Merge pull request #7450 from AkshatM/rename_security_group_cidr_to_security_group_cidrs

Rename and change `temporary_security_group_source_cidr`  to accept a list of strings (for Amazon builders).
This commit is contained in:
Megan Marsh 2019-04-02 10:54:31 -07:00 committed by GitHub
commit 17c14770a7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 164 additions and 54 deletions

View File

@ -79,7 +79,7 @@ type RunConfig struct {
SubnetFilter SubnetFilterOptions `mapstructure:"subnet_filter"` SubnetFilter SubnetFilterOptions `mapstructure:"subnet_filter"`
SubnetId string `mapstructure:"subnet_id"` SubnetId string `mapstructure:"subnet_id"`
TemporaryKeyPairName string `mapstructure:"temporary_key_pair_name"` TemporaryKeyPairName string `mapstructure:"temporary_key_pair_name"`
TemporarySGSourceCidr string `mapstructure:"temporary_security_group_source_cidr"` TemporarySGSourceCidrs []string `mapstructure:"temporary_security_group_source_cidrs"`
UserData string `mapstructure:"user_data"` UserData string `mapstructure:"user_data"`
UserDataFile string `mapstructure:"user_data_file"` UserDataFile string `mapstructure:"user_data_file"`
VpcFilter VpcFilterOptions `mapstructure:"vpc_filter"` VpcFilter VpcFilterOptions `mapstructure:"vpc_filter"`
@ -184,11 +184,13 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error {
} }
} }
if c.TemporarySGSourceCidr == "" { if len(c.TemporarySGSourceCidrs) == 0 {
c.TemporarySGSourceCidr = "0.0.0.0/0" c.TemporarySGSourceCidrs = []string{"0.0.0.0/0"}
} else { } else {
if _, _, err := net.ParseCIDR(c.TemporarySGSourceCidr); err != nil { for _, cidr := range c.TemporarySGSourceCidrs {
errs = append(errs, fmt.Errorf("Error parsing temporary_security_group_source_cidr: %s", err.Error())) if _, _, err := net.ParseCIDR(cidr); err != nil {
errs = append(errs, fmt.Errorf("Error parsing CIDR in temporary_security_group_source_cidrs: %s", err.Error()))
}
} }
} }

View File

@ -20,7 +20,7 @@ type StepSecurityGroup struct {
CommConfig *communicator.Config CommConfig *communicator.Config
SecurityGroupFilter SecurityGroupFilterOptions SecurityGroupFilter SecurityGroupFilterOptions
SecurityGroupIds []string SecurityGroupIds []string
TemporarySGSourceCidr string TemporarySGSourceCidrs []string
createdGroupId string createdGroupId string
} }
@ -119,6 +119,16 @@ func (s *StepSecurityGroup) Run(_ context.Context, state multistep.StateBag) mul
return multistep.ActionHalt return multistep.ActionHalt
} }
// map the list of temporary security group CIDRs bundled with config to
// types expected by EC2.
groupIpRanges := []*ec2.IpRange{}
for _, cidr := range s.TemporarySGSourceCidrs {
ipRange := ec2.IpRange{
CidrIp: aws.String(cidr),
}
groupIpRanges = append(groupIpRanges, &ipRange)
}
// Authorize the SSH access for the security group // Authorize the SSH access for the security group
groupRules := &ec2.AuthorizeSecurityGroupIngressInput{ groupRules := &ec2.AuthorizeSecurityGroupIngressInput{
GroupId: groupResp.GroupId, GroupId: groupResp.GroupId,
@ -126,19 +136,16 @@ func (s *StepSecurityGroup) Run(_ context.Context, state multistep.StateBag) mul
{ {
FromPort: aws.Int64(int64(port)), FromPort: aws.Int64(int64(port)),
ToPort: aws.Int64(int64(port)), ToPort: aws.Int64(int64(port)),
IpRanges: []*ec2.IpRange{ IpRanges: groupIpRanges,
{
CidrIp: aws.String(s.TemporarySGSourceCidr),
},
},
IpProtocol: aws.String("tcp"), IpProtocol: aws.String("tcp"),
}, },
}, },
} }
ui.Say(fmt.Sprintf( ui.Say(fmt.Sprintf(
"Authorizing access to port %d from %s in the temporary security group...", "Authorizing access to port %d from %v in the temporary security groups...",
port, s.TemporarySGSourceCidr)) port, s.TemporarySGSourceCidrs),
)
_, err = ec2conn.AuthorizeSecurityGroupIngress(groupRules) _, err = ec2conn.AuthorizeSecurityGroupIngress(groupRules)
if err != nil { if err != nil {
err := fmt.Errorf("Error authorizing temporary security group: %s", err) err := fmt.Errorf("Error authorizing temporary security group: %s", err)

