Add aws_eks_cluster resource (#3582)

* add aws_eks_cluster

Signed-off-by: Timothy van Zadelhoff
timothy.inspec@theothersolution.nl

* disable ABC check on fetch_from_api

Signed-off-by: Timothy van Zadelhoff <timothy.inspec@theothersolution.nl>

* add status predicates

* Change docs for status attribute

Signed-off-by: Timothy van Zadelhoff <timothy.inspec@theothersolution.nl>

*     Add integration tests

    Signed-off-by: Timothy van Zadelhoff <timothy.inspec@theothersolution.nl>

* Adjust EKS build code to almost work

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* EKS only uses private subnets - integration tests pass

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Correct AWS Exception class for resource search miss in unit test

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Update unit test to reflect AWS resource-standard miss behavior, returning nil for most properties

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

docs/resources/aws_eks_cluster.md.erb

@@ -0,0 +1,190 @@
+## Resource Parameters
+
+An `aws_eks_cluster` resource block declares the tests for a single EKS Cluster by Cluster name.
+
+    describe aws_eks_cluster('my-eks') do
+      it { should exist }
+    end
+
+    describe aws_eks_cluster(cluster_name: 'my-eks') do
+      its('status') { should eq 'ACTIVE' }
+    end
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test that an EKS Cluster does not exist
+
+    describe aws_eks_cluster('bad-eks') do
+      it { should_not exist }
+    end
+
+### Test that an EKS Cluster has at least 2 subnets
+
+    describe aws_eks_cluster('my-cluster') do
+      its('subnets_count') { should be > 1 }
+    end
+
+<br>
+
+## Properties
+
+### version
+
+Returns a string identifying the version of the EKS Cluster.
+
+    # Verify the version is 1.5
+    describe aws_eks_cluster('my-cluster') do
+      its('version') { should cmp '1.5' }
+    end
+
+### arn
+
+Returns the ARN of the cluster.  This is the Amazon resource name.
+
+    # Verify the arn is what we expect it to be
+    describe aws_eks_cluster('my-cluster') do
+      its('arn') { should eq 'arn:aws:eks:ab-region-1:012345678910:cluster/kangaroo' }
+    end
+
+### name
+
+The name of the EKS cluster within AWS. The EKS name is unique within the region.
+
+    # Ensure that the EKS's name is what we said it was
+    describe aws_eks_cluster('my-cluster') do
+      its('name') { should match /my-cluster/ }
+    end
+
+### status
+
+Returns a string containing the current status of the cluster, possible values are: CREATING,ACTIVE,DELETING,FAILED.
+
+    # ensure the cluster is available or being created
+    describe aws_eks_cluster('my-cluster') do
+      its('status') { should be_in %w(ACTIVE CREATING) }
+    end
+
+Status can also be called with predicates.
+
+    # ensure the cluster is available
+    describe aws_eks_cluster('my-cluster') do
+      it { should be_active }
+    end
+
+    # ensure the cluster is being removed
+    describe aws_eks_cluster('my-cluster') do
+      it { should be_deleting }
+    end
+
+### endpoint
+
+Returns a string with the K8s API server endpoint. The endpoint is used by kubectl to control the cluster.
+
+    # Ensure that the endpoint is what we expect it to be
+    describe aws_eks_cluster('my-cluster') do
+      its('endpoint') { should eq 'https://A0DCCD80A04F01705DD065655C30CC3D.yl4.aq-south-2.eks.amazonaws.com' }
+    end
+
+### security\_group\_ids
+
+Returns an array of strings reflecting the security group IDs (firewall rule sets) assigned to the EKS Cluster VPC.
+
+    # Ensure that a specific SG ID is assigned
+    describe aws_eks_cluster('my-cluster') do
+      its('security_group_ids') { should include 'sg-12345678' }
+    end
+
+### subnet\_ids
+
+Returns an array of strings reflecting the subnet IDs on which the EKS Cluster VPC is located.
+
+    # Ensure that the EKS VPC is on a specific subnet
+    describe aws_eks_cluster('my-cluster') do
+      its('subnet_ids') { should include 'subnet-12345678' }
