diff --git a/builder/amazon/common/run_config.go b/builder/amazon/common/run_config.go index d19e1f68b..73970e59e 100644 --- a/builder/amazon/common/run_config.go +++ b/builder/amazon/common/run_config.go @@ -3,6 +3,7 @@ package common import ( "errors" "fmt" + "net" "os" "regexp" "time" @@ -40,7 +41,7 @@ type RunConfig struct { DisableStopInstance bool `mapstructure:"disable_stop_instance"` SecurityGroupId string `mapstructure:"security_group_id"` SecurityGroupIds []string `mapstructure:"security_group_ids"` - SecurityGroupSourceCidr string `mapstructure:"security_group_source_cidr"` + TemporarySGSourceCidr string `mapstructure:"temporary_security_group_source_cidr"` SubnetId string `mapstructure:"subnet_id"` TemporaryKeyPairName string `mapstructure:"temporary_key_pair_name"` UserData string `mapstructure:"user_data"` @@ -116,8 +117,12 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error { } } - if c.SecurityGroupSourceCidr == "" { - c.SecurityGroupSourceCidr = "0.0.0.0/0" + if c.TemporarySGSourceCidr == "" { + c.TemporarySGSourceCidr = "0.0.0.0/0" + } else { + if _, _, err := net.ParseCIDR(c.TemporarySGSourceCidr); err != nil { + errs = append(errs, fmt.Errorf("Error parsing temporary_security_group_source_cidr: %s", err.Error())) + } } if c.InstanceInitiatedShutdownBehavior == "" { diff --git a/builder/amazon/common/step_security_group.go b/builder/amazon/common/step_security_group.go index 9ca4ccd78..5e47f44c2 100644 --- a/builder/amazon/common/step_security_group.go +++ b/builder/amazon/common/step_security_group.go @@ -15,10 +15,10 @@ import ( ) type StepSecurityGroup struct { - CommConfig *communicator.Config - SecurityGroupIds []string - VpcId string - SecurityGroupSourceCidr string + CommConfig *communicator.Config + SecurityGroupIds []string + VpcId string + TemporarySGSourceCidr string createdGroupId string } @@ -79,7 +79,7 @@ func (s *StepSecurityGroup) Run(state multistep.StateBag) multistep.StepAction { IpProtocol: aws.String("tcp"), FromPort: aws.Int64(int64(port)), ToPort: aws.Int64(int64(port)), - CidrIp: aws.String(s.SecurityGroupSourceCidr), + CidrIp: aws.String(s.TemporarySGSourceCidr), } // We loop and retry this a few times because sometimes the security @@ -87,7 +87,7 @@ func (s *StepSecurityGroup) Run(state multistep.StateBag) multistep.StepAction { // consistent. ui.Say(fmt.Sprintf( "Authorizing access to port %d from %s in the temporary security group...", - port, s.SecurityGroupSourceCidr)) + port, s.TemporarySGSourceCidr)) for i := 0; i < 5; i++ { _, err = ec2conn.AuthorizeSecurityGroupIngress(req) if err == nil { diff --git a/builder/amazon/ebs/builder.go b/builder/amazon/ebs/builder.go index 102ae7b63..beaa4a276 100644 --- a/builder/amazon/ebs/builder.go +++ b/builder/amazon/ebs/builder.go @@ -176,7 +176,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe SecurityGroupIds: b.config.SecurityGroupIds, CommConfig: &b.config.RunConfig.Comm, VpcId: b.config.VpcId, - SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr, + TemporarySGSourceCidr: b.config.TemporarySGSourceCidr, }, &stepCleanupVolumes{ BlockDevices: b.config.BlockDevices, diff --git a/builder/amazon/ebssurrogate/builder.go b/builder/amazon/ebssurrogate/builder.go index b61346b5f..f61b2d43e 100644 --- a/builder/amazon/ebssurrogate/builder.go +++ b/builder/amazon/ebssurrogate/builder.go @@ -190,7 +190,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe SecurityGroupIds: b.config.SecurityGroupIds, CommConfig: &b.config.RunConfig.Comm, VpcId: b.config.VpcId, - SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr, + TemporarySGSourceCidr: b.config.TemporarySGSourceCidr, }, instanceStep, &awscommon.StepGetPassword{ diff --git a/builder/amazon/ebsvolume/builder.go b/builder/amazon/ebsvolume/builder.go index 7e3458e08..7cab85e91 100644 --- a/builder/amazon/ebsvolume/builder.go +++ b/builder/amazon/ebsvolume/builder.go @@ -161,7 +161,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe SecurityGroupIds: b.config.SecurityGroupIds, CommConfig: &b.config.RunConfig.Comm, VpcId: b.config.VpcId, - SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr, + TemporarySGSourceCidr: b.config.TemporarySGSourceCidr, }, instanceStep, &awscommon.StepGetPassword{ diff --git a/builder/amazon/instance/builder.go b/builder/amazon/instance/builder.go index 94e1d9ad9..ebc93751e 100644 --- a/builder/amazon/instance/builder.go +++ b/builder/amazon/instance/builder.go @@ -259,7 +259,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe CommConfig: &b.config.RunConfig.Comm, SecurityGroupIds: b.config.SecurityGroupIds, VpcId: b.config.VpcId, - SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr, + TemporarySGSourceCidr: b.config.TemporarySGSourceCidr, }, instanceStep, &awscommon.StepGetPassword{ diff --git a/website/source/docs/builders/amazon-ebs.html.md b/website/source/docs/builders/amazon-ebs.html.md index e2b7b846b..db438116d 100644 --- a/website/source/docs/builders/amazon-ebs.html.md +++ b/website/source/docs/builders/amazon-ebs.html.md @@ -235,7 +235,7 @@ builder. described above. Note that if this is specified, you must omit the `security_group_id`. -- `security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized +- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized access to the instance, when packer is creating a temporary security group. The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used when `security_group_id` or `security_group_ids` is not specified. diff --git a/website/source/docs/builders/amazon-ebssurrogate.html.md b/website/source/docs/builders/amazon-ebssurrogate.html.md index 54c256a27..57fd3408b 100644 --- a/website/source/docs/builders/amazon-ebssurrogate.html.md +++ b/website/source/docs/builders/amazon-ebssurrogate.html.md @@ -228,7 +228,7 @@ builder. described above. Note that if this is specified, you must omit the `security_group_id`. -- `security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized +- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized access to the instance, when packer is creating a temporary security group. The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used when `security_group_id` or `security_group_ids` is not specified. diff --git a/website/source/docs/builders/amazon-ebsvolume.html.md b/website/source/docs/builders/amazon-ebsvolume.html.md index 4a57e7b35..78a9815e9 100644 --- a/website/source/docs/builders/amazon-ebsvolume.html.md +++ b/website/source/docs/builders/amazon-ebsvolume.html.md @@ -147,7 +147,7 @@ builder. described above. Note that if this is specified, you must omit the `security_group_id`. -- `security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized +- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized access to the instance, when packer is creating a temporary security group. The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used when `security_group_id` or `security_group_ids` is not specified. diff --git a/website/source/docs/builders/amazon-instance.html.md b/website/source/docs/builders/amazon-instance.html.md index d1d703130..17be8a297 100644 --- a/website/source/docs/builders/amazon-instance.html.md +++ b/website/source/docs/builders/amazon-instance.html.md @@ -243,7 +243,7 @@ builder. described above. Note that if this is specified, you must omit the `security_group_id`. -- `security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized +- `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized access to the instance, when packer is creating a temporary security group. The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used when `security_group_id` or `security_group_ids` is not specified.