Add explicit option for using iam profile for authentication

* Add 'use_iam_profile' config option, default to false
* Have #iam_creds return an empty hash unless use_iam_profile is true
* Call iam_creds as driver.iam_creds in `default_config` blocks
* Rescue fron NoMethodError in iam_creds
  `Fog::AWS::CredentialFetcher::ServiceMethods::fetch_credentials`
  will call super when it fails. Because there is no superclass method
  this will throw a NoMethodError
* Write unit tests for #iam_creds

Author: James Awesome

lib/kitchen/driver/ec2.rb

@@ -29,7 +29,6 @@ module Driver
     #
     # @author Fletcher Nichol <[email protected]>
     class Ec2 < Kitchen::Driver::SSHBase
-
       extend Fog::AWS::CredentialFetcher::ServiceMethods
       default_config :region,             'us-east-1'
       default_config :availability_zone,  'us-east-1b'
@@ -41,14 +40,16 @@ class Ec2 < Kitchen::Driver::SSHBase
       default_config :private_ip_address, nil
       default_config :iam_profile_name,   nil
       default_config :price,   nil
+      default_config :use_iam_profile, false
       default_config :aws_access_key_id do |driver|
-        ENV['AWS_ACCESS_KEY'] || ENV['AWS_ACCESS_KEY_ID'] || iam_creds[:aws_access_key_id]
+        ENV['AWS_ACCESS_KEY'] || ENV['AWS_ACCESS_KEY_ID'] || driver.iam_creds[:aws_access_key_id]
       end
       default_config :aws_secret_access_key do |driver|
-        ENV['AWS_SECRET_KEY'] || ENV['AWS_SECRET_ACCESS_KEY'] || iam_creds[:aws_secret_access_key]
+        ENV['AWS_SECRET_KEY'] || ENV['AWS_SECRET_ACCESS_KEY'] \
+          || driver.iam_creds[:aws_secret_access_key]
       end
       default_config :aws_session_token do |driver|
-        ENV['AWS_SESSION_TOKEN'] || ENV['AWS_TOKEN'] || iam_creds[:aws_session_token]
+        ENV['AWS_SESSION_TOKEN'] || ENV['AWS_TOKEN'] || driver.iam_creds[:aws_session_token]
       end
       default_config :aws_ssh_key_id do |driver|
         ENV['AWS_SSH_KEY_ID']
@@ -98,10 +99,10 @@ class Ec2 < Kitchen::Driver::SSHBase
         end
       end
 
-      def self.iam_creds
+      def iam_creds
         @iam_creds ||= begin
-          fetch_credentials(use_iam_profile:true)
-        rescue RuntimeError => e
+          config[:use_iam_profile] ? fetch_credentials(use_iam_profile: true) : {}
+        rescue RuntimeError, NoMethodError => e
           debug("fetch_credentials failed with exception #{e.message}:#{e.backtrace.join("\n")}")
           {}
         end

spec/create_spec.rb

@@ -128,6 +128,37 @@
 
   end
 
+  describe '#iam_creds' do
+    context 'when use_iam_profile is not set' do
+      it 'returns an empty hash' do
+        expect(driver.iam_creds).to eq({})
+      end
+    end
+
+    context 'when use_iam_profile is set to true' do
+      let(:credentials) do
+        {
+          aws_access_key_id: 'secret',
+          aws_secret_access_key: 'moarsecret',
+          aws_session_token: 'randomsecret'
+        }
+      end
+
+      it 'calls fetch_credentials' do
+        config[:use_iam_profile] = true
+
+        allow(driver)
+          .to receive(:fetch_credentials).and_return(credentials)
+
+        expect(driver)
+          .to receive(:fetch_credentials)
+          .with(use_iam_profile: true)
+
+        expect(driver.iam_creds).to eq(credentials)
+      end
+    end
+  end
+
   describe '#block_device_mappings' do
     let(:connection) { double(Fog::Compute) }
     let(:image) { double('Image', :root_device_name => 'name') }