+    end
+
+### vpc\_id
+
+Returns a String reflecting the ID of the VPC in which the EKS Cluster is located.
+
+    # Ensure that the EKS Cluster is on a specific VPC
+    describe aws_eks_cluster('my-cluster') do
+      its('vpc_id') { should cmp 'vpc-12345678' }
+    end
+
+### role\_arn
+
+Returns a String reflecting the Amazon resource name of the Amazon EKS Service IAM role the cluster is using.
+
+    # Ensure that the EKS Cluster is using a specific IAM role
+    describe aws_eks_cluster('my-cluster') do
+      its('role_arn') { should cmp 'rn:aws:iam::012345678910:role/eks-service-role-AWSServiceRoleForAmazonEKS-J7ONKE3BQ4PI' }
+    end
+
+### certificate\_authority
+
+Returns a String reflecting the certificate authority data used by kubectl to identify to the cluster.
+
+    # Ensure that the EKS Cluster is using specific certificate authority data
+    describe aws_eks_cluster('my-cluster') do
+      its('certificate_authority') { should cmp 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNE1EVXpNVEl6TVRFek1Wb1hEVEk0TURVeU9ESXpNVEV6TVZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTZWCjVUaG4rdFcySm9Xa2hQMzRlVUZMNitaRXJOZGIvWVdrTmtDdWNGS2RaaXl2TjlMVmdvUmV2MjlFVFZlN1ZGbSsKUTJ3ZURyRXJiQyt0dVlibkFuN1ZLYmE3ay9hb1BHekZMdmVnb0t6b0M1N2NUdGVwZzRIazRlK2tIWHNaME10MApyb3NzcjhFM1ROeExETnNJTThGL1cwdjhsTGNCbWRPcjQyV2VuTjFHZXJnaDNSZ2wzR3JIazBnNTU0SjFWenJZCm9hTi8zODFUczlOTFF2QTBXb0xIcjBFRlZpTFdSZEoyZ3lXaC9ybDVyOFNDOHZaQXg1YW1BU0hVd01aTFpWRC8KTDBpOW4wRVM0MkpVdzQyQmxHOEdpd3NhTkJWV3lUTHZKclNhRXlDSHFtVVZaUTFDZkFXUjl0L3JleVVOVXM3TApWV1FqM3BFbk9RMitMSWJrc0RzQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFNZ3RsQ1dIQ2U2YzVHMXl2YlFTS0Q4K2hUalkKSm1NSG56L2EvRGt0WG9YUjFVQzIrZUgzT1BZWmVjRVZZZHVaSlZCckNNQ2VWR0ZkeWdBYlNLc1FxWDg0S2RXbAp1MU5QaERDSmEyRHliN2pVMUV6VThTQjFGZUZ5ZFE3a0hNS1E1blpBRVFQOTY4S01hSGUrSm0yQ2x1UFJWbEJVCjF4WlhTS1gzTVZ0K1Q0SU1EV2d6c3JRSjVuQkRjdEtLcUZtM3pKdVVubHo5ZEpVckdscEltMjVJWXJDckxYUFgKWkUwRUtRNWEzMHhkVWNrTHRGQkQrOEtBdFdqSS9yZUZPNzM1YnBMdVoyOTBaNm42QlF3elRrS0p4cnhVc3QvOAppNGsxcnlsaUdWMm5SSjBUYjNORkczNHgrYWdzYTRoSTFPbU90TFM0TmgvRXJxT3lIUXNDc2hEQUtKUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=',
+' }
+    end
+
+### subnets\_count
+
+Returns the number of subnets associated with the Cluster VPC.
+
+    # Test that an EKS Cluster has 2 subnets
+    describe aws_eks_cluster('my-cluster') do
+      its('subnets_count') { should eq 2 }
+    end
+
+
+### created_at
+
+Returns a Time object for the time the cluster was created at.
+
+    # Test that an EKS Cluster was created after a certain date
+    describe aws_eks_cluster('my-cluster') do
+      its('created_at') { should be > Time.new(2011) }
+    end
+
+### security\_groups\_count
+
+Returns the number of security groups associated with the Cluster VPC.
+
+    # Test that an EKS Cluster has 2 security groups
+    describe aws_eks_cluster('my-cluster') do
+      its('security_groups_count') { should eq 2 }
+    end
+
+### integration with other resources
+
+Using the resource together with other AWS resources.
+
+    # find the default security group for our VPC
+    my_vpc_id = aws_eks_cluster('my-cluster').vpc_id
+    default_security_group = aws_security_group(group_name: 'default', vpc_id: my_vpc_id)
+
+    # make sure we are not using the default security group
+    describe aws_eks_cluster('my-cluster') do
+      its('security_group_ids') { should_not include default_security_group.group_id }
+    end
+
+<br>
+
+## Matchers
+
+This InSpec audit resource has no special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+
+## AWS Permissions
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `eks:DescribeCluster` action set to Allow.
+
+You can find detailed documentation at [Amazon EKS IAM Policies, Roles, and Permissions](https://docs.aws.amazon.com/eks/latest/userguide/IAM_policies.html)
+The documentation for EKS actions is at [Policy Structure](https://docs.aws.amazon.com/eks/latest/userguide/iam-policy-structure.html#UsingWithEKS_Actions)

