knife-ec2 0.10.0.rc.0 → 0.10.0.rc.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,15 +1,15 @@
1
1
  ---
2
2
  !binary "U0hBMQ==":
3
3
  metadata.gz: !binary |-
4
- YzVmMmJhMWJhZWZhNjMzNDUzOWMyOGYzNDQzNjlkNWMyMDkxNjg1Mw==
4
+ MWQ5ZmZmN2U4NjhkMDEzYTNlN2Q5NGVhN2E3NmNmYjE5NDc4ZTE2Yw==
5
5
  data.tar.gz: !binary |-
6
- OGU2MTdkOThjYjkzNjQ4MjJmMmZhNjk1YjM5MjE5ZGQzYjIxMWM4Yg==
6
+ MmY0M2RmNGQxYzQ0ODhhMGEzNGRjY2MzYWM5MGVlYzZmYTQwYjFiMQ==
7
7
  SHA512:
8
8
  metadata.gz: !binary |-
9
- YTM2YWE1OTM2MDc5OTI4MjlhMmEzNzAxMGQxN2FlYWI3YzFjNjFmZjg0NGQy
10
- MTc3ZWU3YTJjNTM0Mjc3ZTU4NWI5ZTkxZmM3MTI2ODAwOTZjMjk2NmVlNGY5
11
- ZjkzNTMzYjJiNDQ1OTU2ZGFmYzQ0MzQ0ZDYyYjA4MjdhZmU1MTk=
9
+ MGJiYzNkODA5OWRiOWU1YTljYmFkZjRiNjhjZDhkNjVmNmJhZWUyM2RhZjE0
10
+ ZDJkM2U0Mzc3MmEzOGQ1ZWI1ZGJhZDYyODZhMjNhNjc3MDUzNTU3NGNhNGYy
11
+ NWU1MTFjZmQ1NmY1YWViZDU5MDI0ZmIzMGZjYWFhN2NjNDU1MDA=
12
12
  data.tar.gz: !binary |-
13
- Njg1YTU2ZDhhYjc1NzZlOTNlZTkwZTIzYzIyZWIzMzQwZGEzYjM1YzBjN2Ew
14
- OGIzMTgwY2UyYjNmODQ3ODk1ZjVjOTEyNmUxMGVjODUyYjI2ODhjYTNkNGFj
15
- ODEzMmJjYmNjMTQ0NTYyOTMwNzllYzQzYzBkNzZhOGQ4MDEzOTk=
13
+ ZDkyMWU2MWM1NDkxMWEwMjI0MmNiYTFkZDQ5NzViNWMwZmU5MGE1MGFiMGZj
14
+ NzM2Y2JmMDIyMTZlMjMzZmUwNWY4MTA4ZjJiMGIzYmFkNWRiZWM4MjY5NmE2
15
+ OTkwMWYxMTE0YjRmYmUyZWQwMWNmZGY0M2Q2OTFkMjcwNTUyMTM=
data/CHANGELOG.md CHANGED
@@ -5,9 +5,11 @@ Note: this log contains only changes from knife-ec2 release 0.8.0 and later
5
5
  prior to release 0.8.0, please visit the [source repository](https://github.com/opscode/knife-ec2/commits).
6
6
 
7
7
  ## Unreleased changes
8
- None.
8
+ * Use IAM role for credentials
9
9
 
10
- ## Latest release: 0.10.0.rc.0
10
+ ## Latest release: 0.10.0.rc.1
11
+ * [Issue:#237](https://github.com/opscode/knife-ec2/issues/237) Provide a way to the validation key and data bag secret from S3
12
+ * [Issue:#243](https://github.com/opscode/knife-ec2/issues/243) Support new AWS CLI configuration file format
11
13
  * Update `knife-windows` gem dependency to `knife-windows 0.8.rc.0` for improved Windows authentication integration
12
14
  * Update `fog` gem dependency to `fog 1.23.0`
13
15
  * Provisioned IOPS support via the `--provisioned-iops` and `--ebs-volume-type` options
data/CONTRIBUTIONS.md CHANGED
@@ -6,5 +6,7 @@ Example Contribution:
6
6
  -->
7
7
  # knife-ec2 0.10.0:
8
8
 
