def _validate(aws_svc, values, encryptor_ami_id):
""" Validate command-line options
:param aws_svc: the BaseAWSService implementation
:param values: object that was generated by argparse
"""
if values.encrypted_ami_name:
aws_service.validate_image_name(values.encrypted_ami_name)
try:
if values.key_name:
aws_svc.get_key_pair(values.key_name)
_validate_subnet_and_security_groups(
aws_svc, values.subnet_id, values.security_group_ids)
_validate_encryptor_ami(aws_svc, encryptor_ami_id)
if values.encrypted_ami_name:
filters = {'name': values.encrypted_ami_name}
if aws_svc.get_images(filters=filters, owners=['self']):
raise ValidationError(
'You already own an image named %s' %
values.encrypted_ami_name
)
except EC2ResponseError as e:
raise ValidationError(e.message)
def test_name_validation(self):
name = 'Test123 ()[]./-\'@_'
self.assertEquals(name, aws_service.validate_image_name(name))
with self.assertRaises(ValidationError):
aws_service.validate_image_name(None)
with self.assertRaises(ValidationError):
aws_service.validate_image_name('ab')
with self.assertRaises(ValidationError):
aws_service.validate_image_name('a' * 129)
for c in '?!#$%^&*~`{}\|"<>':
with self.assertRaises(ValidationError):
aws_service.validate_image_name('test' + c)
def test_name_validation(self):
name = 'Test123 ()[]./-\'@_'
self.assertEquals(name, aws_service.validate_image_name(name))
with self.assertRaises(ValidationError):
aws_service.validate_image_name(None)
with self.assertRaises(ValidationError):
aws_service.validate_image_name('ab')
with self.assertRaises(ValidationError):
aws_service.validate_image_name('a' * 129)
for c in '?!#$%^&*~`{}\|"<>':
with self.assertRaises(ValidationError):
aws_service.validate_image_name('test' + c)
def _validate(aws_svc, values, encryptor_ami_id):
""" Validate command-line options
:param aws_svc: the BaseAWSService implementation
:param values: object that was generated by argparse
"""
if values.encrypted_ami_name:
aws_service.validate_image_name(values.encrypted_ami_name)
try:
if values.key_name:
aws_svc.get_key_pair(values.key_name)
_validate_subnet_and_security_groups(aws_svc, values.subnet_id,
values.security_group_ids)
_validate_encryptor_ami(aws_svc, encryptor_ami_id)
if values.encrypted_ami_name:
filters = {'name': values.encrypted_ami_name}
if aws_svc.get_images(filters=filters, owners=['self']):
raise ValidationError('You already own an image named %s' %
values.encrypted_ami_name)
except EC2ResponseError as e:
raise ValidationError(e.message)
def command_update_encrypted_ami(values):
nonce = util.make_nonce()
aws_svc = aws_service.AWSService(
nonce,
retry_timeout=values.retry_timeout,
retry_initial_sleep_seconds=values.retry_initial_sleep_seconds)
log.debug('Retry timeout=%.02f, initial sleep seconds=%.02f',
aws_svc.retry_timeout, aws_svc.retry_initial_sleep_seconds)
brkt_env = (brkt_cli.brkt_env_from_values(values)
or brkt_cli.get_prod_brkt_env())
if values.validate:
# Validate the region before connecting.
_validate_region(aws_svc, values.region)
if values.token:
brkt_cli.check_jwt_auth(brkt_env, values.token)
aws_svc.connect(values.region, key_name=values.key_name)
encrypted_image = _validate_ami(aws_svc, values.ami)
pv = _use_pv_metavisor(values, encrypted_image)
encryptor_ami = (values.encryptor_ami
or _get_encryptor_ami(values.region, pv=pv))
default_tags = encrypt_ami.get_default_tags(nonce, encryptor_ami)
default_tags.update(brkt_cli.parse_tags(values.tags))
aws_svc.default_tags = default_tags
if values.validate:
_validate_guest_encrypted_ami(aws_svc, encrypted_image.id,
encryptor_ami)
brkt_cli.validate_ntp_servers(values.ntp_servers)
_validate(aws_svc, values, encryptor_ami)
_validate_guest_encrypted_ami(aws_svc, encrypted_image.id,
encryptor_ami)
else:
log.info('Skipping AMI validation.')
