knife-ec2 0.19.15 → 0.19.16

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/knife-ec2/version.rb +1 -1
  3. metadata +3 -19
  4. data/spec/spec_helper.rb +0 -19
  5. data/spec/unit/ec2_ami_list_spec.rb +0 -357
  6. data/spec/unit/ec2_flavor_list_spec.rb +0 -84
  7. data/spec/unit/ec2_server_create_spec.rb +0 -2729
  8. data/spec/unit/ec2_server_delete_spec.rb +0 -140
  9. data/spec/unit/ec2_server_list_spec.rb +0 -131
  10. data/spec/unit/s3_source_deps_spec.rb +0 -24
  11. data/spec/unit/s3_source_spec.rb +0 -75
data/spec/unit/ec2_server_create_spec.rb DELETED
@@ -1,2729 +0,0 @@
1
- #
2
- # Author:: Thomas Bishop (<bishop.thomas@gmail.com>)
3
- # Copyright:: Copyright (c) 2010 Thomas Bishop
4
- # License:: Apache License, Version 2.0
5
- #
6
- # Licensed under the Apache License, Version 2.0 (the "License");
7
- # you may not use this file except in compliance with the License.
8
- # You may obtain a copy of the License at
9
- #
10
- # http://www.apache.org/licenses/LICENSE-2.0
11
- #
12
- # Unless required by applicable law or agreed to in writing, software
13
- # distributed under the License is distributed on an "AS IS" BASIS,
14
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
- # See the License for the specific language governing permissions and
16
- # limitations under the License.
17
- #
18
-
19
- require File.expand_path("../../spec_helper", __FILE__)
20
- require "net/ssh/proxy/http"
21
- require "net/ssh/proxy/command"
22
- require "net/ssh/gateway"
23
- require "fog/aws"
24
- require "chef/knife/bootstrap"
25
- require "chef/knife/bootstrap_windows_winrm"
26
- require "chef/knife/bootstrap_windows_ssh"
27
- require "chef/util/path_helper"
28
-
29
- describe Chef::Knife::Ec2ServerCreate do
30
- let(:knife_ec2_create) { Chef::Knife::Ec2ServerCreate.new }
31
- let(:ec2_connection) { double(Fog::Compute::AWS) }
32
- let(:ec2_servers) { double() }
33
-
34
- let(:new_ec2_server) { double }
35
- let(:spot_requests) { double }
36
- let(:new_spot_request) { double }
37
-
38
- let(:ec2_server_attribs) do
39
- { id: "i-39382318",
40
- flavor_id: "m1.small",
41
- image_id: "ami-47241231",
42
- placement_group: "some_placement_group",
43
- availability_zone: "us-west-1",
44
- key_name: "my_ssh_key",
45
- groups: %w{group1 group2},
46
- security_group_ids: ["sg-00aa11bb"],
47
- dns_name: "ec2-75.101.253.10.compute-1.amazonaws.com",
48
- public_ip_address: "75.101.253.10",
49
- private_dns_name: "ip-10-251-75-20.ec2.internal",
50
- private_ip_address: "10.251.75.20",
51
- root_device_type: "not_ebs",
52
- block_device_mapping: [{ "volumeId" => "456" }] } end
53
-
54
- let (:server) { double(id: "i-123" ) }
55
-
56
- let(:spot_request_attribs) do
57
- { id: "test_spot_request_id",
58
- price: 0.001,
59
- request_type: "persistent",
60
- created_at: "2015-07-14 09:53:11 UTC",
61
- instance_count: nil,
62
- instance_id: "test_spot_instance_id",
63
- state: "open",
64
- key_name: "ssh_key_name",
65
- availability_zone: nil,
66
- flavor_id: "m1.small",
67
- image_id: "image" } end
68
-
69
- let(:my_vpc) { "vpc-12345678" }
70
-
71
- before(:each) do
72
- knife_ec2_create.initial_sleep_delay = 0
73
- allow(knife_ec2_create).to receive(:tcp_test_ssh).and_return(true)
74
-
75
- {
76
- image: "image",
77
- ssh_key_name: "ssh_key_name",
78
- aws_access_key_id: "aws_access_key_id",
79
- aws_secret_access_key: "aws_secret_access_key",
80
- network_interfaces: ["eni-12345678",
81
- "eni-87654321"],
82
- }.each do |key, value|
83
- Chef::Config[:knife][key] = value
84
- end
85
-
86
- allow(ec2_connection).to receive(:tags).and_return double("create", create: true)
87
- allow(ec2_connection).to receive(:volume_tags).and_return double("create", create: true)
88
- allow(ec2_connection).to receive_message_chain(:images, :get).and_return double("ami", root_device_type: "not_ebs", platform: "linux")
89
- allow(ec2_connection).to receive(:addresses).and_return [double("addesses", {
90
- domain: "standard",
91
- public_ip: "111.111.111.111",
92
- server_id: nil,
93
- allocation_id: "" })]
94
-
95
- allow(ec2_connection).to receive(:subnets).and_return [@subnet_1, @subnet_2]
96
- allow(ec2_connection).to receive_message_chain(:network_interfaces, :all).and_return [
97
- double("network_interfaces", network_interface_id: "eni-12345678"),
98
- double("network_interfaces", network_interface_id: "eni-87654321")
99
- ]
100
-
101
- ec2_server_attribs.each_pair do |attrib, value|
102
- allow(new_ec2_server).to receive(attrib).and_return(value)
103
- end
104
-
105
- spot_request_attribs.each_pair do |attrib, value|
106
- allow(new_spot_request).to receive(attrib).and_return(value)
107
- end
108
-
109
- @bootstrap = Chef::Knife::Bootstrap.new
110
- allow(Chef::Knife::Bootstrap).to receive(:new).and_return(@bootstrap)
111
-
112
- @validation_key_url = "s3://bucket/foo/bar"
113
- @validation_key_file = "/tmp/a_good_temp_file"
114
- @validation_key_body = "TEST VALIDATION KEY\n"
115
- @vpc_id = "vpc-1a2b3c4d"
116
- @vpc_security_group_ids = ["sg-1a2b3c4d"]
117
- end
118
-
119
- describe "Spot Instance creation" do
120
- before do
121
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
122
- knife_ec2_create.config[:spot_price] = 0.001
123
- knife_ec2_create.config[:spot_request_type] = "persistent"
124
- allow(knife_ec2_create).to receive(:puts)
125
- allow(knife_ec2_create).to receive(:msg_pair)
126
- allow(knife_ec2_create.ui).to receive(:color).and_return("")
127
- allow(knife_ec2_create).to receive(:confirm)
128
- @spot_instance_server_def = {
129
- image_id: "image",
130
- groups: nil,
131
- flavor_id: nil,
132
- key_name: "ssh_key_name",
133
- availability_zone: nil,
134
- security_group_ids: nil,
135
- price: 0.001,
136
- request_type: "persistent",
137
- placement_group: nil,
138
- iam_instance_profile_name: nil,
139
- ebs_optimized: "false",
140
- instance_initiated_shutdown_behavior: nil,
141
- chef_tag: nil,
142
- }
143
- allow(@bootstrap).to receive(:run)
144
- end
145
-
146
- it "creates a new spot instance request with request type as persistent" do
147
- expect(ec2_connection).to receive(
148
- :spot_requests).and_return(spot_requests)
149
- expect(spot_requests).to receive(
150
- :create).with(@spot_instance_server_def).and_return(new_spot_request)
151
- knife_ec2_create.config[:yes] = true
152
- allow(new_spot_request).to receive(:wait_for).and_return(true)
153
- allow(ec2_connection).to receive(:servers).and_return(ec2_servers)
154
- allow(ec2_servers).to receive(
155
- :get).with(new_spot_request.instance_id).and_return(new_ec2_server)
156
- allow(new_ec2_server).to receive(:wait_for).and_return(true)
157
- knife_ec2_create.run
158
- expect(new_spot_request.request_type).to eq("persistent")
159
- end
160
-
161
- it "successfully creates a new spot instance" do
162
- allow(ec2_connection).to receive(
163
- :spot_requests).and_return(spot_requests)
164
- allow(spot_requests).to receive(
165
- :create).with(@spot_instance_server_def).and_return(new_spot_request)
166
- knife_ec2_create.config[:yes] = true
167
- expect(new_spot_request).to receive(:wait_for).and_return(true)
168
- expect(ec2_connection).to receive(:servers).and_return(ec2_servers)
169
- expect(ec2_servers).to receive(
170
- :get).with(new_spot_request.instance_id).and_return(new_ec2_server)
171
- expect(new_ec2_server).to receive(:wait_for).and_return(true)
172
- knife_ec2_create.run
173
- end
174
-
175
- it "does not create the spot instance request and creates a regular instance" do
176
- knife_ec2_create.config.delete(:spot_price)
177
- expect(ec2_connection).to receive(:servers).and_return(ec2_servers)
178
- expect(ec2_servers).to receive(
179
- :create).and_return(new_ec2_server)
180
- expect(new_ec2_server).to receive(:wait_for).and_return(true)
181
- knife_ec2_create.run
182
- end
183
-
184
- context "spot-wait-mode option" do
185
- context "when spot-price is not given" do
186
- context "spot-wait-mode option is not given" do
187
- before do
188
- knife_ec2_create.config.delete(:spot_price)
189
- end
190
-
191
- it "does not raise error" do
192
- expect(knife_ec2_create.ui).to_not receive(:error).with(
193
- "spot-wait-mode option requires that a spot-price option is set."
194
- )
195
- expect { knife_ec2_create.validate! }.to_not raise_error
196
- end
197
- end
198
-
199
- context "spot-wait-mode option is given" do
200
- before do
201
- knife_ec2_create.config.delete(:spot_price)
202
- knife_ec2_create.config[:spot_wait_mode] = "wait"
203
- end
204
-
205
- it "raises error" do
206
- expect(knife_ec2_create.ui).to receive(:error).with(
207
- "spot-wait-mode option requires that a spot-price option is set."
208
- )
209
- expect { knife_ec2_create.validate! }.to raise_error(SystemExit)
210
- end
211
- end
212
- end
213
-
214
- context "when spot-price is given" do
215
- context "spot-wait-mode option is not given" do
216
- before do
217
- knife_ec2_create.config[:spot_price] = 0.001
218
- end
219
-
220
- it "does not raise error" do
221
- expect(knife_ec2_create.ui).to_not receive(:error).with(
222
- "spot-wait-mode option requires that a spot-price option is set."
223
- )
224
- expect { knife_ec2_create.validate! }.to_not raise_error
225
- end
226
- end
227
-
228
- context "spot-wait-mode option is given" do
229
- before do
230
- knife_ec2_create.config[:spot_price] = 0.001
231
- knife_ec2_create.config[:spot_wait_mode] = "exit"
232
- end
233
-
234
- it "does not raise error" do
235
- expect(knife_ec2_create.ui).to_not receive(:error).with(
236
- "spot-wait-mode option requires that a spot-price option is set."
237
- )
238
- expect { knife_ec2_create.validate! }.to_not raise_error
239
- end
240
- end
241
- end
242
- end
243
- end
244
-
245
- describe "run" do
246
- before do
247
- expect(ec2_servers).to receive(:create).and_return(new_ec2_server)
248
- expect(ec2_connection).to receive(:servers).and_return(ec2_servers)
249
- expect(ec2_connection).to receive(:addresses)
250
-
251
- @eip = "111.111.111.111"
252
- expect(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
253
-
254
- allow(knife_ec2_create).to receive(:puts)
255
- allow(knife_ec2_create).to receive(:print)
256
- knife_ec2_create.config[:image] = "12345"
257
- expect(@bootstrap).to receive(:run)
258
- end
259
-
260
- it "creates an EC2 instance and bootstraps it" do
261
- expect(new_ec2_server).to receive(:wait_for).and_return(true)
262
- expect(knife_ec2_create).to receive(:ssh_override_winrm)
263
- knife_ec2_create.run
264
- expect(knife_ec2_create.server).to_not be_nil
265
- end
266
-
267
- it "set ssh_user value by using -x option for ssh bootstrap protocol or linux image" do
268
- # Currently -x option set config[:winrm_user]
269
- # default value of config[:ssh_user] is root
270
- knife_ec2_create.config[:winrm_user] = "ubuntu"
271
- knife_ec2_create.config[:ssh_user] = "root"
272
-
273
- expect(new_ec2_server).to receive(:wait_for).and_return(true)
274
- knife_ec2_create.run
275
- expect(knife_ec2_create.config[:ssh_user]).to eq("ubuntu")
276
- expect(knife_ec2_create.server).to_not be_nil
277
- end
278
-
279
- it "set ssh_password value by using -P option for ssh bootstrap protocol or linux image" do
280
- # Currently -P option set config[:winrm_password]
281
- # default value of config[:ssh_password] is nil
282
- knife_ec2_create.config[:winrm_password] = "winrm_password"
283
- knife_ec2_create.config[:ssh_password] = nil
284
- expect(new_ec2_server).to receive(:wait_for).and_return(true)
285
- knife_ec2_create.run
286
- expect(knife_ec2_create.config[:ssh_password]).to eq("winrm_password")
287
- expect(knife_ec2_create.server).to_not be_nil
288
- end
289
-
290
- it "set ssh_port value by using -p option for ssh bootstrap protocol or linux image" do
291
- # Currently -p option set config[:winrm_port]
292
- # default value of config[:ssh_port] is 22
293
- knife_ec2_create.config[:winrm_port] = "1234"
294
- knife_ec2_create.config[:ssh_port] = "22"
295
-
296
- expect(new_ec2_server).to receive(:wait_for).and_return(true)
297
- knife_ec2_create.run
298
- expect(knife_ec2_create.config[:ssh_port]).to eq("1234")
299
- expect(knife_ec2_create.server).to_not be_nil
300
- end
301
-
302
- it "set identity_file value by using -i option for ssh bootstrap protocol or linux image" do
303
- # Currently -i option set config[:kerberos_keytab_file]
304
- # default value of config[:identity_file] is nil
305
- knife_ec2_create.config[:kerberos_keytab_file] = "kerberos_keytab_file"
306
- knife_ec2_create.config[:identity_file] = nil
307
-
308
- expect(new_ec2_server).to receive(:wait_for).and_return(true)
309
- knife_ec2_create.run
310
- expect(knife_ec2_create.config[:identity_file]).to eq("kerberos_keytab_file")
311
- expect(knife_ec2_create.server).to_not be_nil
312
- end
313
-
314
- it "should never invoke windows bootstrap for linux instance" do
315
- expect(new_ec2_server).to receive(:wait_for).and_return(true)
316
- expect(knife_ec2_create).not_to receive(:bootstrap_for_windows_node)
317
- knife_ec2_create.run
318
- end
319
-
320
- it "creates an EC2 instance, assigns existing EIP and bootstraps it" do
321
- knife_ec2_create.config[:associate_eip] = @eip
322
-
323
- allow(new_ec2_server).to receive(:public_ip_address).and_return(@eip)
324
- expect(ec2_connection).to receive(:associate_address).with(ec2_server_attribs[:id], @eip, nil, "")
325
- expect(new_ec2_server).to receive(:wait_for).at_least(:twice).and_return(true)
326
-
327
- knife_ec2_create.run
328
- expect(knife_ec2_create.server).to_not be_nil
329
- end
330
-
331
- it "creates an EC2 instance, enables ClassicLink and bootstraps it" do
332
- knife_ec2_create.config[:classic_link_vpc_id] = @vpc_id
333
- knife_ec2_create.config[:classic_link_vpc_security_group_ids] = @vpc_security_group_ids
334
-
335
- expect(ec2_connection).to receive(:attach_classic_link_vpc).with(ec2_server_attribs[:id], @vpc_id, @vpc_security_group_ids)
336
