2017-03-03 03:56:17 -05:00
|
|
|
package ecs
|
|
|
|
|
|
|
|
import (
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
2017-05-25 21:49:35 -04:00
|
|
|
"time"
|
|
|
|
|
2017-03-03 03:56:17 -05:00
|
|
|
"github.com/denverdino/aliyungo/common"
|
|
|
|
"github.com/denverdino/aliyungo/ecs"
|
2017-04-17 09:04:52 -04:00
|
|
|
"github.com/hashicorp/packer/packer"
|
2017-03-03 03:56:17 -05:00
|
|
|
"github.com/mitchellh/multistep"
|
|
|
|
)
|
|
|
|
|
|
|
|
type stepConfigAlicloudSecurityGroup struct {
|
|
|
|
SecurityGroupId string
|
|
|
|
SecurityGroupName string
|
|
|
|
Description string
|
|
|
|
VpcId string
|
|
|
|
RegionId string
|
|
|
|
isCreate bool
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *stepConfigAlicloudSecurityGroup) Run(state multistep.StateBag) multistep.StepAction {
|
|
|
|
client := state.Get("client").(*ecs.Client)
|
|
|
|
ui := state.Get("ui").(packer.Ui)
|
|
|
|
networkType := state.Get("networktype").(InstanceNetWork)
|
|
|
|
|
|
|
|
var securityGroupItems []ecs.SecurityGroupItemType
|
|
|
|
var err error
|
|
|
|
if len(s.SecurityGroupId) != 0 {
|
|
|
|
if networkType == VpcNet {
|
|
|
|
vpcId := state.Get("vpcid").(string)
|
|
|
|
securityGroupItems, _, err = client.DescribeSecurityGroups(&ecs.DescribeSecurityGroupsArgs{
|
|
|
|
VpcId: vpcId,
|
|
|
|
RegionId: common.Region(s.RegionId),
|
|
|
|
})
|
|
|
|
} else {
|
|
|
|
securityGroupItems, _, err = client.DescribeSecurityGroups(&ecs.DescribeSecurityGroupsArgs{
|
|
|
|
RegionId: common.Region(s.RegionId),
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
if err != nil {
|
2017-05-25 21:49:35 -04:00
|
|
|
ui.Say(fmt.Sprintf("Failed querying security group: %s", err))
|
2017-03-03 03:56:17 -05:00
|
|
|
state.Put("error", err)
|
|
|
|
return multistep.ActionHalt
|
|
|
|
}
|
|
|
|
for _, securityGroupItem := range securityGroupItems {
|
|
|
|
if securityGroupItem.SecurityGroupId == s.SecurityGroupId {
|
|
|
|
state.Put("securitygroupid", s.SecurityGroupId)
|
|
|
|
s.isCreate = false
|
|
|
|
return multistep.ActionContinue
|
|
|
|
}
|
|
|
|
}
|
|
|
|
s.isCreate = false
|
2017-05-25 21:49:35 -04:00
|
|
|
message := fmt.Sprintf("The specified security group {%s} doesn't exist.", s.SecurityGroupId)
|
2017-03-03 03:56:17 -05:00
|
|
|
state.Put("error", errors.New(message))
|
|
|
|
ui.Say(message)
|
|
|
|
return multistep.ActionHalt
|
|
|
|
|
|
|
|
}
|
|
|
|
var securityGroupId string
|
2017-06-01 22:33:12 -04:00
|
|
|
ui.Say("Creating security groups...")