mv_image = aws_svc.get_image(encryptor_ami)
if (encrypted_image.virtualization_type != mv_image.virtualization_type):
log.error(
'Virtualization type mismatch. %s is %s, but encryptor %s is '
'%s.', encrypted_image.id, encrypted_image.virtualization_type,
mv_image.id, mv_image.virtualization_type)
return 1
encrypted_ami_name = values.encrypted_ami_name
if encrypted_ami_name:
# Check for name collision.
filters = {'name': encrypted_ami_name}
if aws_svc.get_images(filters=filters, owners=['self']):
raise ValidationError('You already own image named %s' %
encrypted_ami_name)
else:
encrypted_ami_name = _get_updated_image_name(encrypted_image.name,
nonce)
log.debug('Image name: %s', encrypted_ami_name)
aws_service.validate_image_name(encrypted_ami_name)
# Initial validation done
log.info('Updating %s with new metavisor %s', encrypted_image.id,
encryptor_ami)
updated_ami_id = update_ami(
aws_svc,
encrypted_image.id,
encryptor_ami,
encrypted_ami_name,
subnet_id=values.subnet_id,
security_group_ids=values.security_group_ids,
guest_instance_type=values.guest_instance_type,
updater_instance_type=values.updater_instance_type,
instance_config=make_instance_config(values, brkt_env),
status_port=values.status_port,
)
print(updated_ami_id)
return 0
def command_update_encrypted_ami(values):
nonce = util.make_nonce()
aws_svc = aws_service.AWSService(
nonce,
retry_timeout=values.retry_timeout,
retry_initial_sleep_seconds=values.retry_initial_sleep_seconds
)
log.debug(
'Retry timeout=%.02f, initial sleep seconds=%.02f',
aws_svc.retry_timeout, aws_svc.retry_initial_sleep_seconds)
brkt_env = (
brkt_cli.brkt_env_from_values(values) or
brkt_cli.get_prod_brkt_env()
)
if values.validate:
# Validate the region before connecting.
_validate_region(aws_svc, values.region)
if values.token:
brkt_cli.check_jwt_auth(brkt_env, values.token)
aws_svc.connect(values.region, key_name=values.key_name)
encrypted_image = _validate_ami(aws_svc, values.ami)
pv = _use_pv_metavisor(values, encrypted_image)
encryptor_ami = (
values.encryptor_ami or
_get_encryptor_ami(values.region, pv=pv)
)
default_tags = encrypt_ami.get_default_tags(nonce, encryptor_ami)
default_tags.update(brkt_cli.parse_tags(values.tags))
aws_svc.default_tags = default_tags
if values.validate:
_validate_guest_encrypted_ami(
aws_svc, encrypted_image.id, encryptor_ami)
brkt_cli.validate_ntp_servers(values.ntp_servers)
_validate(aws_svc, values, encryptor_ami)
_validate_guest_encrypted_ami(
aws_svc, encrypted_image.id, encryptor_ami)
else:
log.info('Skipping AMI validation.')
mv_image = aws_svc.get_image(encryptor_ami)
if (encrypted_image.virtualization_type !=
mv_image.virtualization_type):
log.error(
'Virtualization type mismatch. %s is %s, but encryptor %s is '
'%s.',
encrypted_image.id,
encrypted_image.virtualization_type,
mv_image.id,
mv_image.virtualization_type
)
return 1
encrypted_ami_name = values.encrypted_ami_name
if encrypted_ami_name:
