packer-cn/builder/amazon/common/step_create_ssm_tunnel.go

package common

import (
	"context"
	"fmt"
	"log"
	"strconv"
	"time"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/ec2"
	"github.com/aws/aws-sdk-go/service/ssm"
	"github.com/hashicorp/packer/common/net"
	"github.com/hashicorp/packer/common/retry"
	"github.com/hashicorp/packer/helper/multistep"
	"github.com/hashicorp/packer/packer"
)

type StepCreateSSMTunnel struct {
	AWSSession       *session.Session
	Region           string
	LocalPortNumber  int
	RemotePortNumber int
	SSMAgentEnabled  bool
	instanceId       string
	session          *ssm.StartSessionOutput
}

// Run executes the Packer build step that creates a session tunnel.
func (s *StepCreateSSMTunnel) Run(ctx context.Context, state multistep.StateBag) multistep.StepAction {
	if !s.SSMAgentEnabled {
		return multistep.ActionContinue
	}

	ui := state.Get("ui").(packer.Ui)
	if err := s.ConfigureLocalHostPort(ctx); err != nil {
		err := fmt.Errorf("error finding an available port to initiate a session tunnel: %s", err)
		state.Put("error", err)
		ui.Error(err.Error())
		return multistep.ActionHalt
	}

	instance, ok := state.Get("instance").(*ec2.Instance)
	if !ok {
		err := fmt.Errorf("error encountered in obtaining target instance id for session tunnel")
		ui.Error(err.Error())
		state.Put("error", err)
		return multistep.ActionHalt
	}
	s.instanceId = aws.StringValue(instance.InstanceId)

	log.Printf("Starting PortForwarding session to instance %q on local port %q to remote port %q", s.instanceId, s.LocalPortNumber, s.RemotePortNumber)
	input := s.BuildTunnelInputForInstance(s.instanceId)
	ssmconn := ssm.New(s.AWSSession)
	var output *ssm.StartSessionOutput
	err := retry.Config{
		ShouldRetry: func(err error) bool { return isAWSErr(err, "TargetNotConnected", "") },
		RetryDelay:  (&retry.Backoff{InitialBackoff: 200 * time.Millisecond, MaxBackoff: 60 * time.Second, Multiplier: 2}).Linear,
	}.Run(ctx, func(ctx context.Context) (err error) {
		output, err = ssmconn.StartSessionWithContext(ctx, &input)
		return err
	})

	if err != nil {
		err = fmt.Errorf("error encountered in starting session for instance %q: %s", s.instanceId, err)
		ui.Error(err.Error())
		state.Put("error", err)
		return multistep.ActionHalt
	}

	driver := SSMDriver{
		Region:          s.Region,
		Session:         output,
		SessionParams:   input,
		SessionEndpoint: ssmconn.Endpoint,
	}

	if err := driver.StartSession(ctx); err != nil {
		err = fmt.Errorf("error encountered in establishing a tunnel %s", err)
		ui.Error(err.Error())
		state.Put("error", err)
		return multistep.ActionHalt
	}

	ui.Message(fmt.Sprintf("PortForwarding session tunnel to instance %q established!", s.instanceId))
	state.Put("sessionPort", s.LocalPortNumber)

	return multistep.ActionContinue
}

// Cleanup terminates an active session on AWS, which in turn terminates the associated tunnel process running on the local machine.
func (s *StepCreateSSMTunnel) Cleanup(state multistep.StateBag) {
	if s.session == nil {
		return
	}

	ui := state.Get("ui").(packer.Ui)
	ssmconn := ssm.New(s.AWSSession)
	_, err := ssmconn.TerminateSession(&ssm.TerminateSessionInput{SessionId: s.session.SessionId})
	if err != nil {
		msg := fmt.Sprintf("Error terminating SSM Session %q. Please terminate the session manually: %s",
			aws.StringValue(s.session.SessionId), err)
		ui.Error(msg)
	}

}

// ConfigureLocalHostPort finds an available port on the localhost that can be used for the remote tunnel.
// Defaults to using s.LocalPortNumber if it is set.
func (s *StepCreateSSMTunnel) ConfigureLocalHostPort(ctx context.Context) error {
	if s.LocalPortNumber != 0 {
		return nil
	}
	// Find an available TCP port for our HTTP server
	l, err := net.ListenRangeConfig{
		Min:     8000,
		Max:     9000,
		Addr:    "0.0.0.0",
		Network: "tcp",
	}.Listen(ctx)
	if err != nil {
		return err
	}

	s.LocalPortNumber = l.Port
	// Stop listening on selected port so that the AWS session-manager-plugin can use it.
	// The port is closed right before we start the session to avoid two Packer builds from getting the same port - fingers-crossed
	l.Close()

	return nil

}

func (s *StepCreateSSMTunnel) BuildTunnelInputForInstance(instance string) ssm.StartSessionInput {
	dst, src := strconv.Itoa(s.RemotePortNumber), strconv.Itoa(s.LocalPortNumber)
	params := map[string][]*string{
		"portNumber":      []*string{aws.String(dst)},
		"localPortNumber": []*string{aws.String(src)},
	}

	input := ssm.StartSessionInput{
		DocumentName: aws.String("AWS-StartPortForwardingSession"),
		Parameters:   params,
		Target:       aws.String(instance),
	}

	return input
}
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`package common`

			`import (`
			`"context"`
			`"fmt"`
Add tests for driver and ssm tunnel step 2020-04-29 14:58:36 -04:00			`"log"`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`"strconv"`
			`"time"`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00
			`"github.com/aws/aws-sdk-go/aws"`
			`"github.com/aws/aws-sdk-go/aws/session"`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`"github.com/aws/aws-sdk-go/service/ec2"`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`"github.com/aws/aws-sdk-go/service/ssm"`
builder/amazon: Update Session Manger connectivity * Update security group creation step skip ingress rules if using session manager * Update create ssm tunnel step to dynamically set a session port * Add SSHPort function to common to return session-manager tunnel port * Update SSHHost to return proper host for session-manager 2020-03-30 07:47:31 -04:00			`"github.com/hashicorp/packer/common/net"`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`"github.com/hashicorp/packer/common/retry"`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`"github.com/hashicorp/packer/helper/multistep"`
			`"github.com/hashicorp/packer/packer"`
			`)`

			`type StepCreateSSMTunnel struct {`
Add tests for driver and ssm tunnel step 2020-04-29 14:58:36 -04:00			`AWSSession *session.Session`
			`Region string`
			`LocalPortNumber int`
			`RemotePortNumber int`
			`SSMAgentEnabled bool`
			`instanceId string`
			`session *ssm.StartSessionOutput`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`}`

Add tests for driver and ssm tunnel step 2020-04-29 14:58:36 -04:00			`// Run executes the Packer build step that creates a session tunnel.`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`func (s *StepCreateSSMTunnel) Run(ctx context.Context, state multistep.StateBag) multistep.StepAction {`
builder/amzon: Update port configuration for WinRM Connectivity for WinRM works for the initial connection, but fails to upload any provisioning scripts - need to dive in deeper. For now connectivity over SSH works as expected. 2020-04-01 17:33:44 -04:00			`if !s.SSMAgentEnabled {`
			`return multistep.ActionContinue`
			`}`

initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`ui := state.Get("ui").(packer.Ui)`
Add tests for driver and ssm tunnel step 2020-04-29 14:58:36 -04:00			`if err := s.ConfigureLocalHostPort(ctx); err != nil {`
builder/amazon: Update Session Manger connectivity * Update security group creation step skip ingress rules if using session manager * Update create ssm tunnel step to dynamically set a session port * Add SSHPort function to common to return session-manager tunnel port * Update SSHHost to return proper host for session-manager 2020-03-30 07:47:31 -04:00			`err := fmt.Errorf("error finding an available port to initiate a session tunnel: %s", err)`
			`state.Put("error", err)`
			`ui.Error(err.Error())`
			`return multistep.ActionHalt`
			`}`

Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`instance, ok := state.Get("instance").(*ec2.Instance)`
			`if !ok {`
Add tests for driver and ssm tunnel step 2020-04-29 14:58:36 -04:00			`err := fmt.Errorf("error encountered in obtaining target instance id for session tunnel")`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`ui.Error(err.Error())`
			`state.Put("error", err)`
			`return multistep.ActionHalt`
			`}`
builder/amzon: Update port configuration for WinRM Connectivity for WinRM works for the initial connection, but fails to upload any provisioning scripts - need to dive in deeper. For now connectivity over SSH works as expected. 2020-04-01 17:33:44 -04:00			`s.instanceId = aws.StringValue(instance.InstanceId)`
builder/amazon: Update Session Manger connectivity * Update security group creation step skip ingress rules if using session manager * Update create ssm tunnel step to dynamically set a session port * Add SSHPort function to common to return session-manager tunnel port * Update SSHHost to return proper host for session-manager 2020-03-30 07:47:31 -04:00
Add tests for driver and ssm tunnel step 2020-04-29 14:58:36 -04:00			`log.Printf("Starting PortForwarding session to instance %q on local port %q to remote port %q", s.instanceId, s.LocalPortNumber, s.RemotePortNumber)`
			`input := s.BuildTunnelInputForInstance(s.instanceId)`
			`ssmconn := ssm.New(s.AWSSession)`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`var output *ssm.StartSessionOutput`
Add tests for driver and ssm tunnel step 2020-04-29 14:58:36 -04:00			`err := retry.Config{`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`ShouldRetry: func(err error) bool { return isAWSErr(err, "TargetNotConnected", "") },`
builder/amzon: Update port configuration for WinRM Connectivity for WinRM works for the initial connection, but fails to upload any provisioning scripts - need to dive in deeper. For now connectivity over SSH works as expected. 2020-04-01 17:33:44 -04:00			`RetryDelay: (&retry.Backoff{InitialBackoff: 200 * time.Millisecond, MaxBackoff: 60 * time.Second, Multiplier: 2}).Linear,`
Add tests for driver and ssm tunnel step 2020-04-29 14:58:36 -04:00			`}.Run(ctx, func(ctx context.Context) (err error) {`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`output, err = ssmconn.StartSessionWithContext(ctx, &input)`
			`return err`
			`})`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00
			`if err != nil {`
builder/amzon: Update port configuration for WinRM Connectivity for WinRM works for the initial connection, but fails to upload any provisioning scripts - need to dive in deeper. For now connectivity over SSH works as expected. 2020-04-01 17:33:44 -04:00			`err = fmt.Errorf("error encountered in starting session for instance %q: %s", s.instanceId, err)`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`ui.Error(err.Error())`
			`state.Put("error", err)`
			`return multistep.ActionHalt`
			`}`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00
Add tests for driver and ssm tunnel step 2020-04-29 14:58:36 -04:00			`driver := SSMDriver{`
			`Region: s.Region,`
			`Session: output,`
			`SessionParams: input,`
			`SessionEndpoint: ssmconn.Endpoint,`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`}`

