knife-ec2 0.18.2 → 0.19.10

data/RELEASE_NOTES.md

@@ -7,6 +7,16 @@ Example Note:
 Details about the thing that changed that needs to get included in the Release Notes in markdown.
 -->
 
+# knife-ec2 0.19.X release notes:
+
+Support for Ruby 2.2 and Chef 12.X has been removed as both are now end of life. This gem now requires Ruby 2.3 (Chef 13) or later, which ships in all supported releases of Chef-DK.
+
+The long ago deprecated `--distro` and `--template_file` flags for `knife ec2 server create` have been removed. These were no longer used by knife bootstrap so this should have zero impact on knife-ec2 users.
+
+The fog-aws gem dependency has been loosened to allow fog-aws 1.0-3.X instead of just 1.X. This adds new instance types to `knife ec2 flavor list` and adds support for additional regions and availability zones previously not supported.
+
+The credentials section fo the readme has been updated to recommend users use Amazon's credentials and configuration files instead of passing keys on the CLI or adding them to the knife.rb file. This is Amazon's recommended method of storing credentials and support for storing credentials in knife.rb may be removed in a future release in order to remove 3rd party credentials from Chef configuration files.
+
 # knife-ec2 0.18.0 release notes:
 In this release we have added separate features for tagging EC2 instances in AWS and Chef. Option `--aws-tag` is used for tagging the node in AWS and option `--chef-tag` is used for tagging the node in Chef. Subsequently the `--tag-node-in-chef` and `--tags` are now deprecated.
 

data/Rakefile

@@ -2,7 +2,7 @@
 # Author:: Adam Jacob (<adam@chef.io>)
 # Author:: Daniel DeLeo (<dan@chef.io>)
 # Author:: Seth Chisamore (<schisamo@chef.io>)
-# Copyright:: Copyright (c) 2008-2015 Chef Software, Inc.
+# Copyright:: Copyright (c) 2008-2018 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,39 +18,38 @@
 # limitations under the License.
 #
 
-require 'bundler'
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+task default: [:style, :spec]
+
 Bundler::GemHelper.install_tasks
 
-# require 'rubygems'
-# require 'rake/gempackagetask'
-require 'rdoc/task'
+desc "Run specs"
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = "spec/**/*_spec.rb"
+end
 
 begin
-  require 'sdoc'
-  require 'rdoc/task'
-
-  RDoc::Task.new do |rdoc|
-    rdoc.title = 'Chef Ruby API Documentation'
-    rdoc.main = 'README.rdoc'
-    rdoc.options << '--fmt' << 'shtml' # explictly set shtml generator
-    rdoc.template = 'direct' # lighter template
-    rdoc.rdoc_files.include('README.rdoc', 'LICENSE', 'spec/tiny_server.rb', 'lib/**/*.rb')
-    rdoc.rdoc_dir = 'rdoc'
+  require "chefstyle"
+  require "rubocop/rake_task"
+  RuboCop::RakeTask.new(:style) do |task|
+    task.options += ["--display-cop-names", "--no-color"]
   end
 rescue LoadError
-  puts 'sdoc is not available. (sudo) gem install sdoc to generate rdoc documentation.'
+  puts "chefstyle/rubocop is not available. bundle install first to make sure all dependencies are installed."
 end
 
 begin
-  require 'rspec/core/rake_task'
-
-  task :default => :spec
-
-  desc 'Run all specs in spec directory'
-  RSpec::Core::RakeTask.new(:spec) do |t|
-    t.pattern = 'spec/unit/**/*_spec.rb'
-  end
-
+  require "yard"
+  YARD::Rake::YardocTask.new(:docs)
 rescue LoadError
-  STDERR.puts "\n*** RSpec not available. (sudo) gem install rspec to run unit tests. ***\n\n"
+  puts "yard is not available. bundle install first to make sure all dependencies are installed."
+end
+
+task :console do
+  require "irb"
+  require "irb/completion"
+  ARGV.clear
+  IRB.start
 end

data/VERSION

@@ -1 +1 @@
-0.18.2
+0.19.10

data/knife-ec2.gemspec

@@ -1,30 +1,23 @@
 # -*- encoding: utf-8 -*-
-$LOAD_PATH.push File.expand_path('../lib', __FILE__)
-require 'knife-ec2/version'
+$LOAD_PATH.push File.expand_path("../lib", __FILE__)
+require "knife-ec2/version"
 