View File

@ -181,7 +181,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook) (packer.Artifact, error) {
SecurityGroupFilter: b.config.SecurityGroupFilter, SecurityGroupFilter: b.config.SecurityGroupFilter,
SecurityGroupIds: b.config.SecurityGroupIds, SecurityGroupIds: b.config.SecurityGroupIds,
CommConfig: &b.config.RunConfig.Comm, CommConfig: &b.config.RunConfig.Comm,
TemporarySGSourceCidr: b.config.TemporarySGSourceCidr, TemporarySGSourceCidrs: b.config.TemporarySGSourceCidrs,
}, },
&awscommon.StepCleanupVolumes{ &awscommon.StepCleanupVolumes{
BlockDevices: b.config.BlockDevices, BlockDevices: b.config.BlockDevices,

View File

@ -197,7 +197,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook) (packer.Artifact, error) {
SecurityGroupFilter: b.config.SecurityGroupFilter, SecurityGroupFilter: b.config.SecurityGroupFilter,
SecurityGroupIds: b.config.SecurityGroupIds, SecurityGroupIds: b.config.SecurityGroupIds,
CommConfig: &b.config.RunConfig.Comm, CommConfig: &b.config.RunConfig.Comm,
TemporarySGSourceCidr: b.config.TemporarySGSourceCidr, TemporarySGSourceCidrs: b.config.TemporarySGSourceCidrs,
}, },
&awscommon.StepCleanupVolumes{ &awscommon.StepCleanupVolumes{
BlockDevices: b.config.BlockDevices, BlockDevices: b.config.BlockDevices,

View File

@ -174,7 +174,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook) (packer.Artifact, error) {
SecurityGroupFilter: b.config.SecurityGroupFilter, SecurityGroupFilter: b.config.SecurityGroupFilter,
SecurityGroupIds: b.config.SecurityGroupIds, SecurityGroupIds: b.config.SecurityGroupIds,
CommConfig: &b.config.RunConfig.Comm, CommConfig: &b.config.RunConfig.Comm,
TemporarySGSourceCidr: b.config.TemporarySGSourceCidr, TemporarySGSourceCidrs: b.config.TemporarySGSourceCidrs,
}, },
instanceStep, instanceStep,
&stepTagEBSVolumes{ &stepTagEBSVolumes{

View File

@ -258,7 +258,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook) (packer.Artifact, error) {
CommConfig: &b.config.RunConfig.Comm, CommConfig: &b.config.RunConfig.Comm,
SecurityGroupFilter: b.config.SecurityGroupFilter, SecurityGroupFilter: b.config.SecurityGroupFilter,
SecurityGroupIds: b.config.SecurityGroupIds, SecurityGroupIds: b.config.SecurityGroupIds,
TemporarySGSourceCidr: b.config.TemporarySGSourceCidr, TemporarySGSourceCidrs: b.config.TemporarySGSourceCidrs,
}, },
instanceStep, instanceStep,
&awscommon.StepGetPassword{ &awscommon.StepGetPassword{

View File

@ -35,6 +35,7 @@ func init() {
"amazon-shutdown_behavior": new(FixerAmazonShutdownBehavior), "amazon-shutdown_behavior": new(FixerAmazonShutdownBehavior),
"amazon-enhanced-networking": new(FixerAmazonEnhancedNetworking), "amazon-enhanced-networking": new(FixerAmazonEnhancedNetworking),
"amazon-private-ip": new(FixerAmazonPrivateIP), "amazon-private-ip": new(FixerAmazonPrivateIP),
"amazon-temp-sec-cidrs": new(FixerAmazonTemporarySecurityCIDRs),
"docker-email": new(FixerDockerEmail), "docker-email": new(FixerDockerEmail),
"powershell-escapes": new(FixerPowerShellEscapes), "powershell-escapes": new(FixerPowerShellEscapes),
"hyperv-deprecations": new(FixerHypervDeprecations), "hyperv-deprecations": new(FixerHypervDeprecations),
@ -59,6 +60,7 @@ func init() {
"amazon-shutdown_behavior", "amazon-shutdown_behavior",
"amazon-enhanced-networking", "amazon-enhanced-networking",
"amazon-private-ip", "amazon-private-ip",
"amazon-temp-sec-cidrs",
"docker-email", "docker-email",
"powershell-escapes", "powershell-escapes",
"vmware-compaction", "vmware-compaction",

View File

@ -0,0 +1,53 @@
package fix
import (
"github.com/mitchellh/mapstructure"
"strings"
)
type FixerAmazonTemporarySecurityCIDRs struct{}
func (FixerAmazonTemporarySecurityCIDRs) Fix(input map[string]interface{}) (map[string]interface{}, error) {
// Our template type we'll use for this fixer only
type template struct {
Builders []map[string]interface{}
}
// Decode the input into our structure, if we can
var tpl template
if err := mapstructure.Decode(input, &tpl); err != nil {
return nil, err
}
// Go through each builder and replace the temporary_security_group_source_cidr if we can
for _, builder := range tpl.Builders {
builderTypeRaw, ok := builder["type"]
if !ok {
continue
}
builderType, ok := builderTypeRaw.(string)
if !ok {
continue
}
if !strings.HasPrefix(builderType, "amazon-") {
continue
}
temporarySecurityGroupCIDR, ok := builder["temporary_security_group_source_cidr"].(string)
if !ok {
continue
}
delete(builder, "temporary_security_group_source_cidr")
builder["temporary_security_group_source_cidrs"] = []string{temporarySecurityGroupCIDR}
}
input["builders"] = tpl.Builders
return input, nil
}
func (FixerAmazonTemporarySecurityCIDRs) Synopsis() string {
return `Replaces "temporary_security_group_source_cidr" (string) with "temporary_security_group_source_cidrs" (list of strings)`
}

View File

@ -0,0 +1,50 @@
package fix
import (
"reflect"
"testing"
)
func TestFixerAmazonTemporarySecurityCIDRs_Impl(t *testing.T) {
var _ Fixer = new(FixerAmazonTemporarySecurityCIDRs)
}
func TestFixerAmazonTemporarySecurityCIDRs(t *testing.T) {
cases := []struct {
Input map[string]interface{}
Expected map[string]interface{}
}{
{
Input: map[string]interface{}{
"type": "amazon-ebs",
"temporary_security_group_source_cidr": "0.0.0.0/0",
},
Expected: map[string]interface{}{
"type": "amazon-ebs",
"temporary_security_group_source_cidrs": []string{"0.0.0.0/0"},
},
},
}
for _, tc := range cases {
var f FixerAmazonTemporarySecurityCIDRs
input := map[string]interface{}{
"builders": []map[string]interface{}{tc.Input},
}
expected := map[string]interface{}{
"builders": []map[string]interface{}{tc.Expected},
}
output, err := f.Fix(input)
if err != nil {
t.Fatalf("err: %s", err)
}
if !reflect.DeepEqual(output, expected) {
t.Fatalf("unexpected: %#v\nexpected: %#v\n", output, expected)
}
}
}

