Merge pull request #6843 from gmmephisto/pr-master-aws-security-group

aws: wait for temporary security group before authorize rules
2018-10-17 14:08:49 -07:00 · 2018-10-17 14:08:49 -07:00 · 2266514408
parent e7d3a30c0e 00c96fc400
commit 2266514408
1 changed files with 29 additions and 32 deletions
--- a/builder/amazon/common/step_security_group.go
+++ b/builder/amazon/common/step_security_group.go
@ -74,38 +74,7 @@ func (s *StepSecurityGroup) Run(_ context.Context, state multistep.StateBag) mul
 	// Set the group ID so we can delete it later
 	s.createdGroupId = *groupResp.GroupId

-	// Authorize the SSH access for the security group
-	req := &ec2.AuthorizeSecurityGroupIngressInput{
-		GroupId:    groupResp.GroupId,
-		IpProtocol: aws.String("tcp"),
-		FromPort:   aws.Int64(int64(port)),
-		ToPort:     aws.Int64(int64(port)),
-		CidrIp:     aws.String(s.TemporarySGSourceCidr),
-	}
-
-	// We loop and retry this a few times because sometimes the security
-	// group isn't available immediately because AWS resources are eventually
-	// consistent.
-	ui.Say(fmt.Sprintf(
-		"Authorizing access to port %d from %s in the temporary security group...",
-		port, s.TemporarySGSourceCidr))
-	for i := 0; i < 5; i++ {
-		_, err = ec2conn.AuthorizeSecurityGroupIngress(req)
-		if err == nil {
-			break
-		}
-
-		log.Printf("Error authorizing. Will sleep and retry. %s", err)
-		time.Sleep((time.Duration(i) * time.Second) + 1)
-	}
-
-	if err != nil {
-		err := fmt.Errorf("Error creating temporary security group: %s", err)
-		state.Put("error", err)
-		ui.Error(err.Error())
-		return multistep.ActionHalt
-	}
-
+	// Wait for the security group become available for authorizing
 	log.Printf("[DEBUG] Waiting for temporary security group: %s", s.createdGroupId)
 	err = waitUntilSecurityGroupExists(ec2conn,
 		&ec2.DescribeSecurityGroupsInput{
@ -121,6 +90,34 @@ func (s *StepSecurityGroup) Run(_ context.Context, state multistep.StateBag) mul
 		return multistep.ActionHalt
 	}

+	// Authorize the SSH access for the security group
+	groupRules := &ec2.AuthorizeSecurityGroupIngressInput{
+		GroupId: groupResp.GroupId,
+		IpPermissions: []*ec2.IpPermission{
+			{
+				FromPort: aws.Int64(int64(port)),
+				ToPort:   aws.Int64(int64(port)),
+				IpRanges: []*ec2.IpRange{
+					{
+						CidrIp: aws.String(s.TemporarySGSourceCidr),
+					},
+				},
+				IpProtocol: aws.String("tcp"),
+			},
+		},
+	}
+
+	ui.Say(fmt.Sprintf(
+		"Authorizing access to port %d from %s in the temporary security group...",
+		port, s.TemporarySGSourceCidr))
+	_, err = ec2conn.AuthorizeSecurityGroupIngress(groupRules)
+	if err != nil {
+		err := fmt.Errorf("Error authorizing temporary security group: %s", err)
+		state.Put("error", err)
+		ui.Error(err.Error())
+		return multistep.ActionHalt
+	}
+
 	// Set some state data for use in future steps
 	state.Put("securityGroupIds", []string{s.createdGroupId})