 Gem::Specification.new do |s|
-  s.name         = 'knife-ec2'
+  s.name         = "knife-ec2"
   s.version      = Knife::Ec2::VERSION
-  s.authors      = ['Adam Jacob', 'Seth Chisamore']
-  s.email        = ['adam@chef.io', 'schisamo@chef.io']
-  s.homepage     = 'https://github.com/chef/knife-ec2'
-  s.summary      = "EC2 Support for Chef's Knife Command"
+  s.authors      = ["Adam Jacob", "Seth Chisamore"]
+  s.email        = ["adam@chef.io", "schisamo@chef.io"]
+  s.homepage     = "https://github.com/chef/knife-ec2"
+  s.summary      = "Amazon EC2 Support for Chef's Knife Command"
   s.description  = s.summary
-  s.license      = 'Apache-2.0'
+  s.license      = "Apache-2.0"
 
   s.files        = `git ls-files`.split("\n")
-  s.test_files   = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.executables  = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
-  s.required_ruby_version = ">= 2.2.2"
+  s.test_files   = `git ls-files spec/*`.split("\n")
+  s.required_ruby_version = ">= 2.3"
 
-  s.add_dependency 'fog-aws',       '~> 1.0'
-  s.add_dependency 'mime-types'
-  s.add_dependency 'knife-windows', '~> 1.0'
+  s.add_dependency "fog-aws", ">= 1", "< 4"
+  s.add_dependency "knife-windows", "~> 1.0"
 
-  s.add_development_dependency 'chef',  '>= 12.2.1'
-  s.add_development_dependency 'rspec', '~> 3.0'
-  s.add_development_dependency 'rake'
-  s.add_development_dependency 'sdoc',  '~> 0.3'
-
-  s.require_paths = ['lib']
+  s.require_paths = ["lib"]
 end

data/lib/chef/knife/ec2_ami_list.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Piyush Awasthi (<piyush.awasthi@msystechnologies.com>)
-# Copyright:: Copyright (c) 2017 Chef Software, Inc.
+# Copyright:: Copyright (c) 2017-2018 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,48 +15,45 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-
 require "chef/knife/ec2_base"
 
 class Chef
   class Knife
+    # == Overview
+    #
+    # This file provides the facility to display AMI list.
+    #
+    # == Owner
+    # By default owner is aws-marketplace but you can specify following owner with the help of -o or --owner
+    #   * self => Displays the list of AMIs created by the user
+    #   * aws-marketplace => Displays all AMIs form trusted vendors like Ubuntu, Microsoft, SAP, Zend as well as many open source offering
+    #   * micosoft => Displays only Microsoft vendor AMIs
+    #
+    # == Platform
+    # By default all platform AMI's will display but you can filter your response
+    # by specify the platform using -p or --platform
+    #  * Valid Platform => ubuntu, debian, centos, fedora, rhel, nginx, turnkey, jumpbox, coreos, cisco
+    #
+    # {Amazon API Reference}[http://docs.amazonwebservices.com/AWSEC2/latest/APIReference/ApiReference-query-DescribeImages.html]
     class Ec2AmiList < Knife
-
-      # == Overview
-      #
-      # This file provides the facility to display AMI list.
-      #
-      # == Owner
-      # By default owner is aws-marketplace but you can specify following owner with the help of -o or --owner
-      #   * self => Displays the list of AMIs created by the user
-      #   * aws-marketplace => Displays all AMIs form trusted vendors like Ubuntu, Microsoft, SAP, Zend as well as many open source offering
-      #   * micosoft => Displays only Microsoft vendor AMIs
-      # 
-      # == Platform
-      # By default all platform AMI's will display but you can filter your response
-      # by specify the platform using -p or --platform
-      #  * Valid Platform => ubuntu, debian, centos, fedora, rhel, nginx, turnkey, jumpbox, coreos, cisco
-      #
-      # {Amazon API Reference}[http://docs.amazonwebservices.com/AWSEC2/latest/APIReference/ApiReference-query-DescribeImages.html]
-
       include Knife::Ec2Base
 
