packer-cn/builder/amazon/common/step_create_ssm_tunnel.go

package common

import (
	"context"
	"encoding/json"
	"fmt"
	"strconv"
	"time"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/ec2"
	"github.com/aws/aws-sdk-go/service/ssm"
	"github.com/hashicorp/packer/common/net"
	"github.com/hashicorp/packer/common/retry"
	"github.com/hashicorp/packer/helper/multistep"
	"github.com/hashicorp/packer/packer"
)

type StepCreateSSMTunnel struct {
	AWSSession      *session.Session
	DstPort         int
	SSMAgentEnabled bool
	instanceId      string
	ssmSession      *ssm.StartSessionOutput
}

func (s *StepCreateSSMTunnel) Run(ctx context.Context, state multistep.StateBag) multistep.StepAction {
	if !s.SSMAgentEnabled {
		return multistep.ActionContinue
	}

	ui := state.Get("ui").(packer.Ui)
	// Find an available TCP port for our HTTP server
	l, err := net.ListenRangeConfig{
		Min:     8000,
		Max:     9000,
		Addr:    "0.0.0.0",
		Network: "tcp",
	}.Listen(ctx)
	if err != nil {
		err := fmt.Errorf("error finding an available port to initiate a session tunnel: %s", err)
		state.Put("error", err)
		ui.Error(err.Error())
		return multistep.ActionHalt
	}

	dst, src := strconv.Itoa(s.DstPort), strconv.Itoa(l.Port)
	params := map[string][]*string{
		"portNumber":      []*string{aws.String(dst)},
		"localPortNumber": []*string{aws.String(src)},
	}
	l.Close()

	instance, ok := state.Get("instance").(*ec2.Instance)
	if !ok {
		err := fmt.Errorf("error encountered in obtaining target instance id for SSM tunnel")
		ui.Error(err.Error())
		state.Put("error", err)
		return multistep.ActionHalt
	}

	s.instanceId = aws.StringValue(instance.InstanceId)
	ssmconn := ssm.New(s.AWSSession)
	input := ssm.StartSessionInput{
		DocumentName: aws.String("AWS-StartPortForwardingSession"),
		Parameters:   params,
		Target:       aws.String(s.instanceId),
	}

	ui.Message(fmt.Sprintf("Starting PortForwarding session to instance %q on local port %q to remote port %q", s.instanceId, src, dst))
	var output *ssm.StartSessionOutput
	err = retry.Config{
		ShouldRetry: func(err error) bool { return isAWSErr(err, "TargetNotConnected", "") },
		RetryDelay:  (&retry.Backoff{InitialBackoff: 200 * time.Millisecond, MaxBackoff: 60 * time.Second, Multiplier: 2}).Linear,
	}.Run(ctx, func(ctx context.Context) error {
		output, err = ssmconn.StartSessionWithContext(ctx, &input)
		return err
	})

	if err != nil {
		err = fmt.Errorf("error encountered in starting session for instance %q: %s", s.instanceId, err)
		ui.Error(err.Error())
		state.Put("error", err)
		return multistep.ActionHalt
	}
	s.ssmSession = output

	// AWS session-manager-plugin requires a valid session be passed in JSON
	sessionDetails, err := json.Marshal(s.ssmSession)
	if err != nil {
		ui.Error(err.Error())
		state.Put("error encountered in reading session details", err)
		return multistep.ActionHalt
	}

	sessionParameters, err := json.Marshal(input)
	if err != nil {
		ui.Error(err.Error())
		state.Put("error encountered in reading session parameter details", err)
		return multistep.ActionHalt
	}

	driver := SSMDriver{Ui: ui}
	// sessionDetails, region, "StartSession", profile, paramJson, endpoint
	region := aws.StringValue(s.AWSSession.Config.Region)
	// how to best get Profile name
	if err := driver.StartSession(string(sessionDetails), region, "default", string(sessionParameters), ssmconn.Endpoint); err != nil {
		err = fmt.Errorf("error encountered in establishing a tunnel with the session-manager-plugin: %s", err)
		ui.Error(err.Error())
		state.Put("error", err)
		return multistep.ActionHalt
	}

