Added serverspec tests

Fixed some issues with group_rule and the default recipe

.gitignore

@@ -15,3 +15,4 @@ bin/*
 .kitchen/
 .kitchen.local.yml
 encrypted_data_bag_secret
+aws_keys.json

.kitchen.yml

@@ -9,9 +9,23 @@ platforms:
   - name: centos-6.5
 
 suites:
-  - name: default
-    data_bags_path: "test/integration/default/data_bags"
-    encrypted_data_bag_secret_key_path: "test/integration/default/encrypted_data_bag_secret"
+  - name: add_test
+    data_bags_path: "test/integration/add_test/data_bags"
+    encrypted_data_bag_secret_key_path: "test/integration/add_test/encrypted_data_bag_secret"
     run_list:
-      - recipe[fake::test]
-    attributes:
+      - recipe[fake::test1]
+    attributes: {
+      aws_security: {
+      	encrypted_data_bag: "aws_security"
+      }
+    }
+  - name: remove_test
+    data_bags_path: "test/integration/remove_test/data_bags"
+    encrypted_data_bag_secret_key_path: "test/integration/remove_test/encrypted_data_bag_secret"
+    run_list:
+      - recipe[fake::test2]
+    attributes: {
+      aws_security: {
+        encrypted_data_bag: "aws_security"
+      }
+    }

Berksfile

@@ -3,7 +3,7 @@ source "https://api.berkshelf.com"
 metadata
 
 cookbook 'build-essential', '~> 2.0.6'
-
 group :integration do
   cookbook 'fake', path: 'test/fixtures/cookbooks/fake'
+  cookbook 'python'
 end

metadata.rb

@@ -4,7 +4,7 @@
 license          'Apache V2'
 description      'Installs/Configures aws_security_group'
 long_description 'Installs/Configures aws_security_group'
-version          '0.1.1'
+version          '0.1.2'
 
 depends          'build-essential'
 depends          'aws'

providers/group_rule.rb

@@ -10,19 +10,10 @@ def whyrun_supported?
   else
   	if sg = security_group_exists?(@current_resource)
   	  converge_by("Adding rule #{ @new_resource } to security group") do
-  	    from_port = @current_resource.from_port
-  	    to_port = @current_resource.to_port
-        options = Hash.new
-        options[:ip_protocol] = @current_resource.ip_protocol
-        if @current_resource.cidr_ip
-          options[:cidr_ip] = @current_resource.cidr_ip
-        else
-          options[:group] = { @current_resource.owner => @current_resource.group }
-        end
-        sg.authorize_port_range(
-          from_port..to_port,
-          options
-        )
+        from_port = @current_resource.from_port
+        to_port = @current_resource.to_port
+        options = construct_security_group_options(@current_resource)
+        sg.authorize_port_range(from_port..to_port, options)
       end
   	else
   	  raise "#{ new_reouce } can not be created -- security group does not exist"
@@ -34,19 +25,10 @@ def whyrun_supported?
   if @current_resource.exists
   	sg = security_group_exists?(@current_resource)
     converge_by("Removing rule #{ @new_resource } from security group") do
-      if @current_resource.group
-      	sg.security_group.revoke_group_and_owner(@current_resource.group,@current_resource.owner)
-      else
-        from_port = @current_resource.from_port.to_i
-  	  	to_port = @current_resource.to_port.to_i
-        options = Hash.new
-  	  	options[:cidr_ip] = @current_resource.cidr_ip if @current_resource.cidr_ip
-  	  	options[:ip_protocol] = @current_resource.ip_protocol
-  	    sg.revoke_port_range(
-  	      from_port..to_port,
-  	      options
-  	    )
-      end
+      from_port = @current_resource.from_port
+      to_port = @current_resource.to_port
+      options = construct_security_group_options(@current_resource)
+      sg.revoke_port_range(from_port..to_port, options)
     end
   else
     Chef::Log.info("#{ @new_resource } does not exists -- nothing to do")
@@ -56,35 +38,39 @@ def whyrun_supported?
 def load_current_resource
   @current_resource = Chef::Resource::AwsSecurityGroupRule.new(@new_resource.name)
   @current_resource.groupname(@new_resource.groupname)
-  if new_resource.groupid
-    @current_resource.groupid(@new_resource.groupid)
-  elsif sg = security_groupname_exists?(@current_resource) 
-    @current_resource.groupid(sg.group_id)
-  else
-    raise "Could not find security groupid for #{ new_resource }"
-  end
+  @current_resource.aws_access_key_id(@new_resource.aws_access_key_id || node['aws_security']['aws_access_key_id'])
+  @current_resource.aws_secret_access_key(@new_resource.aws_access_key_id || node['aws_security']['aws_secret_access_key'])
   @current_resource.name(@new_resource.name)
   @current_resource.cidr_ip(@new_resource.cidr_ip)
   @current_resource.group(@new_resource.group)
   @current_resource.ip_protocol(@new_resource.ip_protocol)
   @current_resource.port_range(@new_resource.port_range)
+  @current_resource.group(@new_resource.group)
+  @current_resource.owner(@new_resource.owner)
+  @current_resource.region(@new_resource.region)
+
   if @current_resource.port_range
     (from_port,to_port) = @current_resource.port_range.split(/\.\./)
     @current_resource.from_port(from_port.to_i)
     @current_resource.to_port(to_port.to_i)
+  else
+    @current_resource.from_port(@new_resource.from_port)
+    @current_resource.to_port(@new_resource.to_port)
   end
-  @current_resource.group(@new_resource.group)
-  @current_resource.owner(@new_resource.owner)
-  @current_resource.aws_access_key_id(@new_resource.aws_access_key_id || node['aws_security']['aws_access_key_id'])
-  @current_resource.aws_secret_access_key(@new_resource.aws_access_key_id || node['aws_security']['aws_access_key_id'])
-  @current_resource.region(@new_resource.region)
-
-  if security_group_rule_exists?(@current_resource)
-    @current_resource.exists = true
+  if new_resource.groupid
+    @current_resource.groupid(@new_resource.groupid)
+  elsif sg = security_groupname_exists?(@current_resource) 
+    @current_resource.groupid(sg.group_id)
+  # else
+    # raise "Could not find security groupid for #{ new_resource }"
   end
+ if security_group_rule_exists?(@current_resource)
+    @current_resource.exists = true
+  end 
 end
 
