packer-cn/builder/oracle/classic/step_security.go

package classic

import (
	"fmt"
	"log"
	"strings"

	"github.com/hashicorp/go-oracle-terraform/compute"
	"github.com/hashicorp/packer/packer"
	"github.com/mitchellh/multistep"
)

type stepSecurity struct{}

func (s *stepSecurity) Run(_ context.Context, state multistep.StateBag) multistep.StepAction {
	ui := state.Get("ui").(packer.Ui)

	ui.Say("Configuring security lists and rules to enable SSH access...")

	config := state.Get("config").(*Config)
	client := state.Get("client").(*compute.ComputeClient)

	secListName := fmt.Sprintf("/Compute-%s/%s/Packer_SSH_Allow_%s",
		config.IdentityDomain, config.Username, config.ImageName)
	secListClient := client.SecurityLists()
	secListInput := compute.CreateSecurityListInput{
		Description: "Packer-generated security list to give packer ssh access",
		Name:        secListName,
	}
	_, err := secListClient.CreateSecurityList(&secListInput)
	if err != nil {
		if !strings.Contains(err.Error(), "already exists") {
			err = fmt.Errorf("Error creating security List to"+
				" allow Packer to connect to Oracle instance via SSH: %s", err)
			ui.Error(err.Error())
			state.Put("error", err)
			return multistep.ActionHalt
		}
	}
	// DOCS NOTE: user must have Compute_Operations role
	// Create security rule that allows Packer to connect via SSH
	secRulesClient := client.SecRules()
	secRulesInput := compute.CreateSecRuleInput{
		Action:          "PERMIT",
		Application:     "/oracle/public/ssh",
		Description:     "Packer-generated security rule to allow ssh",
		DestinationList: fmt.Sprintf("seclist:%s", secListName),
		Name:            fmt.Sprintf("Packer-allow-SSH-Rule_%s", config.ImageName),
		SourceList:      config.SSHSourceList,
	}

	secRuleName := fmt.Sprintf("/Compute-%s/%s/Packer-allow-SSH-Rule_%s",
		config.IdentityDomain, config.Username, config.ImageName)
	_, err = secRulesClient.CreateSecRule(&secRulesInput)
	if err != nil {
		log.Printf(err.Error())
		if !strings.Contains(err.Error(), "already exists") {
			err = fmt.Errorf("Error creating security rule to"+
				" allow Packer to connect to Oracle instance via SSH: %s", err)
			ui.Error(err.Error())
			state.Put("error", err)
			return multistep.ActionHalt
		}
	}
	state.Put("security_rule_name", secRuleName)
	state.Put("security_list", secListName)
	return multistep.ActionContinue
}

func (s *stepSecurity) Cleanup(state multistep.StateBag) {
	client := state.Get("client").(*compute.ComputeClient)
	ui := state.Get("ui").(packer.Ui)
	ui.Say("Deleting the packer-generated security rules and lists...")

	// delete security rules that Packer generated
	secRuleName := state.Get("security_rule_name").(string)
	secRulesClient := client.SecRules()
	ruleInput := compute.DeleteSecRuleInput{Name: secRuleName}
	err := secRulesClient.DeleteSecRule(&ruleInput)
	if err != nil {
		ui.Say(fmt.Sprintf("Error deleting the packer-generated security rule %s; "+
			"please delete manually. (error: %s)", secRuleName, err.Error()))
	}

	// delete security list that Packer generated
	secListName := state.Get("security_list").(string)
	secListClient := client.SecurityLists()
	input := compute.DeleteSecurityListInput{Name: secListName}
	err = secListClient.DeleteSecurityList(&input)
	if err != nil {
		ui.Say(fmt.Sprintf("Error deleting the packer-generated security list %s; "+
			"please delete manually. (error : %s)", secListName, err.Error()))
	}

	return
}
add separated out steps 2018-01-22 19:54:49 -05:00			`package classic`

			`import (`
			`"fmt"`
			`"log"`
			`"strings"`

			`"github.com/hashicorp/go-oracle-terraform/compute"`
			`"github.com/hashicorp/packer/packer"`
			`"github.com/mitchellh/multistep"`
			`)`

			`type stepSecurity struct{}`

add context to steps 2018-01-25 17:42:39 -05:00			`func (s *stepSecurity) Run(_ context.Context, state multistep.StateBag) multistep.StepAction {`
add separated out steps 2018-01-22 19:54:49 -05:00			`ui := state.Get("ui").(packer.Ui)`
allow user to add a security list for SSH access; add cleanup for packer-generated rules and lists 2018-01-23 14:07:04 -05:00
			`ui.Say("Configuring security lists and rules to enable SSH access...")`

add separated out steps 2018-01-22 19:54:49 -05:00			`config := state.Get("config").(*Config)`
			`client := state.Get("client").(*compute.ComputeClient)`

