From 4ca876b98bc799ed6c412949d822d801a5c8c27a Mon Sep 17 00:00:00 2001 From: Dan van den Berg Date: Wed, 10 Sep 2014 16:31:40 -0400 Subject: [PATCH 01/10] Add support for IAM credentials As mentioned in https://github.com/test-kitchen/kitchen-ec2/issues/55. This change will add support for using IAM temporary credentials when creating EC2 instances. Currently the credentials will have to be set in the environment, while an EC2 instance that's set up with an IAM profile can fetch its temporary credentials from the metadata server. --- lib/kitchen/driver/ec2.rb | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/kitchen/driver/ec2.rb b/lib/kitchen/driver/ec2.rb index 9f810719..68809ebe 100644 --- a/lib/kitchen/driver/ec2.rb +++ b/lib/kitchen/driver/ec2.rb @@ -30,6 +30,10 @@ module Driver # @author Fletcher Nichol class Ec2 < Kitchen::Driver::SSHBase + include Fog::AWS::CredentialFetcher::ServiceMethods + + iam_credentials = fetch_credentials(use_iam_profile: true) rescue {} + default_config :region, 'us-east-1' default_config :availability_zone, 'us-east-1b' default_config :flavor_id, 'm1.small' @@ -41,13 +45,13 @@ class Ec2 < Kitchen::Driver::SSHBase default_config :iam_profile_name, nil default_config :price, nil default_config :aws_access_key_id do |driver| - ENV['AWS_ACCESS_KEY'] || ENV['AWS_ACCESS_KEY_ID'] + iam_credentials[:aws_access_key_id] || ENV['AWS_ACCESS_KEY'] || ENV['AWS_ACCESS_KEY_ID'] end default_config :aws_secret_access_key do |driver| - ENV['AWS_SECRET_KEY'] || ENV['AWS_SECRET_ACCESS_KEY'] + iam_credentials[:aws_secret_access_key] || ENV['AWS_SECRET_KEY'] || ENV['AWS_SECRET_ACCESS_KEY'] end default_config :aws_session_token do |driver| - ENV['AWS_SESSION_TOKEN'] || ENV['AWS_TOKEN'] + iam_credentials[:aws_session_token] || ENV['AWS_SESSION_TOKEN'] || ENV['AWS_TOKEN'] end default_config :aws_ssh_key_id do |driver| ENV['AWS_SSH_KEY_ID'] From b65a9921d1573e866e0ed0cf5510abed69a1f117 Mon Sep 17 00:00:00 2001 From: Dan van den Berg Date: Wed, 10 Sep 2014 16:51:27 -0400 Subject: [PATCH 02/10] Make all the tests pass --- lib/kitchen/driver/ec2.rb | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/kitchen/driver/ec2.rb b/lib/kitchen/driver/ec2.rb index 68809ebe..bc3879af 100644 --- a/lib/kitchen/driver/ec2.rb +++ b/lib/kitchen/driver/ec2.rb @@ -32,7 +32,7 @@ class Ec2 < Kitchen::Driver::SSHBase include Fog::AWS::CredentialFetcher::ServiceMethods - iam_credentials = fetch_credentials(use_iam_profile: true) rescue {} + iam_creds = fetch_credentials(use_iam_profile: true) rescue {} default_config :region, 'us-east-1' default_config :availability_zone, 'us-east-1b' @@ -45,13 +45,13 @@ class Ec2 < Kitchen::Driver::SSHBase default_config :iam_profile_name, nil default_config :price, nil default_config :aws_access_key_id do |driver| - iam_credentials[:aws_access_key_id] || ENV['AWS_ACCESS_KEY'] || ENV['AWS_ACCESS_KEY_ID'] + iam_creds[:aws_access_key_id] || ENV['AWS_ACCESS_KEY'] || ENV['AWS_ACCESS_KEY_ID'] end default_config :aws_secret_access_key do |driver| - iam_credentials[:aws_secret_access_key] || ENV['AWS_SECRET_KEY'] || ENV['AWS_SECRET_ACCESS_KEY'] + iam_creds[:aws_secret_access_key] || ENV['AWS_SECRET_KEY'] || ENV['AWS_SECRET_ACCESS_KEY'] end