Persist encrypted credentials under the credentials/ directory

[mumoshu]

so that we can prevent unnecessary node replacement when kube-aws update run.

Encrypted credentials are named with the suffix .enc hence *-key.pem.enc for keys, *.pem.env for certs, and ca.pem.enc for ca cert.

If you've removed one of more *.enc files, kube-aws (validate|up) automatically re-generate not only removed ones but "all" the *.enc files by encrypting pem files.

The whole file tree representing kube-aws' state after kube-aws init now look like:

$ tree e2e/assets/
e2e/assets/
└── kubeawstest2
    ├── cluster.yaml
    ├── credentials
    │   ├── admin-key.pem
    │   ├── admin-key.pem.enc
    │   ├── admin.pem
    │   ├── admin.pem.enc
    │   ├── apiserver-key.pem
    │   ├── apiserver-key.pem.enc
    │   ├── apiserver.pem
    │   ├── apiserver.pem.enc
    │   ├── ca-key.pem
    │   ├── ca-key.pem.enc
    │   ├── ca.pem
    │   ├── ca.pem.enc
    │   ├── etcd-client-key.pem
    │   ├── etcd-client-key.pem.enc
    │   ├── etcd-client.pem
    │   ├── etcd-client.pem.enc
    │   ├── etcd-key.pem
    │   ├── etcd-key.pem.enc
    │   ├── etcd.pem
    │   ├── etcd.pem.enc
    │   ├── worker-key.pem
    │   ├── worker-key.pem.enc
    │   ├── worker.pem
    │   └── worker.pem.enc
    ├── kubeconfig
    ├── stack-template.json
    └── userdata
        ├── cloud-config-controller
        ├── cloud-config-etcd
        └── cloud-config-worker

3 directories, 30 files

fixes #107

cc @pieterlange

[codecov-io]

Current coverage is 68.44% (diff: 81.30%)

Merging #125 into master will increase coverage by 1.94%

@@             master       #125   diff @@
==========================================
  Files             5          5          
  Lines           997       1071    +74   
  Methods           0          0          
  Messages          0          0          
  Branches          0          0          
==========================================
+ Hits            663        733    +70   
  Misses          253        253          
- Partials         81         85     +4   

Powered by Codecov. Last update f455ddb...194ff10

[mumoshu]

You can verify that the original issue is resolved by running kube-aws update without modifying anything and observing it ends up with an expected error like:

$ kube-aws update --s3-uri s3://mybucket/mydir
Error: Error updating cluster: error updating cloudformation stack: stack update failed: ValidationError: No updates are to be performed.
       	status code: 400, request id: dd08a5d5-bb83-11e6-9448-0b283040e4c1

[mumoshu]

Now, changes to only workerCount and controllerCount don't cause full autoscaling group replacement 😉

[mumoshu]

E2E and unit tests are improved to cover this.

[mumoshu]

Rebased to the latest master and E2E tests passed.
Once the travis build passes, this is ready to merge!

[mumoshu]

It turns out we just need one or more .enc files removed to regenerate not only remove ones but all the enc files.
It implies that kube-aws update results in all the worker and controller nodes replaced when e.g. only worker.pem.enc is removed.
Fixing this gotcha would be addressed in an another issue (if necessary).