package cvm import ( "context" "fmt" "strings" "github.com/hashicorp/packer/common" "github.com/hashicorp/packer/helper/multistep" "github.com/hashicorp/packer/packer" "github.com/pkg/errors" vpc "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc/v20170312" ) type stepConfigSecurityGroup struct { SecurityGroupId string SecurityGroupName string Description string isCreate bool } func (s *stepConfigSecurityGroup) Run(_ context.Context, state multistep.StateBag) multistep.StepAction { vpcClient := state.Get("vpc_client").(*vpc.Client) ui := state.Get("ui").(packer.Ui) if len(s.SecurityGroupId) != 0 { // use existing security group req := vpc.NewDescribeSecurityGroupsRequest() req.SecurityGroupIds = []*string{&s.SecurityGroupId} resp, err := vpcClient.DescribeSecurityGroups(req) if err != nil { ui.Error(fmt.Sprintf("query security group failed: %s", err.Error())) state.Put("error", err) return multistep.ActionHalt } if *resp.Response.TotalCount > 0 { state.Put("security_group_id", s.SecurityGroupId) s.isCreate = false return multistep.ActionContinue } message := fmt.Sprintf("the specified security group(%s) does not exist", s.SecurityGroupId) ui.Error(message) state.Put("error", errors.New(message)) return multistep.ActionHalt } // create a new security group req := vpc.NewCreateSecurityGroupRequest() req.GroupName = &s.SecurityGroupName req.GroupDescription = &s.Description resp, err := vpcClient.CreateSecurityGroup(req) if err != nil { ui.Error(fmt.Sprintf("create security group failed: %s", err.Error())) state.Put("error", err) return multistep.ActionHalt } s.SecurityGroupId = *resp.Response.SecurityGroup.SecurityGroupId state.Put("security_group_id", s.SecurityGroupId) s.isCreate = true // bind security group ingress police pReq := vpc.NewCreateSecurityGroupPoliciesRequest() ACCEPT := "ACCEPT" DEFAULT_CIDR := "0.0.0.0/0" pReq.SecurityGroupId = &s.SecurityGroupId pReq.SecurityGroupPolicySet = &vpc.SecurityGroupPolicySet{ Ingress: []*vpc.SecurityGroupPolicy{ { CidrBlock: &DEFAULT_CIDR, Action: &ACCEPT, }, }, } _, err = vpcClient.CreateSecurityGroupPolicies(pReq) if err != nil { ui.Error(fmt.Sprintf("bind security group police failed: %s", err.Error())) state.Put("error", err) return multistep.ActionHalt } // bind security group engress police pReq = vpc.NewCreateSecurityGroupPoliciesRequest() pReq.SecurityGroupId = &s.SecurityGroupId pReq.SecurityGroupPolicySet = &vpc.SecurityGroupPolicySet{ Egress: []*vpc.SecurityGroupPolicy{ { CidrBlock: &DEFAULT_CIDR, Action: &ACCEPT, }, }, } _, err = vpcClient.CreateSecurityGroupPolicies(pReq) if err != nil { ui.Error(fmt.Sprintf("bind security group police failed: %s", err.Error())) state.Put("error", err) return multistep.ActionHalt } return multistep.ActionContinue } func (s *stepConfigSecurityGroup) Cleanup(state multistep.StateBag) { if !s.isCreate { return } vpcClient := state.Get("vpc_client").(*vpc.Client) ui := state.Get("ui").(packer.Ui) MessageClean(state, "VPC") req := vpc.NewDeleteSecurityGroupRequest() req.SecurityGroupId = &s.SecurityGroupId err := common.Retry(5, 5, 60, func(u uint) (bool, error) { _, err := vpcClient.DeleteSecurityGroup(req) if err == nil { return true, nil } if strings.Index(err.Error(), "ResourceInUse") != -1 { return false, nil } else { return false, err } }) if err != nil { ui.Error(fmt.Sprintf("delete security group(%s) failed: %s, you need to delete it by hand", s.SecurityGroupId, err.Error())) return } }