kitchen-ec2 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8f4428e6497e1981ef132bd6c518ca4f347ed0aa
-  data.tar.gz: 8f2014042f18b8f1ab66e8b694141535ff365696
+  metadata.gz: b0d06c5717fea6db5e691129f2e7b2c29126ad83
+  data.tar.gz: 9fe52faf85c23d960c618c26fdd28145a2a1f761
 SHA512:
-  metadata.gz: c6f81b68882cb0d853f9b111543373e7c545fa5f57f3c8bf60de9a38aaea237ea2955e6768a632823722e0d482f56444e317c7f670940f2d6db19ebb32946334
-  data.tar.gz: a6e0a708723aef725301b6690b83eb5b7807cbb2fd1aff89e2ab86f5f460ce09d59c0a380ff0ecce585178e41cf6caf0dfb6c39d20a1b58013105268ba571dde
+  metadata.gz: acdc60d833d8c93b17eb73914e207101c8d5cd22945857155e70ad91f99586418f434929039c61fdba6252a73f60f179733b2a67d66f31eff934a9904b143e4f
+  data.tar.gz: be0377db0b71c4e76ebecde7310c572d4081530eee5256d4d6c0c17a8eab2e2d76413797a3f293b5580230c4779928f19f2c808bd15c3062390e7fbc53d56657

data/.travis.yml

@@ -2,6 +2,6 @@ language: ruby
 cache: bundler
 sudo: false
 rvm:
-  - 2.0.0
-  - 2.1
-  - 2.2
+  - 2.2.6
+  - 2.3.1
+  - ruby-head

data/CHANGELOG.md

@@ -1,7 +1,22 @@
 # Change Log
 
-## [1.2.0](https://github.com/test-kitchen/kitchen-ec2/tree/1.2.0) (2016-09-12)
-[Full Changelog](https://github.com/test-kitchen/kitchen-ec2/compare/v1.1.0...1.2.0)
+## [v1.3.0](https://github.com/test-kitchen/kitchen-ec2/tree/v1.3.0) (2017-02-10)
+[Full Changelog](https://github.com/test-kitchen/kitchen-ec2/compare/v1.2.0...v1.3.0)
+
+**Implemented Enhancements:**
+
+- Support Windows 2016 [\#291](https://github.com/test-kitchen/kitchen-ec2/pull/291) ([gdavison](https://github.com/gdavison))
+- Add expiration to spot requests [\#285](https://github.com/test-kitchen/kitchen-ec2/pull/285) ([alanbrent](https://github.com/alanbrent))
+- Don't break if we're using a custom "platform" AMI [\#273](https://github.com/test-kitchen/kitchen-ec2/pull/273) ([hynd](https://github.com/hynd))
+- Propagate tags to volumes [\#260](https://github.com/test-kitchen/kitchen-ec2/pull/260) ([mrbobbytables](https://github.com/mrbobbytables))
+- In the client, only source creds from the shared file when necessary [\#259](https://github.com/test-kitchen/kitchen-ec2/pull/259) ([davidcpell](https://github.com/davidcpell))
+- Add notes for AMI image name requirements [\#252](https://github.com/test-kitchen/kitchen-ec2/pull/252) ([freimer](https://github.com/freimer))
+- Provide the option to set ssl\_peer\_verify to false [\#251](https://github.com/test-kitchen/kitchen-ec2/pull/251) ([mwrock](https://github.com/mwrock))
+- Adding support for tenancy parameter in placement config. [\#235](https://github.com/test-kitchen/kitchen-ec2/pull/235) ([jcastillocano](https://github.com/jcastillocano))
+- Lookup ID from tag [\#232](https://github.com/test-kitchen/kitchen-ec2/pull/232) ([dlukman](https://github.com/dlukman))
+
+## [v1.2.0](https://github.com/test-kitchen/kitchen-ec2/tree/v1.2.0) (2016-09-12)
+[Full Changelog](https://github.com/test-kitchen/kitchen-ec2/compare/v1.1.0...v1.2.0)
 
 **Fixed bugs:**
 

data/Gemfile

@@ -6,9 +6,10 @@ gem "test-kitchen"
 gem "winrm-transport"
 gem "winrm-fs"
 gem "activesupport", "~> 4.0"
+gem "faraday-http-cache", "~> 1.3"
 
 group :test do
-  gem "rake"
+  gem "rake", "< 12"
   gem "pry"
 end
 

data/README.md

@@ -79,9 +79,10 @@ You can learn more about the available filters in the AWS CLI doc under `--filte
 ```yaml
 platforms:
   - name: ubuntu-14.04
-    image_search:
-      owner-id: "099720109477"
-      name: ubuntu/images/*/ubuntu-*-14.04*
+    driver:
+      image_search:
+        owner-id: "099720109477"
+        name: ubuntu/images/*/ubuntu-*-14.04*
 ```
 
 In the event that there are multiple matches (as sometimes happens), we sort to
@@ -92,6 +93,16 @@ get the best results. In order of priority from greatest to least, we prefer:
 - 64-bit over 32-bit
 - The most recently created image (to pick up patch releases)
 
+Note that the image_search method *requires* that the AMI image names be in a specific format.
+Some examples are:
+
+- Windows-2012
+- Windows-2012r2
+- Windows-2012r2sp1
+- RHEL-7.2
+
+It is safest to use the same naming convention as used by the public images published by the OS vendors on the AWS marketplace.
+
 #### `platform.name`
 
 The third way to specify the image is by leaving `image_id` and `image_search`
@@ -247,6 +258,20 @@ instance.
 
 The default is `["default"]`.
 