View File

@ -490,11 +490,10 @@ builder.
generate. By default, Packer generates a name that looks like generate. By default, Packer generates a name that looks like
`packer_<UUID>`, where &lt;UUID&gt; is a 36 character unique identifier. `packer_<UUID>`, where &lt;UUID&gt; is a 36 character unique identifier.
- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be - `temporary_security_group_source_cidrs` (list of string) - A list of IPv4
authorized access to the instance, when packer is creating a temporary CIDR blocks to be authorized access to the instance, when packer is creating a temporary security group.
security group. The default is `0.0.0.0/0` (i.e., allow any IPv4 source).
This is only used when `security_group_id` or `security_group_ids` is not The default is [`0.0.0.0/0`] (i.e., allow any IPv4 source). This is only used when `security_group_id` or `security_group_ids` is not specified.
specified.
- `token` (string) - The access token to use. This is different from the - `token` (string) - The access token to use. This is different from the
access key and secret key. If you're not sure what this is, then you access key and secret key. If you're not sure what this is, then you

View File

@ -479,11 +479,10 @@ builder.
- `temporary_key_pair_name` (string) - The name of the temporary keypair to - `temporary_key_pair_name` (string) - The name of the temporary keypair to
generate. By default, Packer generates a name with a UUID. generate. By default, Packer generates a name with a UUID.
- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be - `temporary_security_group_source_cidrs` (list of string) - A list of IPv4
authorized access to the instance, when packer is creating a temporary CIDR blocks to be authorized access to the instance, when packer is creating a temporary security group.
security group. The default is `0.0.0.0/0` (i.e., allow any IPv4 source).
This is only used when `security_group_id` or `security_group_ids` is not The default is [`0.0.0.0/0`] (i.e., allow any IPv4 source). This is only used when `security_group_id` or `security_group_ids` is not specified.
specified.
- `token` (string) - The access token to use. This is different from the - `token` (string) - The access token to use. This is different from the
access key and secret key. If you're not sure what this is, then you access key and secret key. If you're not sure what this is, then you

View File

@ -390,11 +390,10 @@ builder.
generate. By default, Packer generates a name that looks like generate. By default, Packer generates a name that looks like
`packer_<UUID>`, where &lt;UUID&gt; is a 36 character unique identifier. `packer_<UUID>`, where &lt;UUID&gt; is a 36 character unique identifier.
- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be - `temporary_security_group_source_cidrs` (list of string) - A list of IPv4
authorized access to the instance, when packer is creating a temporary CIDR blocks to be authorized access to the instance, when packer is creating a temporary security group.
security group. The default is `0.0.0.0/0` (i.e., allow any IPv4 source).
This is only used when `security_group_id` or `security_group_ids` is not The default is [`0.0.0.0/0`] (i.e., allow any IPv4 source). This is only used when `security_group_id` or `security_group_ids` is not specified.
specified.
- `token` (string) - The access token to use. This is different from the - `token` (string) - The access token to use. This is different from the
access key and secret key. If you're not sure what this is, then you access key and secret key. If you're not sure what this is, then you

View File

@ -477,11 +477,10 @@ builder.
generate. By default, Packer generates a name that looks like generate. By default, Packer generates a name that looks like
`packer_<UUID>`, where &lt;UUID&gt; is a 36 character unique identifier. `packer_<UUID>`, where &lt;UUID&gt; is a 36 character unique identifier.
- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be - `temporary_security_group_source_cidrs` (list of string) - A list of IPv4
authorized access to the instance, when packer is creating a temporary CIDR blocks to be authorized access to the instance, when packer is creating a temporary security group.
security group. The default is `0.0.0.0/0` (i.e., allow any IPv4 source).
This is only used when `security_group_id` or `security_group_ids` is not The default is [`0.0.0.0/0`] (i.e., allow any IPv4 source). This is only used when `security_group_id` or `security_group_ids` is not specified.
specified.
- `user_data` (string) - User data to apply when launching the instance. Note - `user_data` (string) - User data to apply when launching the instance. Note
that you need to be careful about escaping characters due to the templates that you need to be careful about escaping characters due to the templates