       banner "knife ec2 ami list (options)"
 
       option :platform,
-        :short => "-p PLATFORM",
-        :long => "--platform PLATFORM",
-        :description => "Platform of the server. Allowed values are windows, ubuntu, debian, centos, fedora, rhel, nginx, turnkey, jumpbox, coreos, cisco, amazon, nessus"
+        short: "-p PLATFORM",
+        long: "--platform PLATFORM",
+        description: "Platform of the server. Allowed values are windows, ubuntu, debian, centos, fedora, rhel, nginx, turnkey, jumpbox, coreos, cisco, amazon, nessus"
 
       option :owner,
-        :short => "-o OWNER",
-        :long => "--owner OWNER",
-        :description => "The server owner (self, aws-marketplace, microsoft). Default is aws-marketplace"
+        short: "-o OWNER",
+        long: "--owner OWNER",
+        description: "The AMI owner (self, aws-marketplace, microsoft). Default is aws-marketplace"
 
       option :search,
-        :short => "-s SEARCH",
-        :long => "--search SEARCH",
-        :description => "Filter AMIs list as per search keywords."
+        short: "-s SEARCH",
+        long: "--search SEARCH",
+        description: "Filter AMIs list as per search keywords."
 
       def run
         $stdout.sync = true
@@ -76,7 +73,7 @@ class Chef
         output_column_count = server_list.length
         begin
           owner = locate_config_value(:owner) || "aws-marketplace"
-          servers = connection.describe_images({"Owner"=>"#{owner}"}) # aws-marketplace, microsoft
+          servers = connection.describe_images({ "Owner" => "#{owner}" }) # aws-marketplace, microsoft
         rescue Exception => api_error
           raise api_error
         end
@@ -84,9 +81,9 @@ class Chef
         servers.body["imagesSet"].each do |server|
           server["platform"] = find_server_platform(server["name"]) unless server["platform"]
 
-          if (locate_config_value(:platform) && locate_config_value(:search))
+          if locate_config_value(:platform) && locate_config_value(:search)
             locate_config_value(:search).downcase!
-            if (server["description"] && server["platform"] == locate_config_value(:platform) && server["description"].downcase.include?(locate_config_value(:search)))
+            if server["description"] && server["platform"] == locate_config_value(:platform) && server["description"].downcase.include?(locate_config_value(:search))
               server_list += get_server_list(server)
             end
           elsif locate_config_value(:platform)
@@ -95,7 +92,7 @@ class Chef
             end
           elsif locate_config_value(:search)
             locate_config_value(:search).downcase!
-            if (server["description"] && server["description"].downcase.include?(locate_config_value(:search)))
+            if server["description"] && server["description"].downcase.include?(locate_config_value(:search))
               server_list += get_server_list(server)
             end
           else
@@ -105,7 +102,7 @@ class Chef
         puts ui.list(server_list, :uneven_columns_across, output_column_count)
       end
 
-    private
+      private
 
       def get_server_list(server)
         server_list = []

data/lib/chef/knife/ec2_base.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Seth Chisamore (<schisamo@chef.io>)
-# Copyright:: Copyright (c) 2011-2015 Chef Software, Inc.
+# Copyright:: Copyright (c) 2011-2018 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -16,75 +16,74 @@
 # limitations under the License.
 #
 
-require 'chef/knife'
+require "chef/knife"
 
 class Chef
   class Knife
     module Ec2Base
 
-      # :nodoc:
-      # Would prefer to do this in a rational way, but can't be done b/c of
-      # Mixlib::CLI's design :(
+      # @todo Would prefer to do this in a rational way, but can't be done b/c of Mixlib::CLI's design :(
       def self.included(includer)
         includer.class_eval do
 
           deps do
-            require 'fog/aws'
-            require 'readline'
-            require 'chef/json_compat'
+            require "fog/aws"
+            require "chef/json_compat"
+            require "chef/util/path_helper"
           end
 