- expect(new_ec2_server).to receive(:wait_for).and_return(true)
337
-
338
- knife_ec2_create.run
339
- expect(knife_ec2_create.server).to_not be_nil
340
- end
341
-
342
- it "retries if it receives Fog::Compute::AWS::NotFound" do
343
- expect(new_ec2_server).to receive(:wait_for).and_return(true)
344
- expect(knife_ec2_create).to receive(:create_tags).and_raise(Fog::Compute::AWS::NotFound)
345
- expect(knife_ec2_create).to receive(:create_tags).and_return(true)
346
- expect(knife_ec2_create).to receive(:sleep).and_return(true)
347
- expect(knife_ec2_create.ui).to receive(:warn).with(/retrying/)
348
- knife_ec2_create.run
349
- end
350
-
351
- it "actually writes to the validation key tempfile" do
352
- expect(new_ec2_server).to receive(:wait_for).and_return(true)
353
- Chef::Config[:knife][:validation_key_url] = @validation_key_url
354
- knife_ec2_create.config[:validation_key_url] = @validation_key_url
355
-
356
- allow(knife_ec2_create).to receive_message_chain(:validation_key_tmpfile, :path).and_return(@validation_key_file)
357
- allow(Chef::Knife::S3Source).to receive(:fetch).with(@validation_key_url).and_return(@validation_key_body)
358
- expect(File).to receive(:open).with(@validation_key_file, "w")
359
- knife_ec2_create.run
360
- end
361
- end
362
-
363
- describe "run for EC2 Windows instance" do
364
- before do
365
- expect(ec2_servers).to receive(:create).and_return(new_ec2_server)
366
- expect(ec2_connection).to receive(:servers).and_return(ec2_servers)
367
- expect(ec2_connection).to receive(:addresses)
368
-
369
- expect(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
370
-
371
- allow(knife_ec2_create).to receive(:puts)
372
- allow(knife_ec2_create).to receive(:print)
373
- knife_ec2_create.config[:identity_file] = "~/.ssh/aws-key.pem"
374
- knife_ec2_create.config[:image] = "12345"
375
- allow(knife_ec2_create).to receive(:is_image_windows?).and_return(true)
376
- allow(knife_ec2_create).to receive(:tcp_test_winrm).and_return(true)
377
- end
378
-
379
- it "bootstraps via the WinRM protocol" do
380
- knife_ec2_create.config[:winrm_password] = "winrm-password"
381
- knife_ec2_create.config[:bootstrap_protocol] = "winrm"
382
- @bootstrap_winrm = Chef::Knife::BootstrapWindowsWinrm.new
383
- allow(Chef::Knife::BootstrapWindowsWinrm).to receive(:new).and_return(@bootstrap_winrm)
384
- expect(@bootstrap_winrm).to receive(:run)
385
- expect(knife_ec2_create).not_to receive(:ssh_override_winrm)
386
- expect(new_ec2_server).to receive(:wait_for).and_return(true)
387
- knife_ec2_create.run
388
- end
389
-
390
- it "bootstraps via the SSH protocol" do
391
- knife_ec2_create.config[:bootstrap_protocol] = "ssh"
392
- bootstrap_win_ssh = Chef::Knife::BootstrapWindowsSsh.new
393
- allow(Chef::Knife::BootstrapWindowsSsh).to receive(:new).and_return(bootstrap_win_ssh)
394
- expect(bootstrap_win_ssh).to receive(:run)
395
- expect(knife_ec2_create).to receive(:ssh_override_winrm)
396
- expect(new_ec2_server).to receive(:wait_for).and_return(true)
397
- knife_ec2_create.run
398
- end
399
-
400
- it "should use configured SSH port" do
401
- knife_ec2_create.config[:bootstrap_protocol] = "ssh"
402
- knife_ec2_create.config[:ssh_port] = 422
403
-
404
- expect(knife_ec2_create).to receive(:tcp_test_ssh).with("ec2-75.101.253.10.compute-1.amazonaws.com", 422).and_return(true)
405
-
406
- bootstrap_win_ssh = Chef::Knife::BootstrapWindowsSsh.new
407
- allow(Chef::Knife::BootstrapWindowsSsh).to receive(:new).and_return(bootstrap_win_ssh)
408
- expect(bootstrap_win_ssh).to receive(:run)
409
- expect(new_ec2_server).to receive(:wait_for).and_return(true)
410
- knife_ec2_create.run
411
- end
412
-
413
- it "should never invoke linux bootstrap" do
414
- knife_ec2_create.config[:bootstrap_protocol] = "winrm"
415
- allow(knife_ec2_create).to receive(:windows_password).and_return("")
416
- expect(knife_ec2_create).not_to receive(:bootstrap_for_linux_node)
417
- expect(new_ec2_server).to receive(:wait_for).and_return(true)
418
- allow(knife_ec2_create).to receive(:bootstrap_for_windows_node).and_return double("bootstrap", run: true)
419
- knife_ec2_create.run
420
- end
421
-
422
- it "waits for EC2 to generate password if not supplied" do
423
- knife_ec2_create.config[:bootstrap_protocol] = "winrm"
424
- knife_ec2_create.config[:winrm_password] = nil
425
- expect(knife_ec2_create).to receive(:windows_password).and_return("")
426
- allow(new_ec2_server).to receive(:wait_for).and_return(true)
427
- allow(knife_ec2_create).to receive(:check_windows_password_available).and_return(true)
428
- bootstrap_winrm = Chef::Knife::BootstrapWindowsWinrm.new
429
- allow(Chef::Knife::BootstrapWindowsWinrm).to receive(:new).and_return(bootstrap_winrm)
430
- expect(bootstrap_winrm).to receive(:run)
431
- knife_ec2_create.run
432
- end
433
- end
434
-
435
- describe "when setting tags" do
436
- before do
437
- expect(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
438
- allow(knife_ec2_create).to receive(:bootstrap_for_linux_node).and_return double("bootstrap", run: true)
439
- allow(ec2_connection).to receive(:servers).and_return(ec2_servers)
440
- expect(ec2_connection).to receive(:addresses)
441
- allow(new_ec2_server).to receive(:wait_for).and_return(true)
442
- allow(ec2_servers).to receive(:create).and_return(new_ec2_server)
443
- allow(knife_ec2_create).to receive(:puts)
444
- allow(knife_ec2_create).to receive(:print)
445
- allow(knife_ec2_create.ui).to receive(:error)
446
- allow(knife_ec2_create.ui).to receive(:msg)
447
- end
448
-
449
- it "sets the Name tag to the instance id by default" do
450
- expect(ec2_connection.tags).to receive(:create).with(key: "Name",
451
- value: new_ec2_server.id,
452
- resource_id: new_ec2_server.id)
453
- knife_ec2_create.run
454
- end
455
-
456
- it "sets the Name tag to the chef_node_name when given" do
457
- knife_ec2_create.config[:chef_node_name] = "wombat"
458
- expect(ec2_connection.tags).to receive(:create).with(key: "Name",
459
- value: "wombat",
460
- resource_id: new_ec2_server.id)
461
- knife_ec2_create.run
462
- end
463
-
464
- it "sets the Name tag to the specified name when given --aws-tag Name=NAME" do
465
- knife_ec2_create.config[:aws_tag] = ["Name=bobcat"]
466
- expect(ec2_connection.tags).to receive(:create).with(key: "Name",
467
- value: "bobcat",
468
- resource_id: new_ec2_server.id)
469
- knife_ec2_create.run
470
- end
471
-
472
- it "sets arbitrary aws tags" do
473
- knife_ec2_create.config[:aws_tag] = ["foo=bar"]
474
- expect(ec2_connection.tags).to receive(:create).with(key: "foo",
475
- value: "bar",
476
- resource_id: new_ec2_server.id)
477
- knife_ec2_create.run
478
- end
479
-
480
- it "sets the Name tag to the specified name when given --tags Name=NAME" do
481
- knife_ec2_create.config[:tags] = ["Name=bobcat"]
482
- expect(ec2_connection.tags).to receive(:create).with(key: "Name",
483
- value: "bobcat",
484
- resource_id: new_ec2_server.id)
485
- knife_ec2_create.run
486
- end
487
-
488
- it "sets arbitrary tags" do
489
- knife_ec2_create.config[:tags] = ["foo=bar"]
490
- expect(ec2_connection.tags).to receive(:create).with(key: "foo",
491
- value: "bar",
492
- resource_id: new_ec2_server.id)
493
- knife_ec2_create.run
494
- end
495
-
496
- it 'raises deprecated warning "[DEPRECATED] --tags option is deprecated. Use --aws-tag option instead."' do
497
- knife_ec2_create.config[:tags] = ["foo=bar"]
498
- expect(ec2_connection.tags).to receive(:create).with(key: "foo",
499
- value: "bar",
500
- resource_id: new_ec2_server.id)
501
- expect(knife_ec2_create.ui).to receive(:warn).with("[DEPRECATED] --tags option is deprecated. Use --aws-tag option instead.").exactly(2).times
502
- knife_ec2_create.validate!
503
- knife_ec2_create.run
504
- end
505
- end
506
-
507
- describe "when setting volume tags" do
508
- before do
509
- expect(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
510
- allow(knife_ec2_create).to receive(:bootstrap_for_linux_node).and_return double("bootstrap", run: true)
511
- allow(ec2_connection).to receive(:servers).and_return(ec2_servers)
512
- allow(ec2_servers).to receive(:create).and_return(new_ec2_server)
513
- allow(new_ec2_server).to receive(:wait_for).and_return(true)
514
- allow(knife_ec2_create.ui).to receive(:error)
515
- end
516
-
517
- it "sets the volume tags as specified when given --volume-tags Key=Value" do
518
- knife_ec2_create.config[:volume_tags] = ["VolumeTagKey=TestVolumeTagValue"]
519
- expect(ec2_connection.tags).to receive(:create).with(key: "VolumeTagKey",
520
- value: "TestVolumeTagValue",
521
- resource_id: new_ec2_server.block_device_mapping.first["volumeId"])
522
- knife_ec2_create.run
523
- end
524
- end
525
-
526
- # This shared examples group can be used to house specifications that
527
- # are common to both the Linux and Windows bootstraping process. This
528
- # would remove a lot of testing duplication that is currently present.
529
- shared_examples "generic bootstrap configurations" do
530
- context "data bag secret" do
531
- before(:each) do
532
- Chef::Config[:knife][:secret] = "sys-knife-secret"
533
- end
534
-
535
- it "uses the the knife configuration when no explicit value is provided" do
536
- expect(bootstrap.config[:secret]).to eql("sys-knife-secret")
537
- end
538
-
539
- it "sets encrypted_data_bag_secret" do
540
- expect(bootstrap.config[:encrypted_data_bag_secret]).to eql("sys-knife-secret")
541
- end
542
-
543
- it "prefers using a provided value instead of the knife confiuration" do
544
- subject.config[:secret] = "cli-provided-secret"
545
- expect(bootstrap.config[:secret]).to eql("cli-provided-secret")
546
- end
547
- end
548
-
549
- context "data bag secret file" do
550
- before(:each) do
551
- Chef::Config[:knife][:secret_file] = "sys-knife-secret-file"
552
- end
553
-
554
- it "uses the the knife configuration when no explicit value is provided" do
555
- expect(bootstrap.config[:secret_file]).to eql("sys-knife-secret-file")
556
- end
557
-
558
- it "sets encrypted_data_bag_secret_file" do
559
- expect(bootstrap.config[:encrypted_data_bag_secret_file]).to eql("sys-knife-secret-file")
560
- end
561
-
562
- it "prefers using a provided value instead of the knife confiuration" do
563
- subject.config[:secret_file] = "cli-provided-secret-file"
564
- expect(bootstrap.config[:secret_file]).to eql("cli-provided-secret-file")
565
- end
566
- end
567
-
568
- context "S3-based secret" do
569
- before(:each) do
570
- Chef::Config[:knife][:s3_secret] =
571
- "s3://test.bucket/folder/encrypted_data_bag_secret"
572
- @secret_content = "TEST DATA BAG SECRET\n"
573
- allow(knife_ec2_create).to receive(:s3_secret).and_return(@secret_content)
574
- end
575
-
576
- it "sets the secret to the expected test string" do
577
- expect(bootstrap.config[:secret]).to eql(@secret_content)
578
- end
579
- end
580
- end
581
-
582
- describe "S3 secret test cases" do
583
- before do
584
- Chef::Config[:knife][:s3_secret] =
585
- "s3://test.bucket/folder/encrypted_data_bag_secret"
586
- @secret_content = "TEST DATA BAG SECRET\n"
587
- allow(knife_ec2_create).to receive(:s3_secret).and_return(@secret_content)
588
- allow(Chef::Knife).to receive(:Bootstrap)
589
- @bootstrap = knife_ec2_create.bootstrap_for_linux_node(new_ec2_server, new_ec2_server.dns_name)
590
- end
591
-
592
- context "when s3 secret option is passed" do
593
- it "sets the s3 secret value to cl_secret key" do
594
- knife_ec2_create.bootstrap_common_params(@bootstrap)
595
- expect(Chef::Config[:knife][:cl_secret]).to eql(@secret_content)
596
- end
597
- end
598
-
599
- context "when s3 secret option is not passed" do
600
- it "sets the cl_secret value to nil" do
601
- Chef::Config[:knife].delete(:s3_secret)
602
- Chef::Config[:knife].delete(:cl_secret)
603
- knife_ec2_create.bootstrap_common_params(@bootstrap)
604
- expect(Chef::Config[:knife][:cl_secret]).to eql(nil)
605
- end
606
- end
607
- end
608
-
609
- context "when deprecated aws_ssh_key_id option is used in knife config and no ssh-key is supplied on the CLI" do
610
- before do
611
- Chef::Config[:knife][:aws_ssh_key_id] = "mykey"
612
- Chef::Config[:knife].delete(:ssh_key_name)
613
- @aws_key = Chef::Config[:knife][:aws_ssh_key_id]
614
- allow(knife_ec2_create).to receive(:ami).and_return(false)
615
- allow(knife_ec2_create).to receive(:validate_nics!).and_return(true)
616
- end
617
-
618
- it "gives warning message and creates the attribute with the required name" do
619
- expect(knife_ec2_create.ui).to receive(:warn).with("Use of aws_ssh_key_id option in knife.rb/config.rb config is deprecated, use ssh_key_name option instead.")
620
- knife_ec2_create.validate!
621
- expect(Chef::Config[:knife][:ssh_key_name]).to eq(@aws_key)
622
- end
623
- end
624
-
625
- context "when deprecated aws_ssh_key_id option is used in knife config but ssh-key is also supplied on the CLI" do
626
- before do
627
- Chef::Config[:knife][:aws_ssh_key_id] = "mykey"
628
- @aws_key = Chef::Config[:knife][:aws_ssh_key_id]
629
- allow(knife_ec2_create).to receive(:ami).and_return(false)
630
- allow(knife_ec2_create).to receive(:validate_nics!).and_return(true)
631
- end
632
-
633
- it "gives warning message and gives preference to CLI value over knife config's value" do
634
- expect(knife_ec2_create.ui).to receive(:warn).with("Use of aws_ssh_key_id option in knife.rb/config.rb config is deprecated, use ssh_key_name option instead.")
635
- knife_ec2_create.validate!
636
- expect(Chef::Config[:knife][:ssh_key_name]).to_not eq(@aws_key)
637
- end
638
- end
639
-
640
- context "when ssh_key_name option is used in knife config instead of deprecated aws_ssh_key_id option" do
641
- before do
642
- Chef::Config[:knife][:ssh_key_name] = "mykey"
643
- allow(knife_ec2_create).to receive(:ami).and_return(false)
644
- allow(knife_ec2_create).to receive(:validate_nics!).and_return(true)
645
- end
646
-
647
- it "does nothing" do
648
- knife_ec2_create.validate!