lib/resource_support/aws.rb

@@ -24,6 +24,7 @@ require 'resources/aws/aws_ebs_volumes'
 require 'resources/aws/aws_flow_log'
 require 'resources/aws/aws_ec2_instances'
 require 'resources/aws/aws_ecs_cluster'
+require 'resources/aws/aws_eks_cluster'
 require 'resources/aws/aws_elb'
 require 'resources/aws/aws_elbs'
 require 'resources/aws/aws_iam_access_key'

lib/resources/aws/aws_eks_cluster.rb

@@ -0,0 +1,101 @@
+class AwsEksCluster < Inspec.resource(1)
+  name 'aws_eks_cluster'
+  desc 'Verifies settings for an EKS cluster'
+
+  example <<-EOX
+    describe aws_eks_cluster('default') do
+      it { should exist }
+    end
+EOX
+  supports platform: 'aws'
+
+  include AwsSingularResourceMixin
+  attr_reader :version, :arn, :cluster_name, :certificate_authority, :name,
+              :status, :endpoint, :subnets_count, :subnet_ids, :security_group_ids,
+              :created_at, :role_arn, :vpc_id, :security_groups_count, :creating,
+              :active, :failed, :deleting
+  # Use aliases for matchers
+  alias active? active
+  alias failed? failed
+  alias creating? creating
+  alias deleting? deleting
+
+  def to_s
+    "AWS EKS cluster #{cluster_name}"
+  end
+
+  private
+
+  def validate_params(raw_params)
+    validated_params = check_resource_param_names(
+      raw_params: raw_params,
+      allowed_params: [:cluster_name],
+      allowed_scalar_name: :cluster_name,
+      allowed_scalar_type: String,
+    )
+
+    if validated_params.empty?
+      raise ArgumentError, 'You must provide a cluster_name to aws_eks_cluster.'
+    end
+
+    validated_params
+  end
+
+  def fetch_from_api # rubocop:disable Metrics/AbcSize
+    backend = BackendFactory.create(inspec_runner)
+    begin
+      params = { name: cluster_name }
+      resp = backend.describe_cluster(params)
+    rescue Aws::EKS::Errors::ResourceNotFoundException
+      @exists = false
+      populate_as_missing
+      return
+    end
+    @exists = true
+    cluster = resp.to_h[:cluster]
+    @version = cluster[:version]
+    @name = cluster[:name]
+    @arn = cluster[:arn]
+    @certificate_authority = cluster[:certificate_authority][:data]
+    @created_at = cluster[:created_at]
+    @endpoint = cluster[:endpoint]
+    @security_group_ids = cluster[:resources_vpc_config][:security_group_ids]
+    @subnet_ids = cluster[:resources_vpc_config][:subnet_ids]
+    @subnets_count = cluster[:resources_vpc_config][:subnet_ids].length
+    @security_groups_count = cluster[:resources_vpc_config][:security_group_ids].length
+    @vpc_id = cluster[:resources_vpc_config][:vpc_id]
+    @role_arn = cluster[:role_arn]
+    @status = cluster[:status]
+    @active = cluster[:status] == 'ACTIVE'
+    @failed = cluster[:status] == 'FAILED'
+    @creating = cluster[:status] == 'CREATING'
+    @deleting = cluster[:status] == 'DELETING'
+  end
+
+  def populate_as_missing
+    @version = nil
+    @name = cluster_name # name is an alias for cluster_name, and it is retained on a miss
+    @arn = nil
+    @certificate_authority = nil
+    @created_at = nil
+    @endpoint = nil
+    @security_group_ids = []
+    @subnet_ids = []
+    @subnets_count = nil
+    @security_groups_count = nil
+    @vpc_id = nil
+    @role_arn = nil
+    @status = nil
+  end
+
+  class Backend
+    class AwsClientApi < AwsBackendBase
+      BackendFactory.set_default_backend(self)
+      self.aws_client_class = Aws::EKS::Client
+
+      def describe_cluster(query = {})
+        aws_service_client.describe_cluster(query)
+      end
+    end
+  end
+end

test/integration/aws/default/build/aws.tf

@@ -3,7 +3,8 @@ terraform {
 }
 
 provider "aws" {
-  version = "= 1.13.0"
+  # was 1.13.0
+  version = "= 1.42.0"
 }
 
 data "aws_caller_identity" "creds" {}
@@ -17,3 +18,5 @@ data "aws_region" "current" {}
 output "aws_region" {
   value = "${data.aws_region.current.name}"
 }
+
+data "aws_availability_zones" "available" {}

test/integration/aws/default/build/ec2.tf

@@ -18,6 +18,7 @@ resource "aws_instance" "alpha" {
     Name      = "${terraform.env}.alpha"
     X-Project = "inspec"
   }
+  depends_on  = [ "aws_subnet.subnet_01" ]
 }
 
 resource "aws_instance" "beta" {
@@ -29,6 +30,7 @@ resource "aws_instance" "beta" {
     Name      = "${terraform.env}.beta"
     X-Project = "inspec"
   }
+  depends_on  = [ "aws_subnet.subnet_01" ]
 }
 