+### `security_group_filter`
+
+The EC2 [security group][group_docs] which will be applied to the instance,
+specified by tag. Only one group can be specified this way.
+
+The default is unset, or `nil`.
+
+An example of usage:
+```yaml
+security_group_filter:
+  tag:   'Name'
+  value: 'example-group-name'
+```
+
 ### `region`
 
 **Required** The AWS [region][region_docs] to use.
@@ -260,6 +285,19 @@ The EC2 [subnet][subnet_docs] to use.
 
 The default is unset, or `nil`.
 
+### `subnet_filter`
+
+The EC2 [subnet][subnet_docs] to use, specified by tag.
+
+The default is unset, or `nil`.
+
+An example of usage:
+```yaml
+subnet_filter:
+  tag:   'Name'
+  value: 'example-subnet-name'
+```
+
 ### `tags`
 
 The Hash of EC tag name/value pairs which will be applied to the instance.
@@ -312,6 +350,10 @@ The default is `ENV["HTTPS_PROXY"] || ENV["HTTP_PROXY"]`.  If you have these env
 
 **Note** - The AWS command line utility allow you to specify [two proxies](http://docs.aws.amazon.com/cli/latest/userguide/cli-http-proxy.html), one for HTTP and one for HTTPS.  The AWS Ruby SDK only allows you to specify 1 proxy and because all requests are `https://` this proxy needs to support HTTPS.
 
+### `ssl_verify_peer`
+
+If you need to turn off ssl certificate verification for HTTP calls made to AWS, set `ssl_verify_peer: false`.
+
 ### Disk Configuration
 
 #### <a name="config-block_device_mappings"></a> `block_device_mappings`

data/lib/kitchen/driver/aws/client.rb

@@ -39,15 +39,17 @@ module Kitchen
           secret_access_key = nil,
           session_token = nil,
           http_proxy = nil,
-          retry_limit = nil
+          retry_limit = nil,
+          ssl_verify_peer = true
         )
           creds = self.class.get_credentials(
-            profile_name, access_key_id, secret_access_key, session_token
+            profile_name, access_key_id, secret_access_key, session_token, region
           )
           ::Aws.config.update(
             :region => region,
             :credentials => creds,
-            :http_proxy => http_proxy
+            :http_proxy => http_proxy,
+            :ssl_verify_peer => ssl_verify_peer
           )
           ::Aws.config.update(:retry_limit => retry_limit) unless retry_limit.nil?
         end
@@ -55,8 +57,10 @@ module Kitchen
         # Try and get the credentials from an ordered list of locations
         # http://docs.aws.amazon.com/sdkforruby/api/index.html#Configuration
         # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
-        def self.get_credentials(profile_name, access_key_id, secret_access_key, session_token)
-          shared_creds = ::Aws::SharedCredentials.new(:profile_name => profile_name)
+        # rubocop:disable Metrics/ParameterLists, Metrics/MethodLength
+        def self.get_credentials(profile_name, access_key_id, secret_access_key, session_token,
+                                 region, options = {})
+          source_creds =
           if access_key_id && secret_access_key
             ::Aws::Credentials.new(access_key_id, secret_access_key, session_token)
           elsif ENV["AWS_ACCESS_KEY_ID"] && ENV["AWS_SECRET_ACCESS_KEY"]
@@ -65,14 +69,34 @@ module Kitchen
               ENV["AWS_SECRET_ACCESS_KEY"],
               ENV["AWS_SESSION_TOKEN"]
             )
-          elsif shared_creds.loadable?
-            shared_creds
+          elsif profile_name
+            ::Aws::SharedCredentials.new(:profile_name => profile_name)
           else
             ::Aws::InstanceProfileCredentials.new(:retries => 1)
           end
+
+          if options[:assume_role_arn] && options[:assume_role_session_name]
+            sts = ::Aws::STS::Client.new(:credentials => source_creds, :region => region)
+
+            assume_role_options = (options[:assume_role_options] || {}).merge(
+              :client => sts,
+              :role_arn => options[:assume_role_arn],
+              :role_session_name => options[:assume_role_session_name]
+            )
+
+            ::Aws::AssumeRoleCredentials.new(assume_role_options)
+          else
+            source_creds
+          end
         end
         # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
 
+        def self.get_shared_creds(profile_name)
+          ::Aws::SharedCredentials.new(:profile_name => profile_name)
+        rescue ::Aws::Errors::NoSuchProfileError
+          false
+        end
+
         def create_instance(options)
           resource.create_instances(options)[0]
         end

data/lib/kitchen/driver/aws/instance_generator.rb

@@ -17,6 +17,7 @@
 # limitations under the License.
 
 require "base64"
+require "aws-sdk"
 