649
- end
650
- end
651
-
652
- context "when ssh_key_name option is used in knife config also it is passed on the CLI" do
653
- before do
654
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
655
- Chef::Config[:knife][:ssh_key_name] = "mykey"
656
- knife_ec2_create.config[:ssh_key_name] = "ssh_key_name"
657
- end
658
-
659
- it "ssh-key passed over CLI gets preference over knife config value" do
660
- server_def = knife_ec2_create.create_server_def
661
- expect(server_def[:key_name]).to eq(knife_ec2_create.config[:ssh_key_name])
662
- end
663
- end
664
-
665
- describe "when configuring the bootstrap process" do
666
- before do
667
- allow(knife_ec2_create).to receive(:evaluate_node_name).and_return("blarf")
668
- knife_ec2_create.config[:ssh_user] = "ubuntu"
669
- knife_ec2_create.config[:identity_file] = "~/.ssh/aws-key.pem"
670
- knife_ec2_create.config[:ssh_port] = 22
671
- knife_ec2_create.config[:ssh_gateway] = "bastion.host.com"
672
- knife_ec2_create.config[:chef_node_name] = "blarf"
673
- knife_ec2_create.config[:run_list] = ["role[base]"]
674
- knife_ec2_create.config[:first_boot_attributes] = "{'my_attributes':{'foo':'bar'}"
675
- knife_ec2_create.config[:first_boot_attributes_from_file] = "{'my_attributes':{'foo':'bar'}"
676
-
677
- @bootstrap = knife_ec2_create.bootstrap_for_linux_node(new_ec2_server, new_ec2_server.dns_name)
678
- end
679
-
680
- include_examples "generic bootstrap configurations" do
681
- subject { knife_ec2_create }
682
- let(:bootstrap) { knife_ec2_create.bootstrap_for_linux_node(new_ec2_server, new_ec2_server.dns_name) }
683
- end
684
-
685
- it "should set the bootstrap 'name argument' to the hostname of the EC2 server" do
686
- expect(@bootstrap.name_args).to eq(["ec2-75.101.253.10.compute-1.amazonaws.com"])
687
- end
688
-
689
- it "should set the bootstrap 'first_boot_attributes' correctly" do
690
- expect(@bootstrap.config[:first_boot_attributes]).to eq("{'my_attributes':{'foo':'bar'}")
691
- end
692
-
693
- it "should set the bootstrap 'first_boot_attributes_from_file' correctly" do
694
- expect(@bootstrap.config[:first_boot_attributes_from_file]).to eq("{'my_attributes':{'foo':'bar'}")
695
- end
696
-
697
- it "configures sets the bootstrap's run_list" do
698
- expect(@bootstrap.config[:run_list]).to eq(["role[base]"])
699
- end
700
-
701
- it "configures the bootstrap to use the correct ssh_user login" do
702
- expect(@bootstrap.config[:ssh_user]).to eq("ubuntu")
703
- end
704
-
705
- it "configures the bootstrap to use the correct ssh_gateway host" do
706
- expect(@bootstrap.config[:ssh_gateway]).to eq("bastion.host.com")
707
- end
708
-
709
- it "configures the bootstrap to use the correct ssh identity file" do
710
- expect(@bootstrap.config[:identity_file]).to eq("~/.ssh/aws-key.pem")
711
- end
712
-
713
- it "configures the bootstrap to use the correct ssh_port number" do
714
- expect(@bootstrap.config[:ssh_port]).to eq(22)
715
- end
716
-
717
- it "configures the bootstrap to use the configured node name if provided" do
718
- expect(@bootstrap.config[:chef_node_name]).to eq("blarf")
719
- end
720
-
721
- it "configures the bootstrap to use the EC2 server id if no explicit node name is set" do
722
- knife_ec2_create.config[:chef_node_name] = nil
723
-
724
- bootstrap = knife_ec2_create.bootstrap_for_linux_node(new_ec2_server, new_ec2_server.dns_name)
725
- expect(bootstrap.config[:chef_node_name]).to eq(new_ec2_server.id)
726
- end
727
-
728
- it "configures the bootstrap to use prerelease versions of chef if specified" do
729
- expect(@bootstrap.config[:prerelease]).to be_falsey
730
-
731
- knife_ec2_create.config[:prerelease] = true
732
-
733
- bootstrap = knife_ec2_create.bootstrap_for_linux_node(new_ec2_server, new_ec2_server.dns_name)
734
- expect(bootstrap.config[:prerelease]).to eq(true)
735
- end
736
-
737
- it "configures the bootstrap to use sudo" do
738
- expect(@bootstrap.config[:use_sudo]).to eq(true)
739
- end
740
-
741
- it "configured the bootstrap to set an ec2 hint (via Chef::Config)" do
742
- expect(Chef::Config[:knife][:hints]["ec2"]).not_to be_nil
743
- end
744
- end
745
-
746
- describe "when configuring the ssh bootstrap process for windows" do
747
- before do
748
- allow(knife_ec2_create).to receive(:fetch_server_fqdn).and_return("SERVERNAME")
749
- knife_ec2_create.config[:ssh_user] = "administrator"
750
- knife_ec2_create.config[:ssh_password] = "password"
751
- knife_ec2_create.config[:ssh_port] = 22
752
- knife_ec2_create.config[:forward_agent] = true
753
- knife_ec2_create.config[:bootstrap_protocol] = "ssh"
754
- knife_ec2_create.config[:image] = "12345"
755
- allow(knife_ec2_create).to receive(:is_image_windows?).and_return(true)
756
- @bootstrap = knife_ec2_create.bootstrap_for_windows_node(new_ec2_server, new_ec2_server.dns_name)
757
- end
758
-
759
- it "sets the bootstrap 'forward_agent' correctly" do
760
- expect(@bootstrap.config[:forward_agent]).to eq(true)
761
- end
762
- end
763
-
764
- describe "when configuring the winrm bootstrap process for windows" do
765
- before do
766
- allow(knife_ec2_create).to receive(:fetch_server_fqdn).and_return("SERVERNAME")
767
- allow(knife_ec2_create).to receive(:evaluate_node_name).and_return(server)
768
- knife_ec2_create.config[:winrm_user] = "Administrator"
769
- knife_ec2_create.config[:winrm_password] = "password"
770
- knife_ec2_create.config[:winrm_port] = 12345
771
- knife_ec2_create.config[:winrm_transport] = "ssl"
772
- knife_ec2_create.config[:kerberos_realm] = "realm"
773
- knife_ec2_create.config[:bootstrap_protocol] = "winrm"
774
- knife_ec2_create.config[:kerberos_service] = "service"
775
- knife_ec2_create.config[:chef_node_name] = "blarf"
776
- knife_ec2_create.config[:run_list] = ["role[base]"]
777
- knife_ec2_create.config[:first_boot_attributes] = "{'my_attributes':{'foo':'bar'}"
778
- knife_ec2_create.config[:winrm_ssl_verify_mode] = "verify_peer"
779
- knife_ec2_create.config[:msi_url] = "https://opscode-omnibus-packages.s3.amazonaws.com/windows/2008r2/x86_64/chef-client-12.3.0-1.msi"
780
- knife_ec2_create.config[:install_as_service] = true
781
- knife_ec2_create.config[:session_timeout] = "90"
782
- @bootstrap = knife_ec2_create.bootstrap_for_windows_node(new_ec2_server, new_ec2_server.dns_name)
783
- end
784
-
785
- include_examples "generic bootstrap configurations" do
786
- subject { knife_ec2_create }
787
- let(:bootstrap) { knife_ec2_create.bootstrap_for_linux_node(new_ec2_server, new_ec2_server.dns_name) }
788
- end
789
-
790
- it "should set the winrm username correctly" do
791
- expect(@bootstrap.config[:winrm_user]).to eq(knife_ec2_create.config[:winrm_user])
792
- end
793
- it "should set the winrm password correctly" do
794
- expect(@bootstrap.config[:winrm_password]).to eq(knife_ec2_create.config[:winrm_password])
795
- end
796
-
797
- it "should set the winrm port correctly" do
798
- expect(@bootstrap.config[:winrm_port]).to eq(knife_ec2_create.config[:winrm_port])
799
- end
800
-
801
- it "should set the winrm transport layer correctly" do
802
- expect(@bootstrap.config[:winrm_transport]).to eq(knife_ec2_create.config[:winrm_transport])
803
- end
804
-
805
- it "should set the kerberos realm correctly" do
806
- expect(@bootstrap.config[:kerberos_realm]).to eq(knife_ec2_create.config[:kerberos_realm])
807
- end
808
-
809
- it "should set the kerberos service correctly" do
810
- expect(@bootstrap.config[:kerberos_service]).to eq(knife_ec2_create.config[:kerberos_service])
811
- end
812
-
813
- it "should set the bootstrap 'name argument' to the Windows/AD hostname of the EC2 server" do
814
- expect(@bootstrap.name_args).to eq(["SERVERNAME"])
815
- end
816
-
817
- it "should set the bootstrap 'name argument' to the hostname of the EC2 server when AD/Kerberos is not used" do
818
- knife_ec2_create.config[:kerberos_realm] = nil
819
- @bootstrap = knife_ec2_create.bootstrap_for_windows_node(new_ec2_server, new_ec2_server.dns_name)
820
- expect(@bootstrap.name_args).to eq(["ec2-75.101.253.10.compute-1.amazonaws.com"])
821
- end
822
-
823
- it "should set the bootstrap 'first_boot_attributes' correctly" do
824
- expect(@bootstrap.config[:first_boot_attributes]).to eq("{'my_attributes':{'foo':'bar'}")
825
- end
826
-
827
- it "should set the bootstrap 'winrm_ssl_verify_mode' correctly" do
828
- expect(@bootstrap.config[:winrm_ssl_verify_mode]).to eq("verify_peer")
829
- end
830
-
831
- it "should set the bootstrap 'msi_url' correctly" do
832
- expect(@bootstrap.config[:msi_url]).to eq("https://opscode-omnibus-packages.s3.amazonaws.com/windows/2008r2/x86_64/chef-client-12.3.0-1.msi")
833
- end
834
-
835
- it "should set the bootstrap 'install_as_service' correctly" do
836
- expect(@bootstrap.config[:install_as_service]).to eq(knife_ec2_create.config[:install_as_service])
837
- end
838
-
839
- it "should set the bootstrap 'session_timeout' correctly" do
840
- expect(@bootstrap.config[:session_timeout]).to eq(knife_ec2_create.config[:session_timeout])
841
- end
842
-
843
- it "configures sets the bootstrap's run_list" do
844
- expect(@bootstrap.config[:run_list]).to eq(["role[base]"])
845
- end
846
-
847
- it "configures auth_timeout for bootstrap to default to 25 minutes" do
848
- expect(knife_ec2_create.options[:auth_timeout][:default]).to eq(25)
849
- end
850
-
851
- it "configures auth_timeout for bootstrap according to plugin auth_timeout config" do
852
- knife_ec2_create.config[:auth_timeout] = 5
853
- bootstrap = knife_ec2_create.bootstrap_for_windows_node(new_ec2_server, new_ec2_server.dns_name)
854
- expect(bootstrap.config[:auth_timeout]).to eq(5)
855
- end
856
- end
857
-
858
- describe "when validating the command-line parameters" do
859
- before do
860
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
861
- allow(knife_ec2_create.ui).to receive(:error)
862
- allow(knife_ec2_create.ui).to receive(:msg)
863
- end
864
-
865
- describe "when reading aws_credential_file" do
866
- before do
867
- Chef::Config[:knife].delete(:aws_access_key_id)
868
- Chef::Config[:knife].delete(:aws_secret_access_key)
869
-
870
- allow(File).to receive(:exist?).with("/apple/pear").and_return(true)
871
- Chef::Config[:knife][:aws_credential_file] = "/apple/pear"
872
- @access_key_id = "access_key_id"
873
- @secret_key = "secret_key"
874
- end
875
-
876
- it "reads UNIX Line endings" do
877
- allow(File).to receive(:read)
878
- .and_return("AWSAccessKeyId=#{@access_key_id}\nAWSSecretKey=#{@secret_key}")
879
- knife_ec2_create.validate!
880
- expect(Chef::Config[:knife][:aws_access_key_id]).to eq(@access_key_id)
881
- expect(Chef::Config[:knife][:aws_secret_access_key]).to eq(@secret_key)
882
- end
883
-
884
- it "reads DOS Line endings" do
885
- allow(File).to receive(:read)
886
- .and_return("AWSAccessKeyId=#{@access_key_id}\r\nAWSSecretKey=#{@secret_key}")
887
- knife_ec2_create.validate!
888
- expect(Chef::Config[:knife][:aws_access_key_id]).to eq(@access_key_id)
889
- expect(Chef::Config[:knife][:aws_secret_access_key]).to eq(@secret_key)
890
- end
891
-
892
- it "reads UNIX Line endings for new format" do
893
- allow(File).to receive(:read)
894
- .and_return("[default]\naws_access_key_id=#{@access_key_id}\naws_secret_access_key=#{@secret_key}")
895
- knife_ec2_create.validate!
896
- expect(Chef::Config[:knife][:aws_access_key_id]).to eq(@access_key_id)
897
- expect(Chef::Config[:knife][:aws_secret_access_key]).to eq(@secret_key)
898
- end
899
-
900
- it "reads DOS Line endings for new format" do
901
- allow(File).to receive(:read)
902
- .and_return("[default]\naws_access_key_id=#{@access_key_id}\r\naws_secret_access_key=#{@secret_key}")
903
- knife_ec2_create.validate!
904
- expect(Chef::Config[:knife][:aws_access_key_id]).to eq(@access_key_id)
905
- expect(Chef::Config[:knife][:aws_secret_access_key]).to eq(@secret_key)
906
- end
907
-
908
- it "loads the correct profile" do
909
- Chef::Config[:knife][:aws_profile] = "other"
910
- allow(File).to receive(:read)
911
- .and_return("[default]\naws_access_key_id=TESTKEY\r\naws_secret_access_key=TESTSECRET\n\n[other]\naws_access_key_id=#{@access_key_id}\r\naws_secret_access_key=#{@secret_key}")
912
- knife_ec2_create.validate!
913
- expect(Chef::Config[:knife][:aws_access_key_id]).to eq(@access_key_id)
914
- expect(Chef::Config[:knife][:aws_secret_access_key]).to eq(@secret_key)
915
- end
916
-
917
- context "when invalid --aws-profile is given" do
918
- it "raises exception" do
919
- Chef::Config[:knife][:aws_profile] = "xyz"
920
- allow(File).to receive(:read).and_return("[default]\naws_access_key_id=TESTKEY\r\naws_secret_access_key=TESTSECRET")
921
- expect { knife_ec2_create.validate! }.to raise_error("The provided --aws-profile 'xyz' is invalid.")
922
- end
923
- end
924
-
925
- context "when non-existent --aws_credential_file is given" do
926
- it "raises exception" do
927
- Chef::Config[:knife][:aws_credential_file] = "/foo/bar"
928
- allow(File).to receive(:exist?).and_return(false)
929
- expect { knife_ec2_create.validate! }.to raise_error("The provided --aws_credential_file (/foo/bar) cannot be found on disk.")
930
- end
931
- end
932
- end
933
-
934
- describe "when reading aws_config_file" do
935
- before do
936
- Chef::Config[:knife][:aws_config_file] = "/apple/pear"
937
- allow(File).to receive(:exist?).with("/apple/pear").and_return(true)
938
- @region = "region"
939
- end
940
-
941
- it "reads UNIX Line endings" do
942
- allow(File).to receive(:read)
943
- .and_return("[default]\r\nregion=#{@region}")
944
- knife_ec2_create.validate!