default_config :aws_session_token do |driver| - iam_credentials[:aws_session_token] || ENV['AWS_SESSION_TOKEN'] || ENV['AWS_TOKEN'] + iam_creds[:aws_session_token] || ENV['AWS_SESSION_TOKEN'] || ENV['AWS_TOKEN'] end default_config :aws_ssh_key_id do |driver| ENV['AWS_SSH_KEY_ID'] @@ -105,10 +105,10 @@ def create(state) return if state[:server_id] info("Creating <#{state[:server_id]}>...") - info("If you are not using an account that qualifies under the AWS") - info("free-tier, you may be charged to run these suites. The charge") - info("should be minimal, but neither Test Kitchen nor its maintainers") - info("are responsible for your incurred costs.") + info('If you are not using an account that qualifies under the AWS') + info('free-tier, you may be charged to run these suites. The charge') + info('should be minimal, but neither Test Kitchen nor its maintainers') + info('are responsible for your incurred costs.') if config[:price] # Spot instance when a price is set From 0142ce3538f2df58262da7f302e312ec02631c23 Mon Sep 17 00:00:00 2001 From: Igor Shpakov Date: Tue, 10 Mar 2015 11:01:30 +0000 Subject: [PATCH 03/10] Use AIM role for authentication tweak for PR by daanemanz https://github.com/test-kitchen/kitchen-ec2/pull/68 he has since deleted his fork, so I can't submit a PR to him. --- lib/kitchen/driver/ec2.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/kitchen/driver/ec2.rb b/lib/kitchen/driver/ec2.rb index bc3879af..ad9e7ab7 100644 --- a/lib/kitchen/driver/ec2.rb +++ b/lib/kitchen/driver/ec2.rb @@ -32,7 +32,7 @@ class Ec2 < Kitchen::Driver::SSHBase include Fog::AWS::CredentialFetcher::ServiceMethods - iam_creds = fetch_credentials(use_iam_profile: true) rescue {} + iam_creds = Fog::AWS::CredentialFetcher::ServiceMethods.fetch_credentials(use_iam_profile: true) rescue {} default_config :region, 'us-east-1' default_config :availability_zone, 'us-east-1b' From 6a634e13aef22c528caa7df89d411dee22176b30 Mon Sep 17 00:00:00 2001 From: Igor Shpakov Date: Tue, 10 Mar 2015 14:26:02 +0000 Subject: [PATCH 04/10] formated to pass travis --- lib/kitchen/driver/ec2.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/kitchen/driver/ec2.rb b/lib/kitchen/driver/ec2.rb index ad9e7ab7..8b43bda9 100644 --- a/lib/kitchen/driver/ec2.rb +++ b/lib/kitchen/driver/ec2.rb @@ -32,7 +32,9 @@ class Ec2 < Kitchen::Driver::SSHBase include Fog::AWS::CredentialFetcher::ServiceMethods - iam_creds = Fog::AWS::CredentialFetcher::ServiceMethods.fetch_credentials(use_iam_profile: true) rescue {} + iam_creds = Fog::AWS::CredentialFetcher::ServiceMethods.fetch_credentials( + use_iam_profile: true + ) rescue {} default_config :region, 'us-east-1' default_config :availability_zone, 'us-east-1b' From a32c18fd4108eeb77a641cca6e1015dea508682d Mon Sep 17 00:00:00 2001 From: Igor Shpakov Date: Tue, 10 Mar 2015 14:38:09 +0000 Subject: [PATCH 05/10] reindented --- lib/kitchen/driver/ec2.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/kitchen/driver/ec2.rb b/lib/kitchen/driver/ec2.rb index 8b43bda9..10ffeeca 100644 --- a/lib/kitchen/driver/ec2.rb +++ b/lib/kitchen/driver/ec2.rb @@ -33,8 +33,8 @@ class Ec2 < Kitchen::Driver::SSHBase include Fog::AWS::CredentialFetcher::ServiceMethods iam_creds = Fog::AWS::CredentialFetcher::ServiceMethods.fetch_credentials( - use_iam_profile: true - ) rescue {} + use_iam_profile: true + ) rescue {} default_config :region, 'us-east-1' default_config :availability_zone, 'us-east-1b' From 277240873a716905ce8c442dd7f403cb864854e6 Mon Sep 17 00:00:00 2001 From: Igor Shpakov Date: Thu, 12 Mar 2015 12:32:03 +0000 Subject: [PATCH 06/10] reordered aim creds priority using aim_role should be a fallback, not a priority. This will allow a node with aim role to still use custom keys if needed --- lib/kitchen/driver/ec2.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/kitchen/driver/ec2.rb b/lib/kitchen/driver/ec2.rb index 10ffeeca..26165b24 100644 --- a/lib/kitchen/driver/ec2.rb +++ b/lib/kitchen/driver/ec2.rb @@ -47,13 +47,13 @@ class Ec2 < Kitchen::Driver::SSHBase default_config :iam_profile_name, nil default_config :price, nil default_config :aws_access_key_id do |driver| - iam_creds[:aws_access_key_id] || ENV['AWS_ACCESS_KEY'] || ENV['AWS_ACCESS_KEY_ID'] + ENV['AWS_ACCESS_KEY'] || ENV['AWS_ACCESS_KEY_ID'] || iam_creds[:aws_access_key_id] end default_config :aws_secret_access_key do |driver| - iam_creds[:aws_secret_access_key] || ENV['AWS_SECRET_KEY'] || ENV['AWS_SECRET_ACCESS_KEY'] + ENV['AWS_SECRET_KEY'] || ENV['AWS_SECRET_ACCESS_KEY'] || iam_creds[:aws_secret_access_key] end default_config :aws_session_token do |driver| - iam_creds[:aws_session_token] || ENV['AWS_SESSION_TOKEN'] || ENV['AWS_TOKEN'] + ENV['AWS_SESSION_TOKEN'] || ENV['AWS_TOKEN'] || iam_creds[:aws_session_token] end default_config :aws_ssh_key_id do |driver| ENV['AWS_SSH_KEY_ID'] From e3ffa8b8dd45f752b0fec9f16917b5f791484e35 Mon Sep 17 00:00:00 2001 From: Igor Shpakov Date: Thu, 12 Mar 2015 16:57:16 +0000 Subject: [PATCH 07/10] removed trailing whitespaces hooray for passing checks! --- lib/kitchen/driver/ec2.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/kitchen/driver/ec2.rb b/lib/kitchen/driver/ec2.rb index 26165b24..c5587b53 100644 --- a/lib/kitchen/driver/ec2.rb +++ b/lib/kitchen/driver/ec2.rb @@ -47,13 +47,13 @@ class Ec2 < Kitchen::Driver::SSHBase default_config :iam_profile_name, nil default_config :price, nil default_config :aws_access_key_id do |driver| - ENV['AWS_ACCESS_KEY'] || ENV['AWS_ACCESS_KEY_ID'] || iam_creds[:aws_access_key_id] + ENV['AWS_ACCESS_KEY'] || ENV['AWS_ACCESS_KEY_ID'] || iam_creds[:aws_access_key_id] end default_config :aws_secret_access_key do |driver| - ENV['AWS_SECRET_KEY'] || ENV['AWS_SECRET_ACCESS_KEY'] || iam_creds[:aws_secret_access_key] + ENV['AWS_SECRET_KEY'] || ENV['AWS_SECRET_ACCESS_KEY'] || iam_creds[:aws_secret_access_key] end default_config :aws_session_token do |driver| - ENV['AWS_SESSION_TOKEN'] || ENV['AWS_TOKEN'] || iam_creds[:aws_session_token] + ENV['AWS_SESSION_TOKEN'] || ENV['AWS_TOKEN'] || iam_creds[:aws_session_token] end default_config :aws_ssh_key_id do |driver| ENV['AWS_SSH_KEY_ID'] From b4c3e1065dc89675cc971c1ff0696c39ea9b5690 Mon Sep 17 00:00:00 2001 From: Igor Shpakov Date: Wed, 18 Mar 2015 13:03:37 +0000 Subject: [PATCH 08/10] moved include to the top of the file --- lib/kitchen/driver/ec2.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/kitchen/driver/ec2.rb b/lib/kitchen/driver/ec2.rb index c5587b53..45d0ca8c 100644 --- a/lib/kitchen/driver/ec2.rb +++ b/lib/kitchen/driver/ec2.rb @@ -20,6 +20,7 @@ require 'json' require 'fog' require 'kitchen' +include Fog::AWS::CredentialFetcher::ServiceMethods module Kitchen @@ -30,7 +31,6 @@ module Driver # @author Fletcher Nichol class Ec2 < Kitchen::Driver::SSHBase - include Fog::AWS::CredentialFetcher::ServiceMethods iam_creds = Fog::AWS::CredentialFetcher::ServiceMethods.fetch_credentials( use_iam_profile: true From 54c462f16c9963a8da1efc02bd92f6bfa478c679 Mon Sep 17 00:00:00 2001 From: Igor Shpakov Date: Mon, 30 Mar 2015 14:52:53 +0100 Subject: [PATCH 09/10] updated based on comments from @tyler-ball --- lib/kitchen/driver/ec2.rb | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/lib/kitchen/driver/ec2.rb b/lib/kitchen/driver/ec2.rb index 45d0ca8c..e6fc5cbb 100644 --- a/lib/kitchen/driver/ec2.rb +++ b/lib/kitchen/driver/ec2.rb @@ -20,7 +20,6 @@ require 'json' require 'fog' require 'kitchen' -include Fog::AWS::CredentialFetcher::ServiceMethods module Kitchen @@ -31,11 +30,7 @@ module Driver # @author Fletcher Nichol class Ec2 < Kitchen::Driver::SSHBase - - iam_creds = Fog::AWS::CredentialFetcher::ServiceMethods.fetch_credentials( - use_iam_profile: true - ) rescue {} - + extend Fog::AWS::CredentialFetcher::ServiceMethods default_config :region, 'us-east-1' default_config :availability_zone, 'us-east-1b' default_config :flavor_id, 'm1.small' @@ -103,6 +98,15 @@ class Ec2 < Kitchen::Driver::SSHBase end end + def self.iam_creds + @iam_creds ||= begin + fetch_credentials(use_iam_profile:true) + rescue + debug("fetch_credentials failed with exception #{e.message}:#{e.backtrace.join("\n")}") + {} + end + end + def create(state) return if state[:server_id] From c7485de33965d2e2f9142c91889be478feb49938 Mon Sep 17 00:00:00 2001 From: Igor Shpakov Date: Tue, 31 Mar 2015 17:23:04 +0100 Subject: [PATCH 10/10] fixing travis errors --- lib/kitchen/driver/ec2.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/kitchen/driver/ec2.rb b/lib/kitchen/driver/ec2.rb index e6fc5cbb..db2e9327 100644 --- a/lib/kitchen/driver/ec2.rb +++ b/lib/kitchen/driver/ec2.rb @@ -81,7 +81,7 @@ class Ec2 < Kitchen::Driver::SSHBase validations[d] = lambda do |attr, val, driver| unless val.nil? driver.warn "WARN: The config key `#{attr}` is deprecated," + - " please use `block_device_mappings`" + ' please use `block_device_mappings`' end end end @@ -100,11 +100,11 @@ class Ec2 < Kitchen::Driver::SSHBase def self.iam_creds @iam_creds ||= begin - fetch_credentials(use_iam_profile:true) - rescue - debug("fetch_credentials failed with exception #{e.message}:#{e.backtrace.join("\n")}") - {} - end + fetch_credentials(use_iam_profile:true) + rescue RuntimeError => e + debug("fetch_credentials failed with exception #{e.message}:#{e.backtrace.join("\n")}") + {} + end end def create(state)