	ui.Message(fmt.Sprintf("PortForwarding session to instance %q established!", s.instanceId))
	state.Put("sessionPort", l.Port)

	return multistep.ActionContinue
}

func (s *StepCreateSSMTunnel) Cleanup(state multistep.StateBag) {
	if s.ssmSession == nil {
		return
	}

	ui := state.Get("ui").(packer.Ui)
	ssmconn := ssm.New(s.AWSSession)
	_, err := ssmconn.TerminateSession(&ssm.TerminateSessionInput{SessionId: s.ssmSession.SessionId})
	if err != nil {
		msg := fmt.Sprintf("Error terminating SSM Session %q. Please terminate the session manually: %s",
			aws.StringValue(s.ssmSession.SessionId), err)
		ui.Error(msg)
	}

}
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`package common`

			`import (`
			`"context"`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`"encoding/json"`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`"fmt"`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`"strconv"`
			`"time"`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00
			`"github.com/aws/aws-sdk-go/aws"`
			`"github.com/aws/aws-sdk-go/aws/session"`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`"github.com/aws/aws-sdk-go/service/ec2"`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`"github.com/aws/aws-sdk-go/service/ssm"`
builder/amazon: Update Session Manger connectivity * Update security group creation step skip ingress rules if using session manager * Update create ssm tunnel step to dynamically set a session port * Add SSHPort function to common to return session-manager tunnel port * Update SSHHost to return proper host for session-manager 2020-03-30 07:47:31 -04:00			`"github.com/hashicorp/packer/common/net"`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`"github.com/hashicorp/packer/common/retry"`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`"github.com/hashicorp/packer/helper/multistep"`
			`"github.com/hashicorp/packer/packer"`
			`)`

			`type StepCreateSSMTunnel struct {`
builder/amzon: Update port configuration for WinRM Connectivity for WinRM works for the initial connection, but fails to upload any provisioning scripts - need to dive in deeper. For now connectivity over SSH works as expected. 2020-04-01 17:33:44 -04:00			`AWSSession *session.Session`
			`DstPort int`
			`SSMAgentEnabled bool`
			`instanceId string`
			`ssmSession *ssm.StartSessionOutput`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`}`

			`func (s *StepCreateSSMTunnel) Run(ctx context.Context, state multistep.StateBag) multistep.StepAction {`
builder/amzon: Update port configuration for WinRM Connectivity for WinRM works for the initial connection, but fails to upload any provisioning scripts - need to dive in deeper. For now connectivity over SSH works as expected. 2020-04-01 17:33:44 -04:00			`if !s.SSMAgentEnabled {`
			`return multistep.ActionContinue`
			`}`

initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`ui := state.Get("ui").(packer.Ui)`
builder/amazon: Update Session Manger connectivity * Update security group creation step skip ingress rules if using session manager * Update create ssm tunnel step to dynamically set a session port * Add SSHPort function to common to return session-manager tunnel port * Update SSHHost to return proper host for session-manager 2020-03-30 07:47:31 -04:00			`// Find an available TCP port for our HTTP server`
			`l, err := net.ListenRangeConfig{`
			`Min: 8000,`
			`Max: 9000,`
			`Addr: "0.0.0.0",`
			`Network: "tcp",`
			`}.Listen(ctx)`
			`if err != nil {`
			`err := fmt.Errorf("error finding an available port to initiate a session tunnel: %s", err)`
			`state.Put("error", err)`
			`ui.Error(err.Error())`
			`return multistep.ActionHalt`
			`}`

