kitchen-ec2 2.2.0 → 2.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +1 -2
- data/CHANGELOG.md +9 -0
- data/lib/kitchen/driver/aws/instance_generator.rb +12 -10
- data/lib/kitchen/driver/ec2.rb +38 -27
- data/lib/kitchen/driver/ec2_version.rb +1 -1
- data/spec/kitchen/driver/ec2/instance_generator_spec.rb +36 -0
- data/spec/kitchen/driver/ec2_spec.rb +12 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 863664a181278e965fac6bb54cf85b705b88e72c
|
4
|
+
data.tar.gz: c2245899fe742f202ebe555038931d8df7776452
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ad29d9a33374c23d585d1ddbefda2712005a5a5c57117a2e071fffdde98ccb7b43e84b409f6eef9e4c0e0a23620714633d2bab7d2782ce6b99cd595f8da1a2fd
|
7
|
+
data.tar.gz: 542e97cb2aa201bac249aca2b3cfe790e2a604acefdd916e7eac59beecb644ed167f164d6e8119ff4bd390c636ca218122581f3654e650455f65bada09607fc0
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,14 @@
|
|
1
1
|
# Change Log
|
2
2
|
|
3
|
+
## [v2.2.1](https://github.com/test-kitchen/kitchen-ec2/tree/v2.2.1) (2018-02-12)
|
4
|
+
[Full Changelog](https://github.com/test-kitchen/kitchen-ec2/compare/v2.2.0...v2.2.1)
|
5
|
+
|
6
|
+
**Fixed bugs:**
|
7
|
+
|
8
|
+
- Fix `undefined` error when Windows AMIs don't include "windows" in name [\#322](https://github.com/test-kitchen/kitchen-ec2/issues/322) [\#324](https://github.com/test-kitchen/kitchen-ec2/pull/324) ([BenLiyanage](https://github.com/BenLiyanage))
|
9
|
+
- Fix error behavior when security\_group\_filter is set but no security group found for those tags [\#386](https://github.com/test-kitchen/kitchen-ec2/pull/386) ([dpattmann](https://github.com/dpattmann))
|
10
|
+
- Don't create security group if security\_group\_filter is set [\#385](https://github.com/test-kitchen/kitchen-ec2/pull/385) ([dpattmann](https://github.com/dpattmann))
|
11
|
+
|
3
12
|
## [v2.2.0](https://github.com/test-kitchen/kitchen-ec2/tree/v2.2.0) (2018-01-27)
|
4
13
|
|
5
14
|
[Full Changelog](https://github.com/test-kitchen/kitchen-ec2/compare/v2.1.0...v2.2.0)
|
@@ -62,19 +62,21 @@ module Kitchen
|
|
62
62
|
end
|
63
63
|
|
64
64
|
if config[:security_group_ids].nil? && config[:security_group_filter]
|
65
|
-
|
66
|
-
|
65
|
+
security_group = ::Aws::EC2::Client.
|
66
|
+
new(:region => config[:region]).describe_security_groups(
|
67
67
|
:filters => [
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
68
|
+
{
|
69
|
+
:name => "tag:#{config[:security_group_filter][:tag]}",
|
70
|
+
:values => [config[:security_group_filter][:value]],
|
71
|
+
},
|
72
72
|
]
|
73
|
-
|
73
|
+
)[0][0]
|
74
74
|
|
75
|
-
if
|
76
|
-
|
77
|
-
|
75
|
+
if security_group
|
76
|
+
config[:security_group_ids] = [security_group.group_id]
|
77
|
+
else
|
78
|
+
raise "The group tagged '#{config[:security_group_filter][:tag]} " +
|
79
|
+
"#{config[:security_group_filter][:value]}' does not exist!"
|
78
80
|
end
|
79
81
|
end
|
80
82
|
|
data/lib/kitchen/driver/ec2.rb
CHANGED
@@ -61,6 +61,7 @@ module Kitchen
|
|
61
61
|
end
|
62
62
|
default_config :ebs_optimized, false
|
63
63
|
default_config :security_group_ids, nil
|
64
|
+
default_config :security_group_filter, nil
|
64
65
|
default_config :tags, "created-by" => "test-kitchen"
|
65
66
|
default_config :user_data do |driver|
|
66
67
|
if driver.windows_os?