9
+ * **erehot**: Added ability to use S3 to obtain the validation key and data bag secret
10
+ * **johnbarney**: Added ability to use IAM role credentials
9
11
  * **mdellanoce**: Added ability to use SSH config (KNIFE-466)
10
12
  * **victorlin**: Added ability to pass identify file for SSH Gateway on the command line (KNIFE-422)
data/DOC_CHANGES.md CHANGED
@@ -17,18 +17,33 @@ This command line option and associated plugin configuration `:ebs_volume_type`
17
17
 
18
18
  ### Option `--provisioned-iops`
19
19
  This command line option and the associated `:ebs_provisioned_iops` plugin
20
- confugration enables the EC2 instance to be configured with the specified
20
+ configuration enables the EC2 instance to be configured with the specified
21
21
  provisioned IOPS rate given as an argument to this option. It is only valid if
22
22
  the EBS volume type is `io1` as specified by the `--ebs-volume-type` option
23
23
  for this plugin.
24
24
 
25
+ ## Use of secret parameters from S3 for `server create` command
26
+
27
+ The options below allow some secrets used with the `knife ec2 server create`
28
+ command to be specified as URL's. Examples are also given in the README.md.
29
+
30
+ ### Option `--s3-secret`
31
+ This option allows the specification of an AWS S3 storage bucket that contains
32
+ a data bag secret file -- this option can be used in place of the
33
+ `secret_file` option. It takes an S3 URL as an argument (e.g.
34
+ `s3://bucket/file`) -- that file should contain encrypted data bag secret file
35
+
36
+ ### Option `--validation-key-url`
37
+ This option allows the validation key to be specified as a URL. It takes a URL
38
+ as an argument.
39
+
25
40
  ## SSH Gateway from SSH Config
26
41
  Any available SSH Gateway settings in your SSH configuration file are now used
27
42
  by default. This includes using any SSH keys specified for the target host.
28
43
  This allows simpler command-line usage of the knife plugin with less of a need
29
44
  for complex command line invocations.
30
45
 
31
- ## Pass seperate SSH Gateway key
46
+ ## Pass separate SSH Gateway key
32
47
  You can pass an SSH key to be used for authenticating to the SSH Gateway with
33
48
  the --ssh-gateway-identity option.
34
49
 
data/README.md CHANGED
@@ -78,6 +78,36 @@ Additionally the following options may be set in your `knife.rb`:
78
78
  - distro
79
79
  - template_file
80
80
 
81
+ Using Cloud-Based Secret Data
82
+ -----------------------------
83
+ knife-ec2 now includes the ability to retrieve the encrypted data bag secret and validation keys directly from a cloud-based assets store (currently on S3 is supported). To enable this functionality, you must first upload keys to S3 and give them appropriate permissions. The following is a suggested set of IAM permissions required to make this work:
84
+
85
+ ```json
86
+ {
87
+ "Statement": [
88
+ {
89
+ "Effect": "Allow",
90
+ "Action": [
91
+ "s3:Get*",
92
+ "s3:List*"
93
+ ],
94
+ "Resource": [
95
+ "arn:aws:s3:::provisioning.bucket.com/chef/*"
96
+ ]
97
+ }
98
+ ]
99
+ }
100
+ ```
101
+
102
+ ### Use the following configuration options in `knife.rb` to set the source URLs:
103
+ ```ruby
104
+ knife[:validation_key_url] = 's3://provisioning.bucket.com/chef/my-validator.pem'
105
+ knife[:s3_secret] = 's3://provisioning.bucket.com/chef/encrypted_data_bag_secret'
106
+ ```
107
+
108
+ ### Alternatively, URLs can be passed directly on the command line:
109
+ - Validation Key: `--validation-key-url s3://provisioning.bucket.com/chef/my-validator.pem`
110
+ - Encrypted Data Bag Secret: `--s3-secret s3://provisioning.bucket.com/chef/encrypted_data_bag_secret`
81
111
 