 module Kitchen
 
@@ -40,6 +41,42 @@ module Kitchen
         # Transform the provided config into the hash to send to AWS.  Some fields
         # can be passed in null, others need to be ommitted if they are null
         def ec2_instance_data # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
+          # Support for looking up security group id and subnet id using tags.
+
+          if config[:subnet_id].nil? && config[:subnet_filter]
+            config[:subnet_id] = ::Aws::EC2::Client.
+              new(:region => config[:region]).describe_subnets(
+                :filters => [
+                  {
+                    :name   => "tag:#{config[:subnet_filter][:tag]}",
+                    :values => [config[:subnet_filter][:value]]
+                  }
+                ]
+              )[0][0].subnet_id
+
+            if config[:subnet_id].nil?
+              fail "The subnet tagged '#{config[:subnet_filter][:tag]}\
+              #{config[:subnet_filter][:value]}' does not exist!"
+            end
+          end
+
+          if config[:security_group_ids].nil? && config[:security_group_filter]
+            config[:security_group_ids] = [::Aws::EC2::Client.
+              new(:region => config[:region]).describe_security_groups(
+                :filters => [
+                  {
+                    :name   => "tag:#{config[:security_group_filter][:tag]}",
+                    :values => [config[:security_group_filter][:value]]
+                  }
+                ]
+              )[0][0].group_id]
+
+            if config[:security_group_ids].nil?
+              fail "The group tagged '#{config[:security_group_filter][:tag]}\
+              #{config[:security_group_filter][:value]}' does not exist!"
+            end
+          end
+
           i = {
             :instance_type                => config[:instance_type],
             :ebs_optimized                => config[:ebs_optimized],
@@ -56,6 +93,14 @@ module Kitchen
             end
             i[:placement] = { :availability_zone => availability_zone.downcase }
           end
+          tenancy = config[:tenancy]
+          if tenancy && %w[default dedicated].include?(tenancy)
+            if i.key?(:placement)
+              i[:placement][:tenancy] = tenancy
+            else
+              i[:placement] = { :tenancy => tenancy }
+            end
+          end
           unless config[:block_device_mappings].nil? || config[:block_device_mappings].empty?
             i[:block_device_mappings] = config[:block_device_mappings]
           end
@@ -84,6 +129,21 @@ module Kitchen
               i[:network_interfaces][0][:groups] = i.delete(:security_group_ids)
             end
           end
+          availability_zone = config[:availability_zone]
+          if availability_zone
+            if availability_zone =~ /^[a-z]$/i
+              availability_zone = "#{config[:region]}#{availability_zone}"
+            end
+            i[:placement] = { :availability_zone => availability_zone.downcase }
+          end
+          tenancy = config[:tenancy]
+          if tenancy && %w[default dedicated].include?(tenancy)
+            if i.key?(:placement)
+              i[:placement][:tenancy] = tenancy
+            else
+              i[:placement] = { :tenancy => tenancy }
+            end
+          end
           unless config[:instance_initiated_shutdown_behavior].nil? ||
               config[:instance_initiated_shutdown_behavior].empty?
             i[:instance_initiated_shutdown_behavior] = config[:instance_initiated_shutdown_behavior]

data/lib/kitchen/driver/aws/standard_platform/windows.rb

@@ -16,7 +16,8 @@ module Kitchen
           #
           # "windows" -> [nil, nil, nil]
           #   Windows_Server-*-R*_RTM-, Windows_Server-*-R*_SP*-,
-          #   Windows_Server-*-RTM-, Windows_Server-*-SP*-
+          #   Windows_Server-*-RTM-, Windows_Server-*-SP*-,
+          #   Windows_Server-*-
           # "windows-2012" -> [2012, 0, nil]
           #   Windows_Server-2012-RTM-, Windows_Server-2012-SP*-
           # "windows-2012r2" -> [2012, 2, nil]
@@ -29,6 +30,8 @@ module Kitchen
           #   Windows_Server-2012-R2_SP1-
           # "windows-2012r2rtm" -> [2012, 2, 0]
           #   Windows_Server-2012-R2_RTM-
+          # "windows-2016" -> [2016, 0, nil]
+          #   Windows_Server-2016-
           def image_search
             search = {
               "owner-alias" => "amazon",
@@ -75,6 +78,7 @@ module Kitchen
           # 2012r2sp4 -> [ 2012, 2, 4 ]
           # 2012sp4 -> [ 2012, 0, 4 ]
           # 2012rtm -> [ 2012, 0, 0 ]
+          # 2016 -> [ 2016, 0, nil ]
           def windows_version_parts
             version = self.version
             if version
@@ -106,29 +110,35 @@ module Kitchen
 
           private
 
-          def windows_name_filter
+          def windows_name_filter # rubocop:disable Metrics/MethodLength
             major, revision, service_pack = windows_version_parts
 
-            case revision
-            when nil
-              revision_strings = ["", "R*_"]
-            when 0
-              revision_strings = [""]
+            if major == 2016
+              "Windows_Server-2016-English-Full-Base-*"
             else
-              revision_strings = ["R#{revision}_"]
-            end
+              case revision
+              when nil
+                revision_strings = ["", "R*_"]
+              when 0
+                revision_strings = [""]
+              else
+                revision_strings = ["R#{revision}_"]
+              end
 
-            case service_pack
-            when nil
-              revision_strings = revision_strings.flat_map { |r| ["#{r}RTM", "#{r}SP*"] }
-            when 0
-              revision_strings = revision_strings.map { |r| "#{r}RTM" }
-            else
-              revision_strings = revision_strings.map { |r| "#{r}SP#{service_pack}" }
-            end
+              case service_pack
+              when nil
+                revision_strings = revision_strings.flat_map { |r| ["#{r}RTM", "#{r}SP*"] }
+              when 0
+                revision_strings = revision_strings.map { |r| "#{r}RTM" }
+              else
+                revision_strings = revision_strings.map { |r| "#{r}SP#{service_pack}" }
+              end
 
