Merge pull request #6 from marinsalinas/step_security_group
Step Security Group
This commit is contained in:
Marin Salinas
GitHub
commit
aba6e104ae
|
|
@ -175,68 +175,3 @@ func buildOSCOMIFilters(input map[string]string) osc.FiltersImage {
|
|||
}
|
||||
return filters
|
||||
}
|
||||
|
||||
func buildSecurityGroupFilters(input map[string]string) oapi.FiltersSecurityGroup {
|
||||
var filters oapi.FiltersSecurityGroup
|
||||
for k, v := range input {
|
||||
filterValue := []string{v}
|
||||
|
||||
switch name := k; name {
|
||||
case "account-ids":
|
||||
filters.AccountIds = filterValue
|
||||
case "descriptions":
|
||||
filters.Descriptions = filterValue
|
||||
case "inbound-rule-account-ids":
|
||||
filters.InboundRuleAccountIds = filterValue
|
||||
case "inbound-rule-from-port-ranges":
|
||||
if val, err := strconv.Atoi(v); err == nil {
|
||||
filters.InboundRuleFromPortRanges = []int64{int64(val)}
|
||||
}
|
||||
case "inbound-rule-ip-ranges":
|
||||
filters.InboundRuleIpRanges = filterValue
|
||||
case "inbound-rule-protocols":
|
||||
filters.InboundRuleProtocols = filterValue
|
||||
case "inbound-rule-security-group-ids":
|
||||
filters.InboundRuleSecurityGroupIds = filterValue
|
||||
case "inbound-rule-security-group-names":
|
||||
filters.InboundRuleSecurityGroupNames = filterValue
|
||||
case "inbound-rule-to-port-ranges":
|
||||
if val, err := strconv.Atoi(v); err == nil {
|
||||
filters.InboundRuleToPortRanges = []int64{int64(val)}
|
||||
}
|
||||
case "net-ids":
|
||||
filters.NetIds = filterValue
|
||||
|
||||
case "outbound-rule-account-ids":
|
||||
filters.OutboundRuleAccountIds = filterValue
|
||||
case "outbound-rule-from-port-ranges":
|
||||
if val, err := strconv.Atoi(v); err == nil {
|
||||
filters.OutboundRuleFromPortRanges = []int64{int64(val)}
|
||||
}
|
||||
case "outbound-rule-ip-ranges":
|
||||
filters.OutboundRuleIpRanges = filterValue
|
||||
case "outbound-rule-protocols":
|
||||
filters.OutboundRuleProtocols = filterValue
|
||||
case "outbound-rule-security-group-ids":
|
||||
filters.OutboundRuleSecurityGroupIds = filterValue
|
||||
case "outbound-rule-security-group-names":
|
||||
filters.OutboundRuleSecurityGroupNames = filterValue
|
||||
case "outbound-rule-to-port-ranges":
|
||||
if val, err := strconv.Atoi(v); err == nil {
|
||||
filters.OutboundRuleToPortRanges = []int64{int64(val)}
|
||||
}
|
||||
case "security-group-ids":
|
||||
filters.SecurityGroupIds = filterValue
|
||||
case "security-group-names":
|
||||
filters.SecurityGroupNames = filterValue
|
||||
case "tags-keys":
|
||||
filters.TagKeys = filterValue
|
||||
case "tags-values":
|
||||
filters.TagValues = filterValue
|
||||
//Some params are missing.
|
||||
default:
|
||||
log.Printf("[Debug] Unknown Filter Name: %s.", name)
|
||||
}
|
||||
}
|
||||
return filters
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,13 +5,13 @@ import (
|
|||
"fmt"
|
||||
"log"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/antihax/optional"
|
||||
"github.com/hashicorp/packer/common/uuid"
|
||||
"github.com/hashicorp/packer/helper/communicator"
|
||||
"github.com/hashicorp/packer/helper/multistep"
|
||||
"github.com/hashicorp/packer/packer"
|
||||
"github.com/outscale/osc-go/oapi"
|
||||
"github.com/outscale/osc-sdk-go/osc"
|
||||
)
|
||||
|
||||
type StepSecurityGroup struct {
|
||||
|
|
@ -24,50 +24,56 @@ type StepSecurityGroup struct {
|
|||
}
|
||||
|
||||
func (s *StepSecurityGroup) Run(_ context.Context, state multistep.StateBag) multistep.StepAction {
|
||||
oapiconn := state.Get("oapi").(*oapi.Client)
|
||||
ui := state.Get("ui").(packer.Ui)
|
||||
netId := state.Get("net_id").(string)
|
||||
var (
|
||||
ui = state.Get("ui").(packer.Ui)
|
||||
conn = state.Get("osc").(*osc.APIClient)
|
||||
netID = state.Get("net_id").(string)
|
||||
)
|
||||
|
||||
if len(s.SecurityGroupIds) > 0 {
|
||||
resp, err := oapiconn.POST_ReadSecurityGroups(
|
||||
oapi.ReadSecurityGroupsRequest{
|
||||
Filters: oapi.FiltersSecurityGroup{
|
||||
resp, _, err := conn.SecurityGroupApi.ReadSecurityGroups(context.Background(), &osc.ReadSecurityGroupsOpts{
|
||||
ReadSecurityGroupsRequest: optional.NewInterface(osc.ReadSecurityGroupsRequest{
|
||||
Filters: osc.FiltersSecurityGroup{
|
||||
SecurityGroupIds: s.SecurityGroupIds,
|
||||
},
|
||||
},
|
||||
)
|
||||
if err != nil || resp.OK == nil || len(resp.OK.SecurityGroups) <= 0 {
|
||||
}),
|
||||
})
|
||||
|
||||
if err != nil || len(resp.SecurityGroups) == 0 {
|
||||
err := fmt.Errorf("Couldn't find specified security group: %s", err)
|
||||
log.Printf("[DEBUG] %s", err.Error())
|
||||
state.Put("error", err)
|
||||
|
||||
return multistep.ActionHalt
|
||||
}
|
||||
|
||||
log.Printf("Using specified security groups: %v", s.SecurityGroupIds)
|
||||
state.Put("securityGroupIds", s.SecurityGroupIds)
|
||||
|
||||
return multistep.ActionContinue
|
||||
}
|
||||
|
||||
if !s.SecurityGroupFilter.Empty() {
|
||||
filterReq := buildSecurityGroupFilters(s.SecurityGroupFilter.Filters)
|
||||
|
||||
params := oapi.ReadSecurityGroupsRequest{}
|
||||
if netId != "" {
|
||||
s.SecurityGroupFilter.Filters["net-id"] = netId
|
||||
}
|
||||
params.Filters = buildSecurityGroupFilters(s.SecurityGroupFilter.Filters)
|
||||
log.Printf("Using SecurityGroup Filters %v", filterReq)
|
||||
|
||||
log.Printf("Using SecurityGroup Filters %v", params)
|
||||
resp, _, err := conn.SecurityGroupApi.ReadSecurityGroups(context.Background(), &osc.ReadSecurityGroupsOpts{
|
||||
ReadSecurityGroupsRequest: optional.NewInterface(osc.ReadSecurityGroupsRequest{
|
||||
Filters: filterReq,
|
||||
}),
|
||||
})
|
||||
|
||||
sgResp, err := oapiconn.POST_ReadSecurityGroups(params)
|
||||
if err != nil || sgResp.OK == nil {
|
||||
if err != nil || len(resp.SecurityGroups) == 0 {
|
||||
err := fmt.Errorf("Couldn't find security groups for filter: %s", err)
|
||||
log.Printf("[DEBUG] %s", err.Error())
|
||||
state.Put("error", err)
|
||||
|
||||
return multistep.ActionHalt
|
||||
}
|
||||
|
||||
securityGroupIds := []string{}
|
||||
for _, sg := range sgResp.OK.SecurityGroups {
|
||||
for _, sg := range resp.SecurityGroups {
|
||||
securityGroupIds = append(securityGroupIds, sg.SecurityGroupId)
|
||||
}
|
||||
|
||||
|
|
@ -77,24 +83,20 @@ func (s *StepSecurityGroup) Run(_ context.Context, state multistep.StateBag) mul
|
|||
return multistep.ActionContinue
|
||||
}
|
||||
|
||||
port := s.CommConfig.Port()
|
||||
if port == 0 {
|
||||
if s.CommConfig.Type != "none" {
|
||||
panic("port must be set to a non-zero value.")
|
||||
}
|
||||
}
|
||||
|
||||
// Create the group
|
||||
groupName := fmt.Sprintf("packer_%s", uuid.TimeOrderedUUID())
|
||||
/* Create the group */
|
||||
groupName := fmt.Sprintf("packer_osc_%s", uuid.TimeOrderedUUID())
|
||||
ui.Say(fmt.Sprintf("Creating temporary security group for this instance: %s", groupName))
|
||||
group := oapi.CreateSecurityGroupRequest{
|
||||
|
||||
createSGReq := osc.CreateSecurityGroupRequest{
|
||||
SecurityGroupName: groupName,
|
||||
NetId: netID,
|
||||
Description: "Temporary group for Packer",
|
||||
}
|
||||
|
||||
group.NetId = netId
|
||||
resp, _, err := conn.SecurityGroupApi.CreateSecurityGroup(context.Background(), &osc.CreateSecurityGroupOpts{
|
||||
CreateSecurityGroupRequest: optional.NewInterface(createSGReq),
|
||||
})
|
||||
|
||||
groupResp, err := oapiconn.POST_CreateSecurityGroup(group)
|
||||
if err != nil {
|
||||
ui.Error(err.Error())
|
||||
state.Put("error", err)
|
||||
|
|
@ -102,38 +104,36 @@ func (s *StepSecurityGroup) Run(_ context.Context, state multistep.StateBag) mul
|
|||
}
|
||||
|
||||
// Set the group ID so we can delete it later
|
||||
s.createdGroupId = groupResp.OK.SecurityGroup.SecurityGroupId
|
||||
s.createdGroupId = resp.SecurityGroup.SecurityGroupId
|
||||
|
||||
// Wait for the security group become available for authorizing
|
||||
log.Printf("[DEBUG] Waiting for temporary security group: %s", s.createdGroupId)
|
||||
err = waitForSecurityGroup(oapiconn, s.createdGroupId)
|
||||
if err == nil {
|
||||
log.Printf("[DEBUG] Found security group %s", s.createdGroupId)
|
||||
} else {
|
||||
err := fmt.Errorf("Timed out waiting for security group %s: %s", s.createdGroupId, err)
|
||||
log.Printf("[DEBUG] %s", err.Error())
|
||||
state.Put("error", err)
|
||||
return multistep.ActionHalt
|
||||
port := s.CommConfig.Port()
|
||||
if port == 0 {
|
||||
if s.CommConfig.Type != "none" {
|
||||
state.Put("error", "port must be set to a non-zero value.")