945
- expect(Chef::Config[:knife][:region]).to eq(@region)
946
- end
947
-
948
- it "reads DOS Line endings" do
949
- allow(File).to receive(:read)
950
- .and_return("[default]\r\nregion=#{@region}")
951
- knife_ec2_create.validate!
952
- expect(Chef::Config[:knife][:region]).to eq(@region)
953
- end
954
- it "reads UNIX Line endings for new format" do
955
- allow(File).to receive(:read)
956
- .and_return("[default]\nregion=#{@region}")
957
- knife_ec2_create.validate!
958
- expect(Chef::Config[:knife][:region]).to eq(@region)
959
- end
960
-
961
- it "reads DOS Line endings for new format" do
962
- allow(File).to receive(:read)
963
- .and_return("[default]\nregion=#{@region}")
964
- knife_ec2_create.validate!
965
- expect(Chef::Config[:knife][:region]).to eq(@region)
966
- end
967
-
968
- it "loads the correct profile" do
969
- Chef::Config[:knife][:aws_profile] = "other"
970
- allow(File).to receive(:read)
971
- .and_return("[default]\nregion=TESTREGION\n\n[profile other]\nregion=#{@region}")
972
- knife_ec2_create.validate!
973
- expect(Chef::Config[:knife][:region]).to eq(@region)
974
- end
975
-
976
- context "when invalid --aws-profile is given" do
977
- it "raises exception" do
978
- Chef::Config[:knife][:aws_profile] = "xyz"
979
- allow(File).to receive(:read).and_return("[default]\nregion=TESTREGION")
980
- expect { knife_ec2_create.validate! }.to raise_error("The provided --aws-profile 'profile xyz' is invalid.")
981
- end
982
- end
983
-
984
- context "when non-existent --aws_config_file is given" do
985
- it "raises exception" do
986
- Chef::Config[:knife][:aws_config_file] = "/foo/bar"
987
- allow(File).to receive(:exist?).and_return(false)
988
- expect { knife_ec2_create.validate! }.to raise_error("The provided --aws_config_file (/foo/bar) cannot be found on disk.")
989
- end
990
- end
991
-
992
- context "when aws_profile is passed a 'default' from CLI or knife.rb file" do
993
- it "loads the default profile successfully" do
994
- Chef::Config[:knife][:aws_profile] = "default"
995
- allow(File).to receive(:read).and_return("[default]\nregion=#{@region}\n\n[profile other]\nregion=TESTREGION")
996
- knife_ec2_create.validate!
997
- expect(Chef::Config[:knife][:region]).to eq(@region)
998
- end
999
- end
1000
- end
1001
-
1002
- it "understands that file:// validation key URIs are just paths" do
1003
- Chef::Config[:knife][:validation_key_url] = "file:///foo/bar"
1004
- expect(knife_ec2_create.validation_key_path).to eq("/foo/bar")
1005
- end
1006
-
1007
- it "returns a path to a tmp file when presented with a URI for the " \
1008
- "validation key" do
1009
- Chef::Config[:knife][:validation_key_url] = @validation_key_url
1010
-
1011
- allow(knife_ec2_create).to receive_message_chain(:validation_key_tmpfile, :path).and_return(@validation_key_file)
1012
-
1013
- expect(knife_ec2_create.validation_key_path).to eq(@validation_key_file)
1014
- end
1015
-
1016
- it "disallows security group names when using a VPC" do
1017
- knife_ec2_create.config[:subnet_id] = @subnet_1_id
1018
- knife_ec2_create.config[:security_group_ids] = "sg-aabbccdd"
1019
- knife_ec2_create.config[:security_groups] = "groupname"
1020
-
1021
- allow(ec2_connection).to receive_message_chain(:subnets, :get).with(@subnet_1_id).and_return(@subnet_1)
1022
-
1023
- expect { knife_ec2_create.validate! }.to raise_error(SystemExit)
1024
- end
1025
-
1026
- it "disallows invalid network interface ids" do
1027
- knife_ec2_create.config[:network_interfaces] = ["INVALID_ID"]
1028
-
1029
- expect { knife_ec2_create.validate! }.to raise_error(SystemExit)
1030
- end
1031
-
1032
- it "disallows network interfaces not in the right VPC" do
1033
- knife_ec2_create.config[:subnet_id] = @subnet_1_id
1034
- knife_ec2_create.config[:security_group_ids] = "sg-aabbccdd"
1035
- knife_ec2_create.config[:security_groups] = "groupname"
1036
-
1037
- allow(ec2_connection).to receive_message_chain(:subnets, :get).with(@subnet_1_id).and_return(@subnet_1)
1038
-
1039
- allow(ec2_connection).to receive_message_chain(:network_interfaces, :all).and_return [
1040
- double("network_interfaces", network_interface_id: "eni-12345678", vpc_id: "another_vpc"),
1041
- double("network_interfaces", network_interface_id: "eni-87654321", vpc_id: my_vpc)
1042
- ]
1043
-
1044
- expect { knife_ec2_create.validate! }.to raise_error SystemExit
1045
- end
1046
-
1047
- it "disallows private ips when not using a VPC" do
1048
- knife_ec2_create.config[:private_ip_address] = "10.0.0.10"
1049
-
1050
- expect { knife_ec2_create.validate! }.to raise_error SystemExit
1051
- end
1052
-
1053
- it "disallows specifying credentials file and aws keys" do
1054
- Chef::Config[:knife][:aws_credential_file] = "/apple/pear"
1055
- allow(File).to receive(:exist?).with("/apple/pear").and_return(true)
1056
- allow(File).to receive(:read).and_return("AWSAccessKeyId=b\nAWSSecretKey=a")
1057
-
1058
- expect { knife_ec2_create.validate! }.to raise_error SystemExit
1059
- end
1060
-
1061
- it "disallows associate public ip option when not using a VPC" do
1062
- knife_ec2_create.config[:associate_public_ip] = true
1063
- knife_ec2_create.config[:subnet_id] = nil
1064
-
1065
- expect { knife_ec2_create.validate! }.to raise_error SystemExit
1066
- end
1067
-
1068
- it "disallows setting only one of the two ClassicLink options" do
1069
- knife_ec2_create.config[:classic_link_vpc_id] = @vpc_id
1070
- knife_ec2_create.config[:classic_link_vpc_security_group_ids] = nil
1071
-
1072
- expect { knife_ec2_create.validate! }.to raise_error SystemExit
1073
- end
1074
-
1075
- it "disallows ClassicLink with VPC" do
1076
- knife_ec2_create.config[:subnet_id] = "subnet-1a2b3c4d"
1077
- knife_ec2_create.config[:classic_link_vpc_id] = @vpc_id
1078
- knife_ec2_create.config[:classic_link_vpc_security_group_ids] = @vpc_security_group_ids
1079
-
1080
- allow(knife_ec2_create).to receive(:validate_nics!).and_return(true)
1081
-
1082
- expect { knife_ec2_create.validate! }.to raise_error SystemExit
1083
- end
1084
-
1085
- it "disallows ebs provisioned iops option when not using ebs volume type" do
1086
- knife_ec2_create.config[:ebs_provisioned_iops] = "123"
1087
- knife_ec2_create.config[:ebs_volume_type] = nil
1088
-
1089
- expect { knife_ec2_create.validate! }.to raise_error SystemExit
1090
- end
1091
-
1092
- it "disallows ebs provisioned iops option when not using ebs volume type 'io1'" do
1093
- knife_ec2_create.config[:ebs_provisioned_iops] = "123"
1094
- knife_ec2_create.config[:ebs_volume_type] = "standard"
1095
-
1096
- expect { knife_ec2_create.validate! }.to raise_error SystemExit
1097
- end
1098
-
1099
- it "disallows ebs volume type if its other than 'io1' or 'gp2' or 'standard'" do
1100
- knife_ec2_create.config[:ebs_provisioned_iops] = "123"
1101
- knife_ec2_create.config[:ebs_volume_type] = "invalid"
1102
-
1103
- expect { knife_ec2_create.validate! }.to raise_error SystemExit
1104
- end
1105
-
1106
- it "disallows 'io1' ebs volume type when not using ebs provisioned iops" do
1107
- knife_ec2_create.config[:ebs_provisioned_iops] = nil
1108
- knife_ec2_create.config[:ebs_volume_type] = "io1"
1109
-
1110
- expect { knife_ec2_create.validate! }.to raise_error SystemExit
1111
- end
1112
-
1113
- context "when ebs_encrypted option specified" do
1114
- it "not raise any validation error if valid ebs_size specified" do
1115
- knife_ec2_create.config[:ebs_size] = "8"
1116
- knife_ec2_create.config[:flavor] = "m3.medium"
1117
- knife_ec2_create.config[:ebs_encrypted] = true
1118
- expect(knife_ec2_create.ui).to_not receive(:error).with(" --ebs-encrypted option requires valid --ebs-size to be specified.")
1119
- knife_ec2_create.validate!
1120
- end
1121
-
1122
- it "raise error on missing ebs_size" do
1123
- knife_ec2_create.config[:ebs_size] = nil
1124
- knife_ec2_create.config[:flavor] = "m3.medium"
1125
- knife_ec2_create.config[:ebs_encrypted] = true
1126
- expect(knife_ec2_create.ui).to receive(:error).with(" --ebs-encrypted option requires valid --ebs-size to be specified.")
1127
- expect { knife_ec2_create.validate! }.to raise_error SystemExit
1128
- end
1129
-
1130
- it "raise error if invalid ebs_size specified for 'standard' VolumeType" do
1131
- knife_ec2_create.config[:ebs_size] = "1055"
1132
- knife_ec2_create.config[:ebs_volume_type] = "standard"
1133
- knife_ec2_create.config[:flavor] = "m3.medium"
1134
- knife_ec2_create.config[:ebs_encrypted] = true
1135
- expect(knife_ec2_create.ui).to receive(:error).with(" --ebs-size should be in between 1-1024 for 'standard' ebs volume type.")
1136
- expect { knife_ec2_create.validate! }.to raise_error SystemExit
1137
- end
1138
-
1139
- it "raise error on invalid ebs_size specified for 'gp2' VolumeType" do
1140
- knife_ec2_create.config[:ebs_size] = "16500"
1141
- knife_ec2_create.config[:ebs_volume_type] = "gp2"
1142
- knife_ec2_create.config[:flavor] = "m3.medium"
1143
- knife_ec2_create.config[:ebs_encrypted] = true
1144
- expect(knife_ec2_create.ui).to receive(:error).with(" --ebs-size should be in between 1-16384 for 'gp2' ebs volume type.")
1145
- expect { knife_ec2_create.validate! }.to raise_error SystemExit
1146
- end
1147
-
1148
- it "raise error on invalid ebs_size specified for 'io1' VolumeType" do
1149
- knife_ec2_create.config[:ebs_size] = "3"
1150
- knife_ec2_create.config[:ebs_provisioned_iops] = "200"
1151
- knife_ec2_create.config[:ebs_volume_type] = "io1"
1152
- knife_ec2_create.config[:flavor] = "m3.medium"
1153
- knife_ec2_create.config[:ebs_encrypted] = true
1154
- expect(knife_ec2_create.ui).to receive(:error).with(" --ebs-size should be in between 4-16384 for 'io1' ebs volume type.")
1155
- expect { knife_ec2_create.validate! }.to raise_error SystemExit
1156
- end
1157
- end
1158
- end
1159
-
1160
- describe "when creating the connection" do
1161
- before(:each) do
1162
- Chef::Config[:knife].delete(:aws_access_key_id)
1163
- Chef::Config[:knife].delete(:aws_secret_access_key)
1164
- end
1165
-
1166
- describe "when no keys or credential file is specified" do
1167
- it "it loads credentials from the default credentials file" do
1168
- default_cred_file = Chef::Util::PathHelper.home(".aws", "credentials")
1169
- allow(File).to receive(:exist?).and_call_original
1170
- allow(File).to receive(:exist?).with(default_cred_file).and_return(true)
1171
- allow(File).to receive(:read).with(default_cred_file).and_return("[default]\naws_access_key_id=abc\naws_secret_access_key=abc")
1172
- expect(Fog::Compute::AWS).to receive(:new).with(hash_including(aws_access_key_id: "abc", aws_secret_access_key: "abc")).and_return(ec2_connection)
1173
- knife_ec2_create.validate!