|
2017-03-03 03:56:17 -05:00
|
|
|
if networkType == VpcNet {
|
|
|
|
vpcId := state.Get("vpcid").(string)
|
|
|
|
securityGroupId, err = client.CreateSecurityGroup(&ecs.CreateSecurityGroupArgs{
|
|
|
|
RegionId: common.Region(s.RegionId),
|
|
|
|
SecurityGroupName: s.SecurityGroupName,
|
|
|
|
VpcId: vpcId,
|
|
|
|
})
|
|
|
|
} else {
|
|
|
|
securityGroupId, err = client.CreateSecurityGroup(&ecs.CreateSecurityGroupArgs{
|
|
|
|
RegionId: common.Region(s.RegionId),
|
|
|
|
SecurityGroupName: s.SecurityGroupName,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
state.Put("error", err)
|
2017-06-01 22:33:12 -04:00
|
|
|
ui.Say(fmt.Sprintf("Failed creating security group %s.", err))
|
2017-03-03 03:56:17 -05:00
|
|
|
return multistep.ActionHalt
|
|
|
|
}
|
|
|
|
state.Put("securitygroupid", securityGroupId)
|
|
|
|
s.isCreate = true
|
|
|
|
s.SecurityGroupId = securityGroupId
|
|
|
|
err = client.AuthorizeSecurityGroupEgress(&ecs.AuthorizeSecurityGroupEgressArgs{
|
|
|
|
SecurityGroupId: securityGroupId,
|
|
|
|
RegionId: common.Region(s.RegionId),
|
|
|
|
IpProtocol: ecs.IpProtocolAll,
|
|
|
|
PortRange: "-1/-1",
|
|
|
|
NicType: ecs.NicTypeInternet,
|
|
|
|
DestCidrIp: "0.0.0.0/0", //The input parameter "DestGroupId" or "DestCidrIp" cannot be both blank.
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
state.Put("error", err)
|
2017-05-25 21:49:35 -04:00
|
|
|
ui.Say(fmt.Sprintf("Failed authorizing security group: %s", err))
|
2017-03-03 03:56:17 -05:00
|
|
|
return multistep.ActionHalt
|
|
|
|
}
|
|
|
|
err = client.AuthorizeSecurityGroup(&ecs.AuthorizeSecurityGroupArgs{
|
|
|
|
SecurityGroupId: securityGroupId,
|
|
|
|
RegionId: common.Region(s.RegionId),
|
|
|
|
IpProtocol: ecs.IpProtocolAll,
|
|
|
|
PortRange: "-1/-1",
|
|
|
|
NicType: ecs.NicTypeInternet,
|
|
|
|
SourceCidrIp: "0.0.0.0/0", //The input parameter "SourceGroupId" or "SourceCidrIp" cannot be both blank.
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
state.Put("error", err)
|
2017-05-25 21:49:35 -04:00
|
|
|
ui.Say(fmt.Sprintf("Failed authorizing security group: %s", err))
|
2017-03-03 03:56:17 -05:00
|
|
|
return multistep.ActionHalt
|
|
|
|
}
|
|
|
|
|
|
|
|
return multistep.ActionContinue
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *stepConfigAlicloudSecurityGroup) Cleanup(state multistep.StateBag) {
|
|
|
|
if !s.isCreate {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
client := state.Get("client").(*ecs.Client)
|
|
|
|
ui := state.Get("ui").(packer.Ui)
|
|
|
|
|
|
|
|
message(state, "security group")
|
2017-07-20 19:44:32 -04:00
|
|
|
timeoutPoint := time.Now().Add(120 * time.Second)
|
2017-03-03 03:56:17 -05:00
|
|
|
for {
|
|
|
|
if err := client.DeleteSecurityGroup(common.Region(s.RegionId), s.SecurityGroupId); err != nil {
|
|
|
|
e, _ := err.(*common.Error)
|
2017-07-20 19:44:32 -04:00
|
|
|
if e.Code == "DependencyViolation" && time.Now().Before(timeoutPoint) {
|
2017-07-19 23:13:59 -04:00
|
|
|
time.Sleep(5 * time.Second)
|
2017-03-03 03:56:17 -05:00
|
|
|
continue
|
|
|
|
}
|
2017-05-25 21:49:35 -04:00
|
|
|
ui.Error(fmt.Sprintf("Failed to delete security group, it may still be around: %s", err))
|
2017-03-03 03:56:17 -05:00
|
|
|
return
|
|
|
|
}
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|