github.com/mmcquillan/packer@v1.1.1-0.20171009221028-c85cf0483a5d/builder/alicloud/ecs/step_config_security_group.go

github.com/mmcquillan/packer@v1.1.1-0.20171009221028-c85cf0483a5d/builder/alicloud/ecs/step_config_security_group.go (about)

     1  package ecs
     2  
     3  import (
     4  	"errors"
     5  	"fmt"
     6  	"time"
     7  
     8  	"github.com/denverdino/aliyungo/common"
     9  	"github.com/denverdino/aliyungo/ecs"
    10  	"github.com/hashicorp/packer/packer"
    11  	"github.com/mitchellh/multistep"
    12  )
    13  
    14  type stepConfigAlicloudSecurityGroup struct {
    15  	SecurityGroupId   string
    16  	SecurityGroupName string
    17  	Description       string
    18  	VpcId             string
    19  	RegionId          string
    20  	isCreate          bool
    21  }
    22  
    23  func (s *stepConfigAlicloudSecurityGroup) Run(state multistep.StateBag) multistep.StepAction {
    24  	client := state.Get("client").(*ecs.Client)
    25  	ui := state.Get("ui").(packer.Ui)
    26  	networkType := state.Get("networktype").(InstanceNetWork)
    27  
    28  	var securityGroupItems []ecs.SecurityGroupItemType
    29  	var err error
    30  	if len(s.SecurityGroupId) != 0 {
    31  		if networkType == VpcNet {
    32  			vpcId := state.Get("vpcid").(string)
    33  			securityGroupItems, _, err = client.DescribeSecurityGroups(&ecs.DescribeSecurityGroupsArgs{
    34  				VpcId:    vpcId,
    35  				RegionId: common.Region(s.RegionId),
    36  			})
    37  		} else {
    38  			securityGroupItems, _, err = client.DescribeSecurityGroups(&ecs.DescribeSecurityGroupsArgs{
    39  				RegionId: common.Region(s.RegionId),
    40  			})
    41  		}
    42  
    43  		if err != nil {
    44  			ui.Say(fmt.Sprintf("Failed querying security group: %s", err))
    45  			state.Put("error", err)
    46  			return multistep.ActionHalt
    47  		}
    48  		for _, securityGroupItem := range securityGroupItems {
    49  			if securityGroupItem.SecurityGroupId == s.SecurityGroupId {
    50  				state.Put("securitygroupid", s.SecurityGroupId)
    51  				s.isCreate = false
    52  				return multistep.ActionContinue
    53  			}
    54  		}
    55  		s.isCreate = false
    56  		message := fmt.Sprintf("The specified security group {%s} doesn't exist.", s.SecurityGroupId)
    57  		state.Put("error", errors.New(message))
    58  		ui.Say(message)
    59  		return multistep.ActionHalt
    60  
    61  	}
    62  	var securityGroupId string
    63  	ui.Say("Creating security groups...")
    64  	if networkType == VpcNet {
    65  		vpcId := state.Get("vpcid").(string)
    66  		securityGroupId, err = client.CreateSecurityGroup(&ecs.CreateSecurityGroupArgs{
    67  			RegionId:          common.Region(s.RegionId),
    68  			SecurityGroupName: s.SecurityGroupName,
    69  			VpcId:             vpcId,
    70  		})
    71  	} else {
    72  		securityGroupId, err = client.CreateSecurityGroup(&ecs.CreateSecurityGroupArgs{
    73  			RegionId:          common.Region(s.RegionId),
    74  			SecurityGroupName: s.SecurityGroupName,
    75  		})
    76  	}
    77  	if err != nil {
    78  		state.Put("error", err)
    79  		ui.Say(fmt.Sprintf("Failed creating security group %s.", err))
    80  		return multistep.ActionHalt
    81  	}
    82  	state.Put("securitygroupid", securityGroupId)
    83  	s.isCreate = true
    84  	s.SecurityGroupId = securityGroupId
    85  	err = client.AuthorizeSecurityGroupEgress(&ecs.AuthorizeSecurityGroupEgressArgs{
    86  		SecurityGroupId: securityGroupId,
    87  		RegionId:        common.Region(s.RegionId),
    88  		IpProtocol:      ecs.IpProtocolAll,
    89  		PortRange:       "-1/-1",
    90  		NicType:         ecs.NicTypeInternet,
    91  		DestCidrIp:      "0.0.0.0/0", //The input parameter "DestGroupId" or "DestCidrIp" cannot be both blank.
    92  	})
    93  	if err != nil {
    94  		state.Put("error", err)
    95  		ui.Say(fmt.Sprintf("Failed authorizing security group: %s", err))
    96  		return multistep.ActionHalt
    97  	}
    98  	err = client.AuthorizeSecurityGroup(&ecs.AuthorizeSecurityGroupArgs{
    99  		SecurityGroupId: securityGroupId,
   100  		RegionId:        common.Region(s.RegionId),
   101  		IpProtocol:      ecs.IpProtocolAll,
   102  		PortRange:       "-1/-1",
   103  		NicType:         ecs.NicTypeInternet,
   104  		SourceCidrIp:    "0.0.0.0/0", //The input parameter "SourceGroupId" or "SourceCidrIp" cannot be both blank.
   105  	})
   106  	if err != nil {
   107  		state.Put("error", err)
   108  		ui.Say(fmt.Sprintf("Failed authorizing security group: %s", err))
   109  		return multistep.ActionHalt
   110  	}
   111  
   112  	return multistep.ActionContinue
   113  }
   114  
   115  func (s *stepConfigAlicloudSecurityGroup) Cleanup(state multistep.StateBag) {
   116  	if !s.isCreate {
   117  		return
   118  	}
   119  
   120  	client := state.Get("client").(*ecs.Client)
   121  	ui := state.Get("ui").(packer.Ui)
   122  
   123  	message(state, "security group")
   124  	timeoutPoint := time.Now().Add(120 * time.Second)
   125  	for {
   126  		if err := client.DeleteSecurityGroup(common.Region(s.RegionId), s.SecurityGroupId); err != nil {
   127  			e, _ := err.(*common.Error)
   128  			if e.Code == "DependencyViolation" && time.Now().Before(timeoutPoint) {
   129  				time.Sleep(5 * time.Second)
   130  				continue
   131  			}
   132  			ui.Error(fmt.Sprintf("Failed to delete security group, it may still be around: %s", err))
   133  			return
   134  		}
   135  		break
   136  	}
   137  }