1174
- knife_ec2_create.connection
1175
- end
1176
- end
1177
-
1178
- describe "when use_iam_profile is true" do
1179
- it "creates a connection without access keys" do
1180
- knife_ec2_create.config[:use_iam_profile] = true
1181
- expect(Fog::Compute::AWS).to receive(:new).with(hash_including(use_iam_profile: true)).and_return(ec2_connection)
1182
- knife_ec2_create.connection
1183
- end
1184
- end
1185
-
1186
- describe "when aws_session_token is present" do
1187
- it "creates a connection using the session token" do
1188
- knife_ec2_create.config[:aws_session_token] = "session-token"
1189
- expect(Fog::Compute::AWS).to receive(:new).with(hash_including(aws_session_token: "session-token")).and_return(ec2_connection)
1190
- knife_ec2_create.connection
1191
- end
1192
- end
1193
- end
1194
-
1195
- describe "when creating the server definition" do
1196
- before do
1197
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
1198
- end
1199
-
1200
- it "sets the specified placement_group" do
1201
- knife_ec2_create.config[:placement_group] = ["some_placement_group"]
1202
- server_def = knife_ec2_create.create_server_def
1203
-
1204
- expect(server_def[:placement_group]).to eq(["some_placement_group"])
1205
- end
1206
-
1207
- it "sets the specified security group names" do
1208
- knife_ec2_create.config[:security_groups] = ["groupname"]
1209
- server_def = knife_ec2_create.create_server_def
1210
-
1211
- expect(server_def[:groups]).to eq(["groupname"])
1212
- end
1213
-
1214
- it "sets the specified security group ids" do
1215
- knife_ec2_create.config[:security_group_ids] = ["sg-aabbccdd", "sg-3764sdss", "sg-aab343ytre"]
1216
- server_def = knife_ec2_create.create_server_def
1217
-
1218
- expect(server_def[:security_group_ids]).to eq(["sg-aabbccdd", "sg-3764sdss", "sg-aab343ytre"])
1219
- end
1220
-
1221
- it "sets the image id from CLI arguments over knife config" do
1222
- knife_ec2_create.config[:image] = "ami-aaa"
1223
- Chef::Config[:knife][:image] = "ami-zzz"
1224
- server_def = knife_ec2_create.create_server_def
1225
-
1226
- expect(server_def[:image_id]).to eq("ami-aaa")
1227
- end
1228
-
1229
- it "sets the flavor id from CLI arguments over knife config" do
1230
- knife_ec2_create.config[:flavor] = "massive"
1231
- Chef::Config[:knife][:flavor] = "bitty"
1232
- server_def = knife_ec2_create.create_server_def
1233
-
1234
- expect(server_def[:flavor_id]).to eq("massive")
1235
- end
1236
-
1237
- it "sets the availability zone from CLI arguments over knife config" do
1238
- knife_ec2_create.config[:availability_zone] = "dis-one"
1239
- Chef::Config[:knife][:availability_zone] = "dat-one"
1240
- server_def = knife_ec2_create.create_server_def
1241
-
1242
- expect(server_def[:availability_zone]).to eq("dis-one")
1243
- end
1244
-
1245
- it "adds the specified ephemeral device mappings" do
1246
- knife_ec2_create.config[:ephemeral] = [ "/dev/sdb", "/dev/sdc", "/dev/sdd", "/dev/sde" ]
1247
- server_def = knife_ec2_create.create_server_def
1248
-
1249
- expect(server_def[:block_device_mapping]).to eq([{ "VirtualName" => "ephemeral0", "DeviceName" => "/dev/sdb" },
1250
- { "VirtualName" => "ephemeral1", "DeviceName" => "/dev/sdc" },
1251
- { "VirtualName" => "ephemeral2", "DeviceName" => "/dev/sdd" },
1252
- { "VirtualName" => "ephemeral3", "DeviceName" => "/dev/sde" }])
1253
- end
1254
-
1255
- it "sets the specified private ip address" do
1256
- knife_ec2_create.config[:subnet_id] = "subnet-1a2b3c4d"
1257
- knife_ec2_create.config[:private_ip_address] = "10.0.0.10"
1258
- server_def = knife_ec2_create.create_server_def
1259
-
1260
- expect(server_def[:subnet_id]).to eq("subnet-1a2b3c4d")
1261
- expect(server_def[:private_ip_address]).to eq("10.0.0.10")
1262
- end
1263
-
1264
- it "sets the IAM server role when one is specified" do
1265
- knife_ec2_create.config[:iam_instance_profile] = ["iam-role"]
1266
- server_def = knife_ec2_create.create_server_def
1267
-
1268
- expect(server_def[:iam_instance_profile_name]).to eq(["iam-role"])
1269
- end
1270
-
1271
- it "doesn't set an IAM server role by default" do
1272
- server_def = knife_ec2_create.create_server_def
1273
-
1274
- expect(server_def[:iam_instance_profile_name]).to eq(nil)
1275
- end
1276
-
1277
- it "doesn't use IAM profile by default" do
1278
- server_def = knife_ec2_create.create_server_def
1279
-
1280
- expect(server_def[:use_iam_profile]).to eq(nil)
1281
- end
1282
-
1283
- it "Set Tenancy Dedicated when both VPC mode and Flag is True" do
1284
- knife_ec2_create.config[:dedicated_instance] = true
1285
- allow(knife_ec2_create).to receive_messages(vpc_mode?: true)
1286
- server_def = knife_ec2_create.create_server_def
1287
- expect(server_def[:tenancy]).to eq("dedicated")
1288
- end
1289
-
1290
- it "Tenancy should be default with no vpc mode even is specified" do
1291
- knife_ec2_create.config[:dedicated_instance] = true
1292
- server_def = knife_ec2_create.create_server_def
1293
- expect(server_def[:tenancy]).to eq(nil)
1294
- end
1295
-
1296
- it "Tenancy should be default with vpc but not requested" do
1297
- allow(knife_ec2_create).to receive_messages(vpc_mode?: true)
1298
- server_def = knife_ec2_create.create_server_def
1299
- expect(server_def[:tenancy]).to eq(nil)
1300
- end
1301
-
1302
- it "sets associate_public_ip to true if specified and in vpc_mode" do
1303
- knife_ec2_create.config[:subnet_id] = "subnet-1a2b3c4d"
1304
- knife_ec2_create.config[:associate_public_ip] = true
1305
- server_def = knife_ec2_create.create_server_def
1306
-
1307
- expect(server_def[:subnet_id]).to eq("subnet-1a2b3c4d")
1308
- expect(server_def[:associate_public_ip]).to eq(true)
1309
- end
1310
-
1311
- it "sets the spot price" do
1312
- knife_ec2_create.config[:spot_price] = "1.99"
1313
- server_def = knife_ec2_create.create_server_def
1314
-
1315
- expect(server_def[:price]).to eq("1.99")
1316
- end
1317
-
1318
- it "sets the spot instance request type as persistent" do
1319
- knife_ec2_create.config[:spot_request_type] = "persistent"
1320
- server_def = knife_ec2_create.create_server_def
1321
-
1322
- expect(server_def[:request_type]).to eq("persistent")
1323
- end
1324
-
1325
- it "sets the spot instance request type as one-time" do
1326
- knife_ec2_create.config[:spot_request_type] = "one-time"
1327
- server_def = knife_ec2_create.create_server_def
1328
-
1329
- expect(server_def[:request_type]).to eq("one-time")
1330
- end
1331
-
1332
- context "when using ebs volume type and ebs provisioned iops rate options" do
1333
- before do
1334
- allow(knife_ec2_create).to receive_message_chain(:ami, :root_device_type).and_return("ebs")
1335
- allow(knife_ec2_create).to receive_message_chain(:ami, :block_device_mapping).and_return([{ "iops" => 123 }])
1336
- allow(knife_ec2_create).to receive(:msg)
1337
- allow(knife_ec2_create).to receive(:puts)
1338
- end
1339
-
1340
- it "sets the specified 'standard' ebs volume type" do
1341
- knife_ec2_create.config[:ebs_volume_type] = "standard"
1342
- server_def = knife_ec2_create.create_server_def
1343
-
1344
- expect(server_def[:block_device_mapping].first["Ebs.VolumeType"]).to eq("standard")
1345
- end
1346
-
1347
- it "sets the specified 'io1' ebs volume type" do
1348
- knife_ec2_create.config[:ebs_volume_type] = "io1"
1349
- server_def = knife_ec2_create.create_server_def
1350
-
1351
- expect(server_def[:block_device_mapping].first["Ebs.VolumeType"]).to eq("io1")
1352
- end
1353
-
1354
- it "sets the specified 'gp2' ebs volume type" do
1355
- knife_ec2_create.config[:ebs_volume_type] = "gp2"
1356
- server_def = knife_ec2_create.create_server_def
1357
-
1358
- expect(server_def[:block_device_mapping].first["Ebs.VolumeType"]).to eq("gp2")
1359
- end
1360
-
1361
- it "sets the specified ebs provisioned iops rate" do
1362
- knife_ec2_create.config[:ebs_provisioned_iops] = "1234"
1363
- knife_ec2_create.config[:ebs_volume_type] = "io1"
1364
- server_def = knife_ec2_create.create_server_def
1365
-
1366
- expect(server_def[:block_device_mapping].first["Ebs.Iops"]).to eq("1234")
1367
- end
1368
-
1369
- it "disallows non integer ebs provisioned iops rate" do
1370
- knife_ec2_create.config[:ebs_provisioned_iops] = "123abcd"
1371
-
1372
- expect { knife_ec2_create.create_server_def }.to raise_error SystemExit
1373
- end
1374
-
1375
- it "sets the iops rate from ami" do
1376
- knife_ec2_create.config[:ebs_volume_type] = "io1"
1377
- server_def = knife_ec2_create.create_server_def
1378
-
1379
- expect(server_def[:block_device_mapping].first["Ebs.Iops"]).to eq("123")
1380
- end
1381
- end
1382
- end
1383
-
1384
- describe "wait_for_sshd" do
1385
- let(:gateway) { "test.gateway.com" }
1386
- let(:hostname) { "test.host.com" }
1387
-
1388
- it "should wait for tunnelled ssh if a ssh gateway is provided" do
1389
- allow(knife_ec2_create).to receive(:get_ssh_gateway_for).and_return(gateway)
1390
- expect(knife_ec2_create).to receive(:wait_for_tunnelled_sshd).with(gateway, hostname)
1391
- knife_ec2_create.wait_for_sshd(hostname)
1392
- end
1393
-
1394
- it "should wait for direct ssh if a ssh gateway is not provided" do
1395
- allow(knife_ec2_create).to receive(:get_ssh_gateway_for).and_return(nil)
1396
- knife_ec2_create.config[:ssh_port] = 22
1397
- expect(knife_ec2_create).to receive(:wait_for_direct_sshd).with(hostname, 22)
1398
- knife_ec2_create.wait_for_sshd(hostname)
1399
- end
1400
- end
1401
-
1402
- describe "get_ssh_gateway_for" do
1403
- let(:gateway) { "test.gateway.com" }
1404
- let(:hostname) { "test.host.com" }
1405
-
1406
- it "should give precedence to the ssh gateway specified in the knife configuration" do
1407
- allow(Net::SSH::Config).to receive(:for).and_return(proxy: Net::SSH::Proxy::Command.new("ssh some.other.gateway.com nc %h %p"))
1408
- knife_ec2_create.config[:ssh_gateway] = gateway
1409
- expect(knife_ec2_create.get_ssh_gateway_for(hostname)).to eq(gateway)
1410
- end
1411
-
1412
- it "should return the ssh gateway specified in the ssh configuration even if the config option is not set" do
1413
- # This should already be false, but test this explicitly for regression
1414
- knife_ec2_create.config[:ssh_gateway] = false
1415
- allow(Net::SSH::Config).to receive(:for).and_return(proxy: Net::SSH::Proxy::Command.new("ssh #{gateway} nc %h %p"))
1416
- expect(knife_ec2_create.get_ssh_gateway_for(hostname)).to eq(gateway)
1417
- end
1418
-
1419
- it "should return nil if the ssh gateway cannot be parsed from the ssh proxy command" do
1420
- allow(Net::SSH::Config).to receive(:for).and_return(proxy: Net::SSH::Proxy::Command.new("cannot parse host"))
1421
- expect(knife_ec2_create.get_ssh_gateway_for(hostname)).to be_nil
1422
- end
1423
-
1424
- it "should return nil if the ssh proxy is not a proxy command" do
1425
- allow(Net::SSH::Config).to receive(:for).and_return(proxy: Net::SSH::Proxy::HTTP.new("httphost.com"))
1426
- expect(knife_ec2_create.get_ssh_gateway_for(hostname)).to be_nil
1427
- end
1428
-
1429
- it "returns nil if the ssh config has no proxy" do
1430
- allow(Net::SSH::Config).to receive(:for).and_return(user: "darius")
1431
- expect(knife_ec2_create.get_ssh_gateway_for(hostname)).to be_nil
1432
- end
1433
-
1434
- end
1435
-
1436
- describe "#subnet_public_ip_on_launch?" do
1437
- before do
1438
- allow(new_ec2_server).to receive_messages(subnet_id: "subnet-1a2b3c4d")
1439
- allow(knife_ec2_create).to receive_messages(server: new_ec2_server)
1440
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
1441
- end
1442
-
1443
- context "when auto_assign_public_ip is enabled" do
1444
- it "returns true" do
1445
- allow(ec2_connection).to receive_message_chain(:subnets, :get).and_return double( map_public_ip_on_launch: true )
1446
- expect(knife_ec2_create.subnet_public_ip_on_launch?).to eq(true)
1447
- end
1448
- end
1449
-
1450
- context "when auto_assign_public_ip is disabled" do
1451
- it "returns false" do
1452
- allow(ec2_connection).to receive_message_chain(:subnets, :get).and_return double( map_public_ip_on_launch: false )
1453
- expect(knife_ec2_create.subnet_public_ip_on_launch?).to eq(false)
1454
- end
1455
- end
1456
- end
1457
-
1458
- describe "ssh_connect_host" do
1459
- before(:each) do
1460
- allow(new_ec2_server).to receive_messages(
1461
- dns_name: "public.example.org",
1462
- private_ip_address: "192.168.1.100",
1463
- custom: "custom",
1464
- public_ip_address: "111.111.111.111",
1465
- subnet_id: "subnet-1a2b3c4d"
1466
- )
1467
- allow(knife_ec2_create).to receive_messages(server: new_ec2_server)
1468
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
1469
- end
1470
-
1471
- describe "by default" do
1472
- it "should use public dns name" do
1473
- expect(knife_ec2_create.ssh_connect_host).to eq("public.example.org")
1474
- end
1475
- end
1476
-
1477
- describe "when dns name not exist" do
1478
- it "should use public_ip_address " do
1479
- allow(new_ec2_server).to receive(:dns_name).and_return(nil)
1480
- expect(knife_ec2_create.ssh_connect_host).to eq("111.111.111.111")
1481
- end
1482
- end
1483
-
1484
- context "when vpc_mode? is true" do
1485
- before do
1486
- allow(knife_ec2_create).to receive_messages(vpc_mode?: true)
1487
- end
1488
-
1489
- context "subnet_public_ip_on_launch? is true" do
1490
- it "uses the dns_name or public_ip_address" do
1491
- allow(ec2_connection).to receive_message_chain(:subnets, :get).and_return double( map_public_ip_on_launch: true )
1492
- expect(knife_ec2_create.subnet_public_ip_on_launch?).to eq(true)
1493
- expect(knife_ec2_create.ssh_connect_host).to eq("public.example.org")
1494
- end
1495
- end
1496
-
1497
- context "--associate-public-ip is specified" do
1498
- it "uses the dns_name or public_ip_address" do
1499
- knife_ec2_create.config[:associate_public_ip] = true
1500
- allow(ec2_connection).to receive_message_chain(:subnets, :get).and_return double( map_public_ip_on_launch: false )
1501
- expect(knife_ec2_create.ssh_connect_host).to eq("public.example.org")
1502
- end
1503
- end
1504
-
1505
- context "--associate-eip is specified" do
1506
- it "uses the dns_name or public_ip_address" do
1507
- knife_ec2_create.config[:associate_eip] = "111.111.111.111"
1508
- allow(ec2_connection).to receive_message_chain(:subnets, :get).and_return double( map_public_ip_on_launch: false )
1509
- expect(knife_ec2_create.ssh_connect_host).to eq("public.example.org")
1510
- end
1511
- end
1512
-
1513
- context "with no other ip flags" do
1514
- it "uses private_ip_address" do
1515
- allow(ec2_connection).to receive_message_chain(:subnets, :get).and_return double( map_public_ip_on_launch: false )
1516
- expect(knife_ec2_create.ssh_connect_host).to eq("192.168.1.100")
1517
- end
1518
- end
1519
- end
1520
-
1521
- describe "with custom server attribute" do
1522
- it "should use custom server attribute" do
1523
- knife_ec2_create.config[:server_connect_attribute] = "custom"
1524
- expect(knife_ec2_create.ssh_connect_host).to eq("custom")
1525
- end
1526
- end
1527
- end
1528
-
1529
- describe "tunnel_test_ssh" do
1530
- let(:gateway_host) { "test.gateway.com" }
1531
- let(:gateway) { double("gateway") }
1532
- let(:hostname) { "test.host.com" }
1533
- let(:local_port) { 23 }
1534
-
1535
- before(:each) do
1536
- allow(knife_ec2_create).to receive(:configure_ssh_gateway).and_return(gateway)
1537
- end
1538
-
1539
- it "should test ssh through a gateway" do
1540
- knife_ec2_create.config[:ssh_port] = 22
1541
- expect(gateway).to receive(:open).with(hostname, 22).and_yield(local_port)
1542
- expect(knife_ec2_create).to receive(:tcp_test_ssh).with("localhost", local_port).and_return(true)
1543
- expect(knife_ec2_create.tunnel_test_ssh(gateway_host, hostname)).to eq(true)
1544
- end
1545
- end
1546
-
1547
- describe "configure_ssh_gateway" do
1548
- let(:gateway_host) { "test.gateway.com" }
1549
- let(:gateway_user) { "gateway_user" }
1550
-
1551
- it "configures a ssh gateway with no user and the default port when the SSH Config is empty" do
1552
- allow(Net::SSH::Config).to receive(:for).and_return({})
1553
- expect(Net::SSH::Gateway).to receive(:new).with(gateway_host, nil, port: 22)
1554
- knife_ec2_create.configure_ssh_gateway(gateway_host)
1555
- end
1556
-
1557
- it "configures a ssh gateway with the user specified in the SSH Config" do
1558
- allow(Net::SSH::Config).to receive(:for).and_return({ user: gateway_user })
1559
- expect(Net::SSH::Gateway).to receive(:new).with(gateway_host, gateway_user, port: 22)
1560
- knife_ec2_create.configure_ssh_gateway(gateway_host)
1561
- end
1562
-
1563
- it "configures a ssh gateway with the user specified in the ssh gateway string" do
1564
- allow(Net::SSH::Config).to receive(:for).and_return({ user: gateway_user })
1565
- expect(Net::SSH::Gateway).to receive(:new).with(gateway_host, "override_user", port: 22)
1566
- knife_ec2_create.configure_ssh_gateway("override_user@#{gateway_host}")