82
112
  Subcommands
83
113
  -----------
data/RELEASE_NOTES.md CHANGED
@@ -6,7 +6,7 @@ Example Note:
6
6
  ## Example Heading
7
7
  Details about the thing that changed that needs to get included in the Release Notes in markdown.
8
8
  -->
9
- # knife-ec2 0.10.rc.0 release notes:
9
+ # knife-ec2 0.10.rc.1 release notes:
10
10
  This release of `knife-ec2` adds improvements around ssh configuration and EC2
11
11
  IOPS provisioning. There is also a dependency update for the `fog` and `knife-windows` gems
12
12
  to improve support for additional EC2 capabilities and Windows authentication
@@ -26,6 +26,9 @@ contribute features and bug fixes to `knife-ec2` at https://github.com/opscode/k
26
26
 
27
27
  ## Features added in knife-ec2 0.10.0
28
28
 
29
+ * Ability to specify validation key and data bag secrets via an S3 bucket
30
+ * Support for new AWS client configuration
31
+ * Added ability to use IAM role credentials
29
32
  * Provisioned IOPS support
30
33
  * SSH workstation configuration integration (from Michael Dellanoce and Victor Lin)
31
34
 
data/knife-ec2.gemspec CHANGED
@@ -17,10 +17,10 @@ Gem::Specification.new do |s|
17
17
  s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
18
18
 
19
19
  s.add_dependency 'fog', '~> 1.23.0'
20
- s.add_dependency 'knife-windows', '0.8.0.rc.0'
20
+ s.add_dependency 'knife-windows', '>= 0.8.0'
21
21
 
22
22
  s.add_development_dependency 'mixlib-config', '~> 2.0'
23
- s.add_development_dependency 'chef', '>= 0.10.10'
23
+ s.add_development_dependency 'chef', '>= 11.16.2'
24
24
  s.add_development_dependency 'rspec', '~> 2.14'
25
25
  s.add_development_dependency 'rake', '~> 10.1'
26
26
  s.add_development_dependency 'sdoc', '~> 0.3'
@@ -55,17 +55,29 @@ class Chef
55
55
  :long => "--region REGION",
56
56
  :description => "Your AWS region",
57
57
  :proc => Proc.new { |key| Chef::Config[:knife][:region] = key }
58
+
59
+ option :use_iam_profile,
60
+ :long => "--use-iam-profile",
61
+ :description => "Use IAM profile assigned to current machine",
62
+ :boolean => true,
63
+ :default => false,
64
+ :proc => Proc.new { |key| Chef::Config[:knife][:use_iam_profile] = key }
58
65
  end
59
66
  end
60
67
 
61
68
  def connection
69
+ connection_settings = {
70
+ :provider => 'AWS',
71
+ :region => locate_config_value(:region)
72
+ }
73
+ if locate_config_value(:use_iam_profile)
74
+ connection_settings[:use_iam_profile] = true
75
+ else
76
+ connection_settings[:aws_access_key_id] = locate_config_value(:aws_access_key_id)
77
+ connection_settings[:aws_secret_access_key] = locate_config_value(:aws_secret_access_key)
78
+ end
62
79
  @connection ||= begin
63
- connection = Fog::Compute.new(
64
- :provider => 'AWS',
65
- :aws_access_key_id => Chef::Config[:knife][:aws_access_key_id],
66
- :aws_secret_access_key => Chef::Config[:knife][:aws_secret_access_key],
67
- :region => locate_config_value(:region)
68
- )
80
+ connection = Fog::Compute.new(connection_settings)
69
81
  end
70
82
  end
71
83
 
@@ -88,27 +100,37 @@ class Chef
88
100
  def validate!(keys=[:aws_access_key_id, :aws_secret_access_key])
89
101
  errors = []
90
102
 
