Merge pull request #7450 from AkshatM/rename_security_group_cidr_to_security_group_cidrs
Rename and change `temporary_security_group_source_cidr` to accept a list of strings (for Amazon builders).
This commit is contained in:
commit
17c14770a7
|
@ -79,7 +79,7 @@ type RunConfig struct {
|
||||||
SubnetFilter SubnetFilterOptions `mapstructure:"subnet_filter"`
|
SubnetFilter SubnetFilterOptions `mapstructure:"subnet_filter"`
|
||||||
SubnetId string `mapstructure:"subnet_id"`
|
SubnetId string `mapstructure:"subnet_id"`
|
||||||
TemporaryKeyPairName string `mapstructure:"temporary_key_pair_name"`
|
TemporaryKeyPairName string `mapstructure:"temporary_key_pair_name"`
|
||||||
TemporarySGSourceCidr string `mapstructure:"temporary_security_group_source_cidr"`
|
TemporarySGSourceCidrs []string `mapstructure:"temporary_security_group_source_cidrs"`
|
||||||
UserData string `mapstructure:"user_data"`
|
UserData string `mapstructure:"user_data"`
|
||||||
UserDataFile string `mapstructure:"user_data_file"`
|
UserDataFile string `mapstructure:"user_data_file"`
|
||||||
VpcFilter VpcFilterOptions `mapstructure:"vpc_filter"`
|
VpcFilter VpcFilterOptions `mapstructure:"vpc_filter"`
|
||||||
|
@ -184,11 +184,13 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if c.TemporarySGSourceCidr == "" {
|
if len(c.TemporarySGSourceCidrs) == 0 {
|
||||||
c.TemporarySGSourceCidr = "0.0.0.0/0"
|
c.TemporarySGSourceCidrs = []string{"0.0.0.0/0"}
|
||||||
} else {
|
} else {
|
||||||
if _, _, err := net.ParseCIDR(c.TemporarySGSourceCidr); err != nil {
|
for _, cidr := range c.TemporarySGSourceCidrs {
|
||||||
errs = append(errs, fmt.Errorf("Error parsing temporary_security_group_source_cidr: %s", err.Error()))
|
if _, _, err := net.ParseCIDR(cidr); err != nil {
|
||||||
|
errs = append(errs, fmt.Errorf("Error parsing CIDR in temporary_security_group_source_cidrs: %s", err.Error()))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -17,10 +17,10 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
type StepSecurityGroup struct {
|
type StepSecurityGroup struct {
|
||||||
CommConfig *communicator.Config
|
CommConfig *communicator.Config
|
||||||
SecurityGroupFilter SecurityGroupFilterOptions
|
SecurityGroupFilter SecurityGroupFilterOptions
|
||||||
SecurityGroupIds []string
|
SecurityGroupIds []string
|
||||||
TemporarySGSourceCidr string
|
TemporarySGSourceCidrs []string
|
||||||
|
|
||||||
createdGroupId string
|
createdGroupId string
|
||||||
}
|
}
|
||||||
|
@ -119,26 +119,33 @@ func (s *StepSecurityGroup) Run(_ context.Context, state multistep.StateBag) mul
|
||||||
return multistep.ActionHalt
|
return multistep.ActionHalt
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// map the list of temporary security group CIDRs bundled with config to
|
||||||
|
// types expected by EC2.