1567
- end
1568
-
1569
- it "configures a ssh gateway with the port specified in the ssh gateway string" do
1570
- allow(Net::SSH::Config).to receive(:for).and_return({})
1571
- expect(Net::SSH::Gateway).to receive(:new).with(gateway_host, nil, port: "24")
1572
- knife_ec2_create.configure_ssh_gateway("#{gateway_host}:24")
1573
- end
1574
-
1575
- it "configures a ssh gateway with the keys specified in the SSH Config" do
1576
- allow(Net::SSH::Config).to receive(:for).and_return({ keys: ["configuredkey"] })
1577
- expect(Net::SSH::Gateway).to receive(:new).with(gateway_host, nil, port: 22, keys: ["configuredkey"])
1578
- knife_ec2_create.configure_ssh_gateway(gateway_host)
1579
- end
1580
-
1581
- it "configures the ssh gateway with the key specified on the knife config / command line" do
1582
- knife_ec2_create.config[:ssh_gateway_identity] = "/home/fireman/.ssh/gateway.pem"
1583
- # Net::SSH::Config.stub(:for).and_return({ :keys => ['configuredkey'] })
1584
- expect(Net::SSH::Gateway).to receive(:new).with(gateway_host, nil, port: 22, keys: ["/home/fireman/.ssh/gateway.pem"])
1585
- knife_ec2_create.configure_ssh_gateway(gateway_host)
1586
- end
1587
-
1588
- it "prefers the knife config over the ssh config for the gateway keys" do
1589
- knife_ec2_create.config[:ssh_gateway_identity] = "/home/fireman/.ssh/gateway.pem"
1590
- allow(Net::SSH::Config).to receive(:for).and_return({ keys: ["not_this_key_dude"] })
1591
- expect(Net::SSH::Gateway).to receive(:new).with(gateway_host, nil, port: 22, keys: ["/home/fireman/.ssh/gateway.pem"])
1592
- knife_ec2_create.configure_ssh_gateway(gateway_host)
1593
- end
1594
- end
1595
-
1596
- describe "tcp_test_ssh" do
1597
- # Normally we would only get the header after we send a client header, e.g. 'SSH-2.0-client'
1598
- it "should return true if we get an ssh header" do
1599
- knife_ec2_create = Chef::Knife::Ec2ServerCreate.new
1600
- allow(TCPSocket).to receive(:new).and_return(StringIO.new("SSH-2.0-OpenSSH_6.1p1 Debian-4"))
1601
- allow(IO).to receive(:select).and_return(true)
1602
- expect(knife_ec2_create).to receive(:tcp_test_ssh).and_yield.and_return(true)
1603
- knife_ec2_create.tcp_test_ssh("blackhole.ninja", 22) { nil }
1604
- end
1605
-
1606
- it "should return false if we do not get an ssh header" do
1607
- knife_ec2_create = Chef::Knife::Ec2ServerCreate.new
1608
- allow(TCPSocket).to receive(:new).and_return(StringIO.new(""))
1609
- allow(IO).to receive(:select).and_return(true)
1610
- expect(knife_ec2_create.tcp_test_ssh("blackhole.ninja", 22)).to be_falsey
1611
- end
1612
-
1613
- it "should return false if the socket isn't ready" do
1614
- knife_ec2_create = Chef::Knife::Ec2ServerCreate.new
1615
- allow(TCPSocket).to receive(:new)
1616
- allow(IO).to receive(:select).and_return(false)
1617
- expect(knife_ec2_create.tcp_test_ssh("blackhole.ninja", 22)).to be_falsey
1618
- end
1619
- end
1620
-
1621
- describe "ssl_config_user_data" do
1622
- before do
1623
- knife_ec2_create.config[:winrm_password] = "ec2@123"
1624
- end
1625
-
1626
- context "For domain user" do
1627
- before do
1628
- knife_ec2_create.config[:winrm_user] = "domain\\ec2"
1629
- @ssl_config_data = <<~EOH
1630
-
1631
- If (-Not (Get-Service WinRM | Where-Object {$_.status -eq "Running"})) {
1632
- winrm quickconfig -q
1633
- }
1634
- If (winrm e winrm/config/listener | Select-String -Pattern " Transport = HTTP\\b" -Quiet) {
1635
- winrm delete winrm/config/listener?Address=*+Transport=HTTP
1636
- }
1637
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public-ipv4
1638
- If (-Not $vm_name) {
1639
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
1640
- }
1641
-
1642
- $name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
1643
- $name.Encode("CN=$vm_name", 0)
1644
- $key = new-object -com "X509Enrollment.CX509PrivateKey.1"
1645
- $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
1646
- $key.KeySpec = 1
1647
- $key.Length = 2048
1648
- $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
1649
- $key.MachineContext = 1
1650
- $key.Create()
1651
- $serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
1652
- $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
1653
- $ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
1654
- $ekuoids.add($serverauthoid)
1655
- $ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
1656
- $ekuext.InitializeEncode($ekuoids)
1657
- $cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
1658
- $cert.InitializeFromPrivateKey(2, $key, "")
1659
- $cert.Subject = $name
1660
- $cert.Issuer = $cert.Subject
1661
- $cert.NotBefore = get-date
1662
- $cert.NotAfter = $cert.NotBefore.AddYears(10)
1663
- $cert.X509Extensions.Add($ekuext)
1664
- $cert.Encode()
1665
- $enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
1666
- $enrollment.InitializeFromRequest($cert)
1667
- $certdata = $enrollment.CreateRequest(0)
1668
- $enrollment.InstallResponse(2, $certdata, 0, "")
1669
-
1670
- $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
1671
- $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
1672
- iex $create_listener_cmd
1673
- netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
1674
- EOH
1675
- end
1676
-
1677
- it "gets ssl config user data" do
1678
- expect(knife_ec2_create.ssl_config_user_data).to be == @ssl_config_data
1679
- end
1680
- end
1681
-
1682
- context "For local user" do
1683
- before do
1684
- knife_ec2_create.config[:winrm_user] = ".\\ec2"
1685
- @ssl_config_data = <<~EOH
1686
- net user /add ec2 ec2@123 ;
1687
- net localgroup Administrators /add ec2;
1688
-
1689
- If (-Not (Get-Service WinRM | Where-Object {$_.status -eq "Running"})) {
1690
- winrm quickconfig -q
1691
- }
1692
- If (winrm e winrm/config/listener | Select-String -Pattern " Transport = HTTP\\b" -Quiet) {
1693
- winrm delete winrm/config/listener?Address=*+Transport=HTTP
1694
- }
1695
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public-ipv4
1696
- If (-Not $vm_name) {
1697
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
1698
- }
1699
-
1700
- $name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
1701
- $name.Encode("CN=$vm_name", 0)
1702
- $key = new-object -com "X509Enrollment.CX509PrivateKey.1"
1703
- $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
1704
- $key.KeySpec = 1
1705
- $key.Length = 2048
1706
- $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
1707
- $key.MachineContext = 1
1708
- $key.Create()
1709
- $serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
1710
- $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
1711
- $ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
1712
- $ekuoids.add($serverauthoid)
1713
- $ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
1714
- $ekuext.InitializeEncode($ekuoids)
1715
- $cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
1716
- $cert.InitializeFromPrivateKey(2, $key, "")
1717
- $cert.Subject = $name
1718
- $cert.Issuer = $cert.Subject
1719
- $cert.NotBefore = get-date
1720
- $cert.NotAfter = $cert.NotBefore.AddYears(10)
1721
- $cert.X509Extensions.Add($ekuext)
1722
- $cert.Encode()
1723
- $enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
1724
- $enrollment.InitializeFromRequest($cert)
1725
- $certdata = $enrollment.CreateRequest(0)
1726
- $enrollment.InstallResponse(2, $certdata, 0, "")
1727
-
1728
- $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
1729
- $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
1730
- iex $create_listener_cmd
1731
- netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
1732
- EOH
1733
-
1734
- end
1735
-
1736
- it "gets ssl config user data" do
1737
- expect(knife_ec2_create.ssl_config_user_data).to be == @ssl_config_data
1738
- end
1739
- end
1740
- end
1741
-
1742
- describe "ssl_config_data_already_exist?" do
1743
-
1744
- before(:each) do
1745
- @user_user_data = "user_user_data.ps1"
1746
- knife_ec2_create.config[:winrm_user] = "domain\\ec2"
1747
- knife_ec2_create.config[:winrm_password] = "ec2@123"
1748
- knife_ec2_create.config[:aws_user_data] = @user_user_data
1749
- end
1750
-
1751
- context "ssl config data does not exist in user supplied user_data" do
1752
- before do
1753
- File.open(@user_user_data, "w+") do |f|
1754
- f.write <<~EOH
1755
- user_command_1\\\\user_command_2\\\\user_command_3
1756
- user_command_4
1757
- EOH
1758
- end
1759
- end
1760
-
1761
- it "returns false" do
1762
- expect(knife_ec2_create.ssl_config_data_already_exist?).to eq(false)
1763
- end
1764
- end
1765
-
1766
- context "ssl config data already exist in user supplied user_data" do
1767
- before do
1768
- File.open(@user_user_data, "w+") do |f|
1769
- f.write <<~EOH
1770
- user_command_1
1771
- user_command_2
1772
-
1773
- <powershell>
1774
-
1775
- If (-Not (Get-Service WinRM | Where-Object {$_.status -eq "Running"})) {
1776
- winrm quickconfig -q
1777
- }
1778
- If (winrm e winrm/config/listener | Select-String -Pattern " Transport = HTTP\\b" -Quiet) {
1779
- winrm delete winrm/config/listener?Address=*+Transport=HTTP
1780
- }
1781
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public-ipv4
1782
- If (-Not $vm_name) {
1783
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
1784
- }
1785
-
1786
- $name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
1787
- $name.Encode("CN=$vm_name", 0)
1788
- $key = new-object -com "X509Enrollment.CX509PrivateKey.1"
1789
- $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
1790
- $key.KeySpec = 1
1791
- $key.Length = 2048
1792
- $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
1793
- $key.MachineContext = 1
1794
- $key.Create()
1795
- $serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
1796
- $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
1797
- $ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
1798
- $ekuoids.add($serverauthoid)
1799
- $ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
1800
- $ekuext.InitializeEncode($ekuoids)
1801
- $cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
1802
- $cert.InitializeFromPrivateKey(2, $key, "")
1803
- $cert.Subject = $name
1804
- $cert.Issuer = $cert.Subject
1805
- $cert.NotBefore = get-date
1806
- $cert.NotAfter = $cert.NotBefore.AddYears(10)
1807
- $cert.X509Extensions.Add($ekuext)
1808
- $cert.Encode()
1809
- $enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
1810
- $enrollment.InitializeFromRequest($cert)
1811
- $certdata = $enrollment.CreateRequest(0)
1812
- $enrollment.InstallResponse(2, $certdata, 0, "")
1813
-
1814
- $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
1815
- $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
1816
- iex $create_listener_cmd
1817
-
1818
- netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
1819
-
1820
- </powershell>
1821
-
1822
- EOH
1823
- end
1824
- end
1825
-
1826
- it "returns false" do
1827
- expect(knife_ec2_create.ssl_config_data_already_exist?).to eq(false)
1828
- end
1829
- end
1830
-
1831
- after(:each) do
1832
- knife_ec2_create.config.delete(:aws_user_data)
1833
- FileUtils.rm_rf @user_user_data
1834
- end
1835
- end
1836
-
1837
- describe "attach ssl config into user data when transport is ssl" do
1838
- before(:each) do
1839
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
1840
- Chef::Config[:knife][:ssh_key_name] = "mykey"
1841
- knife_ec2_create.config[:ssh_key_name] = "ssh_key_name"
1842
- knife_ec2_create.config[:winrm_transport] = "ssl"
1843
- knife_ec2_create.config[:create_ssl_listener] = true
1844
- knife_ec2_create.config[:winrm_user] = "domain\\ec2"
1845
- knife_ec2_create.config[:winrm_password] = "ec2@123"
1846
- end
1847
-
1848
- context "when user_data script provided by user contains only <script> section" do
1849
- before do
1850
- @user_user_data = "user_user_data.ps1"
1851
- File.open(@user_user_data, "w+") do |f|
1852
- f.write <<~EOH
1853
- <script>
1854
-
1855
- ipconfig > c:\\ipconfig_data.txt
1856
-
1857
- </script>
1858
- EOH
1859
- end
1860
- @server_def_user_data = <<~EOH
1861
- <script>
1862
-
1863
- ipconfig > c:\\ipconfig_data.txt
1864
-
1865
- </script>
1866
-
1867
-
1868
- <powershell>
1869
-
1870
- If (-Not (Get-Service WinRM | Where-Object {$_.status -eq "Running"})) {
1871
- winrm quickconfig -q
1872
- }
1873
- If (winrm e winrm/config/listener | Select-String -Pattern " Transport = HTTP\\b" -Quiet) {
1874
- winrm delete winrm/config/listener?Address=*+Transport=HTTP
1875
- }
1876
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public-ipv4
1877
- If (-Not $vm_name) {
1878
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
1879
- }
1880
-
1881
- $name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
1882
- $name.Encode("CN=$vm_name", 0)
1883
- $key = new-object -com "X509Enrollment.CX509PrivateKey.1"
1884
- $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
1885
- $key.KeySpec = 1
1886
- $key.Length = 2048
1887
- $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
1888
- $key.MachineContext = 1
1889
- $key.Create()
1890
- $serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
1891
- $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
1892
- $ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
1893
- $ekuoids.add($serverauthoid)
1894
- $ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
1895
- $ekuext.InitializeEncode($ekuoids)
1896
- $cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
1897
- $cert.InitializeFromPrivateKey(2, $key, "")
1898
- $cert.Subject = $name
1899
- $cert.Issuer = $cert.Subject
1900
- $cert.NotBefore = get-date
1901
- $cert.NotAfter = $cert.NotBefore.AddYears(10)
1902
- $cert.X509Extensions.Add($ekuext)
1903
- $cert.Encode()
1904
- $enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
1905
- $enrollment.InitializeFromRequest($cert)
1906
- $certdata = $enrollment.CreateRequest(0)
1907
- $enrollment.InstallResponse(2, $certdata, 0, "")
1908
-
1909
- $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
1910
- $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
1911
- iex $create_listener_cmd
1912
- netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
1913
- </powershell>
1914
- EOH
1915
- knife_ec2_create.config[:aws_user_data] = @user_user_data
1916
- end
1917
-
1918
- it "appends ssl config to user supplied user_data after <script> tag section" do
1919
- server_def = knife_ec2_create.create_server_def
1920
-
1921
- expect(server_def[:user_data]).to eq(@server_def_user_data)
1922
- end
1923
-
1924
- after do
1925
- knife_ec2_create.config.delete(:aws_user_data)
1926
- FileUtils.rm_rf @user_user_data
1927
- end
1928
- end
1929
-
1930
- context "when user_data script provided by user contains <powershell> section" do
1931
- before do
1932
- @user_user_data = "user_user_data.ps1"
1933
- File.open(@user_user_data, "w+") do |f|
1934
- f.write <<~EOH
1935
- <powershell>
1936
-
1937
- Get-DscLocalConfigurationManager > c:\\dsc_data.txt
1938
- </powershell>
1939
- EOH
1940
- end
1941
- @server_def_user_data = <<~EOH
1942
- <powershell>
1943
-
1944
- Get-DscLocalConfigurationManager > c:\\dsc_data.txt
1945
-
1946
- If (-Not (Get-Service WinRM | Where-Object {$_.status -eq "Running"})) {
1947
- winrm quickconfig -q
1948
- }
1949
- If (winrm e winrm/config/listener | Select-String -Pattern " Transport = HTTP\\b" -Quiet) {
1950
- winrm delete winrm/config/listener?Address=*+Transport=HTTP
1951
- }
1952
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public-ipv4
1953
- If (-Not $vm_name) {
1954
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
1955
- }
1956
-
1957
- $name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
1958
- $name.Encode("CN=$vm_name", 0)
1959
- $key = new-object -com "X509Enrollment.CX509PrivateKey.1"
1960
- $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
1961
- $key.KeySpec = 1
1962
- $key.Length = 2048
1963
- $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
1964
- $key.MachineContext = 1
1965
- $key.Create()
1966
- $serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
1967
- $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
1968
- $ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
1969
- $ekuoids.add($serverauthoid)
1970
- $ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
1971
- $ekuext.InitializeEncode($ekuoids)
1972
- $cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
1973
- $cert.InitializeFromPrivateKey(2, $key, "")
1974
- $cert.Subject = $name
1975
- $cert.Issuer = $cert.Subject
1976
- $cert.NotBefore = get-date
1977
- $cert.NotAfter = $cert.NotBefore.AddYears(10)
1978
- $cert.X509Extensions.Add($ekuext)
1979
- $cert.Encode()
1980
- $enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
1981
- $enrollment.InitializeFromRequest($cert)
1982
- $certdata = $enrollment.CreateRequest(0)
1983
- $enrollment.InstallResponse(2, $certdata, 0, "")
1984
-
1985