|
@@ -210,7 +211,7 @@ module Kitchen
|
|
210
211
|
END
|
211
212
|
|
212
213
|
# If no security group IDs are specified, create one automatically.
|
213
|
-
unless config[:security_group_ids]
|
214
|
+
unless config[:security_group_ids] || config[:security_group_filter]
|
214
215
|
create_security_group(state)
|
215
216
|
config[:security_group_ids] = [state[:auto_security_group_id]]
|
216
217
|
end
|
@@ -622,6 +623,36 @@ module Kitchen
|
|
622
623
|
end
|
623
624
|
|
624
625
|
def default_windows_user_data
|
626
|
+
base_script = Kitchen::Util.outdent!(<<-EOH)
|
627
|
+
$OSVersion = (get-itemproperty -Path "HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion" -Name ProductName).ProductName
|
628
|
+
If($OSVersion.contains('2016'))
|
629
|
+
{
|
630
|
+
$logfile='C:\\ProgramData\\Amazon\\EC2-Windows\\Launch\\Log\\kitchen-ec2.log'
|
631
|
+
# EC2Launch doesn't init extra disks by default
|
632
|
+
C:\\ProgramData\\Amazon\\EC2-Windows\\Launch\\Scripts\\InitializeDisks.ps1
|
633
|
+
}
|
634
|
+
Else
|
635
|
+
{
|
636
|
+
$logfile='C:\\Program Files\\Amazon\\Ec2ConfigService\\Logs\\kitchen-ec2.log'
|
637
|
+
}
|
638
|
+
# Allow script execution
|
639
|
+
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
|
640
|
+
#PS Remoting and & winrm.cmd basic config
|
641
|
+
$enableArgs=@{Force=$true}
|
642
|
+
$command=Get-Command Enable-PSRemoting
|
643
|
+
if($command.Parameters.Keys -contains "skipnetworkprofilecheck"){
|
644
|
+
$enableArgs.skipnetworkprofilecheck=$true
|
645
|
+
}
|
646
|
+
Enable-PSRemoting @enableArgs
|
647
|
+
& winrm.cmd set winrm/config '@{MaxTimeoutms="1800000"}' >> $logfile
|
648
|
+
& winrm.cmd set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}' >> $logfile
|
649
|
+
& winrm.cmd set winrm/config/winrs '@{MaxShellsPerUser="50"}' >> $logfile
|
650
|
+
& winrm.cmd set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}' >> $logfile
|
651
|
+
#Firewall Config
|
652
|
+
& netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 remoteip=localsubnet new remoteip=any >> $logfile
|
653
|
+
Set-ItemProperty -Name LocalAccountTokenFilterPolicy -Path HKLM:\\software\\Microsoft\\Windows\\CurrentVersion\\Policies\\system -Value 1
|
654
|
+
EOH
|
655
|
+
|
625
656
|
# Preparing custom static admin user if we defined something other than Administrator
|
626
657
|
custom_admin_script = ""
|
627
658
|
if !(instance.transport[:username] =~ /administrator/i) && instance.transport[:password]
|
@@ -642,35 +673,10 @@ module Kitchen
|
|
642
673
|
EOH
|
643
674
|
end
|
644
675
|
|
645
|
-
if actual_platform.version =~ /2016/
|
646
|
-
logfile_name = 'C:\\ProgramData\\Amazon\\EC2-Windows\\Launch\\Log\\kitchen-ec2.log'
|
647
|
-
disk_init = 'C:\\ProgramData\\Amazon\\EC2-Windows\\Launch\\Scripts\\InitializeDisks.ps1'
|
648
|
-
else
|
649
|
-
logfile_name = 'C:\\Program Files\\Amazon\\Ec2ConfigService\\Logs\\kitchen-ec2.log'
|
650
|
-
disk_init = ""
|
651
|
-
end
|
652
676
|
# Returning the fully constructed PowerShell script to user_data
|
653
677
|
Kitchen::Util.outdent!(<<-EOH)
|
654
678
|
<powershell>
|
655
|
-
|
656
|
-
# EC2Launch doesn't init extra disks by default
|
657
|
-
#{disk_init}
|
658
|
-
# Allow script execution
|
659
|
-
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
|
660
|
-
#PS Remoting and & winrm.cmd basic config
|
661
|
-
$enableArgs=@{Force=$true}
|
662
|
-
$command=Get-Command Enable-PSRemoting
|
663
|
-
if($command.Parameters.Keys -contains "skipnetworkprofilecheck"){
|
664
|
-
$enableArgs.skipnetworkprofilecheck=$true
|
665
|
-
}
|
666
|
-
Enable-PSRemoting @enableArgs
|
667
|
-
& winrm.cmd set winrm/config '@{MaxTimeoutms="1800000"}' >> $logfile
|
668
|
-
& winrm.cmd set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}' >> $logfile
|
669
|
-
& winrm.cmd set winrm/config/winrs '@{MaxShellsPerUser="50"}' >> $logfile
|
670
|
-
& winrm.cmd set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}' >> $logfile
|
671
|
-
#Firewall Config
|
672
|
-
& netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 remoteip=localsubnet new remoteip=any >> $logfile
|
673
|
-
Set-ItemProperty -Name LocalAccountTokenFilterPolicy -Path HKLM:\\software\\Microsoft\\Windows\\CurrentVersion\\Policies\\system -Value 1
|
679
|
+
#{base_script}
|
674
680
|
#{custom_admin_script}
|
675
681
|
</powershell>
|
676
682
|
EOH
|
@@ -764,6 +770,11 @@ module Kitchen
|
|
764
770
|
Time.now.utc.iso8601,
|
765
771
|
Array.new(8) { rand(36).to_s(36) }.join(""),
|
766
772
|
]