			`dst, src := strconv.Itoa(s.DstPort), strconv.Itoa(l.Port)`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`params := map[string][]*string{`
builder/amazon: Update Session Manger connectivity * Update security group creation step skip ingress rules if using session manager * Update create ssm tunnel step to dynamically set a session port * Add SSHPort function to common to return session-manager tunnel port * Update SSHHost to return proper host for session-manager 2020-03-30 07:47:31 -04:00			`"portNumber": []*string{aws.String(dst)},`
			`"localPortNumber": []*string{aws.String(src)},`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`}`
builder/amazon: Update Session Manger connectivity * Update security group creation step skip ingress rules if using session manager * Update create ssm tunnel step to dynamically set a session port * Add SSHPort function to common to return session-manager tunnel port * Update SSHHost to return proper host for session-manager 2020-03-30 07:47:31 -04:00			`l.Close()`

Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`instance, ok := state.Get("instance").(*ec2.Instance)`
			`if !ok {`
			`err := fmt.Errorf("error encountered in obtaining target instance id for SSM tunnel")`
			`ui.Error(err.Error())`
			`state.Put("error", err)`
			`return multistep.ActionHalt`
			`}`

builder/amzon: Update port configuration for WinRM Connectivity for WinRM works for the initial connection, but fails to upload any provisioning scripts - need to dive in deeper. For now connectivity over SSH works as expected. 2020-04-01 17:33:44 -04:00			`s.instanceId = aws.StringValue(instance.InstanceId)`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`ssmconn := ssm.New(s.AWSSession)`
			`input := ssm.StartSessionInput{`
			`DocumentName: aws.String("AWS-StartPortForwardingSession"),`
			`Parameters: params,`
builder/amzon: Update port configuration for WinRM Connectivity for WinRM works for the initial connection, but fails to upload any provisioning scripts - need to dive in deeper. For now connectivity over SSH works as expected. 2020-04-01 17:33:44 -04:00			`Target: aws.String(s.instanceId),`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`}`
builder/amazon: Update Session Manger connectivity * Update security group creation step skip ingress rules if using session manager * Update create ssm tunnel step to dynamically set a session port * Add SSHPort function to common to return session-manager tunnel port * Update SSHHost to return proper host for session-manager 2020-03-30 07:47:31 -04:00
builder/amzon: Update port configuration for WinRM Connectivity for WinRM works for the initial connection, but fails to upload any provisioning scripts - need to dive in deeper. For now connectivity over SSH works as expected. 2020-04-01 17:33:44 -04:00			`ui.Message(fmt.Sprintf("Starting PortForwarding session to instance %q on local port %q to remote port %q", s.instanceId, src, dst))`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`var output *ssm.StartSessionOutput`
			`err = retry.Config{`
			`ShouldRetry: func(err error) bool { return isAWSErr(err, "TargetNotConnected", "") },`
builder/amzon: Update port configuration for WinRM Connectivity for WinRM works for the initial connection, but fails to upload any provisioning scripts - need to dive in deeper. For now connectivity over SSH works as expected. 2020-04-01 17:33:44 -04:00			`RetryDelay: (&retry.Backoff{InitialBackoff: 200 * time.Millisecond, MaxBackoff: 60 * time.Second, Multiplier: 2}).Linear,`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`}.Run(ctx, func(ctx context.Context) error {`
			`output, err = ssmconn.StartSessionWithContext(ctx, &input)`
			`return err`
			`})`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00
			`if err != nil {`
builder/amzon: Update port configuration for WinRM Connectivity for WinRM works for the initial connection, but fails to upload any provisioning scripts - need to dive in deeper. For now connectivity over SSH works as expected. 2020-04-01 17:33:44 -04:00			`err = fmt.Errorf("error encountered in starting session for instance %q: %s", s.instanceId, err)`
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`ui.Error(err.Error())`
			`state.Put("error", err)`
			`return multistep.ActionHalt`
			`}`
			`s.ssmSession = output`