- $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
1986
- $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
1987
- iex $create_listener_cmd
1988
- netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
1989
- </powershell>
1990
- EOH
1991
- knife_ec2_create.config[:aws_user_data] = @user_user_data
1992
- end
1993
-
1994
- it "appends ssl config to user supplied user_data at the end of <powershell> tag section" do
1995
- server_def = knife_ec2_create.create_server_def
1996
-
1997
- expect(server_def[:user_data]).to eq(@server_def_user_data)
1998
- end
1999
-
2000
- after do
2001
- knife_ec2_create.config.delete(:aws_user_data)
2002
- FileUtils.rm_rf @user_user_data
2003
- end
2004
- end
2005
-
2006
- context "when user_data script provided by user already contains ssl config code" do
2007
- before do
2008
- @user_user_data = "user_user_data.ps1"
2009
- File.open(@user_user_data, "w+") do |f|
2010
- f.write <<~EOH
2011
- <powershell>
2012
-
2013
- Get-DscLocalConfigurationManager > c:\\dsc_data.txt
2014
-
2015
- If (-Not (Get-Service WinRM | Where-Object {$_.status -eq "Running"})) {
2016
- winrm quickconfig -q
2017
- }
2018
- If (winrm e winrm/config/listener | Select-String -Pattern " Transport = HTTP\\b" -Quiet) {
2019
- winrm delete winrm/config/listener?Address=*+Transport=HTTP
2020
- }
2021
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public-ipv4
2022
- If (-Not $vm_name) {
2023
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
2024
- }
2025
-
2026
- $name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
2027
- $name.Encode("CN=$vm_name", 0)
2028
- $key = new-object -com "X509Enrollment.CX509PrivateKey.1"
2029
- $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
2030
- $key.KeySpec = 1
2031
- $key.Length = 2048
2032
- $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
2033
- $key.MachineContext = 1
2034
- $key.Create()
2035
- $serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
2036
- $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
2037
- $ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
2038
- $ekuoids.add($serverauthoid)
2039
- $ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
2040
- $ekuext.InitializeEncode($ekuoids)
2041
- $cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
2042
- $cert.InitializeFromPrivateKey(2, $key, "")
2043
- $cert.Subject = $name
2044
- $cert.Issuer = $cert.Subject
2045
- $cert.NotBefore = get-date
2046
- $cert.NotAfter = $cert.NotBefore.AddYears(10)
2047
- $cert.X509Extensions.Add($ekuext)
2048
- $cert.Encode()
2049
- $enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
2050
- $enrollment.InitializeFromRequest($cert)
2051
- $certdata = $enrollment.CreateRequest(0)
2052
- $enrollment.InstallResponse(2, $certdata, 0, "")
2053
-
2054
- $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
2055
- $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
2056
- iex $create_listener_cmd
2057
- netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
2058
- </powershell>
2059
- EOH
2060
- end
2061
- @server_def_user_data = <<~EOH
2062
- <powershell>
2063
-
2064
- Get-DscLocalConfigurationManager > c:\\dsc_data.txt
2065
-
2066
- If (-Not (Get-Service WinRM | Where-Object {$_.status -eq "Running"})) {
2067
- winrm quickconfig -q
2068
- }
2069
- If (winrm e winrm/config/listener | Select-String -Pattern " Transport = HTTP\\b" -Quiet) {
2070
- winrm delete winrm/config/listener?Address=*+Transport=HTTP
2071
- }
2072
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public-ipv4
2073
- If (-Not $vm_name) {
2074
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
2075
- }
2076
-
2077
- $name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
2078
- $name.Encode("CN=$vm_name", 0)
2079
- $key = new-object -com "X509Enrollment.CX509PrivateKey.1"
2080
- $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
2081
- $key.KeySpec = 1
2082
- $key.Length = 2048
2083
- $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
2084
- $key.MachineContext = 1
2085
- $key.Create()
2086
- $serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
2087
- $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
2088
- $ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
2089
- $ekuoids.add($serverauthoid)
2090
- $ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
2091
- $ekuext.InitializeEncode($ekuoids)
2092
- $cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
2093
- $cert.InitializeFromPrivateKey(2, $key, "")
2094
- $cert.Subject = $name
2095
- $cert.Issuer = $cert.Subject
2096
- $cert.NotBefore = get-date
2097
- $cert.NotAfter = $cert.NotBefore.AddYears(10)
2098
- $cert.X509Extensions.Add($ekuext)
2099
- $cert.Encode()
2100
- $enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
2101
- $enrollment.InitializeFromRequest($cert)
2102
- $certdata = $enrollment.CreateRequest(0)
2103
- $enrollment.InstallResponse(2, $certdata, 0, "")
2104
-
2105
- $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
2106
- $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
2107
- iex $create_listener_cmd
2108
- netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
2109
- </powershell>
2110
- EOH
2111
- knife_ec2_create.config[:aws_user_data] = @user_user_data
2112
- end
2113
-
2114
- it "does no modifications and passes user_data as it is to server_def" do
2115
- server_def = knife_ec2_create.create_server_def
2116
-
2117
- expect(server_def[:user_data]).to eq(@server_def_user_data)
2118
- end
2119
-
2120
- after do
2121
- knife_ec2_create.config.delete(:aws_user_data)
2122
- FileUtils.rm_rf @user_user_data
2123
- end
2124
- end
2125
-
2126
- context "when user_data script provided by user has invalid syntax" do
2127
- before do
2128
- @user_user_data = "user_user_data.ps1"
2129
- File.open(@user_user_data, "w+") do |f|
2130
- f.write <<~EOH
2131
- <powershell>
2132
-
2133
- Get-DscLocalConfigurationManager > c:\\dsc_data.txt
2134
-
2135
- <script>
2136
-
2137
- ipconfig > c:\\ipconfig_data.txt
2138
-
2139
- </script>
2140
- EOH
2141
- end
2142
- knife_ec2_create.config[:aws_user_data] = @user_user_data
2143
- end
2144
-
2145
- it "gives error and exits" do
2146
- expect(knife_ec2_create.ui).to receive(:error).with("Provided user_data file is invalid.")
2147
- expect { knife_ec2_create.create_server_def }.to raise_error SystemExit
2148
- end
2149
-
2150
- after do
2151
- knife_ec2_create.config.delete(:aws_user_data)
2152
- FileUtils.rm_rf @user_user_data
2153
- end
2154
- end
2155
-
2156
- context "when user_data script provided by user has <powershell> and <script> tag sections" do
2157
- before do
2158
- @user_user_data = "user_user_data.ps1"
2159
- File.open(@user_user_data, "w+") do |f|
2160
- f.write <<~EOH
2161
- <powershell>
2162
-
2163
- Get-DscLocalConfigurationManager > c:\\dsc_data.txt
2164
-
2165
- </powershell>
2166
- <script>
2167
-
2168
- ipconfig > c:\\ipconfig_data.txt
2169
-
2170
- </script>
2171
- EOH
2172
- end
2173
- @server_def_user_data = <<~EOH
2174
- <powershell>
2175
-
2176
- Get-DscLocalConfigurationManager > c:\\dsc_data.txt
2177
-
2178
-
2179
- If (-Not (Get-Service WinRM | Where-Object {$_.status -eq "Running"})) {
2180
- winrm quickconfig -q
2181
- }
2182
- If (winrm e winrm/config/listener | Select-String -Pattern " Transport = HTTP\\b" -Quiet) {
2183
- winrm delete winrm/config/listener?Address=*+Transport=HTTP
2184
- }
2185
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public-ipv4
2186
- If (-Not $vm_name) {
2187
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
2188
- }
2189
-
2190
- $name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
2191
- $name.Encode("CN=$vm_name", 0)
2192
- $key = new-object -com "X509Enrollment.CX509PrivateKey.1"
2193
- $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
2194
- $key.KeySpec = 1
2195
- $key.Length = 2048
2196
- $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
2197
- $key.MachineContext = 1
2198
- $key.Create()
2199
- $serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
2200
- $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
2201
- $ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
2202
- $ekuoids.add($serverauthoid)
2203
- $ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
2204
- $ekuext.InitializeEncode($ekuoids)
2205
- $cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
2206
- $cert.InitializeFromPrivateKey(2, $key, "")
2207
- $cert.Subject = $name
2208
- $cert.Issuer = $cert.Subject
2209
- $cert.NotBefore = get-date
2210
- $cert.NotAfter = $cert.NotBefore.AddYears(10)
2211
- $cert.X509Extensions.Add($ekuext)
2212
- $cert.Encode()
2213
- $enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
2214
- $enrollment.InitializeFromRequest($cert)
2215
- $certdata = $enrollment.CreateRequest(0)
2216
- $enrollment.InstallResponse(2, $certdata, 0, "")
2217
-
2218
- $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
2219
- $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
2220
- iex $create_listener_cmd
2221
- netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
2222
- </powershell>
2223
- <script>
2224
-
2225
- ipconfig > c:\\ipconfig_data.txt
2226
-
2227
- </script>
2228
- EOH
2229
- knife_ec2_create.config[:aws_user_data] = @user_user_data
2230
- end
2231
-
2232
- it "appends ssl config to user supplied user_data at the end of <powershell> tag section" do
2233
- server_def = knife_ec2_create.create_server_def
2234
-
2235
- expect(server_def[:user_data]).to eq(@server_def_user_data)
2236
- end
2237
-
2238
- after do
2239
- knife_ec2_create.config.delete(:aws_user_data)
2240
- FileUtils.rm_rf @user_user_data
2241
- end
2242
- end
2243
-
2244
- context "when user_data is not supplied by user on cli" do
2245
- before do
2246
- @server_def_user_data = <<~EOH
2247
- <powershell>
2248
-
2249
- If (-Not (Get-Service WinRM | Where-Object {$_.status -eq "Running"})) {
2250
- winrm quickconfig -q
2251
- }
2252
- If (winrm e winrm/config/listener | Select-String -Pattern " Transport = HTTP\\b" -Quiet) {
2253
- winrm delete winrm/config/listener?Address=*+Transport=HTTP
2254
- }
2255
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/public-ipv4
2256
- If (-Not $vm_name) {
2257
- $vm_name = invoke-restmethod -uri http://169.254.169.254/latest/meta-data/local-ipv4
2258
- }
2259
-
2260
- $name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
2261
- $name.Encode("CN=$vm_name", 0)
2262
- $key = new-object -com "X509Enrollment.CX509PrivateKey.1"
2263
- $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
2264
- $key.KeySpec = 1
2265
- $key.Length = 2048
2266
- $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
2267
- $key.MachineContext = 1
2268
- $key.Create()
2269
- $serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
2270
- $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
2271
- $ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
2272
- $ekuoids.add($serverauthoid)
2273
- $ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
2274
- $ekuext.InitializeEncode($ekuoids)
2275
- $cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
2276
- $cert.InitializeFromPrivateKey(2, $key, "")
2277
- $cert.Subject = $name
2278
- $cert.Issuer = $cert.Subject
2279
- $cert.NotBefore = get-date
2280
- $cert.NotAfter = $cert.NotBefore.AddYears(10)
2281
- $cert.X509Extensions.Add($ekuext)
2282
- $cert.Encode()
2283
- $enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
2284
- $enrollment.InitializeFromRequest($cert)
2285
- $certdata = $enrollment.CreateRequest(0)
2286
- $enrollment.InstallResponse(2, $certdata, 0, "")
2287
-
2288
- $thumbprint = (Get-ChildItem -Path cert:\\localmachine\\my | Where-Object {$_.Subject -match "$vm_name"}).Thumbprint;
2289
- $create_listener_cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$vm_name`";CertificateThumbprint=`"$thumbprint`"}'"
2290
- iex $create_listener_cmd
2291
- netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in Localport=5986 remoteport=any action=allow localip=any remoteip=any profile=any enable=yes
2292
- </powershell>
2293
- EOH
2294
- end
2295
-
2296
- it "creates user_data only with default ssl configuration" do
2297
- server_def = knife_ec2_create.create_server_def
2298
-
2299
- expect(server_def[:user_data]).to eq(@server_def_user_data)
2300
- end
2301
- end
2302
-
2303
- context "when user has specified --no-create-ssl-listener along with his/her own user_data on cli" do
2304
- before do
2305
- knife_ec2_create.config[:create_ssl_listener] = false
2306
- @user_user_data = "user_user_data.ps1"
2307
- File.open(@user_user_data, "w+") do |f|
2308
- f.write <<~EOH
2309
- <powershell>
2310
-
2311
- Get-DscLocalConfigurationManager > c:\\dsc_data.txt
2312
-
2313
- </powershell>
2314
- <script>
2315
-
2316
- ipconfig > c:\\ipconfig_data.txt
2317
-
2318
- </script>
2319
- EOH
2320
- end
2321
- @server_def_user_data = <<~EOH
2322
- <powershell>
2323
-
2324
- Get-DscLocalConfigurationManager > c:\\dsc_data.txt
2325
-
2326
- </powershell>
2327
- <script>
2328
-
2329
- ipconfig > c:\\ipconfig_data.txt
2330
-
2331
- </script>
2332
- EOH
2333
- knife_ec2_create.config[:aws_user_data] = @user_user_data
2334
- end
2335
-
2336
- it "does not attach ssl config into the user_data supplied by user on cli" do
2337
- server_def = knife_ec2_create.create_server_def
2338
-
2339
- expect(server_def[:user_data]).to eq(@server_def_user_data)
2340
- end
2341
-
2342
- after do
2343
- knife_ec2_create.config.delete(:aws_user_data)
2344
- FileUtils.rm_rf @user_user_data
2345
- end
2346
- end
2347
-
2348
- context "when user has specified --no-create-ssl-listener with no user_data on cli" do
2349
- before do
2350
- knife_ec2_create.config[:create_ssl_listener] = false
2351
- @server_def_user_data = nil
2352
- end
2353
-
2354
- it "creates nil or empty user_data" do
2355
- server_def = knife_ec2_create.create_server_def
2356
-
2357
- expect(server_def[:user_data]).to eq(@server_def_user_data)
2358
- end
2359
- end
2360
-
2361
- after(:each) do
2362
- knife_ec2_create.config.delete(:ssh_key_name)
2363
- Chef::Config[:knife].delete(:ssh_key_name)
2364
- knife_ec2_create.config.delete(:winrm_transport)
2365
- knife_ec2_create.config.delete(:create_ssl_listener)
2366
- end
2367
- end
2368
-
2369
- describe "do not attach ssl config into user data when transport is plaintext" do
2370
- before(:each) do
2371
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
2372
- Chef::Config[:knife][:ssh_key_name] = "mykey"
2373
- knife_ec2_create.config[:ssh_key_name] = "ssh_key_name"
2374
- knife_ec2_create.config[:winrm_transport] = "plaintext"
2375
- end
2376
-
2377
- context "when user_data is supplied on cli" do
2378
- before do
2379
- @user_user_data = "user_user_data.ps1"
2380
- File.open(@user_user_data, "w+") do |f|
2381
- f.write <<~EOH
2382
- <script>
2383
-
2384
- ipconfig > c:\\ipconfig_data.txt
2385
- netstat > c:\\netstat_data.txt
2386
-
2387
- </script>
2388
- EOH
2389
- end
2390
- knife_ec2_create.config[:aws_user_data] = @user_user_data
2391
- @server_def_user_data = <<~EOH
2392
- <script>
2393
-
2394
- ipconfig > c:\\ipconfig_data.txt
2395
- netstat > c:\\netstat_data.txt
2396
-
2397
- </script>
2398
- EOH
2399
- end
2400
-
2401
- it "user_data is created only with user's user_data" do
2402
- server_def = knife_ec2_create.create_server_def
2403
-
2404
- expect(server_def[:user_data]).to eq(@server_def_user_data)
2405
- end
2406
-
2407
- after do
2408
- knife_ec2_create.config.delete(:aws_user_data)
2409
- FileUtils.rm_rf @user_user_data
2410
- end
2411
- end
2412
-
2413
- context "when user_data is not supplied on cli" do
2414
- before do
2415
- @server_def_user_data = nil
2416
- end
2417
-
2418
- it "creates nil or empty user_data" do
2419
- server_def = knife_ec2_create.create_server_def
2420
-
2421
- expect(server_def[:user_data]).to eq(@server_def_user_data)
2422
- end
2423
- end
2424
-
2425
- after(:each) do
2426
- knife_ec2_create.config.delete(:ssh_key_name)
2427
- Chef::Config[:knife].delete(:ssh_key_name)
2428
- knife_ec2_create.config.delete(:winrm_transport)
2429
- end
2430
- end
2431
-
2432
- describe "disable_api_termination option" do
2433
- context "spot instance" do
2434
- context "disable_api_termination is not passed on CLI or in knife config" do
2435
- before do
2436
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
2437
- knife_ec2_create.config[:spot_price] = 0.001
2438
- end
2439
-
2440
- it "does not set disable_api_termination option in server_def" do
2441
- server_def = knife_ec2_create.create_server_def
2442
- expect(server_def[:disable_api_termination]).to be_nil
2443
- end
2444
-
2445
- it "does not raise error" do
2446
- expect(knife_ec2_create.ui).to_not receive(:error).with(
2447
- "spot-price and disable-api-termination options cannot be passed together as 'Termination Protection' cannot be enabled for spot instances."