-            revision_strings.map do |r|
-              "Windows_Server-#{major || "*"}-#{r}-English-*-Base-*"
+              name_filter = revision_strings.map do |r|
+                "Windows_Server-#{major || "*"}-#{r}-English-*-Base-*"
+              end
+              name_filter << "Windows_Server-*-English-Full-Base-*" if major.nil?
+              name_filter
             end
           end
         end

data/lib/kitchen/driver/ec2.rb

@@ -81,7 +81,9 @@ module Kitchen
       default_config :interface,           nil
       default_config :http_proxy,          ENV["HTTPS_PROXY"] || ENV["HTTP_PROXY"]
       default_config :retry_limit,         3
+      default_config :tenancy,             "default"
       default_config :instance_initiated_shutdown_behavior, nil
+      default_config :ssl_verify_peer,     true
 
       def initialize(*args, &block)
         super
@@ -194,6 +196,8 @@ module Kitchen
         # Tagging can fail with a NotFound error even though we waited until the server exists
         # Waiting can also fail, so we have to also retry on that.  If it means we re-tag the
         # instance, so be it.
+        # Tagging an instance is possible before volumes are attached. Tagging the volumes after
+        # instance creation is consistent.
         Retryable.retryable(
           :tries => 10,
           :sleep => lambda { |n| [2**n, 30].min },
@@ -204,6 +208,8 @@ module Kitchen
 
           state[:server_id] = server.id
           info("EC2 instance <#{state[:server_id]}> created.")
+          wait_until_volumes_ready(server, state)
+          tag_volumes(server)
           wait_until_ready(server, state)
         end
 
@@ -296,9 +302,14 @@ module Kitchen
       end
 
       def update_username(state)
-        # TODO: if the user explicitly specified the transport's default username,
-        # do NOT overwrite it!
-        if instance.transport[:username] == instance.transport.class.defaults[:username]
+        # BUG: With the following equality condition on username, if the user specifies 'root'
+        # as the transport's username then we will overwrite that value with one from the standard
+        # platform definitions.  This seems difficult to handle here as the default username is
+        # provided by the underlying transport classes, and is often non-nil (eg; 'root'), leaving
+        # us no way to distinguish a user-set value from the transport's default.
+        # See https://github.com/test-kitchen/kitchen-ec2/pull/273
+        if actual_platform &&
+            instance.transport[:username] == instance.transport.class.defaults[:username]
           debug("No SSH username specified: using default username #{actual_platform.username} " \
                 " for image #{config[:image_id]}, which we detected as #{actual_platform}.")
           state[:username] = actual_platform.username
@@ -313,7 +324,8 @@ module Kitchen
           config[:aws_secret_access_key],
           config[:aws_session_token],
           config[:http_proxy],
-          config[:retry_limit]
+          config[:retry_limit],
+          config[:ssl_verify_peer]
         )
       end
 
@@ -356,9 +368,11 @@ module Kitchen
       end
 
       def create_spot_request
+        request_duration = config[:retryable_tries] * config[:retryable_sleep]
         request_data = {
           :spot_price => config[:spot_price].to_s,
-          :launch_specification => instance_generator.ec2_instance_data
+          :launch_specification => instance_generator.ec2_instance_data,
+          :valid_until => Time.now + request_duration
         }
         if config[:block_duration_minutes]
           request_data[:block_duration_minutes] = config[:block_duration_minutes]
@@ -378,6 +392,34 @@ module Kitchen
         end
       end
 
+      def tag_volumes(server)
+        tags = []
+        config[:tags].each do |k, v|
+          tags << { :key => k, :value => v }
+        end
+        server.volumes.each do |volume|
+          volume.create_tags(:tags => tags)
+        end
+      end
+
+      # Compares the requested volume count vs what has actually been set to be
+      # attached to the instance. The information requested through
+      # ec2.client.described_volumes is updated before the instance volume
+      # information.
+      def wait_until_volumes_ready(server, state)
+        wait_with_destroy(server, state, "volumes to be ready") do |aws_instance|
+          described_volume_count = 0
+          ready_volume_count = 0
+          if aws_instance.exists?
+            described_volume_count = ec2.client.describe_volumes(:filters => [
+              { :name => "attachment.instance-id", :values => ["#{state[:server_id]}"] }]
+              ).volumes.length
+            aws_instance.volumes.each { ready_volume_count += 1 }
+          end
+          (described_volume_count > 0) && (described_volume_count == ready_volume_count)
+        end
+      end
+
       # Normally we could use `server.wait_until_running` but we actually need
       # to check more than just the instance state
       def wait_until_ready(server, state)
@@ -513,10 +555,15 @@ module Kitchen
           EOH
         end
 
+        if actual_platform.version =~ /2016/
+          logfile_name = 'C:\\ProgramData\\Amazon\\EC2-Windows\\Launch\\Log\\kitchen-ec2.log'
+        else
+          logfile_name = 'C:\\Program Files\\Amazon\\Ec2ConfigService\\Logs\\kitchen-ec2.log'
+        end
         # Returning the fully constructed PowerShell script to user_data
         Kitchen::Util.outdent!(<<-EOH)
         <powershell>
-        $logfile="C:\\Program Files\\Amazon\\Ec2ConfigService\\Logs\\kitchen-ec2.log"
+        $logfile=#{logfile_name}
         # Allow script execution
         Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
         #PS Remoting and & winrm.cmd basic config

data/lib/kitchen/driver/ec2_version.rb

@@ -21,6 +21,6 @@ module Kitchen
   module Driver
 
     # Version string for EC2 Test Kitchen driver
-    EC2_VERSION = "1.2.0"
+    EC2_VERSION = "1.3.0"
   end
 end

data/spec/kitchen/driver/ec2/client_spec.rb

@@ -21,45 +21,48 @@ require "climate_control"
 
 describe Kitchen::Driver::Aws::Client do
   describe "::get_credentials" do
-    let(:shared) { instance_double(Aws::SharedCredentials) }
-    let(:iam) { instance_double(Aws::InstanceProfileCredentials) }
-
-    before do
-      expect(Aws::SharedCredentials).to \
-        receive(:new).with(:profile_name => "profile").and_return(shared)
-    end
-
     # nothing else is set, so we default to this
     it "loads IAM credentials last" do
-      expect(shared).to receive(:loadable?).and_return(false)
-      expect(Aws::InstanceProfileCredentials).to receive(:new).and_return(iam)
-      expect(Kitchen::Driver::Aws::Client.get_credentials("profile", nil, nil, nil)).to eq(iam)
+      iam = instance_double(Aws::InstanceProfileCredentials)
+
+      allow(Kitchen::Driver::Aws::Client).to receive(:get_shared_creds).and_return(false)
+      allow(Aws::InstanceProfileCredentials).to receive(:new).and_return(iam)
+
+      env_creds(nil, nil) do
+        expect(Kitchen::Driver::Aws::Client.get_credentials(nil, nil, nil, nil, nil)).to eq(iam)
+      end
     end
 