 def security_group_rule_exists?(current_resource)
+  return false unless @current_resource.groupid
   sg = security_group_exists?(current_resource)
   # rule we're trying to create
   new_ip_permission = current_resource_ip_permissions(@current_resource)
@@ -124,6 +110,17 @@ def construct_resource_ip_permissions(current_resource)
   rule
 end
 
+def construct_security_group_options(current_resource)
+  options = Hash.new
+  options[:ip_protocol] = @current_resource.ip_protocol
+  if @current_resource.cidr_ip
+    options[:cidr_ip] = @current_resource.cidr_ip
+  else
+    options[:group] = { @current_resource.owner => @current_resource.group }
+  end
+  options
+end
+
 def security_group_exists?(current_resource)
 	@@groupid ||= ec2.security_groups.get_by_id(@current_resource.groupid)
 end

recipes/default.rb

@@ -24,11 +24,11 @@
 chef_gem "fog"
 
 if node['aws_security']['encrypted_data_bag']
-  databag_item = Chef::EncyptedDataBagItem.load(
-  	aws_keys,
-    node['aws_security']['encrypted_data_bag']
+  databag_item = Chef::EncryptedDataBagItem.load(
+    node['aws_security']['encrypted_data_bag'],
+  	'aws_keys'
   )
-  default['aws_security']['aws_access_key_id'] = databag_item['aws_access_key_id']
-  default['aws_security']['aws_secret_access_key'] = databag_item['aws_secret_access_key']
+  node.set['aws_security']['aws_access_key_id'] = databag_item['aws_access_key_id']
+  node.set['aws_security']['aws_secret_access_key'] = databag_item['aws_secret_access_key']
 end
 

resources/group_rule.rb

@@ -11,8 +11,8 @@
 attribute :owner,				  :kind_of => String
 attribute :ip_protocol,           :kind_of => String, :default => '-1', :equal_to => %w[-1 tcp udp icmp]
 attribute :port_range,            :kind_of => String 
-attribute :aws_access_key_id,	  :kind_of => String, :required => true
-attribute :aws_secret_access_key, :kind_of => String, :required => true
+attribute :aws_access_key_id,	  :kind_of => String, :required => false
+attribute :aws_secret_access_key, :kind_of => String, :required => false
 attribute :region,				  :kind_of => String, :default => 'us-east-1'
 attribute :from_port,			  :kind_of => Integer, :default => 0
 attribute :to_port,               :kind_of => Integer, :default => 65535

spec/recipes/default_spec.rb

@@ -4,10 +4,7 @@
     before do
     end
     subject { 
-      runner = ChefSpec::Runner.new(
-        :platform => 'amazon',
-        :version  => '2012.09'
-      )
+      runner = ChefSpec::Runner.new
       runner.node.set['memory']['total'] = '1696516kb'
       runner.node.set['lsb']['codename'] = 'rhel'
       runner.node.set['name'] = "rspec"

spec/spec_helper.rb

@@ -21,10 +21,10 @@
   # config.path = 'ohai.json'
 
   # Specify the operating platform to mock Ohai data from
-  # config.platform = 'centos'
+  config.platform = 'amazon'
 
   # Specify the operating version to mock Ohai data from
-  # config.version = '6.4'
+  config.version = '2012.09'
 
   # :focus support to allow zooming in a single test/block
   # config.filter_run :focus => true

test/fixtures/cookbooks/fake/metadata.rb

@@ -1,4 +1,5 @@
 name 'fake'
-version '1.0.0'
+version '1.0.1'
 
-depends 'aws_security'
+depends 'aws_security'
+depends 'python'

test/fixtures/cookbooks/fake/recipes/test.rb → test/fixtures/cookbooks/fake/recipes/test1.rb

@@ -1,11 +1,11 @@
 #
 # Cookbook Name:: fake
-# Recipe:: test
+# Recipe:: test1
 #
 # Author:: Greg Hellings (<[email protected]>)
 # 
 # 
-# Copyright 2014, SearchSpring, Inc.
+# Copyright 2014, B7 Interactive, LLC
 # 
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,20 +19,37 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+
 include_recipe "aws_security::default"
+include_recipe "python"
+
+
+python_pip "awscli"
 
+directory "/root/.aws" do
+  owner "root"
+  group "root"
+  mode "0755"
+  action :create
+end
+
+template "/root/.aws/config" do
+  source 'aws_config.erb'
+  owner 'root'
+  group 'root'
+  variables({
+    :aws_access_key_id => node['aws_security']['aws_access_key_id'],
+    :aws_secret_access_key => node['aws_security']['aws_secret_access_key']
+  })
+end
 
 aws_security_group 'test' do
   description "test security group"
-  # aws_access_key_id node['aws_security']['aws_access_key_id'] 
-  # aws_secret_access_key node['aws_security']['aws_secret_access_key']
   region 'us-west-2'
 end
 
 aws_security_group_rule 'test rule 1' do
   description "test rule 1"
-  aws_access_key_id node['aws_security']['aws_access_key_id']
-  aws_secret_access_key node['aws_security']['aws_secret_access_key']
   cidr_ip "192.168.1.1/32"
   groupname "test"
   region 'us-west-2'
@@ -41,8 +58,6 @@
 end
 
 aws_security_group_rule 'test rule 2' do
-  aws_access_key_id node['aws_security']['aws_access_key_id']
-  aws_secret_access_key node['aws_security']['aws_secret_access_key']
   cidr_ip "192.168.1.2/32"
   groupname "test"
   region 'us-west-2'
@@ -51,8 +66,6 @@
 end
 
 aws_security_group_rule 'test rule 3' do
-  aws_access_key_id node['aws_security']['aws_access_key_id']
-  aws_secret_access_key node['aws_security']['aws_secret_access_key']
   cidr_ip "192.168.1.3/32"
   groupname "test"
   region 'us-west-2'
@@ -61,17 +74,13 @@
 end
 
 aws_security_group_rule 'test rule 4' do
-  aws_access_key_id node['aws_security']['aws_access_key_id']
-  aws_secret_access_key node['aws_security']['aws_secret_access_key']
   cidr_ip "192.168.1.3/32"
   groupname "test"
   region 'us-west-2'
   ip_protocol '-1'
 end
 
 aws_security_group_rule 'test rule 5' do
-  aws_access_key_id node['aws_security']['aws_access_key_id']
-  aws_secret_access_key node['aws_security']['aws_secret_access_key']
   group "sg-9b1a8ffe"
   groupname "test"
   region 'us-west-2'
@@ -80,8 +89,6 @@
 end
 
 aws_security_group_rule 'test rule 6' do
-  aws_access_key_id node['aws_security']['aws_access_key_id']
-  aws_secret_access_key node['aws_security']['aws_secret_access_key']
   group "sg-9b1a8ffe"
   groupname "test"
   region 'us-west-2'