91
- unless Chef::Config[:knife][:aws_credential_file].nil?
92
- unless (Chef::Config[:knife].keys & [:aws_access_key_id, :aws_secret_access_key]).empty?
93
- errors << "Either provide a credentials file or the access key and secret keys but not both."
103
+ unless locate_config_value(:use_iam_profile)
104
+ unless Chef::Config[:knife][:aws_credential_file].nil?
105
+ unless (Chef::Config[:knife].keys & [:aws_access_key_id, :aws_secret_access_key]).empty?
106
+ errors << "Either provide a credentials file or the access key and secret keys but not both."
107
+ end
108
+ # File format:
109
+ # AWSAccessKeyId=somethingsomethingdarkside
110
+ # AWSSecretKey=somethingsomethingcomplete
111
+ # OR
112
+ # aws_access_key_id = somethingsomethingdarkside
113
+ # aws_secret_access_key = somethingsomethingdarkside
114
+
115
+ aws_creds = []
116
+ File.read(Chef::Config[:knife][:aws_credential_file]).each_line do | line |
117
+ aws_creds << line.split("=").map(&:strip) if line.include?("=")
118
+ end
119
+ entries = Hash[*aws_creds.flatten]
120
+ Chef::Config[:knife][:aws_access_key_id] = entries['AWSAccessKeyId'] || entries['aws_access_key_id']
121
+ Chef::Config[:knife][:aws_secret_access_key] = entries['AWSSecretKey'] || entries['aws_secret_access_key']
94
122
  end
95
- # File format:
96
- # AWSAccessKeyId=somethingsomethingdarkside
97
- # AWSSecretKey=somethingsomethingcomplete
98
- entries = Hash[*File.read(Chef::Config[:knife][:aws_credential_file]).split(/[=\n]/).map(&:chomp)]
99
- Chef::Config[:knife][:aws_access_key_id] = entries['AWSAccessKeyId']
100
- Chef::Config[:knife][:aws_secret_access_key] = entries['AWSSecretKey']
101
- end
102
123
 
103
- keys.each do |k|
104
- pretty_key = k.to_s.gsub(/_/, ' ').gsub(/\w+/){ |w| (w =~ /(ssh)|(aws)/i) ? w.upcase : w.capitalize }
105
- if Chef::Config[:knife][k].nil?
106
- errors << "You did not provide a valid '#{pretty_key}' value."
124
+ keys.each do |k|
125
+ pretty_key = k.to_s.gsub(/_/, ' ').gsub(/\w+/){ |w| (w =~ /(ssh)|(aws)/i) ? w.upcase : w.capitalize }
126
+ if Chef::Config[:knife][k].nil?
127
+ errors << "You did not provide a valid '#{pretty_key}' value."
128
+ end
107
129
  end
108
- end
109
130
 
110
- if errors.each{|e| ui.error(e)}.any?
111
- exit 1
131
+ if errors.each{|e| ui.error(e)}.any?
132
+ exit 1
133
+ end
112
134
  end
113
135
  end
114
136
 
@@ -18,6 +18,7 @@
18
18
  #
19
19
 
20
20
  require 'chef/knife/ec2_base'
21
+ require 'chef/knife/s3_source'
21
22
  require 'chef/knife/winrm_base'
22
23
 
23
24
  class Chef
@@ -27,7 +28,9 @@ class Chef
27
28
  include Knife::Ec2Base
28
29
  include Knife::WinrmBase
29
30
  deps do
31
+ require 'tempfile'
30
32
  require 'fog'
33
+ require 'uri'
31
34
  require 'readline'
32
35
  require 'chef/json_compat'
33
36
  require 'chef/knife/bootstrap'
@@ -194,6 +197,11 @@ class Chef
194
197
  :description => "A file containing the secret key to use to encrypt data bag item values",
195
198
  :proc => lambda { |sf| Chef::Config[:knife][:secret_file] = sf }
196
199
 
200
+ option :s3_secret,
201
+ :long => '--s3-secret S3_SECRET_URL',
202
+ :description => 'S3 URL (e.g. s3://bucket/file) for the encrypted_data_bag_secret_file',
203
+ :proc => lambda { |url| Chef::Config[:knife][:s3_secret] = url }
204
+
197
205
  option :json_attributes,
198
206
  :short => "-j JSON",
199
207
  :long => "--json-attributes JSON",
@@ -280,6 +288,11 @@ class Chef
280
288
  :description => "The maximum time in minutes to wait to for authentication over the transport to the node to succeed. The default value is 25 minutes.",
281
289
  :default => 25
282
290
 
