kitchen-ec2 2.0.0 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d121c852a28622ac97b1d1ecd53d8925b8d69807
-  data.tar.gz: e3099c025db1fefaadc834cc3d0af54b18a1da7a
+  metadata.gz: 959a1ab9d5bc68f378d275e54b2582173dd1b639
+  data.tar.gz: e1860a9b7dd6edc37eb04af7ef451d0b0e05575b
 SHA512:
-  metadata.gz: 0a761d862424e0fa29e2d5f1304ef5a65d66f6da5e5a38fa6ac437cfff0bd1619bcb8ece93066fd8c16036c62875028f9bdbd8b2572f6f825bde7d9c410aea59
-  data.tar.gz: 3716edf1589f8952d7aa7460f5e1056d0e5c78c1a0dfb6096ae1db5bf527ec31c33c0e3aada585164c0c07b6e9400c26c347b9c894604fad3b2a74226397799c
+  metadata.gz: 3d8825aab45d7c154f9e4f718fad006ff0e3b469f51da94ba531a7de42e99c05595d41f0195ac4ac05998d6e2e26f30f89f52da93401e40b689b2b21c8d525ed
+  data.tar.gz: fb078de3ae30c8eac13bf7b24b7db968c5083f281aeae3f425230d941aace2f2405e6a7eedfb3c3fed34a7d8cdce43a078ff360df0c2e921fccbe07e72415cce

data/.travis.yml

@@ -5,7 +5,18 @@ branches:
   only:
   - master
 rvm:
-  - 2.2.8
-  - 2.3.5
-  - 2.4.2
-  - ruby-head
+  - 2.3.6
+  - 2.4.3
+
+# https://github.com/travis-ci/travis-ci/issues/8978
+matrix:
+  include:
+    - rvm: 2.5.0
+      before_install:
+      - gem update --system
+    - rvm: ruby-head
+      before_install:
+      - gem update --system
+
+allow_failures:
+  - rvm: ruby-head

data/CHANGELOG.md

@@ -1,11 +1,19 @@
 # Change Log
 
+## [v2.1.0](https://github.com/test-kitchen/kitchen-ec2/tree/v2.1.0) (2018-01-27)
+[Full Changelog](https://github.com/test-kitchen/kitchen-ec2/compare/v2.0.0...v2.1.0)
+
+**Merged pull requests:**
+
+- Only create Ohai hint when provisioner is `/chef/` [\#366](https://github.com/test-kitchen/kitchen-ec2/pull/366) ([cheeseplus](https://github.com/cheeseplus))
+- Automatically create a security group and key pair if needed. [\#362](https://github.com/test-kitchen/kitchen-ec2/pull/362) ([coderanger](https://github.com/coderanger))
+
 ## [v2.0.0](https://github.com/test-kitchen/kitchen-ec2/tree/v2.0.0) (2017-12-08)
 [Full Changelog](https://github.com/test-kitchen/kitchen-ec2/compare/v1.4.0...v2.0.0)
 
 **Improvements**
 
-- Clean up original Authentication; Rely on SDK for Chain. [\#353](https://github.com/test-kitchen/kitchen-ec2/pull/320) ([rhyas](https://github.com/rhyas))
+- Clean up original Authentication; Rely on SDK for Chain. [\#353](https://github.com/test-kitchen/kitchen-ec2/pull/353) ([rhyas](https://github.com/rhyas))
 - Use quadratic backoff when encountering RequestLimit errors [\#320](https://github.com/test-kitchen/kitchen-ec2/pull/320) ([kamaradclimber](https://github.com/kamaradclimber))
 
 ## [v1.4.0](https://github.com/test-kitchen/kitchen-ec2/tree/v1.4.0) (2017-11-29)

data/README.md

@@ -9,39 +9,21 @@ A [Test Kitchen][kitchenci] Driver for Amazon EC2.
 This driver uses the [aws sdk gem][aws_sdk_gem] to provision and destroy EC2
 instances. Use Amazon's cloud for your infrastructure testing!
 
-## Initial Setup
-
-To get started, you need to install the software and set up your credentials and SSH key. Some of these steps you have probably already done, but we include them here for completeness.
-
-1. Install the latest test-kitchen or ChefDK and put it in your path.
-2. From this repository, type `bundle install; bundle exec rake install` to install the latest version of the driver.
-3. Install the [AWS command line tools](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-set-up.html).
-4. Run `aws configure` to place your AWS credentials on the drive at ~/.aws/credentials.
-5. Create your AWS SSH key. We recommend naming it with your username, but you can use any name:
-
-     ```
-     aws ec2 create-key-pair --key-name $USER | ruby -e "require 'json'; puts JSON.parse(STDIN.read)['KeyMaterial']" > ~/.ssh/$USER
-     ```
-6. `export AWS_SSH_KEY_ID=<your key name>`
-
 ## Quick Start
 
-Once
-that is done, create your kitchen file in your cookbook directory (or an empty
-directory if you just want to get a feel for it):
-
-1. `kitchen init -D kitchen-ec2`
-2. Edit `.kitchen.yml` and add the aws_ssh_key_id to driver and a transport with
-   an ssh_key:
+1. Install [ChefDK](https://downloads.chef.io/chefdk). If testing things other
+   than Chef cookbooks, please consult your driver's documentation for information
+   on what to install.
+2. Install the [AWS command line tools](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-set-up.html).
+3. Run `aws configure`. This will set up your AWS credentials for both the AWS
+   CLI tools and kitchen-ec2.
+4. Add or exit the `driver` section of your `.kitchen.yml`:
 
    ```yaml
-   transport:
-     ssh_key: ~/.ssh/your_private_key_file
+   driver:
+     name: ec2
    ```
-3. While you are in there, modify `centos-7.1` to `centos-7`.
-3. `kitchen test`
-
-It's that easy! This will set up and run centos and ubuntu flavored instances.
+5. Run `kitchen test`.
 
 ## Requirements
 
@@ -54,8 +36,51 @@ By automatically applying reasonable defaults wherever possible, kitchen-ec2 doe
 
 ### Specifying the Image
 
-There are three ways to specify the image you use for the instance: `image_id`,
-`image_search` and `platform.name`
+There are three ways to specify the image you use for the instance: the `platform`
+name, `image_id`, and `image_search`.
+
+#### `platform` Name
+
+The third way to specify the image is by leaving `image_id` and `image_search`
+blank, and specifying a standard platform name.
+
+```yaml
+platforms:
+  - name: ubuntu-14.04
+```
+
+If you use the platform name `ubuntu`, `windows`, `rhel`, `debian`, `centos`, `freebsd` or `fedora`, kitchen-ec2 will search for the latest matching official image of
+the given OS in your region. You may leave versions off, specify partial versions,
+and you may specify architecture to distinguish 32- and 64-bit. Some examples:
+
+```yaml
+platforms:
+  # The latest stable minor+patch release of rhel 6
+  - name: rhel-6
+  # The latest patch release of CentOS 6.3
+  - name: centos-6.3
+  # The latest patch release of Amazon Linux 2017.03
+  - name: amazon-2017.03
+  # 32-bit version of latest major+minor+patch release of Ubuntu
+  - name: ubuntu-i386
+  # 32-bit version of Debian 6
+  - name: debian-6-i386
+  # Latest 32-bit stable minor release of freebsd 10
+  - name: freebsd-10-i386
+  # The latest stable major+minor+patch release of Fedora
+  - name: fedora
+  # The most recent service-pack for Windows 2012 (not R2)
+  - name: windows-2012
+  # The most recent service-pack for Windows 2012R2
+  - name: windows-2012r2
+  # Windows 2008 RTM (not R2, no service pack)
+  - name: windows-2008rtm
+  # Windows 2008R2 SP1
+  - name: windows-2008r2sp1
+```
+
+We always pick the highest released stable version that matches your regex, and
+follow the other `image_search` rules for preference.
 
 #### `image_id`
 
@@ -104,121 +129,49 @@ Some examples are:
 
 It is safest to use the same naming convention as used by the public images published by the OS vendors on the AWS marketplace.
 
-#### `platform.name`
-
-The third way to specify the image is by leaving `image_id` and `image_search`
-blank, and specifying a standard platform name.
-
-```yaml
-platforms:
-  - name: ubuntu-14.04
-```
-
-If you use the platform name `ubuntu`, `windows`, `rhel`, `debian`, `centos`, `freebsd` or `fedora`, kitchen-ec2 will search for the latest matching official image of
-the given OS in your region. You may leave versions off, specify partial versions,
-and you may specify architecture to distinguish 32- and 64-bit. Some examples:
-
-```yaml
-platforms:
-  # The latest stable minor+patch release of rhel 6
-  - name: rhel-6
-  # The latest patch release of CentOS 6.3
-  - name: centos-6.3
-  # The latest patch release of Amazon Linux 2017.03
-  - name: amazon-2017.03
-  # 32-bit version of latest major+minor+patch release of Ubuntu
-  - name: ubuntu-i386
-  # 32-bit version of Debian 6
-  - name: debian-6-i386
-  # Latest 32-bit stable minor release of freebsd 10
-  - name: freebsd-10-i386
-  # The latest stable major+minor+patch release of Fedora
-  - name: fedora
-  # The most recent service-pack for Windows 2012 (not R2)
-  - name: windows-2012
-  # The most recent service-pack for Windows 2012R2
-  - name: windows-2012r2
-  # Windows 2008 RTM (not R2, no service pack)
-  - name: windows-2008rtm
-  # Windows 2008R2 SP1
-  - name: windows-2008r2sp1
-```
-
-We always pick the highest released stable version that matches your regex, and
-follow the other `image_search` rules for preference.
-
 ### AWS Authentication
 
 In order to connect to AWS, you must specify AWS credentials. We rely on the SDK
-to find credentials in the standard way, documented here: 
+to find credentials in the standard way, documented here:
 https://github.com/aws/aws-sdk-ruby/#configuration
 
 The SDK Chain will search environment variables, then config files, then IAM role
-data from the instance profile, in that order. In the case config files being 
-present, the 'default' profile will be used unless `shared_credentials_profile` 
-is defined to point to another profile. 
+data from the instance profile, in that order. In the case config files being
+present, the 'default' profile will be used unless `shared_credentials_profile`
+is defined to point to another profile.
 
 Because the Test Kitchen test should be checked into source control and ran
-through CI we no longer recommend storing the AWS credentials in the
+through CI we no longer support storing the AWS credentials in the
 `.kitchen.yml` file.
 
 ### Instance Login Configuration
 
 The instances you create use credentials you specify which are *separate* from
 the AWS credentials. Generally, SSH and WinRM use an AWS key pair which you
-specify. You probably set this up in the Initial Setup.
-
-#### `aws_ssh_key_id`
-
-The ID of the AWS key pair you want to use.
-
-The default will be read from the `AWS_SSH_KEY_ID` environment variable if set,
-or `nil` otherwise.
+specify.
 
-If `aws_ssh_key_id` is specified, it must be one of the KeyName values shown by the AWS CLI: `aws ec2 describe-key-pairs`.
-Otherwise, if not specified, you must either have a user pre-provisioned on the AMI, or provision the user using `user_data`.
-
-#### `transport.ssh_key`
-
-The private key file for the AWS key pair you want to use.
-
-#### `transport.username`
-
-This is not strictly a `driver` thing, but the username is a crucial component
-of logging in to an instance. Different AMIs tend to provide different usernames.
-
-If you use an official AMI (or create an image with the platform name in the
-image name), we will use the default username for official AMIs for that platform.
-
-#### `ebs_optimized`
+#### SSH
 
-Option to launch EC2 instance with optimized EBS volume. See
-[Amazon EC2 Instance Types](http://aws.amazon.com/ec2/instance-types/) to find
-out more about instance types that can be launched as EBS-optimized instances.
+The `aws_ssh_key_id` value is the name of the AWS key pair you want to use. The default will be read from the `AWS_SSH_KEY_ID` environment variable if set.  If a key ID is not specified, a temporary key will be created for you.
 
-The default is `false`.
+To see a list of existing key pair IDs in a region, run `aws ec2 describe-key-pairs --region us-east-1`.
 
-#### Password
+When using an existing key, ensure that the private key is configured in your
+Test Kitchen `transport`, either directly or made available via `ssh-agent`:
 
-For Windows instances the generated Administrator password is fetched
-automatically from Amazon EC2 with the same private key as we use for
-SSH logins to Linux.
+```yaml
+transport:
+  ssh_key: ~/.ssh/mykey.pem
+```
 
-### Windows Configuration
+For standard platforms we automatically provide the SSH username, but when
+specifying your own AMI you may need to configure that as well.
 
-If you specify a platform name starting with `windows`, Test Kitchen will pull a
-default AMI out of `amis.json` if one is not specified.
+#### WinRM
 
-The default user_data will add any `username` with its associated `password`
-from the transport options to the Aministrator group.  If no `username` is
-specified then the default `administrator` is available.
+For Windows instances the generated Administrator password is fetched automatically from Amazon EC2 with the same private key as we use for SSH.
 
-AWS automatically generates an `administrator` password in the default
-Windows AMIs.  Test Kitchen fetches this and stores it in the
-`.kitchen/#{platform}.json` file.  If you need to `kitchen login` to the instance
-and you have not specified your own `username` and `password` you can use
-the `administrator` user and the password from this file.  Unfortunately
-we cannot auto-fill the RDP password at this point.
+Unfortunately the RDP file format does not allow including login credentials, so `kitchen login` with WinRM cannot automatically log in for you.
 
 ### Other Configuration
 
@@ -230,7 +183,7 @@ the letter designation - will attach this to the region used.
 If not specified, your instances will be placed in an AZ of AWS's choice in your
 region.
 
-#### <a name="config-instance_type"></a> `instance_type`
+#### `instance_type`
 
 The EC2 [instance type][instance_docs] (also known as size) to use.
 
@@ -240,9 +193,8 @@ or `paravirtual`. (`paravirtual` images are incompatible with `t2.micro`.)
 #### `security_group_ids`
 
 An Array of EC2 [security groups][group_docs] which will be applied to the
-instance.
-
-The default is `["default"]`.
+instance. If no security group is specified, a temporary group will be created
+automatically which allows SSH and WinRM.
 
 #### `security_group_filter`
 
@@ -363,14 +315,6 @@ The default is `ENV["HTTPS_PROXY"] || ENV["HTTP_PROXY"]`.  If you have these env
 
 If you need to turn off ssl certificate verification for HTTP calls made to AWS, set `ssl_verify_peer: false`.
 
-#### `vpc_mode`
-
-Can be used to place ec2 instance into vpc. Requires `vpc_id` and `subnet_id` to be set.
-
-#### `vpc_id`
-
-Needs `vpc_mode` to be set to true. Represents the ID of the vpc in which the instance should be placed.
-
 ### Disk Configuration
 
 #### <a name="config-block_device_mappings"></a> `block_device_mappings`
@@ -527,10 +471,6 @@ example:
 4. Push to the branch (`git push origin my-new-feature`)
 5. Create new Pull Request
 
-## <a name="authors"></a> Authors
-
-Created and maintained by [Fletcher Nichol][author] (<fnichol@nichol.ca>)
-
 ## <a name="license"></a> License
 
 Apache 2.0 (see [LICENSE][license])

data/lib/kitchen/driver/aws/client.rb

@@ -35,9 +35,6 @@ module Kitchen
         def initialize( # rubocop:disable Metrics/ParameterLists
           region,
           profile_name = "default",
-          access_key_id = nil,
-          secret_access_key = nil,
-          session_token = nil,
           http_proxy = nil,
           retry_limit = nil,
           ssl_verify_peer = true

data/lib/kitchen/driver/ec2.rb

@@ -33,6 +33,9 @@ require_relative "aws/standard_platform/ubuntu"
 require_relative "aws/standard_platform/windows"
 require "aws-sdk-core/waiters/errors"
 require "retryable"
+require "time"
+require "etc"
+require "socket"
 
 Aws.eager_autoload!
 
@@ -85,6 +88,7 @@ module Kitchen
       default_config :tenancy,             "default"
       default_config :instance_initiated_shutdown_behavior, nil
       default_config :ssl_verify_peer, true
+      default_config :skip_cost_warning, false
 
       def initialize(*args, &block)
         super
@@ -172,13 +176,25 @@ module Kitchen
         return if state[:server_id]
         update_username(state)
 
-        info(Kitchen::Util.outdent!(<<-END))
+        info(Kitchen::Util.outdent!(<<-END)) unless config[:skip_cost_warning]
           If you are not using an account that qualifies under the AWS
           free-tier, you may be charged to run these suites. The charge
           should be minimal, but neither Test Kitchen nor its maintainers
           are responsible for your incurred costs.
         END
 
+        # If no security group IDs are specified, create one automatically.
+        unless config[:security_group_ids]
+          create_security_group(state)
+          config[:security_group_ids] = [state[:auto_security_group_id]]
+        end
+
+        # If no SSH key pair name is specified, create one automatically.
+        unless config[:aws_ssh_key_id]
+          create_key(state)
+          config[:aws_ssh_key_id] = state[:auto_key_id]
+        end
+
         if config[:spot_price]
           # Spot instance when a price is set
           server = submit_spot(state)
@@ -232,28 +248,49 @@ module Kitchen
 
         info("EC2 instance <#{state[:server_id]}> ready (hostname: #{state[:hostname]}).")
         instance.transport.connection(state).wait_until_ready
-        create_ec2_json(state)
+        create_ec2_json(state) if instance.provisioner.name =~ /chef/
         debug("ec2:create '#{state[:hostname]}'")
+      rescue Exception
+        # Clean up any auto-created security groups or keys on the way out.
+        delete_security_group(state)
+        delete_key(state)
+        raise
       end
 
       def destroy(state)
-        return if state[:server_id].nil?
-
-        server = ec2.get_instance(state[:server_id])
-        unless server.nil?
-          instance.transport.connection(state).close
-          server.terminate
-        end
-        if state[:spot_request_id]
-          debug("Deleting spot request <#{state[:server_id]}>")
-          ec2.client.cancel_spot_instance_requests(
-            :spot_instance_request_ids => [state[:spot_request_id]]
-          )
-          state.delete(:spot_request_id)
+        if state[:server_id]
+          server = ec2.get_instance(state[:server_id])
+          unless server.nil?
+            instance.transport.connection(state).close
+            server.terminate
+          end
+          if state[:spot_request_id]
+            debug("Deleting spot request <#{state[:server_id]}>")
+            ec2.client.cancel_spot_instance_requests(
+              :spot_instance_request_ids => [state[:spot_request_id]]
+            )
+            state.delete(:spot_request_id)
+          end
+          # If we are going to clean up an automatic security group, we need
+          # to wait for the instance to shut down. This slightly breaks the
+          # subsystem encapsulation, sorry not sorry.
+          if state[:auto_security_group_id] && server
+            server.wait_until_terminated do |waiter|
+              waiter.max_attempts = config[:retryable_tries]
+              waiter.delay = config[:retryable_sleep]
+              waiter.before_attempt do |attempts|
+                info "Waited #{attempts * waiter.delay}/#{waiter.delay * waiter.max_attempts}s for instance <#{server.id}> to terminate."
+              end
+            end
+          end
+          info("EC2 instance <#{state[:server_id]}> destroyed.")
+          state.delete(:server_id)
+          state.delete(:hostname)
         end
-        info("EC2 instance <#{state[:server_id]}> destroyed.")
-        state.delete(:server_id)
-        state.delete(:hostname)
+
+        # Clean up any auto-created security groups or keys.
+        delete_security_group(state)
+        delete_key(state)
       end
 
       def image
@@ -329,9 +366,6 @@ module Kitchen
         @ec2 ||= Aws::Client.new(
           config[:region],
           config[:shared_credentials_profile],
-          config[:aws_access_key_id],
-          config[:aws_secret_access_key],
-          config[:aws_session_token],
           config[:http_proxy],
           config[:retry_limit],
           config[:ssl_verify_peer]
@@ -488,7 +522,7 @@ module Kitchen
           !enc.nil? && !enc.empty?
         end
         pass = with_request_limit_backoff(state) do
-          server.decrypt_windows_password(File.expand_path(instance.transport[:ssh_key]))
+          server.decrypt_windows_password(File.expand_path(state[:ssh_key] || instance.transport[:ssh_key]))
         end
         state[:password] = pass
         info("Retrieved Windows password for instance <#{state[:server_id]}>.")
@@ -640,6 +674,110 @@ module Kitchen
         " Created: #{image.creation_date}"
       end
 
+      # Create a temporary security group for this instance.
+      #
+      # @api private
+      # @param state [Hash] Instance state hash.
+      # @return [void]
+      def create_security_group(state)
+        return if state[:auto_security_group_id]
+        # Work out which VPC, if any, we are creating in.
+        vpc_id = if config[:subnet_id]
+                   # Get the VPC ID for the subnet.
+                   subnets = ec2.client.describe_subnets(filters: [{ name: "subnet-id", values: [config[:subnet_id]] }]).subnets
+                   raise "Subnet #{config[:subnet_id]} not found during security group creation" if subnets.empty?
+                   subnets.first.vpc_id
+                 else
+                   # Try to check for a default VPC.
+                   vpcs = ec2.client.describe_vpcs(filters: [{ name: "isDefault", values: ["true"] }]).vpcs
+                   if vpcs.empty?
+                     # No default VPC so assume EC2-Classic ¯\_(ツ)_/¯
+                     nil
+                   else
+                     # I don't actually know if you can have more than one default VPC?
+                     vpcs.first.vpc_id
+                   end
+                 end
+        # Create the SG.
+        params = {
+          group_name: "kitchen-#{Array.new(8) { rand(36).to_s(36) }.join}",
+          description: "Test Kitchen for #{instance.name} by #{Etc.getlogin || 'nologin'} on #{Socket.gethostname}",
+        }
+        params[:vpc_id] = vpc_id if vpc_id
+        resp = ec2.client.create_security_group(params)
+        state[:auto_security_group_id] = resp.group_id
+        info("Created automatic security group #{state[:auto_security_group_id]}")
+        debug("  in VPC #{vpc_id || 'none'}")
+        # Set up SG rules.
+        ec2.client.authorize_security_group_ingress(
+          group_id: state[:auto_security_group_id],
+          # Allow SSH and WinRM (both plain and TLS).
+          ip_permissions: [22, 5985, 5986].map do |port|
+            {
+              ip_protocol: "tcp",
+              from_port: port,
+              to_port: port,
+              ip_ranges: [{ cidr_ip: "0.0.0.0/0" }],
+            }
+          end
+        )
+      end
+
+      # Create a temporary SSH key pair for this instance.
+      #
+      # @api private
+      # @param state [Hash] Instance state hash.
+      # @return [void]
+      def create_key(state)
+        return if state[:auto_key_id]
+        # Encode a bunch of metadata into the name because that's all we can
+        # set for a key pair.
+        name_parts = [
+          instance.name.gsub(/\W/, ""),
+          (Etc.getlogin || "nologin").gsub(/\W/, ""),
+          Socket.gethostname.gsub(/\W/, "")[0..20],
+          Time.now.utc.iso8601,
+          Array.new(8) { rand(36).to_s(36) }.join(""),
+        ]
+        resp = ec2.client.create_key_pair(key_name: "kitchen-#{name_parts.join('-')}")
+        state[:auto_key_id] = resp.key_name
+        info("Created automatic key pair #{state[:auto_key_id]}")
+        # Write the key out, but safely hence the weird sysopen.
+        key_path = "#{config[:kitchen_root]}/.kitchen/#{instance.name}.pem"
+        key_fd = File.sysopen(key_path, File::WRONLY | File::CREAT | File::EXCL, 00600)
+        File.open(key_fd) do |f|
+          f.write(resp.key_material)
+        end
+        # Inject the key into the state to be used by the SSH transport, or for
+        # the Windows password decrypt above in {#fetch_windows_admin_password}.
+        state[:ssh_key] = key_path
+      end
+
+      # Clean up a temporary security group for this instance.
+      #
+      # @api private
+      # @param state [Hash] Instance state hash.
+      # @return [void]
+      def delete_security_group(state)
+        return unless state[:auto_security_group_id]
+        info("Removing automatic security group #{state[:auto_security_group_id]}")
+        ec2.client.delete_security_group(group_id: state[:auto_security_group_id])
+        state.delete(:auto_security_group_id)
+      end
+
+      # Clean up a temporary SSH key pair for this instance.
+      #
+      # @api private
+      # @param state [Hash] Instance state hash.
+      # @return [void]
+      def delete_key(state)
+        return unless state[:auto_key_id]
+        info("Removing automatic key pair #{state[:auto_key_id]}")
+        ec2.client.delete_key_pair(key_name: state[:auto_key_id])
+        state.delete(:auto_key_id)
+        File.unlink("#{config[:kitchen_root]}/.kitchen/#{instance.name}.pem")
+      end
+
     end
   end
 end

data/lib/kitchen/driver/ec2_version.rb

@@ -21,6 +21,6 @@ module Kitchen
   module Driver
 
     # Version string for EC2 Test Kitchen driver
-    EC2_VERSION = "2.0.0"
+    EC2_VERSION = "2.1.0"
   end
 end

data/spec/kitchen/driver/ec2/client_spec.rb

@@ -39,9 +39,6 @@ describe Kitchen::Driver::Aws::Client do
         Kitchen::Driver::Aws::Client.new(
           "us-west-1",
           "test-profile",
-          "access_key_id",
-          "secret_access_key",
-          "session_token",
           "http_proxy",
           999,
           false

data/spec/kitchen/driver/ec2_spec.rb

@@ -30,10 +30,13 @@ describe Kitchen::Driver::Ec2 do
       :aws_ssh_key_id => "key",
       :image_id => "ami-1234567",
       :block_duration_minutes => 60,
+      :subnet_id => "subnet-1234",
+      :security_group_ids => ["sg-56789"],
     }
   end
   let(:platform)      { Kitchen::Platform.new(:name => "fooos-99") }
   let(:transport)     { Kitchen::Transport::Dummy.new }
+  let(:provisioner)   { Kitchen::Provisioner::Dummy.new }
   let(:generator)     { instance_double(Kitchen::Driver::Aws::InstanceGenerator) }
   # There is too much name overlap I let creep in - my `client` is actually
   # a wrapper around the actual ec2 client
@@ -49,6 +52,7 @@ describe Kitchen::Driver::Ec2 do
       Kitchen::Instance,
       :logger => logger,
       :transport => transport,
+      :provisioner => provisioner,
       :platform => platform,
       :to_str => "str"
     )
@@ -458,12 +462,22 @@ describe Kitchen::Driver::Ec2 do
         expect(driver).to receive(:wait_until_ready).with(server, state)
         allow(actual_client).to receive(:describe_images).with({ :image_ids => [server.image_id] }).and_return(ec2_stub)
         expect(transport).to receive_message_chain("connection.wait_until_ready")
-        expect(driver).to receive(:create_ec2_json).with(state)
         driver.create(state)
         expect(state[:server_id]).to eq(id)
       end
     end
 
+    context "chef provisioner" do
+      let(:provisioner) { double("chef provisioner", :name => "chef_solo") }
+
+      before do
+        expect(driver).to receive(:create_ec2_json).with(state)
+        expect(driver).to receive(:submit_server).and_return(server)
+      end
+
+      include_examples "common create"
+    end
+
     context "non-windows on-demand instance" do
       before do
         expect(driver).to receive(:submit_server).and_return(server)
@@ -520,6 +534,78 @@ describe Kitchen::Driver::Ec2 do
       end
     end
 
+    context "with no security group specified" do
+      before do
+        config.delete(:security_group_ids)
+        expect(driver).to receive(:submit_server).and_return(server)
+        allow(instance).to receive(:name).and_return("instance_name")
+      end
+
+      context "with a subnet configured" do
+        before do
+          expect(actual_client).to receive(:describe_subnets).with(filters: [{ name: "subnet-id", values: ["subnet-1234"] }]).and_return(double(subnets: [double(vpc_id: "vpc-1")]))
+          expect(actual_client).to receive(:create_security_group).with(group_name: /kitchen-/, description: /Test Kitchen for/, vpc_id: "vpc-1").and_return(double(group_id: "sg-9876"))
+          expect(actual_client).to receive(:authorize_security_group_ingress).with(group_id: "sg-9876", ip_permissions: [
+            { ip_protocol: "tcp", from_port: 22, to_port: 22, ip_ranges: [{ cidr_ip: "0.0.0.0/0" }] },
+            { ip_protocol: "tcp", from_port: 5985, to_port: 5985, ip_ranges: [{ cidr_ip: "0.0.0.0/0" }] },
+            { ip_protocol: "tcp", from_port: 5986, to_port: 5986, ip_ranges: [{ cidr_ip: "0.0.0.0/0" }] },
+          ])
+        end
+
+        include_examples "common create"
+      end
+
+      context "with a default VPC" do
+        before do
+          config.delete(:subnet_id)
+          expect(actual_client).to receive(:describe_vpcs).with(filters: [{ name: "isDefault", values: ["true"] }]).and_return(double(vpcs: [double(vpc_id: "vpc-1")]))
+          expect(actual_client).to receive(:create_security_group).with(group_name: /kitchen-/, description: /Test Kitchen for/, vpc_id: "vpc-1").and_return(double(group_id: "sg-9876"))
+          expect(actual_client).to receive(:authorize_security_group_ingress).with(group_id: "sg-9876", ip_permissions: [
+            { ip_protocol: "tcp", from_port: 22, to_port: 22, ip_ranges: [{ cidr_ip: "0.0.0.0/0" }] },
+            { ip_protocol: "tcp", from_port: 5985, to_port: 5985, ip_ranges: [{ cidr_ip: "0.0.0.0/0" }] },
+            { ip_protocol: "tcp", from_port: 5986, to_port: 5986, ip_ranges: [{ cidr_ip: "0.0.0.0/0" }] },
+          ])
+        end
+
+        include_examples "common create"
+      end
+
+      context "without a default VPC" do
+        before do
+          config.delete(:subnet_id)
+          expect(actual_client).to receive(:describe_vpcs).with(filters: [{ name: "isDefault", values: ["true"] }]).and_return(double(vpcs: []))
+          expect(actual_client).to receive(:create_security_group).with(group_name: /kitchen-/, description: /Test Kitchen for/).and_return(double(group_id: "sg-9876"))
+          expect(actual_client).to receive(:authorize_security_group_ingress).with(group_id: "sg-9876", ip_permissions: [
+            { ip_protocol: "tcp", from_port: 22, to_port: 22, ip_ranges: [{ cidr_ip: "0.0.0.0/0" }] },
+            { ip_protocol: "tcp", from_port: 5985, to_port: 5985, ip_ranges: [{ cidr_ip: "0.0.0.0/0" }] },
+            { ip_protocol: "tcp", from_port: 5986, to_port: 5986, ip_ranges: [{ cidr_ip: "0.0.0.0/0" }] },
+          ])
+        end
+
+        include_examples "common create"
+      end
+    end
+
+    context "with no key pair configured" do
+      before do
+        config[:kitchen_root] = "/kitchen"
+        config.delete(:aws_ssh_key_id)
+        expect(driver).to receive(:submit_server).and_return(server)
+        allow(instance).to receive(:name).and_return("instance_name")
+
+        expect(actual_client).to receive(:create_key_pair).with(key_name: /kitchen-/).and_return(double(key_name: "kitchen-asdf", key_material: "RSA PRIVATE KEY"))
+        fake_fd = double()
+        fake_file = double()
+        allow(File).to receive(:sysopen).and_call_original
+        expect(File).to receive(:sysopen).with("/kitchen/.kitchen/instance_name.pem", kind_of(Numeric), kind_of(Numeric)).and_return(fake_fd)
+        allow(File).to receive(:open).and_call_original
+        expect(File).to receive(:open).with(fake_fd).and_yield(fake_file)
+        expect(fake_file).to receive(:write).with("RSA PRIVATE KEY")
+      end
+
+      include_examples "common create"
+    end
+
   end
 
   describe "#destroy" do
@@ -563,6 +649,29 @@ describe Kitchen::Driver::Ec2 do
         expect(state).to eq({})
       end
     end
+
+    context "when the state has an automatic security group" do
+      let(:state) { { auto_security_group_id: "sg-asdf" } }
+
+      it "destroys the security group" do
+        expect(actual_client).to receive(:delete_security_group).with(group_id: "sg-asdf")
+        driver.destroy(state)
+        expect(state).to eq({})
+      end
+    end
+
+    context "when the state has an automatic key pair" do
+      let(:state) { { auto_key_id: "kitchen-asdf" } }
+
+      it "destroys the key pair" do
+        config[:kitchen_root] = "/kitchen"
+        allow(instance).to receive(:name).and_return("instance_name")
+        expect(actual_client).to receive(:delete_key_pair).with(key_name: "kitchen-asdf")
+        expect(File).to receive(:unlink).with("/kitchen/.kitchen/instance_name.pem")
+        driver.destroy(state)
+        expect(state).to eq({})
+      end
+    end
   end
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kitchen-ec2
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.0
 platform: ruby
 authors:
 - Fletcher Nichol
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-12-12 00:00:00.000000000 Z
+date: 2018-01-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: test-kitchen