           option :aws_credential_file,
-            :long => "--aws-credential-file FILE",
-            :description => "File containing AWS credentials as used by AWS command line tools",
-            :proc => Proc.new { |key| Chef::Config[:knife][:aws_credential_file] = key }
+            long: "--aws-credential-file FILE",
+            description: "File containing AWS credentials as used by the AWS Command Line Interface.",
+            proc: Proc.new { |key| Chef::Config[:knife][:aws_credential_file] = key }
 
           option :aws_config_file,
-            :long => "--aws-config-file FILE",
-            :description => "File containing AWS configurations as used by aws cmdline tools",
-            :proc => Proc.new {|key| Chef::Config[:knife][:aws_config_file] = key}
+            long: "--aws-config-file FILE",
+            description: "File containing AWS configurations as used by the AWS Command Line Interface.",
+            proc: Proc.new { |key| Chef::Config[:knife][:aws_config_file] = key }
 
           option :aws_profile,
-            :long => "--aws-profile PROFILE",
-            :description => "AWS profile, from AWS credential file and AWS config file, to use",
-            :default => 'default',
-            :proc => Proc.new { |key| Chef::Config[:knife][:aws_profile] = key }
+            long: "--aws-profile PROFILE",
+            description: "AWS profile, from AWS credential file and AWS config file, to use",
+            default: "default",
+            proc: Proc.new { |key| Chef::Config[:knife][:aws_profile] = key }
 
           option :aws_access_key_id,
-            :short => "-A ID",
-            :long => "--aws-access-key-id KEY",
-            :description => "Your AWS Access Key ID",
-            :proc => Proc.new { |key| Chef::Config[:knife][:aws_access_key_id] = key }
+            short: "-A ID",
+            long: "--aws-access-key-id KEY",
+            description: "Your AWS Access Key ID",
+            proc: Proc.new { |key| Chef::Config[:knife][:aws_access_key_id] = key }
 
           option :aws_secret_access_key,
-            :short => "-K SECRET",
-            :long => "--aws-secret-access-key SECRET",
-            :description => "Your AWS API Secret Access Key",
-            :proc => Proc.new { |key| Chef::Config[:knife][:aws_secret_access_key] = key }
+            short: "-K SECRET",
+            long: "--aws-secret-access-key SECRET",
+            description: "Your AWS API Secret Access Key",
+            proc: Proc.new { |key| Chef::Config[:knife][:aws_secret_access_key] = key }
 
           option :aws_session_token,
-            :long => "--aws-session-token TOKEN",
-            :description => "Your AWS Session Token, for use with AWS STS Federation or Session Tokens",
-            :proc => Proc.new { |key| Chef::Config[:knife][:aws_session_token] = key }
+            long: "--aws-session-token TOKEN",
+            description: "Your AWS Session Token, for use with AWS STS Federation or Session Tokens",
+            proc: Proc.new { |key| Chef::Config[:knife][:aws_session_token] = key }
 
           option :region,
-            :long => "--region REGION",
-            :description => "Your AWS region",
-            :proc => Proc.new { |key| Chef::Config[:knife][:region] = key }
+            long: "--region REGION",
+            description: "Your AWS region",
+            proc: Proc.new { |key| Chef::Config[:knife][:region] = key }
 
           option :use_iam_profile,
-            :long => "--use-iam-profile",
-            :description => "Use IAM profile assigned to current machine",
-            :boolean => true,
-            :default => false,
-            :proc => Proc.new { |key| Chef::Config[:knife][:use_iam_profile] = key }
+            long: "--use-iam-profile",
+            description: "Use IAM profile assigned to current machine",
+            boolean: true,
+            default: false,
+            proc: Proc.new { |key| Chef::Config[:knife][:use_iam_profile] = key }
         end
       end
 
+      # @return [Fog::Compute]
       def connection
         connection_settings = {
-          :provider => 'AWS',
-          :region => locate_config_value(:region)
+          provider: "AWS",
+          region: locate_config_value(:region),
         }
 
         if locate_config_value(:use_iam_profile)
@@ -99,81 +98,54 @@ class Chef
         end
       end
 