291
+ option :validation_key_url,
292
+ :long => "--validation-key-url URL",
293
+ :description => "Path to the validation key",
294
+ :proc => proc { |m| Chef::Config[:validation_key_url] = m }
295
+
283
296
  def run
284
297
  $stdout.sync = true
285
298
 
@@ -360,6 +373,11 @@ class Chef
360
373
  end
361
374
  msg_pair("Private IP Address", @server.private_ip_address)
362
375
 
376
+ if Chef::Config[:knife][:validation_key_url]
377
+ download_validation_key(validation_key_path)
378
+ Chef::Config[:validation_key] = validation_key_path
379
+ end
380
+
363
381
  #Check if Server is Windows or Linux
364
382
  if is_image_windows?
365
383
  protocol = locate_config_value(:bootstrap_protocol)
@@ -441,6 +459,44 @@ class Chef
441
459
  msg_pair("JSON Attributes",config[:json_attributes]) unless !config[:json_attributes] || config[:json_attributes].empty?
442
460
  end
443
461
 
462
+ def validation_key_path
463
+ @validation_key_path ||= begin
464
+ if URI(Chef::Config[:knife][:validation_key_url]).scheme == 'file'
465
+ URI(Chef::Config[:knife][:validation_key_url]).path
466
+ else
467
+ validation_key_tmpfile.path
468
+ end
469
+ end
470
+ end
471
+
472
+ def validation_key_tmpfile
473
+ @validation_key_tmpfile ||= Tempfile.new('validation_key')
474
+ end
475
+
476
+ def download_validation_key(tempfile)
477
+ Chef::Log.debug 'Downloading validation key ' \
478
+ "<#{Chef::Config[:knife][:validation_key_url]}> to file " \
479
+ "<#{tempfile}>"
480
+
481
+ case URI(Chef::Config[:knife][:validation_key_url]).scheme
482
+ when 's3'
483
+ File.open(tempfile, 'w') { |f| f.write(s3_validation_key) }
484
+ end
485
+ end
486
+
487
+ def s3_validation_key
488
+ @s3_validation_key ||= begin
489
+ Chef::Knife::S3Source.fetch(Chef::Config[:knife][:validation_key_url])
490
+ end
491
+ end
492
+
493
+ def s3_secret
494
+ @s3_secret ||= begin
495
+ return false unless locate_config_value(:s3_secret)
496
+ Chef::Knife::S3Source.fetch(locate_config_value(:s3_secret))
497
+ end
498
+ end
499
+
444
500
  def bootstrap_common_params(bootstrap)
445
501
  bootstrap.config[:run_list] = config[:run_list]
446
502
  bootstrap.config[:bootstrap_version] = locate_config_value(:bootstrap_version)
@@ -451,7 +507,7 @@ class Chef
451
507
  bootstrap.config[:first_boot_attributes] = locate_config_value(:json_attributes) || {}
452
508
  bootstrap.config[:encrypted_data_bag_secret] = locate_config_value(:encrypted_data_bag_secret)
453
509
  bootstrap.config[:encrypted_data_bag_secret_file] = locate_config_value(:encrypted_data_bag_secret_file)
454
- bootstrap.config[:secret] = locate_config_value(:secret)
510
+ bootstrap.config[:secret] = s3_secret || locate_config_value(:secret)
455
511
  bootstrap.config[:secret_file] = locate_config_value(:secret_file)
456
512
  # Modify global configuration state to ensure hint gets set by
457
513
  # knife-bootstrap
@@ -0,0 +1,40 @@
1
+ require 'fog'
2
+
3
+ class Chef
4
+ class Knife
5
+ class S3Source
6
+ attr_accessor :url
7
+
8
+ def self.fetch(url)
9
+ source = Chef::Knife::S3Source.new
10
+ source.url = url
11
+ source.body
12
+ end
13
+
14
+ def body
15
+ bucket_obj.files.get(path).body
16
+ end
17
+
18
+ private
19
+
20
+ def bucket_obj
21
+ @bucket_obj ||= fog.directories.get(bucket)
22
+ end
23
+
24
+ def bucket
25
+ URI(@url).host
26
+ end
27
+
28
+ def path
29
+ URI(@url).path.sub(/^\//, '')
30
+ end
31
+
32
+ def fog
33
+ @fog ||= Fog::Storage::AWS.new(
34
+ aws_access_key_id: Chef::Config[:knife][:aws_access_key_id],
35
+ aws_secret_access_key: Chef::Config[:knife][:aws_secret_access_key]
36
+ )
37
+ end
38
+ end
39
+ end
40
+ end
@@ -1,6 +1,6 @@
1
1
  module Knife
2
2
  module Ec2
3
- VERSION = "0.10.0.rc.0"
3
+ VERSION = "0.10.0.rc.1"
4
4
  MAJOR, MINOR, TINY = VERSION.split('.')
5
5
  end
6
6
  end
@@ -70,6 +70,15 @@ describe Chef::Knife::Ec2ServerCreate do
70
70
  @ec2_server_attribs.each_pair do |attrib, value|
71
71
  @new_ec2_server.stub(attrib).and_return(value)
72
72
  end
73
+
74
+ @s3_connection = double(Fog::Storage::AWS)
75
+
76
+ @bootstrap = Chef::Knife::Bootstrap.new
77
+ Chef::Knife::Bootstrap.stub(:new).and_return(@bootstrap)
78
+
79
+ @validation_key_url = 's3://bucket/foo/bar'
80
+ @validation_key_file = '/tmp/a_good_temp_file'
81
+ @validation_key_body = "TEST VALIDATION KEY\n"
73
82
  end
74
83
 