|
773
|
+
# In a perfect world this would generate the key locally and use ImportKey
|
774
|
+
# instead for better security, but given the use case that is very likely
|
775
|
+
# to rapidly exhaust local entropy by creating a lot of keys. So this is
|
776
|
+
# probably fine. If you want very high security, probably don't use this
|
777
|
+
# feature anyway.
|
767
778
|
resp = ec2.client.create_key_pair(key_name: "kitchen-#{name_parts.join('-')}")
|
768
779
|
state[:auto_key_id] = resp.key_name
|
769
780
|
info("Created automatic key pair #{state[:auto_key_id]}")
|
@@ -212,6 +212,42 @@ describe Kitchen::Driver::Aws::InstanceGenerator do
|
|
212
212
|
end
|
213
213
|
end
|
214
214
|
|
215
|
+
context "when provided a non existing security_group tag filter" do
|
216
|
+
ec2_stub_whithout_security_group = Aws::EC2::Client.new(:stub_responses => true)
|
217
|
+
|
218
|
+
let(:config) do
|
219
|
+
{
|
220
|
+
:instance_type => "micro",
|
221
|
+
:ebs_optimized => true,
|
222
|
+
:image_id => "ami-123",
|
223
|
+
:aws_ssh_key_id => "key",
|
224
|
+
:subnet_id => "s-123",
|
225
|
+
:security_group_ids => nil,
|
226
|
+
:region => "us-west-2",
|
227
|
+
:security_group_filter =>
|
228
|
+
{
|
229
|
+
:tag => "foo",
|
230
|
+
:value => "bar",
|
231
|
+
},
|
232
|
+
}
|
233
|
+
end
|
234
|
+
|
235
|
+
it "generates id from the provided tag" do
|
236
|
+
allow(::Aws::EC2::Client).to receive(:new).and_return(ec2_stub_whithout_security_group)
|
237
|
+
expect(ec2_stub_whithout_security_group).to receive(:describe_security_groups).with(
|
238
|
+
:filters => [
|
239
|
+
{
|
240
|
+
:name => "tag:foo",
|
241
|
+
:values => ["bar"],
|
242
|
+
},
|
243
|
+
]
|
244
|
+
).and_return(ec2_stub_whithout_security_group.describe_security_groups)
|
245
|
+
|
246
|
+
expect { generator.ec2_instance_data }.to raise_error("The group tagged '#{config[:security_group_filter][:tag]} " +
|
247
|
+
"#{config[:security_group_filter][:value]}' does not exist!")
|
248
|
+
end
|
249
|
+
end
|
250
|
+
|
215
251
|
context "when passed an empty block_device_mappings" do
|
216
252
|
let(:config) do
|
217
253
|
{
|
@@ -646,6 +646,18 @@ describe Kitchen::Driver::Ec2 do
|
|
646
646
|
end
|
647
647
|
end
|
648
648
|
|
649
|
+
context "with no security group but filter specified" do
|
650
|
+
before do
|
651
|
+
config.delete(:security_group_ids)
|
652
|
+
config[:security_group_filter] = { tag: "SomeTag", value: "SomeValue" }
|
653
|
+
expect(driver).not_to receive(:create_security_group)
|
654
|
+
expect(driver).to receive(:submit_server).and_return(server)
|
655
|
+
allow(instance).to receive(:name).and_return("instance_name")
|
656
|
+
end
|
657
|
+
|
658
|
+
include_examples "common create"
|
659
|
+
end
|
660
|
+
|
649
661
|
context "with no key pair configured" do
|
650
662
|
before do
|
651
663
|
config[:kitchen_root] = "/kitchen"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kitchen-ec2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Fletcher Nichol
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-02-
|
11
|
+
date: 2018-02-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: test-kitchen
|