocop:disable Metrics/ParameterLists
+        def self.get_credentials(profile_name, access_key_id, secret_access_key, session_token,
+                                 region, options = {})
+          source_creds =
+            if access_key_id && secret_access_key
+              ::Aws::Credentials.new(access_key_id, secret_access_key, session_token)
+            elsif ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY']
+              ::Aws::Credentials.new(
+                ENV['AWS_ACCESS_KEY_ID'],
+                ENV['AWS_SECRET_ACCESS_KEY'],
+                ENV['AWS_SESSION_TOKEN']
+              )
+            elsif profile_name
+              ::Aws::SharedCredentials.new(profile_name: profile_name)
+            elsif default_shared_credentials?
+              ::Aws::SharedCredentials.new
+            else
+              ::Aws::InstanceProfileCredentials.new(retries: 1)
+            end
+
+          if options[:assume_role_arn] && options[:assume_role_session_name]
+            sts = ::Aws::STS::Client.new(credentials: source_creds, region: region)
+
+            assume_role_options = (options[:assume_role_options] || {}).merge(
+              client: sts,
+              role_arn: options[:assume_role_arn],
+              role_session_name: options[:assume_role_session_name]
             )
-          elsif shared_creds.loadable?
-            shared_creds
+
+            ::Aws::AssumeRoleCredentials.new(assume_role_options)
           else
-            ::Aws::InstanceProfileCredentials.new(retries: 1)
+            source_creds
           end
         end
+        # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+
+        def self.default_shared_credentials?
+          ::Aws::SharedCredentials.new.loadable?
+        rescue ::Aws::Errors::NoSuchProfileError
+          false
+        end
 
         def create_stack(options)
           resource.create_stack(options)

data/lib/kitchen/driver/cloudformation.rb

@@ -13,12 +13,10 @@
 
 require 'benchmark'
 require 'json'
-require 'aws'
 require 'kitchen'
 require_relative 'cloudformation_version'
 require_relative 'aws/cf_client'
 require_relative 'aws/stack_generator'
-# require 'aws-sdk-core/waiters/errors'
 
 module Kitchen
   module Driver
@@ -29,9 +27,14 @@ module Kitchen
       kitchen_driver_api_version 2
 
       plugin_version Kitchen::Driver::CLOUDFORMATION_VERSION
-
+      default_config :region, ENV['AWS_REGION'] || 'us-east-1'
       default_config :shared_credentials_profile, nil
-      default_config :ssl_cert_file, ENV['SSL_CERT_FILE']
+      default_config :aws_access_key_id, nil
+      default_config :aws_secret_access_key, nil
+      default_config :aws_session_token, nil
+      default_config :http_proxy, ENV['HTTPS_PROXY'] || ENV['HTTP_PROXY']
+      default_config :retry_limit, 3
+      default_config :ssl_verify_peer, true
       default_config :stack_name, nil
       default_config :template_file, nil
       default_config :capabilities, nil
@@ -51,23 +54,23 @@ module Kitchen
       default_config :stack_policy_url, nil
       default_config :tags, {}
 
-      required_config :ssh_key
       required_config :stack_name
 
+      # rubocop:disable Lint/RescueWithoutErrorClass
       def create(state)
         copy_deprecated_configs(state)
         return if state[:stack_name]
 
-        info(Kitchen::Util.outdent!(<<-END))
+        info(Kitchen::Util.outdent!(<<-TEXT))
           Creating CloudFormation Stack <#{config[:stack_name]}>...
           If you are not using an account that qualifies under the AWS
           free-tier, you may be charged to run these suites. The charge
           should be minimal, but neither Test Kitchen nor its maintainers
           are responsible for your incurred costs.
-        END
+        TEXT
         begin
           stack = create_stack
-        rescue # Exception => e
+        rescue
           error("CloudFormation #{$ERROR_INFO}.") # e.message
           return
         end
@@ -109,7 +112,7 @@ module Kitchen
               sleep(30)
               stack = cf.get_stack(state[:stack_name])
             end
-          rescue # Exception => e
+          rescue
             info("CloudFormation stack <#{state[:stack_name]}> deleted.")
             state.delete(:stack_name)
             return
@@ -118,14 +121,18 @@ module Kitchen
           error("CloudFormation stack <#{stack.stack_name}> failed to deleted.")
         end
       end
+      # rubocop:enable Lint/RescueWithoutErrorClass
 
       def cf
         @cf ||= Aws::CfClient.new(
-          '',
+          config[:region],
           config[:shared_credentials_profile],
-          config[:ssl_cert_file],
-          { access_key_id: nil, secret_access_key: nil },
-          nil
+          config[:aws_access_key_id],
+          config[:aws_secret_access_key],
+          config[:aws_session_token],
+          config[:http_proxy],
+          config[:retry_limit],
+          config[:ssl_verify_peer]
         )
       end
 

data/lib/kitchen/driver/cloudformation_version.rb

@@ -14,6 +14,6 @@
 module Kitchen
   module Driver
     # Version string for CloudFormation Test Kitchen driver
-    CLOUDFORMATION_VERSION = '1.2.0'.freeze
+    CLOUDFORMATION_VERSION = '1.3.0'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kitchen-cloudformation
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Neill Turner
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-17 00:00:00.000000000 Z
+date: 2017-09-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: test-kitchen
@@ -17,6 +17,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.4.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -24,6 +27,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.4.1
 - !ruby/object:Gem::Dependency
   name: excon
   requirement: !ruby/object:Gem::Requirement
@@ -53,33 +59,33 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: aws-sdk-v1
+  name: aws-sdk
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.59.0
+        version: '2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.59.0
+        version: '2'
 - !ruby/object:Gem::Dependency
-  name: aws-sdk
+  name: retryable
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '2.0'
 description: A Test Kitchen Driver for Amazon AWS CloudFormation
 email:
 - neillwturner@gmail.com
@@ -98,7 +104,7 @@ files:
 - lib/kitchen/driver/cloudformation_version.rb
 homepage: https://github.com/neillturner/kitchen-cloudformation
 licenses:
-- Apache 2.0
+- Apache-2.0
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -108,7 +114,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.2.2
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -116,8 +122,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 2.6.13
 signing_key: 
 specification_version: 4
-summary: A Test Kitchen Driver for Amazon AWS CloudFormation
+summary: A Test Kitchen Driver for AWS CloudFormation
 test_files: []