-    it "loads shared credentials second to last" do
-      expect(shared).to receive(:loadable?).and_return(true)
-      expect(Kitchen::Driver::Aws::Client.get_credentials("profile", nil, nil, nil)).to eq(shared)
+    it "loads the shared credentials file second to last" do
+      shared = instance_double(Aws::SharedCredentials)
+
+      allow(Aws::SharedCredentials).to \
+        receive(:new).with(:profile_name => "profile").and_return(shared)
+
+      env_creds(nil, nil) do
+        expect(Kitchen::Driver::Aws::Client.get_credentials("profile", nil, nil, nil, nil)).to \
+          eq(shared)
+      end
     end
 
-    it "loads shared credentials third to last" do
-      expect(shared).to_not receive(:loadable?)
-      ClimateControl.modify(
-        "AWS_ACCESS_KEY_ID" => "key1",
-        "AWS_SECRET_ACCESS_KEY" => "value1",
-        "AWS_SESSION_TOKEN" => "token1"
-      ) do
-        expect(Kitchen::Driver::Aws::Client.get_credentials("profile", nil, nil, nil)).to \
+    it "loads credentials from the environment third to last" do
+      env_creds("key_id", "secret") do
+        expect(Kitchen::Driver::Aws::Client.get_credentials(nil, nil, nil, nil, nil)).to \
           be_a(Aws::Credentials).and have_attributes(
-            :access_key_id => "key1",
-            :secret_access_key => "value1",
-            :session_token => "token1"
+            :access_key_id => "key_id",
+            :secret_access_key => "secret"
           )
       end
     end
 
     it "loads provided credentials first" do
-      expect(shared).to_not receive(:loadable?)
-      expect(Kitchen::Driver::Aws::Client.get_credentials("profile", "key3", "value3", nil)).to \
+      expect(Kitchen::Driver::Aws::Client.get_credentials(
+        "profile",
+        "key3",
+        "value3",
+        nil,
+        "us-west-1"
+      )).to \
         be_a(Aws::Credentials).and have_attributes(
          :access_key_id => "key3",
          :secret_access_key => "value3",
@@ -68,8 +71,13 @@ describe Kitchen::Driver::Aws::Client do
     end
 
     it "uses a session token if provided" do
-      expect(shared).to_not receive(:loadable?)
-      expect(Kitchen::Driver::Aws::Client.get_credentials("profile", "key3", "value3", "t")).to \
+      expect(Kitchen::Driver::Aws::Client.get_credentials(
+        "profile",
+        "key3",
+        "value3",
+        "t",
+        "us-west-1"
+      )).to \
         be_a(Aws::Credentials).and have_attributes(
          :access_key_id => "key3",
          :secret_access_key => "value3",
@@ -78,6 +86,55 @@ describe Kitchen::Driver::Aws::Client do
     end
   end
 
+  describe "::get_credentials + STS AssumeRole" do
+    let(:shared) { instance_double(Aws::SharedCredentials) }
+    let(:iam) { instance_double(Aws::InstanceProfileCredentials) }
+    let(:assume_role) { instance_double(Aws::AssumeRoleCredentials) }
+    let(:sts_client) { instance_double(Aws::STS::Client) }
+
+    before do
+      expect(Aws::AssumeRoleCredentials).to \
+        receive(:new).with(
+          :client => sts_client,
+          :role_arn => "role_arn",
+          :role_session_name => "role_session_name"
+        ).and_return(assume_role)
+    end
+
+    # nothing else is set, so we default to this
+    it "loads an Instance Profile last" do
+      expect(Aws::InstanceProfileCredentials).to \
+        receive(:new).and_return(iam)
+      expect(Aws::STS::Client).to \
+        receive(:new).with(:credentials => iam, :region => "us-west-1").and_return(sts_client)
+
+      expect(Kitchen::Driver::Aws::Client.get_credentials(
+        nil,
+        nil,
+        nil,
+        nil,
+        "us-west-1",
+        :assume_role_arn => "role_arn", :assume_role_session_name => "role_session_name"
+      )).to eq(assume_role)
+    end
+
+    it "loads shared credentials second to last" do
+      expect(::Aws::SharedCredentials).to \
+        receive(:new).with(:profile_name => "profile").and_return(shared)
+      expect(Aws::STS::Client).to \
+        receive(:new).with(:credentials => shared, :region => "us-west-1").and_return(sts_client)
+
+      expect(Kitchen::Driver::Aws::Client.get_credentials(
+        "profile",
+        nil,
+        nil,
+        nil,
+        "us-west-1",
+        :assume_role_arn => "role_arn", :assume_role_session_name => "role_session_name"
+      )).to eq(assume_role)
+    end
+  end
+
   let(:client) { Kitchen::Driver::Aws::Client.new("us-west-1") }
 
   describe "#initialize" do
@@ -100,7 +157,8 @@ describe Kitchen::Driver::Aws::Client do
           "secret_access_key",
           "session_token",
           "http_proxy",
-          999
+          999,
+          false
         )
       }
       let(:creds) { double("creds") }
@@ -111,6 +169,7 @@ describe Kitchen::Driver::Aws::Client do
         expect(Aws.config[:credentials]).to eq(creds)
         expect(Aws.config[:http_proxy]).to eq("http_proxy")
         expect(Aws.config[:retry_limit]).to eq(999)
+        expect(Aws.config[:ssl_verify_peer]).to eq(false)
       end
     end
   end
@@ -123,4 +182,12 @@ describe Kitchen::Driver::Aws::Client do
     expect(client.resource).to be_a(Aws::EC2::Resource)
   end
 
