github.phpd.cn/hashicorp/packer@v1.3.2/builder/alicloud/ecs/step_config_security_group.go

github.phpd.cn/hashicorp/packer@v1.3.2/builder/alicloud/ecs/step_config_security_group.go (about)

     1  package ecs
     2  
     3  import (
     4  	"context"
     5  	"errors"
     6  	"fmt"
     7  	"time"
     8  
     9  	"github.com/denverdino/aliyungo/common"
    10  	"github.com/denverdino/aliyungo/ecs"
    11  	"github.com/hashicorp/packer/helper/multistep"
    12  	"github.com/hashicorp/packer/packer"
    13  )
    14  
    15  type stepConfigAlicloudSecurityGroup struct {
    16  	SecurityGroupId   string
    17  	SecurityGroupName string
    18  	Description       string
    19  	VpcId             string
    20  	RegionId          string
    21  	isCreate          bool
    22  }
    23  
    24  func (s *stepConfigAlicloudSecurityGroup) Run(_ context.Context, state multistep.StateBag) multistep.StepAction {
    25  	client := state.Get("client").(*ecs.Client)
    26  	ui := state.Get("ui").(packer.Ui)
    27  	networkType := state.Get("networktype").(InstanceNetWork)
    28  
    29  	var securityGroupItems []ecs.SecurityGroupItemType
    30  	var err error
    31  	if len(s.SecurityGroupId) != 0 {
    32  		if networkType == VpcNet {
    33  			vpcId := state.Get("vpcid").(string)
    34  			securityGroupItems, _, err = client.DescribeSecurityGroups(&ecs.DescribeSecurityGroupsArgs{
    35  				VpcId:    vpcId,
    36  				RegionId: common.Region(s.RegionId),
    37  			})
    38  		} else {
    39  			securityGroupItems, _, err = client.DescribeSecurityGroups(&ecs.DescribeSecurityGroupsArgs{
    40  				RegionId: common.Region(s.RegionId),
    41  			})
    42  		}
    43  
    44  		if err != nil {
    45  			ui.Say(fmt.Sprintf("Failed querying security group: %s", err))
    46  			state.Put("error", err)
    47  			return multistep.ActionHalt
    48  		}
    49  		for _, securityGroupItem := range securityGroupItems {
    50  			if securityGroupItem.SecurityGroupId == s.SecurityGroupId {
    51  				state.Put("securitygroupid", s.SecurityGroupId)
    52  				s.isCreate = false
    53  				return multistep.ActionContinue
    54  			}
    55  		}
    56  		s.isCreate = false
    57  		message := fmt.Sprintf("The specified security group {%s} doesn't exist.", s.SecurityGroupId)
    58  		state.Put("error", errors.New(message))
    59  		ui.Say(message)
    60  		return multistep.ActionHalt
    61  
    62  	}
    63  	var securityGroupId string
    64  	ui.Say("Creating security groups...")
    65  	if networkType == VpcNet {
    66  		vpcId := state.Get("vpcid").(string)
    67  		securityGroupId, err = client.CreateSecurityGroup(&ecs.CreateSecurityGroupArgs{
    68  			RegionId:          common.Region(s.RegionId),
    69  			SecurityGroupName: s.SecurityGroupName,
    70  			VpcId:             vpcId,
    71  		})
    72  	} else {
    73  		securityGroupId, err = client.CreateSecurityGroup(&ecs.CreateSecurityGroupArgs{
    74  			RegionId:          common.Region(s.RegionId),
    75  			SecurityGroupName: s.SecurityGroupName,
    76  		})
    77  	}
    78  	if err != nil {
    79  		state.Put("error", err)
    80  		ui.Say(fmt.Sprintf("Failed creating security group %s.", err))
    81  		return multistep.ActionHalt
    82  	}
    83  	state.Put("securitygroupid", securityGroupId)
    84  	s.isCreate = true
    85  	s.SecurityGroupId = securityGroupId
    86  	err = client.AuthorizeSecurityGroupEgress(&ecs.AuthorizeSecurityGroupEgressArgs{
    87  		SecurityGroupId: securityGroupId,
    88  		RegionId:        common.Region(s.RegionId),
    89  		IpProtocol:      ecs.IpProtocolAll,
    90  		PortRange:       "-1/-1",
    91  		NicType:         ecs.NicTypeInternet,
    92  		DestCidrIp:      "0.0.0.0/0", //The input parameter "DestGroupId" or "DestCidrIp" cannot be both blank.
    93  	})
    94  	if err != nil {
    95  		state.Put("error", err)
    96  		ui.Say(fmt.Sprintf("Failed authorizing security group: %s", err))
    97  		return multistep.ActionHalt
    98  	}
    99  	err = client.AuthorizeSecurityGroup(&ecs.AuthorizeSecurityGroupArgs{
   100  		SecurityGroupId: securityGroupId,
   101  		RegionId:        common.Region(s.RegionId),
   102  		IpProtocol:      ecs.IpProtocolAll,
   103  		PortRange:       "-1/-1",
   104  		NicType:         ecs.NicTypeInternet,
   105  		SourceCidrIp:    "0.0.0.0/0", //The input parameter "SourceGroupId" or "SourceCidrIp" cannot be both blank.
   106  	})
   107  	if err != nil {
   108  		state.Put("error", err)
   109  		ui.Say(fmt.Sprintf("Failed authorizing security group: %s", err))
   110  		return multistep.ActionHalt
   111  	}
   112  
   113  	return multistep.ActionContinue
   114  }
   115  
   116  func (s *stepConfigAlicloudSecurityGroup) Cleanup(state multistep.StateBag) {
   117  	if !s.isCreate {
   118  		return
   119  	}
   120  
   121  	client := state.Get("client").(*ecs.Client)
   122  	ui := state.Get("ui").(packer.Ui)
   123  
   124  	message(state, "security group")
   125  	timeoutPoint := time.Now().Add(120 * time.Second)
   126  	for {
   127  		if err := client.DeleteSecurityGroup(common.Region(s.RegionId), s.SecurityGroupId); err != nil {
   128  			e, _ := err.(*common.Error)
   129  			if e.Code == "DependencyViolation" && time.Now().Before(timeoutPoint) {
   130  				time.Sleep(5 * time.Second)
   131  				continue
   132  			}
   133  			ui.Error(fmt.Sprintf("Failed to delete security group, it may still be around: %s", err))
   134  			return
   135  		}
   136  		break
   137  	}
   138  }