75
84
  describe "run" do
@@ -84,9 +93,6 @@ describe Chef::Knife::Ec2ServerCreate do
84
93
  @knife_ec2_create.stub(:puts)
85
94
  @knife_ec2_create.stub(:print)
86
95
  @knife_ec2_create.config[:image] = '12345'
87
-
88
- @bootstrap = Chef::Knife::Bootstrap.new
89
- Chef::Knife::Bootstrap.stub(:new).and_return(@bootstrap)
90
96
  @bootstrap.should_receive(:run)
91
97
  end
92
98
 
@@ -177,6 +183,19 @@ describe Chef::Knife::Ec2ServerCreate do
177
183
  @knife_ec2_create.ui.should_receive(:warn).with(/retrying/)
178
184
  @knife_ec2_create.run
179
185
  end
186
+
187
+ it 'actually writes to the validation key tempfile' do
188
+ @new_ec2_server.should_receive(:wait_for).and_return(true)
189
+ Chef::Config[:knife][:validation_key_url] =
190
+ @validation_key_url
191
+ @knife_ec2_create.config[:validation_key_url] =
192
+ @validation_key_url
193
+
194
+ @knife_ec2_create.stub_chain(:validation_key_tmpfile, :path).and_return(@validation_key_file)
195
+ Chef::Knife::S3Source.stub(:fetch).with(@validation_key_url).and_return(@validation_key_body)
196
+ File.should_receive(:open).with(@validation_key_file, 'w')
197
+ @knife_ec2_create.run
198
+ end
180
199
  end
181
200
 
182
201
  describe "run for EC2 Windows instance" do
@@ -340,6 +359,19 @@ describe Chef::Knife::Ec2ServerCreate do
340
359
  expect(bootstrap.config[:secret_file]).to eql("cli-provided-secret-file")
341
360
  end
342
361
  end
362
+
363
+ context 'S3-based secret' do
364
+ before(:each) do
365
+ Chef::Config[:knife][:s3_secret] =
366
+ 's3://test.bucket/folder/encrypted_data_bag_secret'
367
+ @secret_content = "TEST DATA BAG SECRET\n"
368
+ @knife_ec2_create.stub(:s3_secret).and_return(@secret_content)
369
+ end
370
+
371
+ it 'sets the secret to the expected test string' do
372
+ expect(bootstrap.config[:secret]).to eql(@secret_content)
373
+ end
374
+ end
343
375
  end
344
376
 