+  def env_creds(key_id, secret, &block)
+    ClimateControl.modify(
+      "AWS_ACCESS_KEY_ID" => key_id,
+      "AWS_SECRET_ACCESS_KEY" => secret
+    ) do
+      block.call
+    end
+  end
 end

data/spec/kitchen/driver/ec2/image_selection_spec.rb

@@ -221,7 +221,8 @@ describe "Default images for various platforms" do
         Windows_Server-*-RTM-English-*-Base-*
         Windows_Server-*-SP*-English-*-Base-*
         Windows_Server-*-R*_RTM-English-*-Base-*
-        Windows_Server-*-R*_SP*-English-*-Base-*] }
+        Windows_Server-*-R*_SP*-English-*-Base-*
+        Windows_Server-*-English-Full-Base-*] }
     ],
     "windows-2008" => [
       { :name => "owner-alias", :values => %w[amazon] },
@@ -267,7 +268,8 @@ describe "Default images for various platforms" do
         Windows_Server-*-RTM-English-*-Base-*
         Windows_Server-*-SP*-English-*-Base-*
         Windows_Server-*-R*_RTM-English-*-Base-*
-        Windows_Server-*-R*_SP*-English-*-Base-*] },
+        Windows_Server-*-R*_SP*-English-*-Base-*
+        Windows_Server-*-English-Full-Base-*] },
       { :name => "architecture", :values => %w[x86_64] }
     ],
     "windows-2012r2-x86_64" => [
@@ -283,7 +285,8 @@ describe "Default images for various platforms" do
         Windows_Server-*-RTM-English-*-Base-*
         Windows_Server-*-SP*-English-*-Base-*
         Windows_Server-*-R*_RTM-English-*-Base-*
-        Windows_Server-*-R*_SP*-English-*-Base-*] }
+        Windows_Server-*-R*_SP*-English-*-Base-*
+        Windows_Server-*-English-Full-Base-*] }
     ],
     "windows-server-2012r2-x86_64" => [
       { :name => "owner-alias", :values => %w[amazon] },
@@ -291,6 +294,11 @@ describe "Default images for various platforms" do
         Windows_Server-2012-R2_RTM-English-*-Base-*
         Windows_Server-2012-R2_SP*-English-*-Base-*] },
       { :name => "architecture", :values => %w[x86_64] }
+    ],
+    "windows-2016" => [
+      { :name => "owner-alias", :values => %w[amazon] },
+      { :name => "name", :values => %w[
+        Windows_Server-2016-English-Full-Base-*] }
     ]
   }
 

data/spec/kitchen/driver/ec2/instance_generator_spec.rb

@@ -20,6 +20,7 @@ require "kitchen/driver/aws/instance_generator"
 require "kitchen/driver/aws/client"
 require "tempfile"
 require "base64"
+require "aws-sdk"
 
 describe Kitchen::Driver::Aws::InstanceGenerator do
 
@@ -59,6 +60,28 @@ describe Kitchen::Driver::Aws::InstanceGenerator do
   end
 
   describe "#ec2_instance_data" do
+    ec2_stub = Aws::EC2::Client.new(:stub_responses => true)
+
+    ec2_stub.stub_responses(
+      :describe_subnets,
+      :subnets => [
+        {
+          :subnet_id  => "s-123",
+          :tags       => [{ :key => "foo", :value => "bar" }]
+        }
+      ]
+    )
+
+    ec2_stub.stub_responses(
+      :describe_security_groups,
+      :security_groups => [
+        {
+          :group_id => "sg-123",
+          :tags => [{ :key => "foo", :value => "bar" }]
+        }
+      ]
+    )
+
     it "returns empty on nil" do
       expect(generator.ec2_instance_data).to eq(
         :instance_type => nil,
@@ -117,6 +140,69 @@ describe Kitchen::Driver::Aws::InstanceGenerator do
       end
     end
 
