add cidr validation and rename option

2017-10-12 17:05:31 -07:00 · 2017-10-12 17:05:31 -07:00 · f7e269945e
parent c74be87187
commit f7e269945e
10 changed files with 22 additions and 17 deletions
--- a/builder/amazon/common/run_config.go
+++ b/builder/amazon/common/run_config.go
@ -3,6 +3,7 @@ package common
 import (
 	"errors"
 	"fmt"
+	"net"
 	"os"
 	"regexp"
 	"time"
@ -40,7 +41,7 @@ type RunConfig struct {
 	DisableStopInstance               bool              `mapstructure:"disable_stop_instance"`
 	SecurityGroupId                   string            `mapstructure:"security_group_id"`
 	SecurityGroupIds                  []string          `mapstructure:"security_group_ids"`
-	SecurityGroupSourceCidr           string            `mapstructure:"security_group_source_cidr"`
+	TemporarySGSourceCidr             string            `mapstructure:"temporary_security_group_source_cidr"`
 	SubnetId                          string            `mapstructure:"subnet_id"`
 	TemporaryKeyPairName              string            `mapstructure:"temporary_key_pair_name"`
 	UserData                          string            `mapstructure:"user_data"`
@ -116,8 +117,12 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error {
 		}
 	}

-	if c.SecurityGroupSourceCidr == "" {
-		c.SecurityGroupSourceCidr = "0.0.0.0/0"
+	if c.TemporarySGSourceCidr == "" {
+		c.TemporarySGSourceCidr = "0.0.0.0/0"
+	} else {
+		if _, _, err := net.ParseCIDR(c.TemporarySGSourceCidr); err != nil {
+			errs = append(errs, fmt.Errorf("Error parsing temporary_security_group_source_cidr: %s", err.Error()))
+		}
 	}

 	if c.InstanceInitiatedShutdownBehavior == "" {
--- a/builder/amazon/common/step_security_group.go
+++ b/builder/amazon/common/step_security_group.go
@ -18,7 +18,7 @@ type StepSecurityGroup struct {
 	CommConfig            *communicator.Config
 	SecurityGroupIds      []string
 	VpcId                 string
-	SecurityGroupSourceCidr string
+	TemporarySGSourceCidr string

 	createdGroupId string
 }
@ -79,7 +79,7 @@ func (s *StepSecurityGroup) Run(state multistep.StateBag) multistep.StepAction {
 		IpProtocol: aws.String("tcp"),
 		FromPort:   aws.Int64(int64(port)),
 		ToPort:     aws.Int64(int64(port)),
-		CidrIp:     aws.String(s.SecurityGroupSourceCidr),
+		CidrIp:     aws.String(s.TemporarySGSourceCidr),
 	}

 	// We loop and retry this a few times because sometimes the security
@ -87,7 +87,7 @@ func (s *StepSecurityGroup) Run(state multistep.StateBag) multistep.StepAction {
 	// consistent.
 	ui.Say(fmt.Sprintf(
 		"Authorizing access to port %d from %s in the temporary security group...",
-		port, s.SecurityGroupSourceCidr))
+		port, s.TemporarySGSourceCidr))
 	for i := 0; i < 5; i++ {
 		_, err = ec2conn.AuthorizeSecurityGroupIngress(req)
 		if err == nil {
--- a/builder/amazon/ebs/builder.go
+++ b/builder/amazon/ebs/builder.go
@ -176,7 +176,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 			SecurityGroupIds: b.config.SecurityGroupIds,
 			CommConfig:       &b.config.RunConfig.Comm,
 			VpcId:            b.config.VpcId,
-			SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr,
+			TemporarySGSourceCidr: b.config.TemporarySGSourceCidr,
 		},
 		&stepCleanupVolumes{
 			BlockDevices: b.config.BlockDevices,
--- a/builder/amazon/ebssurrogate/builder.go
+++ b/builder/amazon/ebssurrogate/builder.go
@ -190,7 +190,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 			SecurityGroupIds: b.config.SecurityGroupIds,
 			CommConfig:       &b.config.RunConfig.Comm,
 			VpcId:            b.config.VpcId,
-			SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr,
+			TemporarySGSourceCidr: b.config.TemporarySGSourceCidr,
 		},
 		instanceStep,
 		&awscommon.StepGetPassword{
--- a/builder/amazon/ebsvolume/builder.go
+++ b/builder/amazon/ebsvolume/builder.go
@ -161,7 +161,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 			SecurityGroupIds: b.config.SecurityGroupIds,
 			CommConfig:       &b.config.RunConfig.Comm,
 			VpcId:            b.config.VpcId,
-			SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr,
+			TemporarySGSourceCidr: b.config.TemporarySGSourceCidr,
 		},
 		instanceStep,
 		&awscommon.StepGetPassword{
--- a/builder/amazon/instance/builder.go
+++ b/builder/amazon/instance/builder.go
@ -259,7 +259,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 			CommConfig:       &b.config.RunConfig.Comm,
 			SecurityGroupIds: b.config.SecurityGroupIds,
 			VpcId:            b.config.VpcId,
-			SecurityGroupSourceCidr: b.config.SecurityGroupSourceCidr,
+			TemporarySGSourceCidr: b.config.TemporarySGSourceCidr,
 		},
 		instanceStep,
 		&awscommon.StepGetPassword{
--- a/website/source/docs/builders/amazon-ebs.html.md
+++ b/website/source/docs/builders/amazon-ebs.html.md
@ -235,7 +235,7 @@ builder.
    described above. Note that if this is specified, you must omit the
    `security_group_id`.

-   `security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
+-   `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
    access to the instance, when packer is creating a temporary security group.
    The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used 
    when `security_group_id` or `security_group_ids` is not specified.
--- a/website/source/docs/builders/amazon-ebssurrogate.html.md
+++ b/website/source/docs/builders/amazon-ebssurrogate.html.md
@ -228,7 +228,7 @@ builder.
    described above. Note that if this is specified, you must omit the
    `security_group_id`.

-   `security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
+-   `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
    access to the instance, when packer is creating a temporary security group.
    The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used
    when `security_group_id` or `security_group_ids` is not specified.
--- a/website/source/docs/builders/amazon-ebsvolume.html.md
+++ b/website/source/docs/builders/amazon-ebsvolume.html.md
@ -147,7 +147,7 @@ builder.
    described above. Note that if this is specified, you must omit the
    `security_group_id`.

-   `security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
+-   `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
    access to the instance, when packer is creating a temporary security group.
    The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used
    when `security_group_id` or `security_group_ids` is not specified.
--- a/website/source/docs/builders/amazon-instance.html.md
+++ b/website/source/docs/builders/amazon-instance.html.md
@ -243,7 +243,7 @@ builder.
    described above. Note that if this is specified, you must omit the
    `security_group_id`.

-   `security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
+-   `temporary_security_group_source_cidr` (string) - An IPv4 CIDR block to be authorized
    access to the instance, when packer is creating a temporary security group.
    The default is `0.0.0.0/0` (ie, allow any IPv4 source). This is only used
    when `security_group_id` or `security_group_ids` is not specified.