345
377
  describe "when configuring the bootstrap process" do
@@ -533,6 +565,35 @@ describe Chef::Knife::Ec2ServerCreate do
533
565
  Chef::Config[:knife][:aws_access_key_id].should == @access_key_id
534
566
  Chef::Config[:knife][:aws_secret_access_key].should == @secret_key
535
567
  end
568
+ it "reads UNIX Line endings for new format" do
569
+ File.stub(:read).
570
+ and_return("aws_access_key_id=#{@access_key_id}\naws_secret_access_key=#{@secret_key}")
571
+ @knife_ec2_create.validate!
572
+ Chef::Config[:knife][:aws_access_key_id].should == @access_key_id
573
+ Chef::Config[:knife][:aws_secret_access_key].should == @secret_key
574
+ end
575
+
576
+ it "reads DOS Line endings for new format" do
577
+ File.stub(:read).
578
+ and_return("aws_access_key_id=#{@access_key_id}\r\naws_secret_access_key=#{@secret_key}")
579
+ @knife_ec2_create.validate!
580
+ Chef::Config[:knife][:aws_access_key_id].should == @access_key_id
581
+ Chef::Config[:knife][:aws_secret_access_key].should == @secret_key
582
+ end
583
+ end
584
+
585
+ it 'understands that file:// validation key URIs are just paths' do
586
+ Chef::Config[:knife][:validation_key_url] = 'file:///foo/bar'
587
+ @knife_ec2_create.validation_key_path.should eq('/foo/bar')
588
+ end
589
+
590
+ it 'returns a path to a tmp file when presented with a URI for the ' \
591
+ 'validation key' do
592
+ Chef::Config[:knife][:validation_key_url] = @validation_key_url
593
+
594
+ @knife_ec2_create.stub_chain(:validation_key_tmpfile, :path).and_return(@validation_key_file)
595
+
596
+ @knife_ec2_create.validation_key_path.should eq(@validation_key_file)
536
597
  end
537
598
 
538
599
  it "disallows security group names when using a VPC" do
@@ -592,6 +653,21 @@ describe Chef::Knife::Ec2ServerCreate do
592
653
  end
593
654
  end
594
655
 
656
+ describe "when creating the connection" do
657
+ describe "when use_iam_profile is true" do
658
+ before do
659
+ Chef::Config[:knife].delete(:aws_access_key_id)
660
+ Chef::Config[:knife].delete(:aws_secret_access_key)
661
+ end
662
+
663
+ it "creates a connection without access keys" do
664
+ @knife_ec2_create.config[:use_iam_profile] = true
665
+ Fog::Compute::AWS.should_receive(:new).with(hash_including(:use_iam_profile => true)).and_return(@ec2_connection)
666
+ @knife_ec2_create.connection
667
+ end
668
+ end
669
+ end
670
+
595
671
  describe "when creating the server definition" do
596
672
  before do
597
673
  Fog::Compute::AWS.stub(:new).and_return(@ec2_connection)
@@ -673,6 +749,12 @@ describe Chef::Knife::Ec2ServerCreate do
673
749
 
674
750
  server_def[:iam_instance_profile_name].should == nil
675
751
  end
752
+
753
+ it "doesn't use IAM profile by default" do
754
+ server_def = @knife_ec2_create.create_server_def
755
+
756
+ server_def[:use_iam_profile].should == nil
757
+ end
676
758
 