 #----------------------- Recall -----------------------#

test/integration/aws/default/build/eks.tf

@@ -0,0 +1,173 @@
+# Contains resources and outputs related to testing the aws_eks_cluster resources.
+
+#======================================================#
+#                    EKS variables
+#======================================================#
+variable "eks_map_accounts" {
+  description = "Additional AWS account numbers to add to the aws-auth configmap."
+  type        = "list"
+
+  default = [
+    "777777777777",
+    "888888888888",
+  ]
+}
+
+variable "eks_map_roles" {
+  description = "Additional IAM roles to add to the aws-auth configmap."
+  type        = "list"
+
+  default = [
+    {
+      role_arn = "arn:aws:iam::66666666666:role/role1"
+      username = "role1"
+      group    = "system:masters"
+    },
+  ]
+}
+
+variable "eks_map_users" {
+  description = "Additional IAM users to add to the aws-auth configmap."
+  type        = "list"
+
+  default = [
+    {
+      user_arn = "arn:aws:iam::66666666666:user/user1"
+      username = "user1"
+      group    = "system:masters"
+    },
+    {
+      user_arn = "arn:aws:iam::66666666666:user/user2"
+      username = "user2"
+      group    = "system:masters"
+    },
+  ]
+}
+
+#======================================================#
+#                    EKS Cluster
+#======================================================#
+
+locals {
+  cluster_name = "test-eks-inspec-${terraform.env}"
+
+  worker_groups = [
+    {
+      instance_type                 = "t2.small"
+      additional_userdata           = "echo foo bar"
+      subnets                       = "${join(",", module.eks_vpc.private_subnets)}"
+      additional_security_group_ids = "${aws_security_group.eks_worker_group_mgmt_one.id},${aws_security_group.eks_worker_group_mgmt_two.id}"
+    },
+  ]
+  tags = {
+    Environment = "test-eks-${terraform.env}"
+  }
+}
+
+resource "aws_security_group" "eks_worker_group_mgmt_one" {
+  name_prefix = "eks_worker_group_mgmt_one-${terraform.env}"
+  description = "SG to be applied to all *nix machines"
+  vpc_id      = "${module.eks_vpc.vpc_id}"
+
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+
+    cidr_blocks = [
+      "10.0.0.0/8",
+    ]
+  }
+}
+
+resource "aws_security_group" "eks_worker_group_mgmt_two" {
+  name_prefix = "eks_worker_group_mgmt_two-${terraform.env}"
+  vpc_id      = "${module.eks_vpc.vpc_id}"
+
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+
+    cidr_blocks = [
+      "192.168.0.0/16",
+    ]
+  }
+}
+
+resource "aws_security_group" "eks_all_worker_mgmt" {
+  name_prefix = "eks_all_worker_management-${terraform.env}"
+  vpc_id      = "${module.eks_vpc.vpc_id}"
+
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+
+    cidr_blocks = [
+      "10.0.0.0/8",
+      "172.16.0.0/12",
+      "192.168.0.0/16",
+    ]
+  }
+}
+
+module "eks_vpc" {
+  source             = "terraform-aws-modules/vpc/aws"
+  version            = "1.14.0"
+  name               = "eks-test-vpc"
+  cidr               = "10.0.0.0/16"
+  azs                = ["${data.aws_availability_zones.available.names[0]}", "${data.aws_availability_zones.available.names[1]}", "${data.aws_availability_zones.available.names[2]}"]
+  private_subnets    = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  public_subnets     = []
+  enable_nat_gateway = false
+  tags               = "${merge(local.tags, map("kubernetes.io/cluster/${local.cluster_name}", "shared"))}"
+}
+
+output "eks_vpc_id" {
+  value = "${module.eks_vpc.vpc_id}"
+}
+
+output "eks_vpc_subnets" {
+  value = "${module.eks_vpc.private_subnets}"
+}
+
+module "eks" {
+  source                               = "terraform-aws-modules/eks/aws"
+  version                              = "1.6.0"
+  cluster_name                         = "${local.cluster_name}"
+  subnets                              = ["${module.eks_vpc.private_subnets}"]
+  tags                                 = "${local.tags}"
+  vpc_id                               = "${module.eks_vpc.vpc_id}"
+  worker_groups                        = "${local.worker_groups}"
+  worker_group_count                   = "1"
+  worker_additional_security_group_ids = ["${aws_security_group.eks_all_worker_mgmt.id}"]
+  map_roles                            = "${var.eks_map_roles}"
+  map_users                            = "${var.eks_map_users}"
+  map_accounts                         = "${var.eks_map_accounts}"
+  manage_aws_auth                      = false
+}
+
+output "eks_cluster_id" {
+  value = "${module.eks.cluster_id}"
+}
+
+output "eks_cluster_name" {
+  value = "${module.eks.cluster_id}"
+}
+
+output "eks_cluster_security_group_id" {
+  value = "${module.eks.cluster_security_group_id}"
+}
+
+output "eks_worker_security_group_id" {
+  value = "${module.eks.worker_security_group_id}"
+}
+
+output "eks_cluster_endpoint" {
+  value = "${module.eks.cluster_endpoint}"
+}
+
+output "eks_cluster_certificate" {
+  value = "${module.eks.cluster_certificate_authority_data}"
+}

test/integration/aws/default/build/rds.tf

@@ -17,6 +17,7 @@ resource "aws_db_instance" "default" {
   password             = "testpassword"
   parameter_group_name = "default.mysql5.6"
   skip_final_snapshot  = true
+  depends_on  = [ "aws_subnet.subnet_01" ]
 }
 
 output "rds_db_instance_id" {

test/integration/aws/default/verify/controls/aws_eks_cluster.rb

@@ -0,0 +1,45 @@
+fixtures = {}
+[
+  'eks_cluster_id',
+  'eks_cluster_name',
+  'eks_cluster_security_group_id',
+  'eks_vpc_subnets',
+].each do |fixture_name|
+  fixtures[fixture_name] = attribute(
+    fixture_name,
+    default: "default.#{fixture_name}",
+    description: 'See ../build/eks.tf',
+  )
+end
+
+control "aws_eks_cluster recall" do
+
+  describe aws_eks_cluster(fixtures['eks_cluster_id']) do
+    it { should exist }
+  end
+
+  describe aws_eks_cluster('i-dont-exist') do
+    it { should_not exist }
+  end
+
+end
+
+control "aws_eks_cluster properties" do
+  describe aws_eks_cluster(fixtures['eks_cluster_id']) do
+    its('name') { should eq fixtures['eks_cluster_name'] }
+    its('status') { should be_in %w(ACTIVE CREATING) }
+    its('subnets_count') { should eq 3 }
+    its('security_groups_count') { should eq 1 }
+
+    fixtures['eks_vpc_subnets'].each do |subnet|
+      its('subnet_ids') { should include (subnet) }
+    end
+  end
+end
+
+control "aws_eks_cluster matchers" do
+  describe aws_eks_cluster(fixtures['eks_cluster_id']) do
+    it { should exist }
+    it { should be_active }
+  end
+end