+      # @return [String]
       def locate_config_value(key)
         key = key.to_sym
         config[key] || Chef::Config[:knife][key]
       end
 
-      def msg_pair(label, value, color=:cyan)
+      def msg_pair(label, value, color = :cyan)
         if value && !value.to_s.empty?
           ui.info("#{ui.color(label, color)}: #{value}")
         end
       end
 
+      # @return [Boolean]
       def is_image_windows?
         image_info = connection.images.get(@server.image_id)
-        return image_info.platform == 'windows'
+        image_info.platform == "windows"
       end
 
-      def validate!(keys=[:aws_access_key_id, :aws_secret_access_key])
-        errors = []
-
-        if locate_config_value(:aws_config_file)
-          aws_config = ini_parse(File.read(locate_config_value(:aws_config_file)))
-          profile = if locate_config_value(:aws_profile) == 'default'
-                      'default'
-                    else
-                      "profile #{locate_config_value(:aws_profile)}"
-                    end
-
-          unless aws_config.values.empty?
-            if aws_config[profile]
-               Chef::Config[:knife][:region] = aws_config[profile]['region']
-            else
-              raise ArgumentError, "The provided --aws-profile '#{profile}' is invalid."
-            end
-          end
-        end
+      # validate the config options that were passed since some of them cannot be used together
+      # also validate the aws configuration file contents if present
+      def validate!(keys = [:aws_access_key_id, :aws_secret_access_key])
+        errors = [] # track all errors so we report on all of them
+
+        validate_aws_config_file! if locate_config_value(:aws_config_file)
+
+        unless locate_config_value(:use_iam_profile) # skip config file / key validation if we're using iam profile
+          # validate the creds file if:
+          #   aws keys have not been passed in config / CLI and the default cred file location does exist
+          #   OR
+          #   the user passed aws_credential_file
+          if (Chef::Config[:knife].keys & [:aws_access_key_id, :aws_secret_access_key]).empty? && aws_cred_file_location ||
+              locate_config_value(:aws_credential_file)
 
-        unless locate_config_value(:use_iam_profile)
-          if locate_config_value(:aws_credential_file)
             unless (Chef::Config[:knife].keys & [:aws_access_key_id, :aws_secret_access_key]).empty?
               errors << "Either provide a credentials file or the access key and secret keys but not both."
             end
-            # File format:
-            # AWSAccessKeyId=somethingsomethingdarkside
-            # AWSSecretKey=somethingsomethingcomplete
-            #               OR
-            # [default]
-            # aws_access_key_id = somethingsomethingdarkside
-            # aws_secret_access_key = somethingsomethingdarkside
-
-            aws_creds = ini_parse(File.read(locate_config_value(:aws_credential_file)))
-            profile = locate_config_value(:aws_profile)
-
-            entries = if aws_creds.values.first.has_key?("AWSAccessKeyId")
-                        aws_creds.values.first
-                      else
-                        aws_creds[profile]
-                      end
-
-            if entries
-              Chef::Config[:knife][:aws_access_key_id] = entries['AWSAccessKeyId'] || entries['aws_access_key_id']
-              Chef::Config[:knife][:aws_secret_access_key] = entries['AWSSecretKey'] || entries['aws_secret_access_key']
-              Chef::Config[:knife][:aws_session_token] = entries['AWSSessionToken'] || entries['aws_session_token']
-            else
-              raise ArgumentError, "The provided --aws-profile '#{profile}' is invalid."
-            end
+
+            validate_aws_credential_file!
           end
 
           keys.each do |k|
-            pretty_key = k.to_s.gsub(/_/, ' ').gsub(/\w+/){ |w| (w =~ /(ssh)|(aws)/i) ? w.upcase  : w.capitalize }
+            pretty_key = k.to_s.tr("_", " ").gsub(/\w+/) { |w| (w =~ /(ssh)|(aws)/i) ? w.upcase : w.capitalize }
             if Chef::Config[:knife][k].nil?
               errors << "You did not provide a valid '#{pretty_key}' value."
             end
           end
 