2448
- )
2449
- expect { knife_ec2_create.validate! }.to_not raise_error
2450
- end
2451
- end
2452
-
2453
- context "disable_api_termination is passed on CLI" do
2454
- before do
2455
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
2456
- knife_ec2_create.config[:spot_price] = 0.001
2457
- knife_ec2_create.config[:disable_api_termination] = true
2458
- end
2459
-
2460
- it "raises error" do
2461
- expect(knife_ec2_create.ui).to receive(:error).with(
2462
- "spot-price and disable-api-termination options cannot be passed together as 'Termination Protection' cannot be enabled for spot instances."
2463
- )
2464
- expect { knife_ec2_create.validate! }.to raise_error(SystemExit)
2465
- end
2466
- end
2467
-
2468
- context "disable_api_termination is passed in knife config" do
2469
- before do
2470
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
2471
- knife_ec2_create.config[:spot_price] = 0.001
2472
- Chef::Config[:knife][:disable_api_termination] = true
2473
- end
2474
-
2475
- it "raises error" do
2476
- expect(knife_ec2_create.ui).to receive(:error).with(
2477
- "spot-price and disable-api-termination options cannot be passed together as 'Termination Protection' cannot be enabled for spot instances."
2478
- )
2479
- expect { knife_ec2_create.validate! }.to raise_error(SystemExit)
2480
- end
2481
- end
2482
- end
2483
-
2484
- context "non-spot instance" do
2485
- context "when disable_api_termination option is not passed on the CLI or in the knife config" do
2486
- before do
2487
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
2488
- end
2489
-
2490
- it "sets disable_api_termination option in server_def with value as false" do
2491
- server_def = knife_ec2_create.create_server_def
2492
- expect(server_def[:disable_api_termination]).to be == false
2493
- end
2494
-
2495
- it "does not raise error" do
2496
- expect(knife_ec2_create.ui).to_not receive(:error).with(
2497
- "spot-price and disable-api-termination options cannot be passed together as 'Termination Protection' cannot be enabled for spot instances."
2498
- )
2499
- expect { knife_ec2_create.validate! }.to_not raise_error
2500
- end
2501
- end
2502
-
2503
- context "when disable_api_termination option is passed on the CLI" do
2504
- before do
2505
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
2506
- knife_ec2_create.config[:disable_api_termination] = true
2507
- end
2508
-
2509
- it "sets disable_api_termination option in server_def with value as true" do
2510
- server_def = knife_ec2_create.create_server_def
2511
- expect(server_def[:disable_api_termination]).to be == true
2512
- end
2513
-
2514
- it "does not raise error" do
2515
- expect(knife_ec2_create.ui).to_not receive(:error).with(
2516
- "spot-price and disable-api-termination options cannot be passed together as 'Termination Protection' cannot be enabled for spot instances."
2517
- )
2518
- expect { knife_ec2_create.validate! }.to_not raise_error
2519
- end
2520
- end
2521
-
2522
- context "when disable_api_termination option is passed in the knife config" do
2523
- before do
2524
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
2525
- Chef::Config[:knife][:disable_api_termination] = true
2526
- end
2527
-
2528
- it "sets disable_api_termination option in server_def with value as true" do
2529
- server_def = knife_ec2_create.create_server_def
2530
- expect(server_def[:disable_api_termination]).to be == true
2531
- end
2532
-
2533
- it "does not raise error" do
2534
- expect(knife_ec2_create.ui).to_not receive(:error).with(
2535
- "spot-price and disable-api-termination options cannot be passed together as 'Termination Protection' cannot be enabled for spot instances."
2536
- )
2537
- expect { knife_ec2_create.validate! }.to_not raise_error
2538
- end
2539
- end
2540
- end
2541
- end
2542
-
2543
- describe "--security-group-ids option" do
2544
- before do
2545
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
2546
- end
2547
-
2548
- context "when comma seprated values are provided from cli" do
2549
- let(:ec2_server_create) { Chef::Knife::Ec2ServerCreate.new(["--security-group-ids", "sg-aabbccdd,sg-3764sdss,sg-00aa11bb"]) }
2550
- it "creates array of security group ids" do
2551
- server_def = ec2_server_create.create_server_def
2552
- expect(server_def[:security_group_ids]).to eq(["sg-aabbccdd", "sg-3764sdss", "sg-00aa11bb"])
2553
- end
2554
- end
2555
-
2556
- context "when mulitple values provided from cli for e.g. --security-group-ids sg-aab343ytr --security-group-ids sg-3764sdss" do
2557
- let(:ec2_server_create) { Chef::Knife::Ec2ServerCreate.new(["--security-group-ids", "sg-aab343ytr", "--security-group-ids", "sg-3764sdss"]) }
2558
- it "creates array of security group ids" do
2559
- server_def = ec2_server_create.create_server_def
2560
- expect(server_def[:security_group_ids]).to eq(["sg-aab343ytr", "sg-3764sdss"])
2561
- end
2562
- end
2563
-
2564
- context "when comma seprated input is provided from knife.rb" do
2565
- it "raises error" do
2566
- Chef::Config[:knife][:security_group_ids] = "sg-aabbccdd, sg-3764sdss, sg-00aa11bb"
2567
- expect { knife_ec2_create.validate! }.to raise_error(SystemExit)
2568
- end
2569
- end
2570
-
2571
- context "when security group ids array is provided from knife.rb" do
2572
- it "allows --security-group-ids set from an array in knife.rb" do
2573
- Chef::Config[:knife][:security_group_ids] = ["sg-aabbccdd", "sg-3764sdss", "sg-00aa11bb"]
2574
- expect { knife_ec2_create.validate! }.to_not raise_error(SystemExit)
2575
- end
2576
- end
2577
- end
2578
-
2579
- describe "--security-group-id option" do
2580
- before do
2581
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
2582
- end
2583
-
2584
- context "when mulitple values provided from cli for e.g. -g sg-aab343ytr -g sg-3764sdss" do
2585
- let(:ec2_server_create) { Chef::Knife::Ec2ServerCreate.new(["-g", "sg-aab343ytr", "-g", "sg-3764sdss"]) }
2586
- it "creates array of security group ids" do
2587
- server_def = ec2_server_create.create_server_def
2588
- expect(server_def[:security_group_ids]).to eq(["sg-aab343ytr", "sg-3764sdss"])
2589
- end
2590
- end
2591
-
2592
- context "when single value provided from cli for e.g. --security-group-id 3764sdss" do
2593
- let(:ec2_server_create) { Chef::Knife::Ec2ServerCreate.new(["--security-group-id", "sg-aab343ytr"]) }
2594
- it "creates array of security group ids" do
2595
- server_def = ec2_server_create.create_server_def
2596
- expect(server_def[:security_group_ids]).to eq(["sg-aab343ytr"])
2597
- end
2598
- end
2599
- end
2600
-
2601
- describe "--chef-tag option" do
2602
- before do
2603
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
2604
- end
2605
-
2606
- context 'when mulitple values provided from cli for e.g. --chef-tag "foo" --chef-tag "bar"' do
2607
- let(:ec2_server_create) { Chef::Knife::Ec2ServerCreate.new(["--chef-tag", "foo", "--chef-tag", "bar"]) }
2608
- it "creates array of chef tag" do
2609
- server_def = ec2_server_create.create_server_def
2610
- expect(server_def[:chef_tag]).to eq(%w{foo bar})
2611
- end
2612
- end
2613
-
2614
- context "when single value provided from cli for e.g. --chef-tag foo" do
2615
- let(:ec2_server_create) { Chef::Knife::Ec2ServerCreate.new(["--chef-tag", "foo"]) }
2616
- it "creates array of chef tag" do
2617
- server_def = ec2_server_create.create_server_def
2618
- expect(server_def[:chef_tag]).to eq(["foo"])
2619
- end
2620
- end
2621
- end
2622
-
2623
- describe "--aws-tag option" do
2624
- before do
2625
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
2626
- end
2627
-
2628
- context 'when mulitple values provided from cli for e.g. --aws-tag "foo=bar" --aws-tag "foo1=bar1"' do
2629
- let(:ec2_server_create) { Chef::Knife::Ec2ServerCreate.new(["--aws-tag", "foo=bar", "--aws-tag", "foo1=bar1"]) }
2630
- it "creates array of aws tag" do
2631
- server_def = ec2_server_create.config
2632
- expect(server_def[:aws_tag]).to eq(["foo=bar", "foo1=bar1"])
2633
- end
2634
- end
2635
-
2636
- context "when single value provided from cli for e.g. --aws-tag foo=bar" do
2637
- let(:ec2_server_create) { Chef::Knife::Ec2ServerCreate.new(["--aws-tag", "foo=bar"]) }
2638
- it "creates array of aws tag" do
2639
- server_def = ec2_server_create.config
2640
- expect(server_def[:aws_tag]).to eq(["foo=bar"])
2641
- end
2642
- end
2643
- end
2644
-
2645
- describe "--tag-node-in-chef option" do
2646
- before do
2647
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
2648
- end
2649
-
2650
- context "when provided from cli for e.g. --tag-node-in-chef" do
2651
- let(:ec2_server_create) { Chef::Knife::Ec2ServerCreate.new(["--tag-node-in-chef"]) }
2652
- it 'raises deprecated warning "[DEPRECATED] --tag-node-in-chef option is deprecated. Use --chef-tag option instead."' do
2653
- expect(ec2_server_create.ui).to receive(:warn).with("[DEPRECATED] --tag-node-in-chef option is deprecated. Use --chef-tag option instead.")
2654
- ec2_server_create.validate!
2655
- end
2656
- end
2657
- end
2658
-
2659
- describe "evaluate_node_name" do
2660
- before do
2661
- knife_ec2_create.instance_variable_set(:@server, server)
2662
- end
2663
-
2664
- context "when ec2 server attributes are not passed in node name" do
2665
- it "returns the node name unchanged" do
2666
- expect(knife_ec2_create.evaluate_node_name("Test")).to eq("Test")
2667
- end
2668
- end
2669
-
2670
- context "when %s is passed in the node name" do
2671
- it "returns evaluated node name" do
2672
- expect(knife_ec2_create.evaluate_node_name("Test-%s")).to eq("Test-i-123")
2673
- end
2674
- end
2675
- end
2676
-
2677
- describe "Handle password greater than 14 characters" do
2678
- before do
2679
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
2680
- knife_ec2_create.config[:winrm_user] = "domain\\ec2"
2681
- knife_ec2_create.config[:winrm_password] = "LongPassword@123"
2682
- end
2683
-
2684
- context "when user enters Y after prompt" do
2685
- before do
2686
- allow(STDIN).to receive_message_chain(:gets, chomp: "Y")
2687
- end
2688
- it "user addition command is executed forcefully" do
2689
- expect(knife_ec2_create.ui).to receive(:warn).with("The password provided is longer than 14 characters. Computers with Windows prior to Windows 2000 will not be able to use this account. Do you want to continue this operation? (Y/N):")
2690
- knife_ec2_create.validate!
2691
- expect(knife_ec2_create.instance_variable_get(:@allow_long_password)).to eq ("/yes")
2692
- end
2693
- end
2694
-
2695
- context "when user enters n after prompt" do
2696
- before do
2697
- allow(STDIN).to receive_message_chain(:gets, chomp: "N")
2698
- end
2699
- it "operation exits" do
2700
- expect(knife_ec2_create.ui).to receive(:warn).with("The password provided is longer than 14 characters. Computers with Windows prior to Windows 2000 will not be able to use this account. Do you want to continue this operation? (Y/N):")
2701
- expect { knife_ec2_create.validate! }.to raise_error("Exiting as operation with password greater than 14 characters not accepted")
2702
- end
2703
- end
2704
-
2705
- context "when user enters xyz instead of (Y/N) after prompt" do
2706
- before do
2707
- allow(STDIN).to receive_message_chain(:gets, chomp: "xyz")
2708
- end
2709
- it "operation exits" do
2710
- expect(knife_ec2_create.ui).to receive(:warn).with("The password provided is longer than 14 characters. Computers with Windows prior to Windows 2000 will not be able to use this account. Do you want to continue this operation? (Y/N):")
2711
- expect { knife_ec2_create.validate! }.to raise_error("The input provided is incorrect.")
2712
- end
2713
- end
2714
-
2715
- end
2716
- describe "--primary_eni option" do
2717
- before do
2718
- allow(Fog::Compute::AWS).to receive(:new).and_return(ec2_connection)
2719
- end
2720
-
2721
- context "when a preexisting eni is specified eg. eni-12345678 use that eni for device index 0" do
2722
- let(:ec2_server_create) { Chef::Knife::Ec2ServerCreate.new(["--primary-eni", "eni-12345678"]) }
2723
- it "provides a network_interfaces list of hashes with on element for the primary interface" do
2724
- server_def = ec2_server_create.create_server_def
2725
- expect(server_def[:network_interfaces]).to eq([{ NetworkInterfaceId: "eni-12345678", DeviceIndex: "0" }])
2726
- end
2727
- end
2728
- end
2729
- end