test/unit/resources/aws_eks_cluster_test.rb

@@ -0,0 +1,264 @@
+require 'helper'
+
+# MAEKSB = MockAwsEksClusterSingularBackend
+# Abbreviation not used outside this file
+
+#=============================================================================#
+#                            Constructor Tests
+#=============================================================================#
+class AwsEksClusterConstructorTest < Minitest::Test
+
+  def setup
+    AwsEksCluster::BackendFactory.select(MAEKSB::Empty)
+  end
+
+  def test_empty_params_rejected
+    assert_raises(ArgumentError) { AwsEksCluster.new }
+  end
+
+  def test_string_accepted
+    AwsEksCluster.new 'kangaroo'
+  end
+
+  def test_hash_accepted
+    AwsEksCluster.new cluster_name: 'polar_bear'
+  end
+
+  def test_rejects_unrecognized_params
+    assert_raises(ArgumentError) { AwsEksCluster.new(shoe_size: 9) }
+  end
+end
+
+
+#=============================================================================#
+#                            Search / Recall
+#=============================================================================#
+class AwsEksClusterFilterCriteriaTest < Minitest::Test
+
+  def setup
+    AwsEksCluster::BackendFactory.select(MAEKSB::Basic)
+  end
+
+  def test_search_miss
+    refute AwsEksCluster.new('nonesuch').exists?
+  end
+
+  def test_recall_when_provided_a_string
+    cluster = AwsEksCluster.new 'kangaroo'
+    assert cluster.exists?
+    assert_equal('kangaroo', cluster.cluster_name)
+  end
+
+  def test_recall_when_provided_a_hash
+    cluster = AwsEksCluster.new cluster_name: 'kang-the-alien'
+    assert cluster.exists?
+    assert_equal('kang-the-alien', cluster.name)
+  end
+
+end
+
+#=============================================================================#
+#                            Properties
+#=============================================================================#
+class AwsEksClusterProperties < Minitest::Test
+
+  def setup
+    AwsEksCluster::BackendFactory.select(MAEKSB::Basic)
+    @roo = AwsEksCluster.new('kangaroo')
+    @kang = AwsEksCluster.new('kang-the-alien')
+    @kodos = AwsEksCluster.new('kodos-the-alien')
+    @gamma = AwsEksCluster.new('gamma')
+    @miss = AwsEksCluster.new('nonesuch')
+  end
+
+  def test_property_with_cluster_arn
+    assert_equal('arn:aws:eks:ab-region-1:012345678910:cluster/kangaroo', @roo.arn)
+    assert_equal('arn:aws:eks:ab-region-1:019876543210:cluster/kang-the-alien', @kang.arn)
+    assert_equal('arn:aws:eks:ab-region-1:013836573410:cluster/gamma', @gamma.arn)
+    assert_nil(@miss.arn)
+  end
+
+  def test_property_with_name
+    assert_equal('kangaroo', @roo.name)
+    assert_equal('kang-the-alien', @kang.name)
+    assert_equal('gamma', @gamma.name)
+    assert_equal('nonesuch', @miss.name) # Even misses retain their identifier
+  end
+
+  def test_property_with_status
+    assert_equal('ACTIVE', @roo.status)
+    assert_equal('CREATING', @kang.status)
+    assert_equal('DELETING', @gamma.status)
+    assert_equal('FAILED', @kodos.status)
+    assert_nil(@miss.status)
+  end
+
+  def test_property_with_status_predicate
+    assert(@roo.active?)
+    refute(@kang.active?)
+    assert(@kang.creating?)
+    assert(@gamma.deleting?)
+    assert(@kodos.failed?)
+    assert_nil(@miss.active?)
+  end
+
+  def test_property_with_subnets_count
+    assert_equal(4, @roo.subnets_count)
+    assert_equal(2, @kang.subnets_count)
+    assert_equal(0, @gamma.subnets_count)
+    assert_nil(@miss.subnets_count)
+  end
+
+  def test_property_with_security_groups_count
+    assert_equal(0, @roo.security_groups_count)
+    assert_equal(1, @kang.security_groups_count)
+    assert_equal(2, @gamma.security_groups_count)
+    assert_nil(@miss.security_groups_count)
+  end
+
+  def test_property_with_subnet_ids
+    assert_includes(@roo.subnet_ids, 'subnet-e7e741bc')
+    assert_includes(@kang.subnet_ids, 'subnet-1234e12a')
+    refute_includes(@gamma.subnet_ids, nil)
+    assert_kind_of(Array, @miss.subnet_ids)
+    assert_empty(@miss.subnet_ids)
+  end
+
+  def test_property_with_security_group_ids
+    refute_includes(@roo.security_group_ids, nil)
+    assert_includes(@kang.security_group_ids, 'sg-6979fe18')
+    assert_includes(@gamma.security_group_ids, 'sg-6975fe18')
+    assert_kind_of(Array, @miss.security_group_ids)
+    assert_empty(@miss.security_group_ids)
+  end
+
+  def test_property_with_version
+    assert_includes(@roo.version,'1.0')
+    assert_includes(@kang.version, '1.3')
+    assert_includes(@gamma.version, '2.3')
+    assert_nil(@miss.version)
+  end
+
+  def test_property_with_created_at
+    assert_operator(@roo.created_at, :>, Time.at(1527807878))
+    assert_operator(@kang.created_at, :<, Time.at(1527807979))
+    assert_operator(@kang.created_at, :<, @gamma.created_at)
+    refute_operator(@kang.created_at, :>, @gamma.created_at)
+    assert_equal(@gamma.created_at, Time.at(9999999999))
+    assert_nil(@miss.created_at)
+  end
+
+  def test_property_with_role_arn
+    assert_equal(@roo.role_arn, 'arn:aws:iam::012345678910:role/eks-service-role-AWSServiceRoleForAmazonEKS-J7ONKE3BQ4PI')
+    assert_nil(@miss.role_arn)
+  end
+
+  def test_property_with_certificate_authority
+    assert_equal(@roo.certificate_authority, 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNE1EVXpNVEl6TVRFek1Wb1hEVEk0TURVeU9ESXpNVEV6TVZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTZWCjVUaG4rdFcySm9Xa2hQMzRlVUZMNitaRXJOZGIvWVdrTmtDdWNGS2RaaXl2TjlMVmdvUmV2MjlFVFZlN1ZGbSsKUTJ3ZURyRXJiQyt0dVlibkFuN1ZLYmE3ay9hb1BHekZMdmVnb0t6b0M1N2NUdGVwZzRIazRlK2tIWHNaME10MApyb3NzcjhFM1ROeExETnNJTThGL1cwdjhsTGNCbWRPcjQyV2VuTjFHZXJnaDNSZ2wzR3JIazBnNTU0SjFWenJZCm9hTi8zODFUczlOTFF2QTBXb0xIcjBFRlZpTFdSZEoyZ3lXaC9ybDVyOFNDOHZaQXg1YW1BU0hVd01aTFpWRC8KTDBpOW4wRVM0MkpVdzQyQmxHOEdpd3NhTkJWV3lUTHZKclNhRXlDSHFtVVZaUTFDZkFXUjl0L3JleVVOVXM3TApWV1FqM3BFbk9RMitMSWJrc0RzQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFNZ3RsQ1dIQ2U2YzVHMXl2YlFTS0Q4K2hUalkKSm1NSG56L2EvRGt0WG9YUjFVQzIrZUgzT1BZWmVjRVZZZHVaSlZCckNNQ2VWR0ZkeWdBYlNLc1FxWDg0S2RXbAp1MU5QaERDSmEyRHliN2pVMUV6VThTQjFGZUZ5ZFE3a0hNS1E1blpBRVFQOTY4S01hSGUrSm0yQ2x1UFJWbEJVCjF4WlhTS1gzTVZ0K1Q0SU1EV2d6c3JRSjVuQkRjdEtLcUZtM3pKdVVubHo5ZEpVckdscEltMjVJWXJDckxYUFgKWkUwRUtRNWEzMHhkVWNrTHRGQkQrOEtBdFdqSS9yZUZPNzM1YnBMdVoyOTBaNm42QlF3elRrS0p4cnhVc3QvOAppNGsxcnlsaUdWMm5SSjBUYjNORkczNHgrYWdzYTRoSTFPbU90TFM0TmgvRXJxT3lIUXNDc2hEQUtKUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=',
+                 )
+    assert_nil(@miss.certificate_authority)
+  end
+
+  def test_property_with_vpc_id
+    assert_equal(@roo.vpc_id,'vpc-166723ec')
+    assert_equal(@kang.vpc_id, 'vpc-266723ec')
+    assert_equal(@gamma.vpc_id, 'vpc-366723ec')
+    assert_nil(@miss.vpc_id)
+  end
+
+end
+#=============================================================================#
+#                               Test Fixtures
+#=============================================================================#
+module MAEKSB
+  class Empty < AwsBackendBase
+    def describe_cluster(query = {})
+      raise Aws::EKS::Errors::ResourceNotFoundException.new(nil, nil)
+    end
+  end
+
+  class Basic < AwsBackendBase
+    def describe_cluster(query = {})
+      fixtures = [
+          OpenStruct.new({
+              version: '1.0',
+              name: 'kangaroo',
+              arn: 'arn:aws:eks:ab-region-1:012345678910:cluster/kangaroo',
+              certificate_authority: OpenStruct.new({
+                  data: 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNE1EVXpNVEl6TVRFek1Wb1hEVEk0TURVeU9ESXpNVEV6TVZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTZWCjVUaG4rdFcySm9Xa2hQMzRlVUZMNitaRXJOZGIvWVdrTmtDdWNGS2RaaXl2TjlMVmdvUmV2MjlFVFZlN1ZGbSsKUTJ3ZURyRXJiQyt0dVlibkFuN1ZLYmE3ay9hb1BHekZMdmVnb0t6b0M1N2NUdGVwZzRIazRlK2tIWHNaME10MApyb3NzcjhFM1ROeExETnNJTThGL1cwdjhsTGNCbWRPcjQyV2VuTjFHZXJnaDNSZ2wzR3JIazBnNTU0SjFWenJZCm9hTi8zODFUczlOTFF2QTBXb0xIcjBFRlZpTFdSZEoyZ3lXaC9ybDVyOFNDOHZaQXg1YW1BU0hVd01aTFpWRC8KTDBpOW4wRVM0MkpVdzQyQmxHOEdpd3NhTkJWV3lUTHZKclNhRXlDSHFtVVZaUTFDZkFXUjl0L3JleVVOVXM3TApWV1FqM3BFbk9RMitMSWJrc0RzQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFNZ3RsQ1dIQ2U2YzVHMXl2YlFTS0Q4K2hUalkKSm1NSG56L2EvRGt0WG9YUjFVQzIrZUgzT1BZWmVjRVZZZHVaSlZCckNNQ2VWR0ZkeWdBYlNLc1FxWDg0S2RXbAp1MU5QaERDSmEyRHliN2pVMUV6VThTQjFGZUZ5ZFE3a0hNS1E1blpBRVFQOTY4S01hSGUrSm0yQ2x1UFJWbEJVCjF4WlhTS1gzTVZ0K1Q0SU1EV2d6c3JRSjVuQkRjdEtLcUZtM3pKdVVubHo5ZEpVckdscEltMjVJWXJDckxYUFgKWkUwRUtRNWEzMHhkVWNrTHRGQkQrOEtBdFdqSS9yZUZPNzM1YnBMdVoyOTBaNm42QlF3elRrS0p4cnhVc3QvOAppNGsxcnlsaUdWMm5SSjBUYjNORkczNHgrYWdzYTRoSTFPbU90TFM0TmgvRXJxT3lIUXNDc2hEQUtKUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=',
+                                                    }),
+              created_at: Time.at(1527807879),
+              endpoint: 'https://A0DCCD80A04F01705DD065655C30CC3D.yl4.aq-south-2.eks.amazonaws.com',
+              resources_vpc_config: OpenStruct.new({
+                security_group_ids: [],
+                subnet_ids: %w[subnet-1234e12a subnet-e7e741bc subnet-e7a763ac subnet-e7b781cc],
+                vpc_id: 'vpc-166723ec',
+                }),
+              role_arn: 'arn:aws:iam::012345678910:role/eks-service-role-AWSServiceRoleForAmazonEKS-J7ONKE3BQ4PI',
+              status: 'ACTIVE',
+          }),
+      OpenStruct.new({
+                         version: '1.3',
+                         name: 'kang-the-alien',
+                         arn: 'arn:aws:eks:ab-region-1:019876543210:cluster/kang-the-alien',
+                         certificate_authority: OpenStruct.new({
+                                                                   data: 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNE1EVXpNVEl6TVRFek1Wb1hEVEk0TURVeU9ESXpNVEV6TVZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTZWCjVUaG4rdFcySm9Xa2hQMzRlVUZMNitaRXJOZGIvWVdrTmtDdWNGS2RaaXl2TjlMVmdvUmV2MjlFVFZlN1ZGbSsKUTJ3ZURyRXJiQyt0dVlibkFuN1ZLYmE3ay9hb1BHekZMdmVnb0t6b0M1N2NUdGVwZzRIazRlK2tIWHNaME10MApyb3NzcjhFM1ROeExETnNJTThGL1cwdjhsTGNCbWRPcjQyV2VuTjFHZXJnaDNSZ2wzR3JIazBnNTU0SjFWenJZCm9hTi8zODFUczlOTFF2QTBXb0xIcjBFRlZpTFdSZEoyZ3lXaC9ybDVyOFNDOHZaQXg1YW1BU0hVd01aTFpWRC8KTDBpOW4wRVM0MkpVdzQyQmxHOEdpd3NhTkJWV3lUTHZKclNhRXlDSHFtVVZaUTFDZkFXUjl0L3JleVVOVXM3TApWV1FqM3BFbk9RMitMSWJrc0RzQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFNZ3RsQ1dIQ2U2YzVHMXl2YlFTS0Q4K2hUalkKSm1NSG56L2EvRGt0WG9YUjFVQzIrZUgzT1BZWmVjRVZZZHVaSlZCckNNQ2VWR0ZkeWdBYlNLc1FxWDg0S2RXbAp1MU5QaERDSmEyRHliN2pVMUV6VThTQjFGZUZ5ZFE3a0hNS1E1blpBRVFQOTY4S01hSGUrSm0yQ2x1UFJWbEJVCjF4WlhTS1gzTVZ0K1Q0SU1EV2d6c3JRSjVuQkRjdEtLcUZtM3pKdVVubHo5ZEpVckdscEltMjVJWXJDckxYUFgKWkUwRUtRNWEzMHhkVWNrTHRGQkQrOEtBdFdqSS9yZUZPNzM1YnBMdVoyOTBaNm42QlF3elRrS0p4cnhVc3QvOAppNGsxcnlsaUdWMm5SSjBUYjNORkczNHgrYWdzYTRoSTFPbU90TFM0TmgvRXJxT3lIUXNDc2hEQUtKUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=',
+                                                               }),
+                         created_at: Time.at(1527807879),
+                         endpoint: 'https://A0DCCD80A04F01705DD065655C30CC3D.yl4.aq-south-1.eks.amazonaws.com',
+                         resources_vpc_config: OpenStruct.new({
+                                                                  security_group_ids: ['sg-6979fe18'],
+                                                                  subnet_ids: %w[subnet-1234e12a subnet-e7e741bc],
+                                                                  vpc_id: 'vpc-266723ec',
+                                                              }),
+                         role_arn: 'arn:aws:iam::012345678910:role/eks-service-role-AWSServiceRoleForAmazonEKS-J7ONKE3BQ4PI',
+                         status: 'CREATING',
+                     }),
+      OpenStruct.new({
+                         version: '2.3',
+                         name: 'gamma',
+                         arn: 'arn:aws:eks:ab-region-1:013836573410:cluster/gamma',
+                         certificate_authority: OpenStruct.new({
+                                                                   data: 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNE1EVXpNVEl6TVRFek1Wb1hEVEk0TURVeU9ESXpNVEV6TVZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTZWCjVUaG4rdFcySm9Xa2hQMzRlVUZMNitaRXJOZGIvWVdrTmtDdWNGS2RaaXl2TjlMVmdvUmV2MjlFVFZlN1ZGbSsKUTJ3ZURyRXJiQyt0dVlibkFuN1ZLYmE3ay9hb1BHekZMdmVnb0t6b0M1N2NUdGVwZzRIazRlK2tIWHNaME10MApyb3NzcjhFM1ROeExETnNJTThGL1cwdjhsTGNCbWRPcjQyV2VuTjFHZXJnaDNSZ2wzR3JIazBnNTU0SjFWenJZCm9hTi8zODFUczlOTFF2QTBXb0xIcjBFRlZpTFdSZEoyZ3lXaC9ybDVyOFNDOHZaQXg1YW1BU0hVd01aTFpWRC8KTDBpOW4wRVM0MkpVdzQyQmxHOEdpd3NhTkJWV3lUTHZKclNhRXlDSHFtVVZaUTFDZkFXUjl0L3JleVVOVXM3TApWV1FqM3BFbk9RMitMSWJrc0RzQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFNZ3RsQ1dIQ2U2YzVHMXl2YlFTS0Q4K2hUalkKSm1NSG56L2EvRGt0WG9YUjFVQzIrZUgzT1BZWmVjRVZZZHVaSlZCckNNQ2VWR0ZkeWdBYlNLc1FxWDg0S2RXbAp1MU5QaERDSmEyRHliN2pVMUV6VThTQjFGZUZ5ZFE3a0hNS1E1blpBRVFQOTY4S01hSGUrSm0yQ2x1UFJWbEJVCjF4WlhTS1gzTVZ0K1Q0SU1EV2d6c3JRSjVuQkRjdEtLcUZtM3pKdVVubHo5ZEpVckdscEltMjVJWXJDckxYUFgKWkUwRUtRNWEzMHhkVWNrTHRGQkQrOEtBdFdqSS9yZUZPNzM1YnBMdVoyOTBaNm42QlF3elRrS0p4cnhVc3QvOAppNGsxcnlsaUdWMm5SSjBUYjNORkczNHgrYWdzYTRoSTFPbU90TFM0TmgvRXJxT3lIUXNDc2hEQUtKUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=',
+                                                               }),
+                         created_at: Time.at(9999999999),
+                         endpoint: 'https://A0DCCD80A04F01705DD065655C30CC3D.yl4.aq-south-3.eks.amazonaws.com',
+                         resources_vpc_config: OpenStruct.new({
+                                                                  security_group_ids: %w[sg-6975fe18 sg-6479fe18],
+                                                                  subnet_ids: [],
+                                                                  vpc_id: 'vpc-366723ec',
+                                                              }),
+                         role_arn: 'arn:aws:iam::012345678910:role/eks-service-role-AWSServiceRoleForAmazonEKS-J7ONKE3BQ4PI',
+                         status: 'DELETING',
+                     }),
+      OpenStruct.new({
+                         version: '2.0',
+                         name: 'kodos-the-alien',
+                         arn: 'arn:aws:eks:ab-region-1:013836573410:cluster/kodos',
+                         certificate_authority: OpenStruct.new({
+                                                                   data: 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNE1EVXpNVEl6TVRFek1Wb1hEVEk0TURVeU9ESXpNVEV6TVZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTZWCjVUaG4rdFcySm9Xa2hQMzRlVUZMNitaRXJOZGIvWVdrTmtDdWNGS2RaaXl2TjlMVmdvUmV2MjlFVFZlN1ZGbSsKUTJ3ZURyRXJiQyt0dVlibkFuN1ZLYmE3ay9hb1BHekZMdmVnb0t6b0M1N2NUdGVwZzRIazRlK2tIWHNaME10MApyb3NzcjhFM1ROeExETnNJTThGL1cwdjhsTGNCbWRPcjQyV2VuTjFHZXJnaDNSZ2wzR3JIazBnNTU0SjFWenJZCm9hTi8zODFUczlOTFF2QTBXb0xIcjBFRlZpTFdSZEoyZ3lXaC9ybDVyOFNDOHZaQXg1YW1BU0hVd01aTFpWRC8KTDBpOW4wRVM0MkpVdzQyQmxHOEdpd3NhTkJWV3lUTHZKclNhRXlDSHFtVVZaUTFDZkFXUjl0L3JleVVOVXM3TApWV1FqM3BFbk9RMitMSWJrc0RzQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFNZ3RsQ1dIQ2U2YzVHMXl2YlFTS0Q4K2hUalkKSm1NSG56L2EvRGt0WG9YUjFVQzIrZUgzT1BZWmVjRVZZZHVaSlZCckNNQ2VWR0ZkeWdBYlNLc1FxWDg0S2RXbAp1MU5QaERDSmEyRHliN2pVMUV6VThTQjFGZUZ5ZFE3a0hNS1E1blpBRVFQOTY4S01hSGUrSm0yQ2x1UFJWbEJVCjF4WlhTS1gzTVZ0K1Q0SU1EV2d6c3JRSjVuQkRjdEtLcUZtM3pKdVVubHo5ZEpVckdscEltMjVJWXJDckxYUFgKWkUwRUtRNWEzMHhkVWNrTHRGQkQrOEtBdFdqSS9yZUZPNzM1YnBMdVoyOTBaNm42QlF3elRrS0p4cnhVc3QvOAppNGsxcnlsaUdWMm5SSjBUYjNORkczNHgrYWdzYTRoSTFPbU90TFM0TmgvRXJxT3lIUXNDc2hEQUtKUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=',
+                                                               }),
+                         created_at: Time.at(0),
+                         endpoint: 'https://A0DCCD80A04F01705DD065655C30CC3D.yl4.aq-south-3.eks.amazonaws.com',
+                         resources_vpc_config: OpenStruct.new({
+                                                                  security_group_ids: %w[sg-6975fe18 sg-6479fe18],
+                                                                  subnet_ids: [],
+                                                                  vpc_id: 'vpc-366723ec',
+                                                              }),
+                         role_arn: 'arn:aws:iam::012345678910:role/eks-service-role-AWSServiceRoleForAmazonEKS-J7ONKE3BQ4PI',
+                         status: 'FAILED',
+                     })
+      ]
+      if query[:name]
+        result = fixtures.select do |clst|
+          query[:name].include? clst.name
+        end
+        if result.empty?
+          raise Aws::EKS::Errors::ResourceNotFoundException.new(nil,nil)
+        else
+          OpenStruct.new({ cluster: result[0] })
+        end
+      end
+    end
+  end
+end