+    context "when provided subnet tag instead of id" do
+      let(:config) do
+        {
+          :instance_type                => "micro",
+          :ebs_optimized                => true,
+          :image_id                     => "ami-123",
+          :aws_ssh_key_id               => "key",
+          :subnet_id                    => nil,
+          :region                       => "us-west-2",
+          :subnet_filter =>
+            {
+              :tag   => "foo",
+              :value => "bar"
+            }
+        }
+      end
+
+      it "generates id from the provided tag" do
+        allow(::Aws::EC2::Client).to receive(:new).and_return(ec2_stub)
+        expect(ec2_stub).to receive(:describe_subnets).with(
+          :filters => [
+            {
+              :name => "tag:foo",
+              :values => ["bar"]
+            }
+          ]
+        ).and_return(ec2_stub.describe_subnets)
+        expect(generator.ec2_instance_data[:subnet_id]).to eq("s-123")
+      end
+    end
+
+    context "when provided security_group tag instead of id" do
+      let(:config) do
+        {
+          :instance_type                => "micro",
+          :ebs_optimized                => true,
+          :image_id                     => "ami-123",
+          :aws_ssh_key_id               => "key",
+          :subnet_id                    => "s-123",
+          :security_group_ids           => nil,
+          :region                       => "us-west-2",
+          :security_group_filter =>
+            {
+              :tag   => "foo",
+              :value => "bar"
+            }
+        }
+      end
+
+      it "generates id from the provided tag" do
+        allow(::Aws::EC2::Client).to receive(:new).and_return(ec2_stub)
+        expect(ec2_stub).to receive(:describe_security_groups).with(
+          :filters => [
+            {
+              :name => "tag:foo",
+              :values => ["bar"]
+            }
+          ]
+        ).and_return(ec2_stub.describe_security_groups)
+        expect(generator.ec2_instance_data[:security_group_ids]).to eq(["sg-123"])
+      end
+    end
+
     context "when passed an empty block_device_mappings" do
       let(:config) do
         {
@@ -200,6 +286,128 @@ describe Kitchen::Driver::Aws::InstanceGenerator do
       end
     end
 
+    context "when availability_zone and tenancy are provided" do
+      let(:config) do
+        {
+          :region => "eu-east-1",
+          :availability_zone => "c",
+          :tenancy => "dedicated"
+        }
+      end
+      it "adds the region to it in the instance data" do
+        expect(generator.ec2_instance_data).to eq(
+          :instance_type => nil,
+          :ebs_optimized => nil,
+          :image_id => nil,
+          :key_name => nil,
+          :subnet_id => nil,
+          :private_ip_address => nil,
+          :placement => { :availability_zone => "eu-east-1c",
+                          :tenancy => "dedicated" }
+        )
+      end
+    end
+
+    context "when tenancy is provided but availability_zone isn't" do
+      let(:config) do
+        {
+          :region => "eu-east-1",
+          :tenancy => "default"
+        }
+      end
+      it "is not added to the instance data" do
+        expect(generator.ec2_instance_data).to eq(
+          :instance_type => nil,
+          :ebs_optimized => nil,
+          :image_id => nil,
+          :key_name => nil,
+          :subnet_id => nil,
+          :private_ip_address => nil,
+          :placement => { :tenancy => "default" }
+        )
+      end
+    end
+
+    context "when tenancy is not supported" do
+      let(:config) do
+        {
+          :region => "eu-east-1",
+          :tenancy => "ephemeral"
+        }
+      end
+      it "is not added to the instance data" do
+        expect(generator.ec2_instance_data).to eq(
+          :instance_type => nil,
+          :ebs_optimized => nil,
+          :image_id => nil,
+          :key_name => nil,
+          :subnet_id => nil,
+          :private_ip_address => nil
+        )
+      end
+    end
+
+    context "when availability_zone and tenancy are provided" do
+      let(:config) do
+        {
+          :region => "eu-east-1",
+          :availability_zone => "c",
+          :tenancy => "dedicated"
+        }
+      end
+      it "adds the region to it in the instance data" do
+        expect(generator.ec2_instance_data).to eq(
+          :instance_type => nil,
+          :ebs_optimized => nil,
+          :image_id => nil,
+          :key_name => nil,
+          :subnet_id => nil,
+          :private_ip_address => nil,
+          :placement => { :availability_zone => "eu-east-1c",
+                          :tenancy => "dedicated" }
+        )
+      end
+    end
+
+    context "when tenancy is provided but availability_zone isn't" do
+      let(:config) do
+        {
+          :region => "eu-east-1",
+          :tenancy => "default"
+        }
+      end
+      it "is not added to the instance data" do
+        expect(generator.ec2_instance_data).to eq(
+          :instance_type => nil,
+          :ebs_optimized => nil,
+          :image_id => nil,
+          :key_name => nil,
+          :subnet_id => nil,
+          :private_ip_address => nil,
+          :placement => { :tenancy => "default" }
+        )
+      end
+    end
+
+    context "when tenancy is not supported" do
+      let(:config) do
+        {
+          :region => "eu-east-1",
+          :tenancy => "ephemeral"
+        }
+      end
+      it "is not added to the instance data" do
+        expect(generator.ec2_instance_data).to eq(
+          :instance_type => nil,
+          :ebs_optimized => nil,
+          :image_id => nil,
+          :key_name => nil,
+          :subnet_id => nil,
+          :private_ip_address => nil
+        )
+      end
+    end
+
     context "when subnet_id is provided" do
       let(:config) do
         {

data/spec/kitchen/driver/ec2_spec.rb

@@ -70,6 +70,35 @@ describe Kitchen::Driver::Ec2 do
       Kitchen::Driver::EC2_VERSION)
   end
 
+  describe "default_config" do
+    context "Windows" do
+      let(:resource) { instance_double(::Aws::EC2::Resource, :image => image) }
+      before do
+        allow(driver).to receive(:windows_os?).and_return(true)
+        allow(client).to receive(:resource).and_return(resource)
+        allow(instance).to receive(:name).and_return("instance_name")
+      end
+      context "Windows 2016" do
+        let(:image) {
+          FakeImage.new(:name => "Windows_Server-2016-English-Full-Base-2017.01.11")
+        }
+        it "sets :user_data to something" do
+          expect(driver[:user_data]).to include
+          '$logfile=C:\\ProgramData\\Amazon\\EC2-Windows\\Launch\\Log\\kitchen-ec2.log'
+        end
+      end
+      context "Windows 2012R2" do
+        let(:image) {
+          FakeImage.new(:name => "Windows_Server-2012-R2_RTM-English-64Bit-Base-2017.01.11")
+        }
+        it "sets :user_data to something" do
+          expect(driver[:user_data]).to include
+          '$logfile=C:\\Program Files\\Amazon\\Ec2ConfigService\\Logs\\kitchen-ec2.log'
+        end
+      end
+    end
+  end
+
   describe "#hostname" do
     let(:public_dns_name) { nil }
     let(:private_dns_name) { nil }
@@ -212,12 +241,16 @@ describe Kitchen::Driver::Ec2 do
 