|
||||
return multistep.ActionHalt
|
||||
}
|
||||
}
|
||||
|
||||
// Authorize the SSH access for the security group
|
||||
groupRules := oapi.CreateSecurityGroupRuleRequest{
|
||||
SecurityGroupId: groupResp.OK.SecurityGroup.SecurityGroupId,
|
||||
createSGRReq := osc.CreateSecurityGroupRuleRequest{
|
||||
SecurityGroupId: resp.SecurityGroup.SecurityGroupId,
|
||||
Flow: "Inbound",
|
||||
Rules: []oapi.SecurityGroupRule{
|
||||
Rules: []osc.SecurityGroupRule{
|
||||
{
|
||||
FromPortRange: int64(port),
|
||||
ToPortRange: int64(port),
|
||||
FromPortRange: int32(port),
|
||||
ToPortRange: int32(port),
|
||||
IpRanges: []string{s.TemporarySGSourceCidr},
|
||||
IpProtocol: "tcp",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
ui.Say(fmt.Sprintf(
|
||||
"Authorizing access to port %d from %s in the temporary security group...",
|
||||
port, s.TemporarySGSourceCidr))
|
||||
_, err = oapiconn.POST_CreateSecurityGroupRule(groupRules)
|
||||
ui.Say(fmt.Sprintf("Authorizing access to port %d from %s in the temporary security group...", port, s.TemporarySGSourceCidr))
|
||||
|
||||
conn.SecurityGroupRuleApi.CreateSecurityGroupRule(context.Background(), &osc.CreateSecurityGroupRuleOpts{
|
||||
CreateSecurityGroupRuleRequest: optional.NewInterface(createSGRReq),
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Error authorizing temporary security group: %s", err)
|
||||
state.Put("error", err)
|
||||
|
|
@ -152,24 +152,48 @@ func (s *StepSecurityGroup) Cleanup(state multistep.StateBag) {
|
|||
return
|
||||
}
|
||||
|
||||
oapiconn := state.Get("oapi").(*oapi.Client)
|
||||
ui := state.Get("ui").(packer.Ui)
|
||||
var (
|
||||
ui = state.Get("ui").(packer.Ui)
|
||||
conn = state.Get("osc").(*osc.APIClient)
|
||||
)
|
||||
|
||||
ui.Say("Deleting temporary security group...")
|
||||
|
||||
var err error
|
||||
for i := 0; i < 5; i++ {
|
||||
_, err = oapiconn.POST_DeleteSecurityGroup(oapi.DeleteSecurityGroupRequest{SecurityGroupId: s.createdGroupId})
|
||||
if err == nil {
|
||||
break
|
||||
}
|
||||
|
||||
log.Printf("Error deleting security group: %s", err)
|
||||
time.Sleep(5 * time.Second)
|
||||
}
|
||||
_, _, err := conn.SecurityGroupApi.DeleteSecurityGroup(context.Background(), &osc.DeleteSecurityGroupOpts{
|
||||
DeleteSecurityGroupRequest: optional.NewInterface(osc.DeleteSecurityGroupRequest{
|
||||
SecurityGroupId: s.createdGroupId,
|
||||
}),
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
ui.Error(fmt.Sprintf(
|
||||
"Error cleaning up security group. Please delete the group manually: %s", s.createdGroupId))
|
||||
}
|
||||
}
|
||||
|
||||
func buildSecurityGroupFilters(input map[string]string) osc.FiltersSecurityGroup {
|
||||
var filters osc.FiltersSecurityGroup
|
||||
|
||||
for k, v := range input {
|
||||
filterValue := []string{v}
|
||||
|
||||
switch name := k; name {
|
||||
case "account_ids":
|
||||
filters.AccountIds = filterValue
|
||||
case "security_group_ids":
|
||||
filters.SecurityGroupIds = filterValue
|
||||
case "security_group_names":
|
||||
filters.SecurityGroupNames = filterValue
|
||||
case "tag_keys":
|
||||
filters.TagKeys = filterValue
|
||||
case "tag_values":
|
||||
filters.TagValues = filterValue
|
||||
case "tags":
|
||||
filters.Tags = filterValue
|
||||
default:
|
||||
log.Printf("[Debug] Unknown Filter Name: %s.", name)
|
||||
}
|
||||
}
|
||||
|
||||
return filters
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue