From d1fd74a30ca68903c768d82bfd8a202851ce2efb Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Sat, 24 Mar 2018 20:31:13 -0400 Subject: [PATCH] Move code to new file --- pkg/resources/aws/BUILD.bazel | 1 + pkg/resources/aws/aws.go | 108 ----------------------- pkg/resources/aws/securitygroup.go | 137 +++++++++++++++++++++++++++++ 3 files changed, 138 insertions(+), 108 deletions(-) create mode 100644 pkg/resources/aws/securitygroup.go diff --git a/pkg/resources/aws/BUILD.bazel b/pkg/resources/aws/BUILD.bazel index ef024a060a..14d920fcfd 100644 --- a/pkg/resources/aws/BUILD.bazel +++ b/pkg/resources/aws/BUILD.bazel @@ -7,6 +7,7 @@ go_library( "errors.go", "filters.go", "routetable.go", + "securitygroup.go", "tags.go", "vpc.go", ], diff --git a/pkg/resources/aws/aws.go b/pkg/resources/aws/aws.go index 513ed6745f..a7e2fe0bbc 100644 --- a/pkg/resources/aws/aws.go +++ b/pkg/resources/aws/aws.go @@ -449,114 +449,6 @@ func DumpInstance(op *resources.DumpOperation, r *resources.Resource) error { return nil } -func DeleteSecurityGroup(cloud fi.Cloud, t *resources.Resource) error { - c := cloud.(awsup.AWSCloud) - - id := t.ID - // First clear all inter-dependent rules - // TODO: Move to a "pre-execute" phase? - { - request := &ec2.DescribeSecurityGroupsInput{ - GroupIds: []*string{&id}, - } - response, err := c.EC2().DescribeSecurityGroups(request) - if err != nil { - if awsup.AWSErrorCode(err) == "InvalidGroup.NotFound" { - glog.V(2).Infof("Got InvalidGroup.NotFound error describing SecurityGroup %q; will treat as already-deleted", id) - return nil - } - return fmt.Errorf("error describing SecurityGroup %q: %v", id, err) - } - - if len(response.SecurityGroups) == 0 { - return nil - } - if len(response.SecurityGroups) != 1 { - return fmt.Errorf("found mutiple SecurityGroups with ID %q", id) - } - sg := response.SecurityGroups[0] - - if len(sg.IpPermissions) != 0 { - revoke := &ec2.RevokeSecurityGroupIngressInput{ - GroupId: &id, - IpPermissions: sg.IpPermissions, - } - _, err = c.EC2().RevokeSecurityGroupIngress(revoke) - if err != nil { - return fmt.Errorf("cannot revoke ingress for ID %q: %v", id, err) - } - } - } - - { - glog.V(2).Infof("Deleting EC2 SecurityGroup %q", id) - request := &ec2.DeleteSecurityGroupInput{ - GroupId: &id, - } - _, err := c.EC2().DeleteSecurityGroup(request) - if err != nil { - if IsDependencyViolation(err) { - return err - } - return fmt.Errorf("error deleting SecurityGroup %q: %v", id, err) - } - } - return nil -} - -func DumpSecurityGroup(op *resources.DumpOperation, r *resources.Resource) error { - data := make(map[string]interface{}) - data["id"] = r.ID - data["type"] = ec2.ResourceTypeSecurityGroup - data["raw"] = r.Obj - op.Dump.Resources = append(op.Dump.Resources, data) - return nil -} - -func ListSecurityGroups(cloud fi.Cloud, clusterName string) ([]*resources.Resource, error) { - groups, err := DescribeSecurityGroups(cloud) - if err != nil { - return nil, err - } - - var resourceTrackers []*resources.Resource - - for _, sg := range groups { - resourceTracker := &resources.Resource{ - Name: FindName(sg.Tags), - ID: aws.StringValue(sg.GroupId), - Type: "security-group", - Deleter: DeleteSecurityGroup, - Dumper: DumpSecurityGroup, - Obj: sg, - } - - var blocks []string - blocks = append(blocks, "vpc:"+aws.StringValue(sg.VpcId)) - - resourceTracker.Blocks = blocks - - resourceTrackers = append(resourceTrackers, resourceTracker) - } - - return resourceTrackers, nil -} - -func DescribeSecurityGroups(cloud fi.Cloud) ([]*ec2.SecurityGroup, error) { - c := cloud.(awsup.AWSCloud) - - glog.V(2).Infof("Listing EC2 SecurityGroups") - request := &ec2.DescribeSecurityGroupsInput{ - Filters: BuildEC2Filters(cloud), - } - response, err := c.EC2().DescribeSecurityGroups(request) - if err != nil { - return nil, fmt.Errorf("error listing SecurityGroups: %v", err) - } - - return response.SecurityGroups, nil -} - func DeleteVolume(cloud fi.Cloud, r *resources.Resource) error { c := cloud.(awsup.AWSCloud) diff --git a/pkg/resources/aws/securitygroup.go b/pkg/resources/aws/securitygroup.go new file mode 100644 index 0000000000..0a9d7b9efe --- /dev/null +++ b/pkg/resources/aws/securitygroup.go @@ -0,0 +1,137 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package aws + +import ( + "fmt" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/ec2" + "github.com/golang/glog" + + "k8s.io/kops/pkg/resources" + "k8s.io/kops/upup/pkg/fi" + "k8s.io/kops/upup/pkg/fi/cloudup/awsup" +) + +func DeleteSecurityGroup(cloud fi.Cloud, t *resources.Resource) error { + c := cloud.(awsup.AWSCloud) + + id := t.ID + // First clear all inter-dependent rules + // TODO: Move to a "pre-execute" phase? + { + request := &ec2.DescribeSecurityGroupsInput{ + GroupIds: []*string{&id}, + } + response, err := c.EC2().DescribeSecurityGroups(request) + if err != nil { + if awsup.AWSErrorCode(err) == "InvalidGroup.NotFound" { + glog.V(2).Infof("Got InvalidGroup.NotFound error describing SecurityGroup %q; will treat as already-deleted", id) + return nil + } + return fmt.Errorf("error describing SecurityGroup %q: %v", id, err) + } + + if len(response.SecurityGroups) == 0 { + return nil + } + if len(response.SecurityGroups) != 1 { + return fmt.Errorf("found mutiple SecurityGroups with ID %q", id) + } + sg := response.SecurityGroups[0] + + if len(sg.IpPermissions) != 0 { + revoke := &ec2.RevokeSecurityGroupIngressInput{ + GroupId: &id, + IpPermissions: sg.IpPermissions, + } + _, err = c.EC2().RevokeSecurityGroupIngress(revoke) + if err != nil { + return fmt.Errorf("cannot revoke ingress for ID %q: %v", id, err) + } + } + } + + { + glog.V(2).Infof("Deleting EC2 SecurityGroup %q", id) + request := &ec2.DeleteSecurityGroupInput{ + GroupId: &id, + } + _, err := c.EC2().DeleteSecurityGroup(request) + if err != nil { + if IsDependencyViolation(err) { + return err + } + return fmt.Errorf("error deleting SecurityGroup %q: %v", id, err) + } + } + return nil +} + +func DumpSecurityGroup(op *resources.DumpOperation, r *resources.Resource) error { + data := make(map[string]interface{}) + data["id"] = r.ID + data["type"] = ec2.ResourceTypeSecurityGroup + data["raw"] = r.Obj + op.Dump.Resources = append(op.Dump.Resources, data) + return nil +} + +func ListSecurityGroups(cloud fi.Cloud, clusterName string) ([]*resources.Resource, error) { + groups, err := DescribeSecurityGroups(cloud) + if err != nil { + return nil, err + } + + var resourceTrackers []*resources.Resource + + for _, sg := range groups { + resourceTracker := &resources.Resource{ + Name: FindName(sg.Tags), + ID: aws.StringValue(sg.GroupId), + Type: "security-group", + Deleter: DeleteSecurityGroup, + Dumper: DumpSecurityGroup, + Obj: sg, + } + + var blocks []string + blocks = append(blocks, "vpc:"+aws.StringValue(sg.VpcId)) + + resourceTracker.Blocks = blocks + + resourceTrackers = append(resourceTrackers, resourceTracker) + } + + return resourceTrackers, nil +} + +func DescribeSecurityGroups(cloud fi.Cloud) ([]*ec2.SecurityGroup, error) { + c := cloud.(awsup.AWSCloud) + + glog.V(2).Infof("Listing EC2 SecurityGroups") + request := &ec2.DescribeSecurityGroupsInput{ + Filters: BuildEC2Filters(cloud), + } + response, err := c.EC2().DescribeSecurityGroups(request) + if err != nil { + return nil, fmt.Errorf("error listing SecurityGroups: %v", err) + } + + return response.SecurityGroups, nil +}