-          if errors.each{|e| ui.error(e)}.any?
+          if errors.each { |e| ui.error(e) }.any?
             exit 1
           end
         end
@@ -193,12 +165,27 @@ class Chef
 
     end
 
+    # the path to the aws credentials file.
+    # if passed via cli config use that
+    # if default location exists on disk fallback to that
+    # @return [String, nil] location to aws credentials file or nil if none exists
+    def aws_cred_file_location
+      @cred_file ||= begin
+        if !locate_config_value(:aws_credential_file).nil?
+          locate_config_value(:aws_credential_file)
+        else
+          Chef::Util::PathHelper.home(".aws", "credentials") if ::File.exist?(Chef::Util::PathHelper.home(".aws", "credentials"))
+        end
+      end
+    end
+
+    # @return [String]
     def iam_name_from_profile(profile)
       # The IAM profile object only contains the name as part of the arn
-      if profile && profile.key?('arn')
-        name = profile['arn'].split('/')[-1]
+      if profile && profile.key?("arn")
+        name = profile["arn"].split("/")[-1]
       end
-      name ||= ''
+      name ||= ""
     end
 
     def ini_parse(file)
@@ -221,22 +208,78 @@ class Chef
     end
 
     # All valid platforms
+    # @return [Array]
     def valid_platforms
-      ["windows", "ubuntu", "debian", "centos", "fedora", "rhel", "nginx", "turnkey", "jumpbox", "coreos", "cisco", "amazon", "nessus"]
+      %w{windows ubuntu debian centos fedora rhel nginx turnkey jumpbox coreos cisco amazon nessus}
     end
 
     # Get the platform from server name
+    # @return [String]
     def find_server_platform(server_name)
       get_platform = valid_platforms.select { |name| server_name.downcase.include?(name) }
-      return get_platform.first
+      get_platform.first
     end
 
-
     # Custom Warning
     def custom_warnings!
       if !config[:region] && Chef::Config[:knife][:region].nil?
         ui.warn "No region was specified in knife.rb or as an argument. The default region, us-east-1, will be used:"
       end
     end
+
+    private
+
+    # validate the contents of the aws configuration file
+    # @return [void]
+    def validate_aws_config_file!
+      config_file = locate_config_value(:aws_config_file)
+      raise ArgumentError, "The provided --aws_config_file (#{config_file}) cannot be found on disk." unless File.exist?(config_file)
+
+      aws_config = ini_parse(File.read(config_file))
+      profile = if locate_config_value(:aws_profile) == "default"
+                  "default"
+                else
+                  "profile #{locate_config_value(:aws_profile)}"
+                end
+
+      unless aws_config.values.empty?
+        if aws_config[profile]
+          Chef::Config[:knife][:region] = aws_config[profile]["region"]
+        else
+          raise ArgumentError, "The provided --aws-profile '#{profile}' is invalid."
+        end
+      end
+    end
+
+    # validate the contents of the aws credentials file
+    # @return [void]
+    def validate_aws_credential_file!
+      raise ArgumentError, "The provided --aws_credential_file (#{aws_cred_file_location}) cannot be found on disk." unless File.exist?(aws_cred_file_location)
+
+      # File format:
+      # AWSAccessKeyId=somethingsomethingdarkside
+      # AWSSecretKey=somethingsomethingcomplete
+      #               OR
+      # [default]
+      # aws_access_key_id = somethingsomethingdarkside
+      # aws_secret_access_key = somethingsomethingdarkside
+
+      aws_creds = ini_parse(File.read(aws_cred_file_location))
+      profile = locate_config_value(:aws_profile)
+
+      entries = if aws_creds.values.first.key?("AWSAccessKeyId")
+                  aws_creds.values.first
+                else
+                  aws_creds[profile]
+                end
+
+      if entries
+        Chef::Config[:knife][:aws_access_key_id] = entries["AWSAccessKeyId"] || entries["aws_access_key_id"]
+        Chef::Config[:knife][:aws_secret_access_key] = entries["AWSSecretKey"] || entries["aws_secret_access_key"]
+        Chef::Config[:knife][:aws_session_token] = entries["AWSSessionToken"] || entries["aws_session_token"]
+      else
+        raise ArgumentError, "The provided --aws-profile '#{profile}' is invalid."
+      end
+    end
   end
 end