allow user to add a security list for SSH access; add cleanup for packer-generated rules and lists 2018-01-23 14:07:04 -05:00			`secListName := fmt.Sprintf("/Compute-%s/%s/Packer_SSH_Allow_%s",`
			`config.IdentityDomain, config.Username, config.ImageName)`
add separated out steps 2018-01-22 19:54:49 -05:00			`secListClient := client.SecurityLists()`
			`secListInput := compute.CreateSecurityListInput{`
			`Description: "Packer-generated security list to give packer ssh access",`
			`Name: secListName,`
			`}`
			`_, err := secListClient.CreateSecurityList(&secListInput)`
			`if err != nil {`
			`if !strings.Contains(err.Error(), "already exists") {`
allow user to add a security list for SSH access; add cleanup for packer-generated rules and lists 2018-01-23 14:07:04 -05:00			`err = fmt.Errorf("Error creating security List to"+`
add separated out steps 2018-01-22 19:54:49 -05:00			`" allow Packer to connect to Oracle instance via SSH: %s", err)`
			`ui.Error(err.Error())`
			`state.Put("error", err)`
			`return multistep.ActionHalt`
			`}`
			`}`
			`// DOCS NOTE: user must have Compute_Operations role`
			`// Create security rule that allows Packer to connect via SSH`
			`secRulesClient := client.SecRules()`
			`secRulesInput := compute.CreateSecRuleInput{`
			`Action: "PERMIT",`
			`Application: "/oracle/public/ssh",`
			`Description: "Packer-generated security rule to allow ssh",`
			`DestinationList: fmt.Sprintf("seclist:%s", secListName),`
allow user to add a security list for SSH access; add cleanup for packer-generated rules and lists 2018-01-23 14:07:04 -05:00			`Name: fmt.Sprintf("Packer-allow-SSH-Rule_%s", config.ImageName),`
			`SourceList: config.SSHSourceList,`
add separated out steps 2018-01-22 19:54:49 -05:00			`}`

allow user to add a security list for SSH access; add cleanup for packer-generated rules and lists 2018-01-23 14:07:04 -05:00			`secRuleName := fmt.Sprintf("/Compute-%s/%s/Packer-allow-SSH-Rule_%s",`
			`config.IdentityDomain, config.Username, config.ImageName)`
add separated out steps 2018-01-22 19:54:49 -05:00			`_, err = secRulesClient.CreateSecRule(&secRulesInput)`
			`if err != nil {`
allow user to add a security list for SSH access; add cleanup for packer-generated rules and lists 2018-01-23 14:07:04 -05:00			`log.Printf(err.Error())`
			`if !strings.Contains(err.Error(), "already exists") {`
			`err = fmt.Errorf("Error creating security rule to"+`
			`" allow Packer to connect to Oracle instance via SSH: %s", err)`
			`ui.Error(err.Error())`
			`state.Put("error", err)`
			`return multistep.ActionHalt`
			`}`
add separated out steps 2018-01-22 19:54:49 -05:00			`}`
allow user to add a security list for SSH access; add cleanup for packer-generated rules and lists 2018-01-23 14:07:04 -05:00			`state.Put("security_rule_name", secRuleName)`
add separated out steps 2018-01-22 19:54:49 -05:00			`state.Put("security_list", secListName)`
			`return multistep.ActionContinue`
			`}`

			`func (s *stepSecurity) Cleanup(state multistep.StateBag) {`
allow user to add a security list for SSH access; add cleanup for packer-generated rules and lists 2018-01-23 14:07:04 -05:00			`client := state.Get("client").(*compute.ComputeClient)`
			`ui := state.Get("ui").(packer.Ui)`
			`ui.Say("Deleting the packer-generated security rules and lists...")`
fix ordering of deleting security rules and lists 2018-01-25 12:17:30 -05:00
allow user to add a security list for SSH access; add cleanup for packer-generated rules and lists 2018-01-23 14:07:04 -05:00			`// delete security rules that Packer generated`
			`secRuleName := state.Get("security_rule_name").(string)`
			`secRulesClient := client.SecRules()`
			`ruleInput := compute.DeleteSecRuleInput{Name: secRuleName}`
fix ordering of deleting security rules and lists 2018-01-25 12:17:30 -05:00			`err := secRulesClient.DeleteSecRule(&ruleInput)`
allow user to add a security list for SSH access; add cleanup for packer-generated rules and lists 2018-01-23 14:07:04 -05:00			`if err != nil {`
			`ui.Say(fmt.Sprintf("Error deleting the packer-generated security rule %s; "+`
			`"please delete manually. (error: %s)", secRuleName, err.Error()))`
			`}`
fix ordering of deleting security rules and lists 2018-01-25 12:17:30 -05:00
			`// delete security list that Packer generated`
			`secListName := state.Get("security_list").(string)`
			`secListClient := client.SecurityLists()`
			`input := compute.DeleteSecurityListInput{Name: secListName}`
			`err = secListClient.DeleteSecurityList(&input)`
			`if err != nil {`
			`ui.Say(fmt.Sprintf("Error deleting the packer-generated security list %s; "+`
			`"please delete manually. (error : %s)", secListName, err.Error()))`
			`}`

allow user to add a security list for SSH access; add cleanup for packer-generated rules and lists 2018-01-23 14:07:04 -05:00			`return`
add separated out steps 2018-01-22 19:54:49 -05:00			`}`