|
||||||
|
groupIpRanges := []*ec2.IpRange{}
|
||||||
|
for _, cidr := range s.TemporarySGSourceCidrs {
|
||||||
|
ipRange := ec2.IpRange{
|
||||||
|
CidrIp: aws.String(cidr),
|
||||||
|
}
|
||||||
|
groupIpRanges = append(groupIpRanges, &ipRange)
|
||||||
|
}
|
||||||
|
|
||||||
// Authorize the SSH access for the security group
|
// Authorize the SSH access for the security group
|
||||||
groupRules := &ec2.AuthorizeSecurityGroupIngressInput{
|
groupRules := &ec2.AuthorizeSecurityGroupIngressInput{
|
||||||
GroupId: groupResp.GroupId,
|
GroupId: groupResp.GroupId,
|
||||||
IpPermissions: []*ec2.IpPermission{
|
IpPermissions: []*ec2.IpPermission{
|
||||||
{
|
{
|
||||||
FromPort: aws.Int64(int64(port)),
|
FromPort: aws.Int64(int64(port)),
|
||||||
ToPort: aws.Int64(int64(port)),
|
ToPort: aws.Int64(int64(port)),
|
||||||
IpRanges: []*ec2.IpRange{
|
IpRanges: groupIpRanges,
|
||||||
{
|
|
||||||
CidrIp: aws.String(s.TemporarySGSourceCidr),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
IpProtocol: aws.String("tcp"),
|
IpProtocol: aws.String("tcp"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
ui.Say(fmt.Sprintf(
|
ui.Say(fmt.Sprintf(
|
||||||
"Authorizing access to port %d from %s in the temporary security group...",
|
"Authorizing access to port %d from %v in the temporary security groups...",
|
||||||
port, s.TemporarySGSourceCidr))
|
port, s.TemporarySGSourceCidrs),
|
||||||
|
)
|
||||||
_, err = ec2conn.AuthorizeSecurityGroupIngress(groupRules)
|
_, err = ec2conn.AuthorizeSecurityGroupIngress(groupRules)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
err := fmt.Errorf("Error authorizing temporary security group: %s", err)
|
err := fmt.Errorf("Error authorizing temporary security group: %s", err)
|
||||||
|
|
|
@ -178,10 +178,10 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook) (packer.Artifact, error) {
|
||||||
DebugKeyPath: fmt.Sprintf("ec2_%s.pem", b.config.PackerBuildName),
|
DebugKeyPath: fmt.Sprintf("ec2_%s.pem", b.config.PackerBuildName),
|
||||||
},
|
},
|
||||||
&awscommon.StepSecurityGroup{
|
&awscommon.StepSecurityGroup{
|
||||||
SecurityGroupFilter: b.config.SecurityGroupFilter,
|
SecurityGroupFilter: b.config.SecurityGroupFilter,
|
||||||
SecurityGroupIds: b.config.SecurityGroupIds,
|
SecurityGroupIds: b.config.SecurityGroupIds,
|
||||||
CommConfig: &b.config.RunConfig.Comm,
|
CommConfig: &b.config.RunConfig.Comm,
|
||||||
TemporarySGSourceCidr: b.config.TemporarySGSourceCidr,
|
TemporarySGSourceCidrs: b.config.TemporarySGSourceCidrs,
|
||||||
},
|
},
|
||||||
&awscommon.StepCleanupVolumes{
|
&awscommon.StepCleanupVolumes{
|
||||||
BlockDevices: b.config.BlockDevices,
|
BlockDevices: b.config.BlockDevices,
|
||||||
|
|
|
@ -194,10 +194,10 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook) (packer.Artifact, error) {
|
||||||
DebugKeyPath: fmt.Sprintf("ec2_%s.pem", b.config.PackerBuildName),
|
DebugKeyPath: fmt.Sprintf("ec2_%s.pem", b.config.PackerBuildName),
|
||||||
},
|
},
|
||||||
&awscommon.StepSecurityGroup{
|
&awscommon.StepSecurityGroup{
|
||||||
SecurityGroupFilter: b.config.SecurityGroupFilter,
|
SecurityGroupFilter: b.config.SecurityGroupFilter,
|
||||||
SecurityGroupIds: b.config.SecurityGroupIds,
|
SecurityGroupIds: b.config.SecurityGroupIds,
|
||||||
CommConfig: &b.config.RunConfig.Comm,
|
CommConfig: &b.config.RunConfig.Comm,
|
||||||
TemporarySGSourceCidr: b.config.TemporarySGSourceCidr,
|
TemporarySGSourceCidrs: b.config.TemporarySGSourceCidrs,
|
||||||
},
|
},
|
||||||
&awscommon.StepCleanupVolumes{
|
&awscommon.StepCleanupVolumes{
|
||||||
BlockDevices: b.config.BlockDevices,
|
BlockDevices: b.config.BlockDevices,
|
||||||
|
|
|
@ -171,10 +171,10 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook) (packer.Artifact, error) {
|
||||||
DebugKeyPath: fmt.Sprintf("ec2_%s.pem", b.config.PackerBuildName),
|
DebugKeyPath: fmt.Sprintf("ec2_%s.pem", b.config.PackerBuildName),
|
||||||
},
|
},
|
||||||
&awscommon.StepSecurityGroup{
|
&awscommon.StepSecurityGroup{
|
||||||
SecurityGroupFilter: b.config.SecurityGroupFilter,
|
SecurityGroupFilter: b.config.SecurityGroupFilter,
|
||||||
SecurityGroupIds: b.config.SecurityGroupIds,
|
SecurityGroupIds: b.config.SecurityGroupIds,
|
||||||
CommConfig: &b.config.RunConfig.Comm,
|
CommConfig: &b.config.RunConfig.Comm,
|
||||||
TemporarySGSourceCidr: b.config.TemporarySGSourceCidr,
|
TemporarySGSourceCidrs: b.config.TemporarySGSourceCidrs,
|
||||||
},
|
},
|
||||||
instanceStep,
|
instanceStep,
|
||||||
&stepTagEBSVolumes{
|
&stepTagEBSVolumes{
|
||||||
|
|
|
@ -255,10 +255,10 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook) (packer.Artifact, error) {
|
||||||
DebugKeyPath: fmt.Sprintf("ec2_%s.pem", b.config.PackerBuildName),
|
DebugKeyPath: fmt.Sprintf("ec2_%s.pem", b.config.PackerBuildName),
|
||||||
},
|
},
|
||||||
&awscommon.StepSecurityGroup{
|
&awscommon.StepSecurityGroup{
|
||||||
CommConfig: &b.config.RunConfig.Comm,
|
CommConfig: &b.config.RunConfig.Comm,
|
||||||
SecurityGroupFilter: b.config.SecurityGroupFilter,
|
SecurityGroupFilter: b.config.SecurityGroupFilter,
|
||||||
SecurityGroupIds: b.config.SecurityGroupIds,
|
SecurityGroupIds: b.config.SecurityGroupIds,
|
||||||
TemporarySGSourceCidr: b.config.TemporarySGSourceCidr,
|
TemporarySGSourceCidrs: b.config.TemporarySGSourceCidrs,
|
||||||
},
|
},
|
||||||
instanceStep,
|
instanceStep,
|
||||||
&awscommon.StepGetPassword{
|
&awscommon.StepGetPassword{
|
||||||
|
|
|
@ -35,6 +35,7 @@ func init() {
|
||||||
"amazon-shutdown_behavior": new(FixerAmazonShutdownBehavior),
|
"amazon-shutdown_behavior": new(FixerAmazonShutdownBehavior),
|
||||||
"amazon-enhanced-networking": new(FixerAmazonEnhancedNetworking),
|
"amazon-enhanced-networking": new(FixerAmazonEnhancedNetworking),
|
||||||
"amazon-private-ip": new(FixerAmazonPrivateIP),
|
"amazon-private-ip": new(FixerAmazonPrivateIP),
|
||||||
|
"amazon-temp-sec-cidrs": new(FixerAmazonTemporarySecurityCIDRs),
|
||||||
"docker-email": new(FixerDockerEmail),
|
"docker-email": new(FixerDockerEmail),
|
||||||
"powershell-escapes": new(FixerPowerShellEscapes),
|
"powershell-escapes": new(FixerPowerShellEscapes),
|
||||||
"hyperv-deprecations": new(FixerHypervDeprecations),
|
"hyperv-deprecations": new(FixerHypervDeprecations),
|
||||||
|
@ -59,6 +60,7 @@ func init() {
|
||||||
"amazon-shutdown_behavior",
|
"amazon-shutdown_behavior",
|
||||||
"amazon-enhanced-networking",
|
"amazon-enhanced-networking",
|
||||||
"amazon-private-ip",
|
"amazon-private-ip",
|
||||||
|
"amazon-temp-sec-cidrs",
|
||||||
"docker-email",
|
"docker-email",
|
||||||
"powershell-escapes",
|
"powershell-escapes",
|
||||||
"vmware-compaction",
|
"vmware-compaction",
|
||||||
|
|
|
@ -0,0 +1,53 @@
|
||||||
|
package fix
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/mitchellh/mapstructure"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
type FixerAmazonTemporarySecurityCIDRs struct{}
|
||||||
|
|
||||||
|
func (FixerAmazonTemporarySecurityCIDRs) Fix(input map[string]interface{}) (map[string]interface{}, error) {
|
||||||
|
// Our template type we'll use for this fixer only
|
||||||
|
type template struct {
|
||||||
|
Builders []map[string]interface{}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Decode the input into our structure, if we can
|
||||||
|
var tpl template
|
||||||
|
if err := mapstructure.Decode(input, &tpl); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Go through each builder and replace the temporary_security_group_source_cidr if we can
|
||||||
|
for _, builder := range tpl.Builders {
|
||||||
|
builderTypeRaw, ok := builder["type"]
|
||||||
|
if !ok {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
builderType, ok := builderTypeRaw.(string)
|
||||||
|
if !ok {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
if !strings.HasPrefix(builderType, "amazon-") {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
temporarySecurityGroupCIDR, ok := builder["temporary_security_group_source_cidr"].(string)
|
||||||
|
if !ok {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
delete(builder, "temporary_security_group_source_cidr")
|
||||||
|
builder["temporary_security_group_source_cidrs"] = []string{temporarySecurityGroupCIDR}
|
||||||
|
}
|
||||||
|
|
||||||
|
input["builders"] = tpl.Builders
|
||||||
|
return input, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (FixerAmazonTemporarySecurityCIDRs) Synopsis() string {
|
||||||
|
return `Replaces "temporary_security_group_source_cidr" (string) with "temporary_security_group_source_cidrs" (list of strings)`
|
||||||
|
}
|
|
@ -0,0 +1,50 @@
|
||||||
|
package fix
|
||||||
|
|
||||||
|
import (
|
||||||
|
"reflect"
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestFixerAmazonTemporarySecurityCIDRs_Impl(t *testing.T) {
|
||||||
|
var _ Fixer = new(FixerAmazonTemporarySecurityCIDRs)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestFixerAmazonTemporarySecurityCIDRs(t *testing.T) {
|
||||||
|
cases := []struct {
|
||||||
|
Input map[string]interface{}
|
||||||
|
Expected map[string]interface{}
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
Input: map[string]interface{}{
|
||||||
|
"type": "amazon-ebs",
|
||||||
|
"temporary_security_group_source_cidr": "0.0.0.0/0",
|
||||||
|
},
|
||||||
|
|
||||||
|
Expected: map[string]interface{}{
|
||||||
|
"type": "amazon-ebs",
|
||||||
|
"temporary_security_group_source_cidrs": []string{"0.0.0.0/0"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, tc := range cases {
|
||||||
|
var f FixerAmazonTemporarySecurityCIDRs
|
||||||
|
|
||||||
|
input := map[string]interface{}{
|
||||||
|
"builders": []map[string]interface{}{tc.Input},
|
||||||
|
}
|
||||||
|
|
||||||
|
expected := map[string]interface{}{
|
||||||
|
"builders": []map[string]interface{}{tc.Expected},
|
||||||
|
}
|
||||||
|
|
||||||
|
output, err := f.Fix(input)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("err: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !reflect.DeepEqual(output, expected) {
|
||||||
|
t.Fatalf("unexpected: %#v\nexpected: %#v\n", output, expected)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -490,11 +490,10 @@ builder.
|
||||||
generate. By default, Packer generates a name that looks like
|
generate. By default, Packer generates a name that looks like
|
||||||
`packer_<UUID>`, where <UUID> is a 36 character unique identifier.
|
`packer_<UUID>`, where <UUID> is a 36 character unique identifier.
|
||||||
|
|
||||||
- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be
|
- `temporary_security_group_source_cidrs` (list of string) - A list of IPv4
|
||||||
authorized access to the instance, when packer is creating a temporary
|
CIDR blocks to be authorized access to the instance, when packer is creating a temporary security group.
|
||||||
security group. The default is `0.0.0.0/0` (i.e., allow any IPv4 source).
|
|
||||||
This is only used when `security_group_id` or `security_group_ids` is not
|
The default is [`0.0.0.0/0`] (i.e., allow any IPv4 source). This is only used when `security_group_id` or `security_group_ids` is not specified.
|
||||||
specified.
|
|
||||||
|
|
||||||
- `token` (string) - The access token to use. This is different from the
|
- `token` (string) - The access token to use. This is different from the
|
||||||
access key and secret key. If you're not sure what this is, then you
|
access key and secret key. If you're not sure what this is, then you
|
||||||
|
|
|
@ -479,11 +479,10 @@ builder.
|
||||||
- `temporary_key_pair_name` (string) - The name of the temporary keypair to
|
- `temporary_key_pair_name` (string) - The name of the temporary keypair to
|
||||||
generate. By default, Packer generates a name with a UUID.
|
generate. By default, Packer generates a name with a UUID.
|
||||||
|
|
||||||
- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be
|
- `temporary_security_group_source_cidrs` (list of string) - A list of IPv4
|
||||||
authorized access to the instance, when packer is creating a temporary
|
CIDR blocks to be authorized access to the instance, when packer is creating a temporary security group.
|
||||||
security group. The default is `0.0.0.0/0` (i.e., allow any IPv4 source).
|
|
||||||
This is only used when `security_group_id` or `security_group_ids` is not
|
The default is [`0.0.0.0/0`] (i.e., allow any IPv4 source). This is only used when `security_group_id` or `security_group_ids` is not specified.
|
||||||
specified.
|
|
||||||
|
|
||||||
- `token` (string) - The access token to use. This is different from the
|
- `token` (string) - The access token to use. This is different from the
|
||||||
access key and secret key. If you're not sure what this is, then you
|
access key and secret key. If you're not sure what this is, then you
|
||||||
|
|
|
@ -390,11 +390,10 @@ builder.
|
||||||
generate. By default, Packer generates a name that looks like
|
generate. By default, Packer generates a name that looks like
|
||||||
`packer_<UUID>`, where <UUID> is a 36 character unique identifier.
|
`packer_<UUID>`, where <UUID> is a 36 character unique identifier.
|
||||||
|
|
||||||
- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be
|
- `temporary_security_group_source_cidrs` (list of string) - A list of IPv4
|
||||||
authorized access to the instance, when packer is creating a temporary
|
CIDR blocks to be authorized access to the instance, when packer is creating a temporary security group.
|
||||||
security group. The default is `0.0.0.0/0` (i.e., allow any IPv4 source).
|
|
||||||
This is only used when `security_group_id` or `security_group_ids` is not
|
The default is [`0.0.0.0/0`] (i.e., allow any IPv4 source). This is only used when `security_group_id` or `security_group_ids` is not specified.
|
||||||
specified.
|
|
||||||
|
|
||||||
- `token` (string) - The access token to use. This is different from the
|
- `token` (string) - The access token to use. This is different from the
|
||||||
access key and secret key. If you're not sure what this is, then you
|
access key and secret key. If you're not sure what this is, then you
|
||||||
|
|
|
@ -477,11 +477,10 @@ builder.
|
||||||
generate. By default, Packer generates a name that looks like
|
generate. By default, Packer generates a name that looks like
|
||||||
`packer_<UUID>`, where <UUID> is a 36 character unique identifier.
|
`packer_<UUID>`, where <UUID> is a 36 character unique identifier.
|
||||||
|
|
||||||
- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be
|
- `temporary_security_group_source_cidrs` (list of string) - A list of IPv4
|
||||||
authorized access to the instance, when packer is creating a temporary
|
CIDR blocks to be authorized access to the instance, when packer is creating a temporary security group.
|
||||||
security group. The default is `0.0.0.0/0` (i.e., allow any IPv4 source).
|
|
||||||
This is only used when `security_group_id` or `security_group_ids` is not
|
The default is [`0.0.0.0/0`] (i.e., allow any IPv4 source). This is only used when `security_group_id` or `security_group_ids` is not specified.
|
||||||
specified.
|
|
||||||
|
|
||||||
- `user_data` (string) - User data to apply when launching the instance. Note
|
- `user_data` (string) - User data to apply when launching the instance. Note
|
||||||
that you need to be careful about escaping characters due to the templates
|
that you need to be careful about escaping characters due to the templates
|
||||||
|
|
Loading…
Reference in New Issue