     before do
       expect(driver).to receive(:instance).at_least(:once).and_return(instance)
+      allow(Time).to receive(:now).and_return(Time.now)
     end
 
     it "submits the server request" do
       expect(generator).to receive(:ec2_instance_data).and_return({})
       expect(actual_client).to receive(:request_spot_instances).with(
-        :spot_price => "", :launch_specification => {}, :block_duration_minutes => 60
+        :spot_price => "",
+        :launch_specification => {},
+        :valid_until => Time.now + (config[:retryable_tries] * config[:retryable_sleep]),
+        :block_duration_minutes => 60
       ).and_return(response)
       expect(actual_client).to receive(:wait_until)
       expect(client).to receive(:get_instance_from_spot_request).with("id")
@@ -243,6 +276,23 @@ describe Kitchen::Driver::Ec2 do
     end
   end
 
+  describe "#tag_volumes" do
+    let(:volume) { double("aws volume resource") }
+    before do
+      allow(server).to receive(:volumes).and_return([volume])
+    end
+    it "tags the instance volumes" do
+      config[:tags] = { :key1 => :value1, :key2 => :value2 }
+      expect(volume).to receive(:create_tags).with(
+        :tags => [
+          { :key => :key1, :value => :value1 },
+          { :key => :key2, :value => :value2 }
+        ]
+      )
+      driver.tag_volumes(server)
+    end
+  end
+
   describe "#wait_until_ready" do
     let(:hostname) { "0.0.0.0" }
     let(:msg) { "to become ready" }
@@ -286,6 +336,43 @@ describe Kitchen::Driver::Ec2 do
     end
   end
 
+  describe "#wait_until_volumes_ready" do
+    let(:aws_instance) { double("aws instance") }
+    let(:msg) { "volumes to be ready" }
+    let(:volume) { double("aws volume resource") }
+
+    before do
+      expect(driver).to receive(:wait_with_destroy).with(server, state, msg).and_yield(aws_instance)
+    end
+    it "first checks instance existence" do
+      expect(aws_instance).to receive(:exists?).and_return(false)
+      expect(driver.wait_until_volumes_ready(server, state)).to eq(false)
+    end
+    it "second, it checks for prescence of described volumes" do
+      expect(aws_instance).to receive(:exists?).and_return(true)
+      expect(actual_client).to receive_message_chain(:describe_volumes, :volumes, :length
+      ).and_return(0)
+      expect(aws_instance).to receive(:volumes).and_return([])
+      expect(driver.wait_until_volumes_ready(server, state)).to eq(false)
+    end
+    it "third, it compares the described volumes and instance volumes" do
+      expect(aws_instance).to receive(:exists?).and_return(true)
+      expect(actual_client).to receive_message_chain(:describe_volumes, :volumes, :length
+      ).and_return(2)
+      expect(aws_instance).to receive(:volumes).and_return([volume])
+      expect(driver.wait_until_volumes_ready(server, state)).to eq(false)
+    end
+    context "when it exists, and both client and instance agree on volumes" do
+      it "returns true" do
+        expect(aws_instance).to receive(:exists?).and_return(true)
+        expect(actual_client).to receive_message_chain(:describe_volumes, :volumes, :length
+        ).and_return(1)
+        expect(aws_instance).to receive(:volumes).and_return([volume])
+        expect(driver.wait_until_volumes_ready(server, state)).to eq(true)
+      end
+    end
+  end
+
   describe "#fetch_windows_admin_password" do
     let(:msg) { "to fetch windows admin password" }
     let(:aws_instance) { double("aws instance") }
@@ -362,6 +449,8 @@ describe Kitchen::Driver::Ec2 do
         expect(server).to receive(:wait_until_exists)
         expect(driver).to receive(:update_username)
         expect(driver).to receive(:tag_server).with(server)
+        expect(driver).to receive(:tag_volumes).with(server)
+        expect(driver).to receive(:wait_until_volumes_ready).with(server, state)
         expect(driver).to receive(:wait_until_ready).with(server, state)
         expect(transport).to receive_message_chain("connection.wait_until_ready")
         expect(driver).to receive(:create_ec2_json).with(state)
@@ -399,6 +488,18 @@ describe Kitchen::Driver::Ec2 do
       include_examples "common create"
     end
 
+    context "instance is not a standard platform" do
+      let(:state) { {} }
+      before do
+        expect(driver).to receive(:actual_platform).and_return(nil)
+      end
+
+      it "doesn't set the state username" do
+        driver.update_username(state)
+        expect(state).to eq({})
+      end
+    end
+
   end
 
   describe "#destroy" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kitchen-ec2
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Fletcher Nichol
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-09-12 00:00:00.000000000 Z
+date: 2017-02-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: test-kitchen
@@ -253,7 +253,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.6.10
 signing_key: 
 specification_version: 4
 summary: A Test Kitchen Driver for Amazon EC2
@@ -263,4 +263,3 @@ test_files:
 - spec/kitchen/driver/ec2/instance_generator_spec.rb
 - spec/kitchen/driver/ec2_spec.rb
 - spec/spec_helper.rb
-has_rdoc: