knife-ec2 0.10.0.rc.0 → 0.10.0.rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +8 -8
- data/CHANGELOG.md +4 -2
- data/CONTRIBUTIONS.md +2 -0
- data/DOC_CHANGES.md +17 -2
- data/README.md +30 -0
- data/RELEASE_NOTES.md +4 -1
- data/knife-ec2.gemspec +2 -2
- data/lib/chef/knife/ec2_base.rb +45 -23
- data/lib/chef/knife/ec2_server_create.rb +57 -1
- data/lib/chef/knife/s3_source.rb +40 -0
- data/lib/knife-ec2/version.rb +1 -1
- data/spec/unit/ec2_server_create_spec.rb +85 -3
- data/spec/unit/s3_source_spec.rb +53 -0
- metadata +11 -8
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
MWQ5ZmZmN2U4NjhkMDEzYTNlN2Q5NGVhN2E3NmNmYjE5NDc4ZTE2Yw==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
MmY0M2RmNGQxYzQ0ODhhMGEzNGRjY2MzYWM5MGVlYzZmYTQwYjFiMQ==
|
7
7
|
SHA512:
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
MGJiYzNkODA5OWRiOWU1YTljYmFkZjRiNjhjZDhkNjVmNmJhZWUyM2RhZjE0
|
10
|
+
ZDJkM2U0Mzc3MmEzOGQ1ZWI1ZGJhZDYyODZhMjNhNjc3MDUzNTU3NGNhNGYy
|
11
|
+
NWU1MTFjZmQ1NmY1YWViZDU5MDI0ZmIzMGZjYWFhN2NjNDU1MDA=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
ZDkyMWU2MWM1NDkxMWEwMjI0MmNiYTFkZDQ5NzViNWMwZmU5MGE1MGFiMGZj
|
14
|
+
NzM2Y2JmMDIyMTZlMjMzZmUwNWY4MTA4ZjJiMGIzYmFkNWRiZWM4MjY5NmE2
|
15
|
+
OTkwMWYxMTE0YjRmYmUyZWQwMWNmZGY0M2Q2OTFkMjcwNTUyMTM=
|
data/CHANGELOG.md
CHANGED
@@ -5,9 +5,11 @@ Note: this log contains only changes from knife-ec2 release 0.8.0 and later
|
|
5
5
|
prior to release 0.8.0, please visit the [source repository](https://github.com/opscode/knife-ec2/commits).
|
6
6
|
|
7
7
|
## Unreleased changes
|
8
|
-
|
8
|
+
* Use IAM role for credentials
|
9
9
|
|
10
|
-
## Latest release: 0.10.0.rc.
|
10
|
+
## Latest release: 0.10.0.rc.1
|
11
|
+
* [Issue:#237](https://github.com/opscode/knife-ec2/issues/237) Provide a way to the validation key and data bag secret from S3
|
12
|
+
* [Issue:#243](https://github.com/opscode/knife-ec2/issues/243) Support new AWS CLI configuration file format
|
11
13
|
* Update `knife-windows` gem dependency to `knife-windows 0.8.rc.0` for improved Windows authentication integration
|
12
14
|
* Update `fog` gem dependency to `fog 1.23.0`
|
13
15
|
* Provisioned IOPS support via the `--provisioned-iops` and `--ebs-volume-type` options
|
data/CONTRIBUTIONS.md
CHANGED
@@ -6,5 +6,7 @@ Example Contribution:
|
|
6
6
|
-->
|
7
7
|
# knife-ec2 0.10.0:
|
8
8
|
|
9
|
+
* **erehot**: Added ability to use S3 to obtain the validation key and data bag secret
|
10
|
+
* **johnbarney**: Added ability to use IAM role credentials
|
9
11
|
* **mdellanoce**: Added ability to use SSH config (KNIFE-466)
|
10
12
|
* **victorlin**: Added ability to pass identify file for SSH Gateway on the command line (KNIFE-422)
|
data/DOC_CHANGES.md
CHANGED
@@ -17,18 +17,33 @@ This command line option and associated plugin configuration `:ebs_volume_type`
|
|
17
17
|
|
18
18
|
### Option `--provisioned-iops`
|
19
19
|
This command line option and the associated `:ebs_provisioned_iops` plugin
|
20
|
-
|
20
|
+
configuration enables the EC2 instance to be configured with the specified
|
21
21
|
provisioned IOPS rate given as an argument to this option. It is only valid if
|
22
22
|
the EBS volume type is `io1` as specified by the `--ebs-volume-type` option
|
23
23
|
for this plugin.
|
24
24
|
|
25
|
+
## Use of secret parameters from S3 for `server create` command
|
26
|
+
|
27
|
+
The options below allow some secrets used with the `knife ec2 server create`
|
28
|
+
command to be specified as URL's. Examples are also given in the README.md.
|
29
|
+
|
30
|
+
### Option `--s3-secret`
|
31
|
+
This option allows the specification of an AWS S3 storage bucket that contains
|
32
|
+
a data bag secret file -- this option can be used in place of the
|
33
|
+
`secret_file` option. It takes an S3 URL as an argument (e.g.
|
34
|
+
`s3://bucket/file`) -- that file should contain encrypted data bag secret file
|
35
|
+
|
36
|
+
### Option `--validation-key-url`
|
37
|
+
This option allows the validation key to be specified as a URL. It takes a URL
|
38
|
+
as an argument.
|
39
|
+
|
25
40
|
## SSH Gateway from SSH Config
|
26
41
|
Any available SSH Gateway settings in your SSH configuration file are now used
|
27
42
|
by default. This includes using any SSH keys specified for the target host.
|
28
43
|
This allows simpler command-line usage of the knife plugin with less of a need
|
29
44
|
for complex command line invocations.
|
30
45
|
|
31
|
-
## Pass
|
46
|
+
## Pass separate SSH Gateway key
|
32
47
|
You can pass an SSH key to be used for authenticating to the SSH Gateway with
|
33
48
|
the --ssh-gateway-identity option.
|
34
49
|
|
data/README.md
CHANGED
@@ -78,6 +78,36 @@ Additionally the following options may be set in your `knife.rb`:
|
|
78
78
|
- distro
|
79
79
|
- template_file
|
80
80
|
|
81
|
+
Using Cloud-Based Secret Data
|
82
|
+
-----------------------------
|
83
|
+
knife-ec2 now includes the ability to retrieve the encrypted data bag secret and validation keys directly from a cloud-based assets store (currently on S3 is supported). To enable this functionality, you must first upload keys to S3 and give them appropriate permissions. The following is a suggested set of IAM permissions required to make this work:
|
84
|
+
|
85
|
+
```json
|
86
|
+
{
|
87
|
+
"Statement": [
|
88
|
+
{
|
89
|
+
"Effect": "Allow",
|
90
|
+
"Action": [
|
91
|
+
"s3:Get*",
|
92
|
+
"s3:List*"
|
93
|
+
],
|
94
|
+
"Resource": [
|
95
|
+
"arn:aws:s3:::provisioning.bucket.com/chef/*"
|
96
|
+
]
|
97
|
+
}
|
98
|
+
]
|
99
|
+
}
|
100
|
+
```
|
101
|
+
|
102
|
+
### Use the following configuration options in `knife.rb` to set the source URLs:
|
103
|
+
```ruby
|
104
|
+
knife[:validation_key_url] = 's3://provisioning.bucket.com/chef/my-validator.pem'
|
105
|
+
knife[:s3_secret] = 's3://provisioning.bucket.com/chef/encrypted_data_bag_secret'
|
106
|
+
```
|
107
|
+
|
108
|
+
### Alternatively, URLs can be passed directly on the command line:
|
109
|
+
- Validation Key: `--validation-key-url s3://provisioning.bucket.com/chef/my-validator.pem`
|
110
|
+
- Encrypted Data Bag Secret: `--s3-secret s3://provisioning.bucket.com/chef/encrypted_data_bag_secret`
|
81
111
|
|
82
112
|
Subcommands
|
83
113
|
-----------
|
data/RELEASE_NOTES.md
CHANGED
@@ -6,7 +6,7 @@ Example Note:
|
|
6
6
|
## Example Heading
|
7
7
|
Details about the thing that changed that needs to get included in the Release Notes in markdown.
|
8
8
|
-->
|
9
|
-
# knife-ec2 0.10.rc.
|
9
|
+
# knife-ec2 0.10.rc.1 release notes:
|
10
10
|
This release of `knife-ec2` adds improvements around ssh configuration and EC2
|
11
11
|
IOPS provisioning. There is also a dependency update for the `fog` and `knife-windows` gems
|
12
12
|
to improve support for additional EC2 capabilities and Windows authentication
|
@@ -26,6 +26,9 @@ contribute features and bug fixes to `knife-ec2` at https://github.com/opscode/k
|
|
26
26
|
|
27
27
|
## Features added in knife-ec2 0.10.0
|
28
28
|
|
29
|
+
* Ability to specify validation key and data bag secrets via an S3 bucket
|
30
|
+
* Support for new AWS client configuration
|
31
|
+
* Added ability to use IAM role credentials
|
29
32
|
* Provisioned IOPS support
|
30
33
|
* SSH workstation configuration integration (from Michael Dellanoce and Victor Lin)
|
31
34
|
|
data/knife-ec2.gemspec
CHANGED
@@ -17,10 +17,10 @@ Gem::Specification.new do |s|
|
|
17
17
|
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
18
18
|
|
19
19
|
s.add_dependency 'fog', '~> 1.23.0'
|
20
|
-
s.add_dependency 'knife-windows', '0.8.0
|
20
|
+
s.add_dependency 'knife-windows', '>= 0.8.0'
|
21
21
|
|
22
22
|
s.add_development_dependency 'mixlib-config', '~> 2.0'
|
23
|
-
s.add_development_dependency 'chef', '>=
|
23
|
+
s.add_development_dependency 'chef', '>= 11.16.2'
|
24
24
|
s.add_development_dependency 'rspec', '~> 2.14'
|
25
25
|
s.add_development_dependency 'rake', '~> 10.1'
|
26
26
|
s.add_development_dependency 'sdoc', '~> 0.3'
|
data/lib/chef/knife/ec2_base.rb
CHANGED
@@ -55,17 +55,29 @@ class Chef
|
|
55
55
|
:long => "--region REGION",
|
56
56
|
:description => "Your AWS region",
|
57
57
|
:proc => Proc.new { |key| Chef::Config[:knife][:region] = key }
|
58
|
+
|
59
|
+
option :use_iam_profile,
|
60
|
+
:long => "--use-iam-profile",
|
61
|
+
:description => "Use IAM profile assigned to current machine",
|
62
|
+
:boolean => true,
|
63
|
+
:default => false,
|
64
|
+
:proc => Proc.new { |key| Chef::Config[:knife][:use_iam_profile] = key }
|
58
65
|
end
|
59
66
|
end
|
60
67
|
|
61
68
|
def connection
|
69
|
+
connection_settings = {
|
70
|
+
:provider => 'AWS',
|
71
|
+
:region => locate_config_value(:region)
|
72
|
+
}
|
73
|
+
if locate_config_value(:use_iam_profile)
|
74
|
+
connection_settings[:use_iam_profile] = true
|
75
|
+
else
|
76
|
+
connection_settings[:aws_access_key_id] = locate_config_value(:aws_access_key_id)
|
77
|
+
connection_settings[:aws_secret_access_key] = locate_config_value(:aws_secret_access_key)
|
78
|
+
end
|
62
79
|
@connection ||= begin
|
63
|
-
connection = Fog::Compute.new(
|
64
|
-
:provider => 'AWS',
|
65
|
-
:aws_access_key_id => Chef::Config[:knife][:aws_access_key_id],
|
66
|
-
:aws_secret_access_key => Chef::Config[:knife][:aws_secret_access_key],
|
67
|
-
:region => locate_config_value(:region)
|
68
|
-
)
|
80
|
+
connection = Fog::Compute.new(connection_settings)
|
69
81
|
end
|
70
82
|
end
|
71
83
|
|
@@ -88,27 +100,37 @@ class Chef
|
|
88
100
|
def validate!(keys=[:aws_access_key_id, :aws_secret_access_key])
|
89
101
|
errors = []
|
90
102
|
|
91
|
-
unless
|
92
|
-
unless
|
93
|
-
|
103
|
+
unless locate_config_value(:use_iam_profile)
|
104
|
+
unless Chef::Config[:knife][:aws_credential_file].nil?
|
105
|
+
unless (Chef::Config[:knife].keys & [:aws_access_key_id, :aws_secret_access_key]).empty?
|
106
|
+
errors << "Either provide a credentials file or the access key and secret keys but not both."
|
107
|
+
end
|
108
|
+
# File format:
|
109
|
+
# AWSAccessKeyId=somethingsomethingdarkside
|
110
|
+
# AWSSecretKey=somethingsomethingcomplete
|
111
|
+
# OR
|
112
|
+
# aws_access_key_id = somethingsomethingdarkside
|
113
|
+
# aws_secret_access_key = somethingsomethingdarkside
|
114
|
+
|
115
|
+
aws_creds = []
|
116
|
+
File.read(Chef::Config[:knife][:aws_credential_file]).each_line do | line |
|
117
|
+
aws_creds << line.split("=").map(&:strip) if line.include?("=")
|
118
|
+
end
|
119
|
+
entries = Hash[*aws_creds.flatten]
|
120
|
+
Chef::Config[:knife][:aws_access_key_id] = entries['AWSAccessKeyId'] || entries['aws_access_key_id']
|
121
|
+
Chef::Config[:knife][:aws_secret_access_key] = entries['AWSSecretKey'] || entries['aws_secret_access_key']
|
94
122
|
end
|
95
|
-
# File format:
|
96
|
-
# AWSAccessKeyId=somethingsomethingdarkside
|
97
|
-
# AWSSecretKey=somethingsomethingcomplete
|
98
|
-
entries = Hash[*File.read(Chef::Config[:knife][:aws_credential_file]).split(/[=\n]/).map(&:chomp)]
|
99
|
-
Chef::Config[:knife][:aws_access_key_id] = entries['AWSAccessKeyId']
|
100
|
-
Chef::Config[:knife][:aws_secret_access_key] = entries['AWSSecretKey']
|
101
|
-
end
|
102
123
|
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
124
|
+
keys.each do |k|
|
125
|
+
pretty_key = k.to_s.gsub(/_/, ' ').gsub(/\w+/){ |w| (w =~ /(ssh)|(aws)/i) ? w.upcase : w.capitalize }
|
126
|
+
if Chef::Config[:knife][k].nil?
|
127
|
+
errors << "You did not provide a valid '#{pretty_key}' value."
|
128
|
+
end
|
107
129
|
end
|
108
|
-
end
|
109
130
|
|
110
|
-
|
111
|
-
|
131
|
+
if errors.each{|e| ui.error(e)}.any?
|
132
|
+
exit 1
|
133
|
+
end
|
112
134
|
end
|
113
135
|
end
|
114
136
|
|
@@ -18,6 +18,7 @@
|
|
18
18
|
#
|
19
19
|
|
20
20
|
require 'chef/knife/ec2_base'
|
21
|
+
require 'chef/knife/s3_source'
|
21
22
|
require 'chef/knife/winrm_base'
|
22
23
|
|
23
24
|
class Chef
|
@@ -27,7 +28,9 @@ class Chef
|
|
27
28
|
include Knife::Ec2Base
|
28
29
|
include Knife::WinrmBase
|
29
30
|
deps do
|
31
|
+
require 'tempfile'
|
30
32
|
require 'fog'
|
33
|
+
require 'uri'
|
31
34
|
require 'readline'
|
32
35
|
require 'chef/json_compat'
|
33
36
|
require 'chef/knife/bootstrap'
|
@@ -194,6 +197,11 @@ class Chef
|
|
194
197
|
:description => "A file containing the secret key to use to encrypt data bag item values",
|
195
198
|
:proc => lambda { |sf| Chef::Config[:knife][:secret_file] = sf }
|
196
199
|
|
200
|
+
option :s3_secret,
|
201
|
+
:long => '--s3-secret S3_SECRET_URL',
|
202
|
+
:description => 'S3 URL (e.g. s3://bucket/file) for the encrypted_data_bag_secret_file',
|
203
|
+
:proc => lambda { |url| Chef::Config[:knife][:s3_secret] = url }
|
204
|
+
|
197
205
|
option :json_attributes,
|
198
206
|
:short => "-j JSON",
|
199
207
|
:long => "--json-attributes JSON",
|
@@ -280,6 +288,11 @@ class Chef
|
|
280
288
|
:description => "The maximum time in minutes to wait to for authentication over the transport to the node to succeed. The default value is 25 minutes.",
|
281
289
|
:default => 25
|
282
290
|
|
291
|
+
option :validation_key_url,
|
292
|
+
:long => "--validation-key-url URL",
|
293
|
+
:description => "Path to the validation key",
|
294
|
+
:proc => proc { |m| Chef::Config[:validation_key_url] = m }
|
295
|
+
|
283
296
|
def run
|
284
297
|
$stdout.sync = true
|
285
298
|
|
@@ -360,6 +373,11 @@ class Chef
|
|
360
373
|
end
|
361
374
|
msg_pair("Private IP Address", @server.private_ip_address)
|
362
375
|
|
376
|
+
if Chef::Config[:knife][:validation_key_url]
|
377
|
+
download_validation_key(validation_key_path)
|
378
|
+
Chef::Config[:validation_key] = validation_key_path
|
379
|
+
end
|
380
|
+
|
363
381
|
#Check if Server is Windows or Linux
|
364
382
|
if is_image_windows?
|
365
383
|
protocol = locate_config_value(:bootstrap_protocol)
|
@@ -441,6 +459,44 @@ class Chef
|
|
441
459
|
msg_pair("JSON Attributes",config[:json_attributes]) unless !config[:json_attributes] || config[:json_attributes].empty?
|
442
460
|
end
|
443
461
|
|
462
|
+
def validation_key_path
|
463
|
+
@validation_key_path ||= begin
|
464
|
+
if URI(Chef::Config[:knife][:validation_key_url]).scheme == 'file'
|
465
|
+
URI(Chef::Config[:knife][:validation_key_url]).path
|
466
|
+
else
|
467
|
+
validation_key_tmpfile.path
|
468
|
+
end
|
469
|
+
end
|
470
|
+
end
|
471
|
+
|
472
|
+
def validation_key_tmpfile
|
473
|
+
@validation_key_tmpfile ||= Tempfile.new('validation_key')
|
474
|
+
end
|
475
|
+
|
476
|
+
def download_validation_key(tempfile)
|
477
|
+
Chef::Log.debug 'Downloading validation key ' \
|
478
|
+
"<#{Chef::Config[:knife][:validation_key_url]}> to file " \
|
479
|
+
"<#{tempfile}>"
|
480
|
+
|
481
|
+
case URI(Chef::Config[:knife][:validation_key_url]).scheme
|
482
|
+
when 's3'
|
483
|
+
File.open(tempfile, 'w') { |f| f.write(s3_validation_key) }
|
484
|
+
end
|
485
|
+
end
|
486
|
+
|
487
|
+
def s3_validation_key
|
488
|
+
@s3_validation_key ||= begin
|
489
|
+
Chef::Knife::S3Source.fetch(Chef::Config[:knife][:validation_key_url])
|
490
|
+
end
|
491
|
+
end
|
492
|
+
|
493
|
+
def s3_secret
|
494
|
+
@s3_secret ||= begin
|
495
|
+
return false unless locate_config_value(:s3_secret)
|
496
|
+
Chef::Knife::S3Source.fetch(locate_config_value(:s3_secret))
|
497
|
+
end
|
498
|
+
end
|
499
|
+
|
444
500
|
def bootstrap_common_params(bootstrap)
|
445
501
|
bootstrap.config[:run_list] = config[:run_list]
|
446
502
|
bootstrap.config[:bootstrap_version] = locate_config_value(:bootstrap_version)
|
@@ -451,7 +507,7 @@ class Chef
|
|
451
507
|
bootstrap.config[:first_boot_attributes] = locate_config_value(:json_attributes) || {}
|
452
508
|
bootstrap.config[:encrypted_data_bag_secret] = locate_config_value(:encrypted_data_bag_secret)
|
453
509
|
bootstrap.config[:encrypted_data_bag_secret_file] = locate_config_value(:encrypted_data_bag_secret_file)
|
454
|
-
bootstrap.config[:secret] = locate_config_value(:secret)
|
510
|
+
bootstrap.config[:secret] = s3_secret || locate_config_value(:secret)
|
455
511
|
bootstrap.config[:secret_file] = locate_config_value(:secret_file)
|
456
512
|
# Modify global configuration state to ensure hint gets set by
|
457
513
|
# knife-bootstrap
|
@@ -0,0 +1,40 @@
|
|
1
|
+
require 'fog'
|
2
|
+
|
3
|
+
class Chef
|
4
|
+
class Knife
|
5
|
+
class S3Source
|
6
|
+
attr_accessor :url
|
7
|
+
|
8
|
+
def self.fetch(url)
|
9
|
+
source = Chef::Knife::S3Source.new
|
10
|
+
source.url = url
|
11
|
+
source.body
|
12
|
+
end
|
13
|
+
|
14
|
+
def body
|
15
|
+
bucket_obj.files.get(path).body
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
def bucket_obj
|
21
|
+
@bucket_obj ||= fog.directories.get(bucket)
|
22
|
+
end
|
23
|
+
|
24
|
+
def bucket
|
25
|
+
URI(@url).host
|
26
|
+
end
|
27
|
+
|
28
|
+
def path
|
29
|
+
URI(@url).path.sub(/^\//, '')
|
30
|
+
end
|
31
|
+
|
32
|
+
def fog
|
33
|
+
@fog ||= Fog::Storage::AWS.new(
|
34
|
+
aws_access_key_id: Chef::Config[:knife][:aws_access_key_id],
|
35
|
+
aws_secret_access_key: Chef::Config[:knife][:aws_secret_access_key]
|
36
|
+
)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
data/lib/knife-ec2/version.rb
CHANGED
@@ -70,6 +70,15 @@ describe Chef::Knife::Ec2ServerCreate do
|
|
70
70
|
@ec2_server_attribs.each_pair do |attrib, value|
|
71
71
|
@new_ec2_server.stub(attrib).and_return(value)
|
72
72
|
end
|
73
|
+
|
74
|
+
@s3_connection = double(Fog::Storage::AWS)
|
75
|
+
|
76
|
+
@bootstrap = Chef::Knife::Bootstrap.new
|
77
|
+
Chef::Knife::Bootstrap.stub(:new).and_return(@bootstrap)
|
78
|
+
|
79
|
+
@validation_key_url = 's3://bucket/foo/bar'
|
80
|
+
@validation_key_file = '/tmp/a_good_temp_file'
|
81
|
+
@validation_key_body = "TEST VALIDATION KEY\n"
|
73
82
|
end
|
74
83
|
|
75
84
|
describe "run" do
|
@@ -84,9 +93,6 @@ describe Chef::Knife::Ec2ServerCreate do
|
|
84
93
|
@knife_ec2_create.stub(:puts)
|
85
94
|
@knife_ec2_create.stub(:print)
|
86
95
|
@knife_ec2_create.config[:image] = '12345'
|
87
|
-
|
88
|
-
@bootstrap = Chef::Knife::Bootstrap.new
|
89
|
-
Chef::Knife::Bootstrap.stub(:new).and_return(@bootstrap)
|
90
96
|
@bootstrap.should_receive(:run)
|
91
97
|
end
|
92
98
|
|
@@ -177,6 +183,19 @@ describe Chef::Knife::Ec2ServerCreate do
|
|
177
183
|
@knife_ec2_create.ui.should_receive(:warn).with(/retrying/)
|
178
184
|
@knife_ec2_create.run
|
179
185
|
end
|
186
|
+
|
187
|
+
it 'actually writes to the validation key tempfile' do
|
188
|
+
@new_ec2_server.should_receive(:wait_for).and_return(true)
|
189
|
+
Chef::Config[:knife][:validation_key_url] =
|
190
|
+
@validation_key_url
|
191
|
+
@knife_ec2_create.config[:validation_key_url] =
|
192
|
+
@validation_key_url
|
193
|
+
|
194
|
+
@knife_ec2_create.stub_chain(:validation_key_tmpfile, :path).and_return(@validation_key_file)
|
195
|
+
Chef::Knife::S3Source.stub(:fetch).with(@validation_key_url).and_return(@validation_key_body)
|
196
|
+
File.should_receive(:open).with(@validation_key_file, 'w')
|
197
|
+
@knife_ec2_create.run
|
198
|
+
end
|
180
199
|
end
|
181
200
|
|
182
201
|
describe "run for EC2 Windows instance" do
|
@@ -340,6 +359,19 @@ describe Chef::Knife::Ec2ServerCreate do
|
|
340
359
|
expect(bootstrap.config[:secret_file]).to eql("cli-provided-secret-file")
|
341
360
|
end
|
342
361
|
end
|
362
|
+
|
363
|
+
context 'S3-based secret' do
|
364
|
+
before(:each) do
|
365
|
+
Chef::Config[:knife][:s3_secret] =
|
366
|
+
's3://test.bucket/folder/encrypted_data_bag_secret'
|
367
|
+
@secret_content = "TEST DATA BAG SECRET\n"
|
368
|
+
@knife_ec2_create.stub(:s3_secret).and_return(@secret_content)
|
369
|
+
end
|
370
|
+
|
371
|
+
it 'sets the secret to the expected test string' do
|
372
|
+
expect(bootstrap.config[:secret]).to eql(@secret_content)
|
373
|
+
end
|
374
|
+
end
|
343
375
|
end
|
344
376
|
|
345
377
|
describe "when configuring the bootstrap process" do
|
@@ -533,6 +565,35 @@ describe Chef::Knife::Ec2ServerCreate do
|
|
533
565
|
Chef::Config[:knife][:aws_access_key_id].should == @access_key_id
|
534
566
|
Chef::Config[:knife][:aws_secret_access_key].should == @secret_key
|
535
567
|
end
|
568
|
+
it "reads UNIX Line endings for new format" do
|
569
|
+
File.stub(:read).
|
570
|
+
and_return("aws_access_key_id=#{@access_key_id}\naws_secret_access_key=#{@secret_key}")
|
571
|
+
@knife_ec2_create.validate!
|
572
|
+
Chef::Config[:knife][:aws_access_key_id].should == @access_key_id
|
573
|
+
Chef::Config[:knife][:aws_secret_access_key].should == @secret_key
|
574
|
+
end
|
575
|
+
|
576
|
+
it "reads DOS Line endings for new format" do
|
577
|
+
File.stub(:read).
|
578
|
+
and_return("aws_access_key_id=#{@access_key_id}\r\naws_secret_access_key=#{@secret_key}")
|
579
|
+
@knife_ec2_create.validate!
|
580
|
+
Chef::Config[:knife][:aws_access_key_id].should == @access_key_id
|
581
|
+
Chef::Config[:knife][:aws_secret_access_key].should == @secret_key
|
582
|
+
end
|
583
|
+
end
|
584
|
+
|
585
|
+
it 'understands that file:// validation key URIs are just paths' do
|
586
|
+
Chef::Config[:knife][:validation_key_url] = 'file:///foo/bar'
|
587
|
+
@knife_ec2_create.validation_key_path.should eq('/foo/bar')
|
588
|
+
end
|
589
|
+
|
590
|
+
it 'returns a path to a tmp file when presented with a URI for the ' \
|
591
|
+
'validation key' do
|
592
|
+
Chef::Config[:knife][:validation_key_url] = @validation_key_url
|
593
|
+
|
594
|
+
@knife_ec2_create.stub_chain(:validation_key_tmpfile, :path).and_return(@validation_key_file)
|
595
|
+
|
596
|
+
@knife_ec2_create.validation_key_path.should eq(@validation_key_file)
|
536
597
|
end
|
537
598
|
|
538
599
|
it "disallows security group names when using a VPC" do
|
@@ -592,6 +653,21 @@ describe Chef::Knife::Ec2ServerCreate do
|
|
592
653
|
end
|
593
654
|
end
|
594
655
|
|
656
|
+
describe "when creating the connection" do
|
657
|
+
describe "when use_iam_profile is true" do
|
658
|
+
before do
|
659
|
+
Chef::Config[:knife].delete(:aws_access_key_id)
|
660
|
+
Chef::Config[:knife].delete(:aws_secret_access_key)
|
661
|
+
end
|
662
|
+
|
663
|
+
it "creates a connection without access keys" do
|
664
|
+
@knife_ec2_create.config[:use_iam_profile] = true
|
665
|
+
Fog::Compute::AWS.should_receive(:new).with(hash_including(:use_iam_profile => true)).and_return(@ec2_connection)
|
666
|
+
@knife_ec2_create.connection
|
667
|
+
end
|
668
|
+
end
|
669
|
+
end
|
670
|
+
|
595
671
|
describe "when creating the server definition" do
|
596
672
|
before do
|
597
673
|
Fog::Compute::AWS.stub(:new).and_return(@ec2_connection)
|
@@ -673,6 +749,12 @@ describe Chef::Knife::Ec2ServerCreate do
|
|
673
749
|
|
674
750
|
server_def[:iam_instance_profile_name].should == nil
|
675
751
|
end
|
752
|
+
|
753
|
+
it "doesn't use IAM profile by default" do
|
754
|
+
server_def = @knife_ec2_create.create_server_def
|
755
|
+
|
756
|
+
server_def[:use_iam_profile].should == nil
|
757
|
+
end
|
676
758
|
|
677
759
|
it 'Set Tenancy Dedicated when both VPC mode and Flag is True' do
|
678
760
|
@knife_ec2_create.config[:dedicated_instance] = true
|
@@ -0,0 +1,53 @@
|
|
1
|
+
require File.expand_path('../../spec_helper', __FILE__)
|
2
|
+
require 'fog'
|
3
|
+
|
4
|
+
describe Chef::Knife::S3Source do
|
5
|
+
before(:each) do
|
6
|
+
@bucket_name = 'my.bucket'
|
7
|
+
@test_file_path = 'path/to/file.pem'
|
8
|
+
@test_file_content = "TEST CONTENT\n"
|
9
|
+
|
10
|
+
Fog.mock!
|
11
|
+
|
12
|
+
{
|
13
|
+
aws_access_key_id: 'aws_access_key_id',
|
14
|
+
aws_secret_access_key: 'aws_secret_access_key'
|
15
|
+
}.each do |key, value|
|
16
|
+
Chef::Config[:knife][key] = value
|
17
|
+
end
|
18
|
+
|
19
|
+
fog = Fog::Storage::AWS.new(
|
20
|
+
aws_access_key_id: 'aws_access_key_id',
|
21
|
+
aws_secret_access_key: 'aws_secret_access_key'
|
22
|
+
)
|
23
|
+
test_dir_obj = fog.directories.create('key' => @bucket_name)
|
24
|
+
test_file_obj = test_dir_obj.files.create('key' => @test_file_path)
|
25
|
+
test_file_obj.body = @test_file_content
|
26
|
+
test_file_obj.save
|
27
|
+
|
28
|
+
@s3_connection = double(Fog::Storage::AWS)
|
29
|
+
@s3_source = Chef::Knife::S3Source.new
|
30
|
+
|
31
|
+
@s3_source.url = "s3://#{@bucket_name}/#{@test_file_path}"
|
32
|
+
end
|
33
|
+
|
34
|
+
it 'converts URI to path with leading / removed' do
|
35
|
+
@s3_source.instance_eval { path }
|
36
|
+
@s3_source.instance_eval { path }.should eq(@test_file_path)
|
37
|
+
end
|
38
|
+
|
39
|
+
it 'correctly retrieves the bucket name from the URI' do
|
40
|
+
@s3_source.instance_eval { bucket }
|
41
|
+
@s3_source.instance_eval { bucket }.should eq(@bucket_name)
|
42
|
+
end
|
43
|
+
|
44
|
+
it 'gets back the correct bucket contents' do
|
45
|
+
@s3_source.body.should eq(@test_file_content)
|
46
|
+
end
|
47
|
+
|
48
|
+
it 'gets back a bucket object with bucket_obj' do
|
49
|
+
@s3_source.instance_eval { bucket_obj }
|
50
|
+
@s3_source.instance_eval { bucket_obj }.should
|
51
|
+
be_kind_of(Fog::Storage::AWS::Directory)
|
52
|
+
end
|
53
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: knife-ec2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.10.0.rc.
|
4
|
+
version: 0.10.0.rc.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam Jacob
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2014-
|
12
|
+
date: 2014-10-08 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: fog
|
@@ -29,16 +29,16 @@ dependencies:
|
|
29
29
|
name: knife-windows
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
31
31
|
requirements:
|
32
|
-
- - '
|
32
|
+
- - ! '>='
|
33
33
|
- !ruby/object:Gem::Version
|
34
|
-
version: 0.8.0
|
34
|
+
version: 0.8.0
|
35
35
|
type: :runtime
|
36
36
|
prerelease: false
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
38
38
|
requirements:
|
39
|
-
- - '
|
39
|
+
- - ! '>='
|
40
40
|
- !ruby/object:Gem::Version
|
41
|
-
version: 0.8.0
|
41
|
+
version: 0.8.0
|
42
42
|
- !ruby/object:Gem::Dependency
|
43
43
|
name: mixlib-config
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
@@ -59,14 +59,14 @@ dependencies:
|
|
59
59
|
requirements:
|
60
60
|
- - ! '>='
|
61
61
|
- !ruby/object:Gem::Version
|
62
|
-
version:
|
62
|
+
version: 11.16.2
|
63
63
|
type: :development
|
64
64
|
prerelease: false
|
65
65
|
version_requirements: !ruby/object:Gem::Requirement
|
66
66
|
requirements:
|
67
67
|
- - ! '>='
|
68
68
|
- !ruby/object:Gem::Version
|
69
|
-
version:
|
69
|
+
version: 11.16.2
|
70
70
|
- !ruby/object:Gem::Dependency
|
71
71
|
name: rspec
|
72
72
|
requirement: !ruby/object:Gem::Requirement
|
@@ -135,10 +135,12 @@ files:
|
|
135
135
|
- lib/chef/knife/ec2_server_create.rb
|
136
136
|
- lib/chef/knife/ec2_server_delete.rb
|
137
137
|
- lib/chef/knife/ec2_server_list.rb
|
138
|
+
- lib/chef/knife/s3_source.rb
|
138
139
|
- lib/knife-ec2/version.rb
|
139
140
|
- spec/spec_helper.rb
|
140
141
|
- spec/unit/ec2_server_create_spec.rb
|
141
142
|
- spec/unit/ec2_server_delete_spec.rb
|
143
|
+
- spec/unit/s3_source_spec.rb
|
142
144
|
homepage: https://github.com/opscode/knife-ec2
|
143
145
|
licenses:
|
144
146
|
- Apache-2.0
|
@@ -167,4 +169,5 @@ test_files:
|
|
167
169
|
- spec/spec_helper.rb
|
168
170
|
- spec/unit/ec2_server_create_spec.rb
|
169
171
|
- spec/unit/ec2_server_delete_spec.rb
|
172
|
+
- spec/unit/s3_source_spec.rb
|
170
173
|
has_rdoc:
|