677
759
  it 'Set Tenancy Dedicated when both VPC mode and Flag is True' do
678
760
  @knife_ec2_create.config[:dedicated_instance] = true
@@ -0,0 +1,53 @@
1
+ require File.expand_path('../../spec_helper', __FILE__)
2
+ require 'fog'
3
+
4
+ describe Chef::Knife::S3Source do
5
+ before(:each) do
6
+ @bucket_name = 'my.bucket'
7
+ @test_file_path = 'path/to/file.pem'
8
+ @test_file_content = "TEST CONTENT\n"
9
+
10
+ Fog.mock!
11
+
12
+ {
13
+ aws_access_key_id: 'aws_access_key_id',
14
+ aws_secret_access_key: 'aws_secret_access_key'
15
+ }.each do |key, value|
16
+ Chef::Config[:knife][key] = value
17
+ end
18
+
19
+ fog = Fog::Storage::AWS.new(
20
+ aws_access_key_id: 'aws_access_key_id',
21
+ aws_secret_access_key: 'aws_secret_access_key'
22
+ )
23
+ test_dir_obj = fog.directories.create('key' => @bucket_name)
24
+ test_file_obj = test_dir_obj.files.create('key' => @test_file_path)
25
+ test_file_obj.body = @test_file_content
26
+ test_file_obj.save
27
+
28
+ @s3_connection = double(Fog::Storage::AWS)
29
+ @s3_source = Chef::Knife::S3Source.new
30
+
31
+ @s3_source.url = "s3://#{@bucket_name}/#{@test_file_path}"
32
+ end
33
+
34
+ it 'converts URI to path with leading / removed' do
35
+ @s3_source.instance_eval { path }
36
+ @s3_source.instance_eval { path }.should eq(@test_file_path)
37
+ end
38
+
39
+ it 'correctly retrieves the bucket name from the URI' do
40
+ @s3_source.instance_eval { bucket }
41
+ @s3_source.instance_eval { bucket }.should eq(@bucket_name)
42
+ end
43
+
44
+ it 'gets back the correct bucket contents' do
45
+ @s3_source.body.should eq(@test_file_content)
46
+ end
47
+
48
+ it 'gets back a bucket object with bucket_obj' do
49
+ @s3_source.instance_eval { bucket_obj }
50
+ @s3_source.instance_eval { bucket_obj }.should
51
+ be_kind_of(Fog::Storage::AWS::Directory)
52
+ end
53
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: knife-ec2
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.10.0.rc.0
4
+ version: 0.10.0.rc.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Jacob
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2014-09-20 00:00:00.000000000 Z
12
+ date: 2014-10-08 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: fog
@@ -29,16 +29,16 @@ dependencies:
29
29
  name: knife-windows
30
30
  requirement: !ruby/object:Gem::Requirement
31
31
  requirements:
32
- - - '='
32
+ - - ! '>='
33
33
  - !ruby/object:Gem::Version
34
- version: 0.8.0.rc.0
34
+ version: 0.8.0
35
35
  type: :runtime
36
36
  prerelease: false
37
37
  version_requirements: !ruby/object:Gem::Requirement
38
38
  requirements:
39
- - - '='
39
+ - - ! '>='
40
40
  - !ruby/object:Gem::Version
41
- version: 0.8.0.rc.0
41
+ version: 0.8.0
42
42
  - !ruby/object:Gem::Dependency
43
43
  name: mixlib-config
44
44
  requirement: !ruby/object:Gem::Requirement
@@ -59,14 +59,14 @@ dependencies:
59
59
  requirements:
60
60
  - - ! '>='
61
61
  - !ruby/object:Gem::Version
62
- version: 0.10.10
62
+ version: 11.16.2
63
63
  type: :development
64
64
  prerelease: false
65
65
  version_requirements: !ruby/object:Gem::Requirement
66
66
  requirements:
67
67
  - - ! '>='
68
68
  - !ruby/object:Gem::Version
69
- version: 0.10.10
69
+ version: 11.16.2
70
70
  - !ruby/object:Gem::Dependency
71
71
  name: rspec
72
72
  requirement: !ruby/object:Gem::Requirement
@@ -135,10 +135,12 @@ files:
135
135
  - lib/chef/knife/ec2_server_create.rb
136
136
  - lib/chef/knife/ec2_server_delete.rb
137
137
  - lib/chef/knife/ec2_server_list.rb
138
+ - lib/chef/knife/s3_source.rb
138
139
  - lib/knife-ec2/version.rb
139
140
  - spec/spec_helper.rb
140
141
  - spec/unit/ec2_server_create_spec.rb
141
142
  - spec/unit/ec2_server_delete_spec.rb
143
+ - spec/unit/s3_source_spec.rb
142
144
  homepage: https://github.com/opscode/knife-ec2
143
145
  licenses:
144
146
  - Apache-2.0
@@ -167,4 +169,5 @@ test_files:
167
169
  - spec/spec_helper.rb
168
170
  - spec/unit/ec2_server_create_spec.rb
169
171
  - spec/unit/ec2_server_delete_spec.rb
172
+ - spec/unit/s3_source_spec.rb
170
173
  has_rdoc: