add cidr validation and rename option

This commit is contained in:
Matthew Hooker 2017-10-12 17:05:31 -07:00
parent c74be87187
commit f7e269945e
No known key found for this signature in database
GPG Key ID: 7B5F933D9CE8C6A1
10 changed files with 22 additions and 17 deletions

View File

@ -3,6 +3,7 @@ package common
import (
"errors"
"fmt"
"net"
"os"
"regexp"
"time"
@ -40,7 +41,7 @@ type RunConfig struct {
DisableStopInstance bool `mapstructure:"disable_stop_instance"`
SecurityGroupId string `mapstructure:"security_group_id"`
SecurityGroupIds []string `mapstructure:"security_group_ids"`
SecurityGroupSourceCidr string `mapstructure:"security_group_source_cidr"`
TemporarySGSourceCidr string `mapstructure:"temporary_security_group_source_cidr"`
SubnetId string `mapstructure:"subnet_id"`
TemporaryKeyPairName string `mapstructure:"temporary_key_pair_name"`
UserData string `mapstructure:"user_data"`
@ -116,8 +117,12 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error {
}
}
if c.SecurityGroupSourceCidr == "" {
c.SecurityGroupSourceCidr = "0.0.0.0/0"
if c.TemporarySGSourceCidr == "" {
c.TemporarySGSourceCidr = "0.0.0.0/0"
} else {
if _, _, err := net.ParseCIDR(c.TemporarySGSourceCidr); err != nil {
errs = append(errs, fmt.Errorf("Error parsing temporary_security_group_source_cidr: %s", err.Error()))
}
}
if c.InstanceInitiatedShutdownBehavior == "" {

View File

@ -15,10 +15,10 @@ import (
)
type StepSecurityGroup struct {
CommConfig *communicator.Config
SecurityGroupIds []string
VpcId string
SecurityGroupSourceCidr string
CommConfig *communicator.Config
SecurityGroupIds []string
VpcId string
TemporarySGSourceCidr string
createdGroupId string
}
@ -79,7 +79,7 @@ func (s *StepSecurityGroup) Run(state multistep.StateBag) multistep.StepAction {
IpProtocol: aws.String("tcp"),
FromPort: aws.Int64(int64(port)),
ToPort: aws.Int64(int64(port)),
CidrIp: aws.String(s.SecurityGroupSourceCidr),
CidrIp: aws.String(s.TemporarySGSourceCidr),
}
// We loop and retry this a few times because sometimes the security
@ -87,7 +87,7 @@ func (s *StepSecurityGroup) Run(state multistep.StateBag) multistep.StepAction {
// consistent.
ui.Say(fmt.Sprintf(
"Authorizing access to port %d from %s in the temporary security group...",
port, s.SecurityGroupSourceCidr))
port, s.TemporarySGSourceCidr))
for i := 0; i < 5; i++ {
_, err = ec2conn.AuthorizeSecurityGroupIngress(req)
if err == nil {

View File

@ -176,7 +176,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SecurityGroupIds: b.config.SecurityGroupIds,
CommConfig: &b.config.RunConfig.Comm,
VpcId: b.config.VpcId,
SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr,
TemporarySGSourceCidr: b.config.TemporarySGSourceCidr,
},
&stepCleanupVolumes{
BlockDevices: b.config.BlockDevices,

View File

@ -190,7 +190,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SecurityGroupIds: b.config.SecurityGroupIds,
CommConfig: &b.config.RunConfig.Comm,
VpcId: b.config.VpcId,
SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr,
TemporarySGSourceCidr: b.config.TemporarySGSourceCidr,
},
instanceStep,
&awscommon.StepGetPassword{

View File

@ -161,7 +161,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
SecurityGroupIds: b.config.SecurityGroupIds,
CommConfig: &b.config.RunConfig.Comm,
VpcId: b.config.VpcId,
SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr,
TemporarySGSourceCidr: b.config.TemporarySGSourceCidr,
},
instanceStep,
&awscommon.StepGetPassword{

View File

@ -259,7 +259,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
CommConfig: &b.config.RunConfig.Comm,
SecurityGroupIds: b.config.SecurityGroupIds,
VpcId: b.config.VpcId,
SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr,
TemporarySGSourceCidr: b.config.TemporarySGSourceCidr,
},
instanceStep,
&awscommon.StepGetPassword{

View File

@ -235,7 +235,7 @@ builder.
described above. Note that if this is specified, you must omit the
`security_group_id`.
- `security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
access to the instance, when packer is creating a temporary security group.
The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used
when `security_group_id` or `security_group_ids` is not specified.

View File

@ -228,7 +228,7 @@ builder.
described above. Note that if this is specified, you must omit the
`security_group_id`.
- `security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
access to the instance, when packer is creating a temporary security group.
The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used
when `security_group_id` or `security_group_ids` is not specified.

View File

@ -147,7 +147,7 @@ builder.
described above. Note that if this is specified, you must omit the
`security_group_id`.
- `security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
access to the instance, when packer is creating a temporary security group.
The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used
when `security_group_id` or `security_group_ids` is not specified.

View File

@ -243,7 +243,7 @@ builder.
described above. Note that if this is specified, you must omit the
`security_group_id`.
- `security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
access to the instance, when packer is creating a temporary security group.
The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used
when `security_group_id` or `security_group_ids` is not specified.