Merge remote-tracking branch 'upstream/master' into criteo

* upstream/master:
  modernize winrm setup and fix for 2008r2
  Updated readme based on issue 300
  Correct the docs for image_id
  Fix 1 last chefstyle warning
  Require Ruby 2.2.2.
  Use chefstyle in Rake
  Remove rack constraint. Removes Ruby 2.1 support
  Move github_changelog_generator back to the gem spec
  Remove Rake constraint
  Switch to Chefstyle
  Test on Ruby 2.4.0
  Remove test-kitchen from the Gemfile as it’s in the spec
  Cut 1.3.2
  Don't try to set tags if there aren't any.
  Actually bumping version
  Release 1.3.1 hotfix
  reinstate default shared creds option
  Release 1.3.0
  In the client, only source creds from the shared file when necessary (test-kitchen#259)
  fixes test-kitchen#250 and provides the option to set ssl_peer_verify to false

.travis.yml

@@ -1,7 +1,11 @@
 language: ruby
 cache: bundler
 sudo: false
+branches:
+  only:
+  - master
 rvm:
   - 2.2.6
-  - 2.3.1
+  - 2.3.3
+  - 2.4.0
   - ruby-head

CHANGELOG.md

@@ -1,7 +1,42 @@
 # Change Log
 
-## [1.2.0](https://github.com/test-kitchen/kitchen-ec2/tree/1.2.0) (2016-09-12)
-[Full Changelog](https://github.com/test-kitchen/kitchen-ec2/compare/v1.1.0...1.2.0)
+## [v1.3.2](https://github.com/test-kitchen/kitchen-ec2/tree/v1.3.2) (2017-02-24)
+[Full Changelog](https://github.com/test-kitchen/kitchen-ec2/compare/v1.3.1...v1.3.2)
+
+**Improvements:**
+
+- Don't try to set tags if there aren't any. [\#298](https://github.com/test-kitchen/kitchen-ec2/pull/298) ([coderanger](https://github.com/coderanger))
+
+## [v1.3.1](https://github.com/test-kitchen/kitchen-ec2/tree/v1.3.1) (2017-02-16)
+[Full Changelog](https://github.com/test-kitchen/kitchen-ec2/compare/v1.3.0...v1.3.1)
+
+**Closed issues:**
+
+- Shared AWS credentials file being ignored. [\#295](https://github.com/test-kitchen/kitchen-ec2/issues/295)
+- Missing AMI generates Nil::NilClass error [\#284](https://github.com/test-kitchen/kitchen-ec2/issues/284)
+- `kitchen converge` failing - not prioritizing env vars over ~/.aws/credentials [\#258](https://github.com/test-kitchen/kitchen-ec2/issues/258)
+
+**Merged pull requests:**
+
+- reinstate default shared creds option [\#296](https://github.com/test-kitchen/kitchen-ec2/pull/296) ([davidcpell](https://github.com/davidcpell))
+
+## [v1.3.0](https://github.com/test-kitchen/kitchen-ec2/tree/v1.3.0) (2017-02-11)
+[Full Changelog](https://github.com/test-kitchen/kitchen-ec2/compare/v1.2.0...v1.3.0)
+
+**Implemented Enhancements:**
+
+- Support Windows 2016 [\#291](https://github.com/test-kitchen/kitchen-ec2/pull/291) ([gdavison](https://github.com/gdavison))
+- Add expiration to spot requests [\#285](https://github.com/test-kitchen/kitchen-ec2/pull/285) ([alanbrent](https://github.com/alanbrent))
+- Don't break if we're using a custom "platform" AMI [\#273](https://github.com/test-kitchen/kitchen-ec2/pull/273) ([hynd](https://github.com/hynd))
+- Propagate tags to volumes [\#260](https://github.com/test-kitchen/kitchen-ec2/pull/260) ([mrbobbytables](https://github.com/mrbobbytables))
+- In the client, only source creds from the shared file when necessary [\#259](https://github.com/test-kitchen/kitchen-ec2/pull/259) ([davidcpell](https://github.com/davidcpell))
+- Add notes for AMI image name requirements [\#252](https://github.com/test-kitchen/kitchen-ec2/pull/252) ([freimer](https://github.com/freimer))
+- Provide the option to set ssl\_peer\_verify to false [\#251](https://github.com/test-kitchen/kitchen-ec2/pull/251) ([mwrock](https://github.com/mwrock))
+- Adding support for tenancy parameter in placement config. [\#235](https://github.com/test-kitchen/kitchen-ec2/pull/235) ([jcastillocano](https://github.com/jcastillocano))
+- Lookup ID from tag [\#232](https://github.com/test-kitchen/kitchen-ec2/pull/232) ([dlukman](https://github.com/dlukman))
+
+## [v1.2.0](https://github.com/test-kitchen/kitchen-ec2/tree/v1.2.0) (2016-09-12)
+[Full Changelog](https://github.com/test-kitchen/kitchen-ec2/compare/v1.1.0...v1.2.0)
 