builder/amazon: Update Session Manger connectivity * Update security group creation step skip ingress rules if using session manager * Update create ssm tunnel step to dynamically set a session port * Add SSHPort function to common to return session-manager tunnel port * Update SSHHost to return proper host for session-manager 2020-03-30 07:47:31 -04:00			`// AWS session-manager-plugin requires a valid session be passed in JSON`
			`sessionDetails, err := json.Marshal(s.ssmSession)`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`if err != nil {`
			`ui.Error(err.Error())`
builder/amazon: Update Session Manger connectivity * Update security group creation step skip ingress rules if using session manager * Update create ssm tunnel step to dynamically set a session port * Add SSHPort function to common to return session-manager tunnel port * Update SSHHost to return proper host for session-manager 2020-03-30 07:47:31 -04:00			`state.Put("error encountered in reading session details", err)`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`return multistep.ActionHalt`
			`}`

builder/amazon: Update Session Manger connectivity * Update security group creation step skip ingress rules if using session manager * Update create ssm tunnel step to dynamically set a session port * Add SSHPort function to common to return session-manager tunnel port * Update SSHHost to return proper host for session-manager 2020-03-30 07:47:31 -04:00			`sessionParameters, err := json.Marshal(input)`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`if err != nil {`
			`ui.Error(err.Error())`
builder/amazon: Update Session Manger connectivity * Update security group creation step skip ingress rules if using session manager * Update create ssm tunnel step to dynamically set a session port * Add SSHPort function to common to return session-manager tunnel port * Update SSHHost to return proper host for session-manager 2020-03-30 07:47:31 -04:00			`state.Put("error encountered in reading session parameter details", err)`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`return multistep.ActionHalt`
			`}`

			`driver := SSMDriver{Ui: ui}`
builder/amazon: Update Session Manger connectivity * Update security group creation step skip ingress rules if using session manager * Update create ssm tunnel step to dynamically set a session port * Add SSHPort function to common to return session-manager tunnel port * Update SSHHost to return proper host for session-manager 2020-03-30 07:47:31 -04:00			`// sessionDetails, region, "StartSession", profile, paramJson, endpoint`
			`region := aws.StringValue(s.AWSSession.Config.Region)`
			`// how to best get Profile name`
			`if err := driver.StartSession(string(sessionDetails), region, "default", string(sessionParameters), ssmconn.Endpoint); err != nil {`
			`err = fmt.Errorf("error encountered in establishing a tunnel with the session-manager-plugin: %s", err)`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00			`ui.Error(err.Error())`
			`state.Put("error", err)`
			`return multistep.ActionHalt`
			`}`

builder/amzon: Update port configuration for WinRM Connectivity for WinRM works for the initial connection, but fails to upload any provisioning scripts - need to dive in deeper. For now connectivity over SSH works as expected. 2020-04-01 17:33:44 -04:00			`ui.Message(fmt.Sprintf("PortForwarding session to instance %q established!", s.instanceId))`
builder/amazon: Update Session Manger connectivity * Update security group creation step skip ingress rules if using session manager * Update create ssm tunnel step to dynamically set a session port * Add SSHPort function to common to return session-manager tunnel port * Update SSHHost to return proper host for session-manager 2020-03-30 07:47:31 -04:00			`state.Put("sessionPort", l.Port)`

initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`return multistep.ActionContinue`
			`}`

			`func (s *StepCreateSSMTunnel) Cleanup(state multistep.StateBag) {`
			`if s.ssmSession == nil {`
			`return`
			`}`

			`ui := state.Get("ui").(packer.Ui)`
			`ssmconn := ssm.New(s.AWSSession)`
			`_, err := ssmconn.TerminateSession(&ssm.TerminateSessionInput{SessionId: s.ssmSession.SessionId})`
			`if err != nil {`
			`msg := fmt.Sprintf("Error terminating SSM Session %q. Please terminate the session manually: %s",`
			`aws.StringValue(s.ssmSession.SessionId), err)`
			`ui.Error(msg)`
			`}`
Add PoC of connectivity using session-manager-plugin * Add a bunch of hard coded values for testing on port 8081; ssh configs are set to localhost and 8081 * Add a base drive for communicating with the session manager plugin * Update step for creating tunnel to actually create SSM session tunnel via driver 2020-03-12 22:26:38 -04:00
initial ssm tunnel changes - not working 2020-03-10 16:39:19 -04:00			`}`