add cidr validation and rename option
This commit is contained in:
parent
c74be87187
commit
f7e269945e
|
@ -3,6 +3,7 @@ package common
|
|||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"os"
|
||||
"regexp"
|
||||
"time"
|
||||
|
@ -40,7 +41,7 @@ type RunConfig struct {
|
|||
DisableStopInstance bool `mapstructure:"disable_stop_instance"`
|
||||
SecurityGroupId string `mapstructure:"security_group_id"`
|
||||
SecurityGroupIds []string `mapstructure:"security_group_ids"`
|
||||
SecurityGroupSourceCidr string `mapstructure:"security_group_source_cidr"`
|
||||
TemporarySGSourceCidr string `mapstructure:"temporary_security_group_source_cidr"`
|
||||
SubnetId string `mapstructure:"subnet_id"`
|
||||
TemporaryKeyPairName string `mapstructure:"temporary_key_pair_name"`
|
||||
UserData string `mapstructure:"user_data"`
|
||||
|
@ -116,8 +117,12 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error {
|
|||
}
|
||||
}
|
||||
|
||||
if c.SecurityGroupSourceCidr == "" {
|
||||
c.SecurityGroupSourceCidr = "0.0.0.0/0"
|
||||
if c.TemporarySGSourceCidr == "" {
|
||||
c.TemporarySGSourceCidr = "0.0.0.0/0"
|
||||
} else {
|
||||
if _, _, err := net.ParseCIDR(c.TemporarySGSourceCidr); err != nil {
|
||||
errs = append(errs, fmt.Errorf("Error parsing temporary_security_group_source_cidr: %s", err.Error()))
|
||||
}
|
||||
}
|
||||
|
||||
if c.InstanceInitiatedShutdownBehavior == "" {
|
||||
|
|
|
@ -15,10 +15,10 @@ import (
|
|||
)
|
||||
|
||||
type StepSecurityGroup struct {
|
||||
CommConfig *communicator.Config
|
||||
SecurityGroupIds []string
|
||||
VpcId string
|
||||
SecurityGroupSourceCidr string
|
||||
CommConfig *communicator.Config
|
||||
SecurityGroupIds []string
|
||||
VpcId string
|
||||
TemporarySGSourceCidr string
|
||||
|
||||
createdGroupId string
|
||||
}
|
||||
|
@ -79,7 +79,7 @@ func (s *StepSecurityGroup) Run(state multistep.StateBag) multistep.StepAction {
|
|||
IpProtocol: aws.String("tcp"),
|
||||
FromPort: aws.Int64(int64(port)),
|
||||
ToPort: aws.Int64(int64(port)),
|
||||
CidrIp: aws.String(s.SecurityGroupSourceCidr),
|
||||
CidrIp: aws.String(s.TemporarySGSourceCidr),
|
||||
}
|
||||
|
||||
// We loop and retry this a few times because sometimes the security
|
||||
|
@ -87,7 +87,7 @@ func (s *StepSecurityGroup) Run(state multistep.StateBag) multistep.StepAction {
|
|||
// consistent.
|
||||
ui.Say(fmt.Sprintf(
|
||||
"Authorizing access to port %d from %s in the temporary security group...",
|
||||
port, s.SecurityGroupSourceCidr))
|
||||
port, s.TemporarySGSourceCidr))
|
||||
for i := 0; i < 5; i++ {
|
||||
_, err = ec2conn.AuthorizeSecurityGroupIngress(req)
|
||||
if err == nil {
|
||||
|
|
|
@ -176,7 +176,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
|
|||
SecurityGroupIds: b.config.SecurityGroupIds,
|
||||
CommConfig: &b.config.RunConfig.Comm,
|
||||
VpcId: b.config.VpcId,
|
||||
SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr,
|
||||
TemporarySGSourceCidr: b.config.TemporarySGSourceCidr,
|
||||
},
|
||||
&stepCleanupVolumes{
|
||||
BlockDevices: b.config.BlockDevices,
|
||||
|
|
|
@ -190,7 +190,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
|
|||
SecurityGroupIds: b.config.SecurityGroupIds,
|
||||
CommConfig: &b.config.RunConfig.Comm,
|
||||
VpcId: b.config.VpcId,
|
||||
SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr,
|
||||
TemporarySGSourceCidr: b.config.TemporarySGSourceCidr,
|
||||
},
|
||||
instanceStep,
|
||||
&awscommon.StepGetPassword{
|
||||
|
|
|
@ -161,7 +161,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
|
|||
SecurityGroupIds: b.config.SecurityGroupIds,
|
||||
CommConfig: &b.config.RunConfig.Comm,
|
||||
VpcId: b.config.VpcId,
|
||||
SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr,
|
||||
TemporarySGSourceCidr: b.config.TemporarySGSourceCidr,
|
||||
},
|
||||
instanceStep,
|
||||
&awscommon.StepGetPassword{
|
||||
|
|
|
@ -259,7 +259,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
|
|||
CommConfig: &b.config.RunConfig.Comm,
|
||||
SecurityGroupIds: b.config.SecurityGroupIds,
|
||||
VpcId: b.config.VpcId,
|
||||
SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr,
|
||||
TemporarySGSourceCidr: b.config.TemporarySGSourceCidr,
|
||||
},
|
||||
instanceStep,
|
||||
&awscommon.StepGetPassword{
|
||||
|
|
|
@ -235,7 +235,7 @@ builder.
|
|||
described above. Note that if this is specified, you must omit the
|
||||
`security_group_id`.
|
||||
|
||||
- `security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
|
||||
- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
|
||||
access to the instance, when packer is creating a temporary security group.
|
||||
The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used
|
||||
when `security_group_id` or `security_group_ids` is not specified.
|
||||
|
|
|
@ -228,7 +228,7 @@ builder.
|
|||
described above. Note that if this is specified, you must omit the
|
||||
`security_group_id`.
|
||||
|
||||
- `security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
|
||||
- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
|
||||
access to the instance, when packer is creating a temporary security group.
|
||||
The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used
|
||||
when `security_group_id` or `security_group_ids` is not specified.
|
||||
|
|
|
@ -147,7 +147,7 @@ builder.
|
|||
described above. Note that if this is specified, you must omit the
|
||||
`security_group_id`.
|
||||
|
||||
- `security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
|
||||
- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
|
||||
access to the instance, when packer is creating a temporary security group.
|
||||
The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used
|
||||
when `security_group_id` or `security_group_ids` is not specified.
|
||||
|
|
|
@ -243,7 +243,7 @@ builder.
|
|||
described above. Note that if this is specified, you must omit the
|
||||
`security_group_id`.
|
||||
|
||||
- `security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
|
||||
- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
|
||||
access to the instance, when packer is creating a temporary security group.
|
||||
The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used
|
||||
when `security_group_id` or `security_group_ids` is not specified.
|
||||
|
|
Loading…
Reference in New Issue