Add tests for driver and ssm tunnel step 2020-04-29 14:58:36 -04:00			`if err := driver.StartSession(ctx); err != nil {`
			`err = fmt.Errorf("error encountered in establishing a tunnel %s", err)`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`ui.Error(err.Error())`
			`state.Put("error", err)`
			`return multistep.ActionHalt`
			`}`

Add tests for driver and ssm tunnel step 2020-04-29 14:58:36 -04:00			`ui.Message(fmt.Sprintf("PortForwarding session tunnel to instance %q established!", s.instanceId))`
			`state.Put("sessionPort", s.LocalPortNumber)`
builder/amazon: Update Session Manger connectivity * Update security group creation step skip ingress rules if using session manager * Update create ssm tunnel step to dynamically set a session port * Add SSHPort function to common to return session-manager tunnel port * Update SSHHost to return proper host for session-manager 2020-03-30 07:47:31 -04:00
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`return multistep.ActionContinue`
			`}`

Add tests for driver and ssm tunnel step 2020-04-29 14:58:36 -04:00			`// Cleanup terminates an active session on AWS, which in turn terminates the associated tunnel process running on the local machine.`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`func (s *StepCreateSSMTunnel) Cleanup(state multistep.StateBag) {`
Add tests for driver and ssm tunnel step 2020-04-29 14:58:36 -04:00			`if s.session == nil {`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`return`
			`}`

			`ui := state.Get("ui").(packer.Ui)`
			`ssmconn := ssm.New(s.AWSSession)`
Add tests for driver and ssm tunnel step 2020-04-29 14:58:36 -04:00			`_, err := ssmconn.TerminateSession(&ssm.TerminateSessionInput{SessionId: s.session.SessionId})`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`if err != nil {`
			`msg := fmt.Sprintf("Error terminating SSM Session %q. Please terminate the session manually: %s",`
Add tests for driver and ssm tunnel step 2020-04-29 14:58:36 -04:00			`aws.StringValue(s.session.SessionId), err)`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`ui.Error(msg)`
			`}`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`}`
Add tests for driver and ssm tunnel step 2020-04-29 14:58:36 -04:00
			`// ConfigureLocalHostPort finds an available port on the localhost that can be used for the remote tunnel.`
			`// Defaults to using s.LocalPortNumber if it is set.`
			`func (s *StepCreateSSMTunnel) ConfigureLocalHostPort(ctx context.Context) error {`
			`if s.LocalPortNumber != 0 {`
			`return nil`
			`}`
			`// Find an available TCP port for our HTTP server`
			`l, err := net.ListenRangeConfig{`
			`Min: 8000,`
			`Max: 9000,`
			`Addr: "0.0.0.0",`
			`Network: "tcp",`
			`}.Listen(ctx)`
			`if err != nil {`
			`return err`
			`}`

			`s.LocalPortNumber = l.Port`
			`// Stop listening on selected port so that the AWS session-manager-plugin can use it.`
			`// The port is closed right before we start the session to avoid two Packer builds from getting the same port - fingers-crossed`
			`l.Close()`

			`return nil`

			`}`

			`func (s *StepCreateSSMTunnel) BuildTunnelInputForInstance(instance string) ssm.StartSessionInput {`
			`dst, src := strconv.Itoa(s.RemotePortNumber), strconv.Itoa(s.LocalPortNumber)`
			`params := map[string][]*string{`
			`"portNumber": []*string{aws.String(dst)},`
			`"localPortNumber": []*string{aws.String(src)},`
			`}`

			`input := ssm.StartSessionInput{`
			`DocumentName: aws.String("AWS-StartPortForwardingSession"),`
			`Parameters: params,`
			`Target: aws.String(instance),`
			`}`

			`return input`
			`}`