# Check for name collision.
filters = {'name': encrypted_ami_name}
if aws_svc.get_images(filters=filters, owners=['self']):
raise ValidationError(
'You already own image named %s' % encrypted_ami_name)
else:
encrypted_ami_name = _get_updated_image_name(
encrypted_image.name, nonce)
log.debug('Image name: %s', encrypted_ami_name)
aws_service.validate_image_name(encrypted_ami_name)
# Initial validation done
log.info(
'Updating %s with new metavisor %s',
encrypted_image.id, encryptor_ami
)
updated_ami_id = update_ami(
aws_svc, encrypted_image.id, encryptor_ami, encrypted_ami_name,
subnet_id=values.subnet_id,
security_group_ids=values.security_group_ids,
guest_instance_type=values.guest_instance_type,
updater_instance_type=values.updater_instance_type,
instance_config=make_instance_config(values, brkt_env),
status_port=values.status_port,
)
print(updated_ami_id)
return 0
def run_update(values, config, verbose=False):
nonce = util.make_nonce()
aws_svc = aws_service.AWSService(
nonce,
retry_timeout=values.retry_timeout,
retry_initial_sleep_seconds=values.retry_initial_sleep_seconds
)
log.debug(
'Retry timeout=%.02f, initial sleep seconds=%.02f',
aws_svc.retry_timeout, aws_svc.retry_initial_sleep_seconds)
brkt_env = (
brkt_cli.brkt_env_from_values(values) or
brkt_cli.get_prod_brkt_env()
)
if values.validate:
# Validate the region before connecting.
_validate_region(aws_svc, values.region)
if values.token:
brkt_cli.check_jwt_auth(brkt_env, values.token)
aws_svc.connect(values.region, key_name=values.key_name)
encrypted_image = _validate_ami(aws_svc, values.ami)
encryptor_ami = values.encryptor_ami or _get_encryptor_ami(values.region)
default_tags = encrypt_ami.get_default_tags(nonce, encryptor_ami)
default_tags.update(brkt_cli.parse_tags(values.tags))
aws_svc.default_tags = default_tags
if values.validate:
_validate_guest_encrypted_ami(
aws_svc, encrypted_image.id, encryptor_ami)
brkt_cli.validate_ntp_servers(values.ntp_servers)
_validate(aws_svc, values, encryptor_ami)
_validate_guest_encrypted_ami(
aws_svc, encrypted_image.id, encryptor_ami)
else:
log.info('Skipping AMI validation.')
mv_image = aws_svc.get_image(encryptor_ami)
if (encrypted_image.virtualization_type != mv_image.virtualization_type):
log.error(
'Virtualization type mismatch. %s is %s, but encryptor %s is '
'%s.',
encrypted_image.id,
encrypted_image.virtualization_type,
mv_image.id,
mv_image.virtualization_type
)
return 1
encrypted_ami_name = values.encrypted_ami_name
if encrypted_ami_name:
# Check for name collision.
filters = {'name': encrypted_ami_name}
if aws_svc.get_images(filters=filters, owners=['self']):
raise ValidationError(
'You already own image named %s' % encrypted_ami_name)
else:
encrypted_ami_name = _get_updated_image_name(
encrypted_image.name, nonce)
log.debug('Image name: %s', encrypted_ami_name)
aws_service.validate_image_name(encrypted_ami_name)
# Initial validation done
log.info(
'Updating %s with new metavisor %s',
encrypted_image.id, encryptor_ami
)
instance_config = instance_config_from_values(
values, mode=INSTANCE_UPDATER_MODE, cli_config=config)
if verbose:
with tempfile.NamedTemporaryFile(
prefix='user-data-',
delete=False
) as f:
log.debug('Writing instance user data to %s', f.name)
f.write(instance_config.make_userdata())
updated_ami_id = update_ami(
aws_svc, encrypted_image.id, encryptor_ami, encrypted_ami_name,
subnet_id=values.subnet_id,
security_group_ids=values.security_group_ids,
guest_instance_type=values.guest_instance_type,
updater_instance_type=values.updater_instance_type,
instance_config=instance_config,
status_port=values.status_port,
)
print(updated_ami_id)
return 0
