128 lines
3.6 KiB
Go
128 lines
3.6 KiB
Go
|
package cvm
|
||
|
|
||
|
import (
|
||
|
"context"
|
||
|
|
||
|
"fmt"
|
||
|
"strings"
|
||
|
|
||
|
"github.com/hashicorp/packer/common"
|
||
|
"github.com/hashicorp/packer/helper/multistep"
|
||
|
"github.com/hashicorp/packer/packer"
|
||
|
"github.com/pkg/errors"
|
||
|
vpc "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc/v20170312"
|
||
|
)
|
||
|
|
||
|
type stepConfigSecurityGroup struct {
|
||
|
SecurityGroupId string
|
||
|
SecurityGroupName string
|
||
|
Description string
|
||
|
isCreate bool
|
||
|
}
|
||
|
|
||
|
func (s *stepConfigSecurityGroup) Run(_ context.Context, state multistep.StateBag) multistep.StepAction {
|
||
|
vpcClient := state.Get("vpc_client").(*vpc.Client)
|
||
|
ui := state.Get("ui").(packer.Ui)
|
||
|
|
||
|
if len(s.SecurityGroupId) != 0 { // use existing security group
|
||
|
req := vpc.NewDescribeSecurityGroupsRequest()
|
||
|
req.SecurityGroupIds = []*string{&s.SecurityGroupId}
|
||
|
resp, err := vpcClient.DescribeSecurityGroups(req)
|
||
|
if err != nil {
|
||
|
ui.Error(fmt.Sprintf("query security group failed: %s", err.Error()))
|
||
|
state.Put("error", err)
|
||
|
return multistep.ActionHalt
|
||
|
}
|
||
|
if *resp.Response.TotalCount > 0 {
|
||
|
state.Put("security_group_id", s.SecurityGroupId)
|
||
|
s.isCreate = false
|
||
|
return multistep.ActionContinue
|
||
|
}
|
||
|
message := fmt.Sprintf("the specified security group(%s) does not exist", s.SecurityGroupId)
|
||
|
ui.Error(message)
|
||
|
state.Put("error", errors.New(message))
|
||
|
return multistep.ActionHalt
|
||
|
}
|
||
|
// create a new security group
|
||
|
req := vpc.NewCreateSecurityGroupRequest()
|
||
|
req.GroupName = &s.SecurityGroupName
|
||
|
req.GroupDescription = &s.Description
|
||
|
resp, err := vpcClient.CreateSecurityGroup(req)
|
||
|
if err != nil {
|
||
|
ui.Error(fmt.Sprintf("create security group failed: %s", err.Error()))
|
||
|
state.Put("error", err)
|
||
|
return multistep.ActionHalt
|
||
|
}
|
||
|
s.SecurityGroupId = *resp.Response.SecurityGroup.SecurityGroupId
|
||
|
state.Put("security_group_id", s.SecurityGroupId)
|
||
|
s.isCreate = true
|
||
|
|
||
|
// bind security group ingress police
|
||
|
pReq := vpc.NewCreateSecurityGroupPoliciesRequest()
|
||
|
ACCEPT := "ACCEPT"
|
||
|
DEFAULT_CIDR := "0.0.0.0/0"
|
||
|
pReq.SecurityGroupId = &s.SecurityGroupId
|
||
|
pReq.SecurityGroupPolicySet = &vpc.SecurityGroupPolicySet{
|
||
|
Ingress: []*vpc.SecurityGroupPolicy{
|
||
|
{
|
||
|
CidrBlock: &DEFAULT_CIDR,
|
||
|
Action: &ACCEPT,
|
||
|
},
|
||
|
},
|
||
|
}
|
||
|
_, err = vpcClient.CreateSecurityGroupPolicies(pReq)
|
||
|
if err != nil {
|
||
|
ui.Error(fmt.Sprintf("bind security group police failed: %s", err.Error()))
|
||
|
state.Put("error", err)
|
||
|
return multistep.ActionHalt
|
||
|
}
|
||
|
|
||
|
// bind security group engress police
|
||
|
pReq = vpc.NewCreateSecurityGroupPoliciesRequest()
|
||
|
pReq.SecurityGroupId = &s.SecurityGroupId
|
||
|
pReq.SecurityGroupPolicySet = &vpc.SecurityGroupPolicySet{
|
||
|
Egress: []*vpc.SecurityGroupPolicy{
|
||
|
{
|
||
|
CidrBlock: &DEFAULT_CIDR,
|
||
|
Action: &ACCEPT,
|
||
|
},
|
||
|
},
|
||
|
}
|
||
|
_, err = vpcClient.CreateSecurityGroupPolicies(pReq)
|
||
|
if err != nil {
|
||
|
ui.Error(fmt.Sprintf("bind security group police failed: %s", err.Error()))
|
||
|
state.Put("error", err)
|
||
|
return multistep.ActionHalt
|
||
|
}
|
||
|
|
||
|
return multistep.ActionContinue
|
||
|
}
|
||
|
|
||
|
func (s *stepConfigSecurityGroup) Cleanup(state multistep.StateBag) {
|
||
|
if !s.isCreate {
|
||
|
return
|
||
|
}
|
||
|
vpcClient := state.Get("vpc_client").(*vpc.Client)
|
||
|
ui := state.Get("ui").(packer.Ui)
|
||
|
|
||
|
MessageClean(state, "VPC")
|
||
|
req := vpc.NewDeleteSecurityGroupRequest()
|
||
|
req.SecurityGroupId = &s.SecurityGroupId
|
||
|
err := common.Retry(5, 5, 60, func(u uint) (bool, error) {
|
||
|
_, err := vpcClient.DeleteSecurityGroup(req)
|
||
|
if err == nil {
|
||
|
return true, nil
|
||
|
}
|
||
|
if strings.Index(err.Error(), "ResourceInUse") != -1 {
|
||
|
return false, nil
|
||
|
} else {
|
||
|
return false, err
|
||
|
}
|
||
|
})
|
||
|
if err != nil {
|
||
|
ui.Error(fmt.Sprintf("delete security group(%s) failed: %s, you need to delete it by hand",
|
||
|
s.SecurityGroupId, err.Error()))
|
||
|
return
|
||
|
}
|
||
|
}
|