 **Fixed bugs:**
 

Gemfile

@@ -2,17 +2,13 @@ source "https://rubygems.org"
 
 # Specify your gem"s dependencies in kitchen-ec2.gemspec
 gemspec
-gem "test-kitchen"
+
 gem "winrm-transport"
 gem "winrm-fs"
 gem "activesupport", "~> 4.0"
 gem "faraday-http-cache", "~> 1.3"
 
 group :test do
-  gem "rake", "< 12"
+  gem "rake"
   gem "pry"
 end
-
-group :development do
-  gem "github_changelog_generator"
-end

README.md

@@ -30,7 +30,7 @@ Once
 that is done, create your kitchen file in your cookbook directory (or an empty
 directory if you just want to get a feel for it):
 
-1. `kitchen init -D ec2`
+1. `kitchen init -D kitchen-ec2`
 2. Edit `.kitchen.yml` and add the aws_ssh_key_id to driver and a transport with
    an ssh_key:
 
@@ -65,7 +65,8 @@ working with!
 ```yaml
 platforms:
   - name: centos-7
-    image_id: ami-96a818fe
+    driver:
+      image_id: ami-96a818fe
 ```
 
 image_id's have a format like ami-748e2903. The image_id values appear next to the image names when you select 'Launch Instance' from the AWS EC2 console. You can also see the list from the AWS CLI ````aws ec2 describe-images````.
@@ -350,6 +351,10 @@ The default is `ENV["HTTPS_PROXY"] || ENV["HTTP_PROXY"]`.  If you have these env
 
 **Note** - The AWS command line utility allow you to specify [two proxies](http://docs.aws.amazon.com/cli/latest/userguide/cli-http-proxy.html), one for HTTP and one for HTTPS.  The AWS Ruby SDK only allows you to specify 1 proxy and because all requests are `https://` this proxy needs to support HTTPS.
 
+### `ssl_verify_peer`
+
+If you need to turn off ssl certificate verification for HTTP calls made to AWS, set `ssl_verify_peer: false`.
+
 ### Disk Configuration
 
 #### <a name="config-block_device_mappings"></a> `block_device_mappings`

Rakefile

@@ -13,7 +13,7 @@ task :stats do
   sh "countloc -r spec features"
 end
 
-require "finstyle"
+require "chefstyle"
 require "rubocop/rake_task"
 RuboCop::RakeTask.new(:style) do |task|
   task.options << "--display-cop-names"

kitchen-ec2.gemspec

@@ -18,6 +18,8 @@ Gem::Specification.new do |gem|
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.require_paths = ["lib"]
 
+  gem.required_ruby_version = ">= 2.2.2"
+
   gem.add_dependency "test-kitchen", "~> 1.4", ">= 1.4.1"
   gem.add_dependency "excon"
   gem.add_dependency "multi_json"
@@ -30,16 +32,11 @@ Gem::Specification.new do |gem|
   gem.add_development_dependency "simplecov", "~> 0.7"
   gem.add_development_dependency "yard",      "~> 0.8"
 
-  # conflicts with finstyle 1.4.0
-  # gem.add_development_dependency "github_changelog_generator"
+  gem.add_development_dependency "github_changelog_generator"
 
   # style and complexity libraries are tightly version pinned as newer releases
   # may introduce new and undesireable style choices which would be immediately
   # enforced in CI
-  gem.add_development_dependency "finstyle",  "1.4.0"
+  gem.add_development_dependency "chefstyle", "= 0.5.0"
   gem.add_development_dependency "climate_control"
-
-  # github_changelog_generator -> github-api -> oauth2 -> rack
-  # rack being unconstrained breaks Ruby 2.1 installs
-  gem.add_development_dependency "rack", "~> 1.0"
 end

lib/kitchen/driver/aws/client.rb

@@ -39,40 +39,66 @@ def initialize( # rubocop:disable Metrics/ParameterLists
           secret_access_key = nil,
           session_token = nil,
           http_proxy = nil,
-          retry_limit = nil
+          retry_limit = nil,
+          ssl_verify_peer = true
         )
           creds = self.class.get_credentials(
-            profile_name, access_key_id, secret_access_key, session_token
+            profile_name, access_key_id, secret_access_key, session_token, region
           )
           ::Aws.config.update(
             :region => region,
             :credentials => creds,
-            :http_proxy => http_proxy
+            :http_proxy => http_proxy,
+            :ssl_verify_peer => ssl_verify_peer
           )
           ::Aws.config.update(:retry_limit => retry_limit) unless retry_limit.nil?
         end
 
         # Try and get the credentials from an ordered list of locations
         # http://docs.aws.amazon.com/sdkforruby/api/index.html#Configuration
         # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
-        def self.get_credentials(profile_name, access_key_id, secret_access_key, session_token)
-          shared_creds = ::Aws::SharedCredentials.new(:profile_name => profile_name)
-          if access_key_id && secret_access_key
-            ::Aws::Credentials.new(access_key_id, secret_access_key, session_token)
-          elsif ENV["AWS_ACCESS_KEY_ID"] && ENV["AWS_SECRET_ACCESS_KEY"]
-            ::Aws::Credentials.new(
-              ENV["AWS_ACCESS_KEY_ID"],
-              ENV["AWS_SECRET_ACCESS_KEY"],
-              ENV["AWS_SESSION_TOKEN"]
+        # rubocop:disable Metrics/ParameterLists, Metrics/MethodLength
+        def self.get_credentials(profile_name, access_key_id, secret_access_key, session_token,
+                                 region, options = {})
+          source_creds =
+            if access_key_id && secret_access_key
+              ::Aws::Credentials.new(access_key_id, secret_access_key, session_token)
+            elsif ENV["AWS_ACCESS_KEY_ID"] && ENV["AWS_SECRET_ACCESS_KEY"]
+              ::Aws::Credentials.new(
+                ENV["AWS_ACCESS_KEY_ID"],
+                ENV["AWS_SECRET_ACCESS_KEY"],
+                ENV["AWS_SESSION_TOKEN"]
+              )
+            elsif profile_name
+              ::Aws::SharedCredentials.new(:profile_name => profile_name)
+            elsif default_shared_credentials?
+              ::Aws::SharedCredentials.new
+            else
+              ::Aws::InstanceProfileCredentials.new(:retries => 1)
+            end
+
+          if options[:assume_role_arn] && options[:assume_role_session_name]
+            sts = ::Aws::STS::Client.new(:credentials => source_creds, :region => region)
+
+            assume_role_options = (options[:assume_role_options] || {}).merge(
+              :client => sts,
+              :role_arn => options[:assume_role_arn],
+              :role_session_name => options[:assume_role_session_name]
             )
-          elsif shared_creds.loadable?
-            shared_creds
+
+            ::Aws::AssumeRoleCredentials.new(assume_role_options)
           else
-            ::Aws::InstanceProfileCredentials.new(:retries => 1)
+            source_creds
           end
         end
         # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
 
+        def self.default_shared_credentials?
+          ::Aws::SharedCredentials.new.loadable?
+        rescue ::Aws::Errors::NoSuchProfileError
+          false
+        end
+
         def create_instance(options)
           begin
             resource.create_instances(options)[0]
@@ -91,7 +117,7 @@ def get_instance_from_spot_request(request_id)
           resource.instances(
             :filters => [{
               :name => "spot-instance-request-id",
-              :values => [request_id]
+              :values => [request_id],
             }]
           ).to_a[0]
         end

lib/kitchen/driver/aws/instance_generator.rb

@@ -49,13 +49,13 @@ def ec2_instance_data # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
                 :filters => [
                   {
                     :name   => "tag:#{config[:subnet_filter][:tag]}",
-                    :values => [config[:subnet_filter][:value]]
-                  }
+                    :values => [config[:subnet_filter][:value]],
+                  },
                 ]
               )[0][0].subnet_id
 
             if config[:subnet_id].nil?
-              fail "The subnet tagged '#{config[:subnet_filter][:tag]}\
+              raise "The subnet tagged '#{config[:subnet_filter][:tag]}\
               #{config[:subnet_filter][:value]}' does not exist!"
             end
           end
@@ -66,13 +66,13 @@ def ec2_instance_data # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
                 :filters => [
                   {
                     :name   => "tag:#{config[:security_group_filter][:tag]}",
-                    :values => [config[:security_group_filter][:value]]
-                  }
+                    :values => [config[:security_group_filter][:value]],
+                  },
                 ]
               )[0][0].group_id]
 
             if config[:security_group_ids].nil?
-              fail "The group tagged '#{config[:security_group_filter][:tag]}\
+              raise "The group tagged '#{config[:security_group_filter][:tag]}\
               #{config[:security_group_filter][:value]}' does not exist!"
             end
           end
@@ -83,7 +83,7 @@ def ec2_instance_data # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
             :image_id                     => config[:image_id],
             :key_name                     => config[:aws_ssh_key_id],
             :subnet_id                    => config[:subnet_id],
-            :private_ip_address           => config[:private_ip_address]
+            :private_ip_address           => config[:private_ip_address],
           }
 
           availability_zone = config[:availability_zone]
@@ -94,7 +94,7 @@ def ec2_instance_data # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
             i[:placement] = { :availability_zone => availability_zone.downcase }
           end
           tenancy = config[:tenancy]
-          if tenancy && %w[default dedicated].include?(tenancy)
+          if tenancy && %w{default dedicated}.include?(tenancy)
             if i.key?(:placement)
               i[:placement][:tenancy] = tenancy
             else
@@ -114,7 +114,7 @@ def ec2_instance_data # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
               [{
                 :device_index => 0,
                 :associate_public_ip_address => config[:associate_public_ip],
-                :delete_on_termination => true
+                :delete_on_termination => true,
               }]
             # If specifying `:network_interfaces` in the request, you must specify
             # network specific configs in the network_interfaces block and not at
@@ -137,7 +137,7 @@ def ec2_instance_data # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
             i[:placement] = { :availability_zone => availability_zone.downcase }
           end
           tenancy = config[:tenancy]
-          if tenancy && %w[default dedicated].include?(tenancy)
+          if tenancy && %w{default dedicated}.include?(tenancy)
             if i.key?(:placement)
               i[:placement][:tenancy] = tenancy
             else

lib/kitchen/driver/aws/standard_platform.rb

@@ -138,7 +138,7 @@ def self.from_image(driver, image)
         #
         # The list of supported architectures
         #
-        ARCHITECTURE = %w[x86_64 i386 i86pc sun4v powerpc]
+        ARCHITECTURE = %w{x86_64 i386 i86pc sun4v powerpc}
 
         protected
 
@@ -162,7 +162,7 @@ def sort_by_version(images)
           images.group_by do |image|
             platform = self.class.from_image(driver, image)
             platform ? platform.version : nil
-          end.sort_by { |k, _v| k ? k.to_f : nil }.reverse.map { |_k, v| v }.flatten(1)
+          end.sort_by { |k, _v| k ? k.to_f : nil }.reverse.flat_map { |_k, v| v }
         end
 
         # Not supported yet: aix mac_os_x nexus solaris

lib/kitchen/driver/aws/standard_platform/centos.rb

@@ -18,7 +18,7 @@ def username
           def image_search
             search = {
               "owner-alias" => "aws-marketplace",
-              "name" => ["CentOS Linux #{version}*", "CentOS-#{version}*-GA-*"]
+              "name" => ["CentOS Linux #{version}*", "CentOS-#{version}*-GA-*"],
             }
             search["architecture"] = architecture if architecture
             search
@@ -30,7 +30,7 @@ def sort_by_version(images)
             # ...
             images.group_by { |image| self.class.from_image(driver, image).version }.
               sort_by { |k, _v| (k && k.include?(".") ? k.to_f : "#{k}.999".to_f) }.
-              reverse.map { |_k, v| v }.flatten(1)
+              reverse.flat_map { |_k, v| v }
           end
 
           def self.from_image(driver, image)

lib/kitchen/driver/aws/standard_platform/debian.rb

@@ -11,7 +11,7 @@ class Debian < StandardPlatform
           DEBIAN_CODENAMES = {
             "8" => "jessie",
             "7" => "wheezy",
-            "6" => "squeeze"
+            "6" => "squeeze",
           }
 
           def username
@@ -25,7 +25,7 @@ def codename
           def image_search
             search = {
               "owner-id" => "379101102735",
-              "name" => "debian-#{codename}-*"
+              "name" => "debian-#{codename}-*",
             }
             search["architecture"] = architecture if architecture
             search

lib/kitchen/driver/aws/standard_platform/fedora.rb

@@ -15,7 +15,7 @@ def username
           def image_search
             search = {
               "owner-id" => "125523088429",
-              "name" => version ? "Fedora-Cloud-Base-#{version}-*" : "Fedora-Cloud-Base-*"
+              "name" => version ? "Fedora-Cloud-Base-#{version}-*" : "Fedora-Cloud-Base-*",
             }
             search["architecture"] = architecture if architecture
             search

lib/kitchen/driver/aws/standard_platform/freebsd.rb

@@ -18,7 +18,7 @@ def sudo_command
           def image_search
             search = {
               "owner-id" => "118940168514",
-              "name" => ["FreeBSD #{version}*-RELEASE*", "FreeBSD/EC2 #{version}*-RELEASE*"]
+              "name" => ["FreeBSD #{version}*-RELEASE*", "FreeBSD/EC2 #{version}*-RELEASE*"],
             }
             search["architecture"] = architecture if architecture
             search