feat(aws): Handle launch template backed server groups in CloneServer… (

#4658) * feat(aws): Handle launch template backed server groups in CloneServerGroup - support server groups with launch templates in clone server group * - fix test * - carry param for instance metadata v2 - update test Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
spinnaker · Jun 8, 2020 · 49485d0 · 49485d0
1 parent 0763864
commit 49485d0
Show file tree

Hide file tree

Showing 3 changed files with 227 additions and 32 deletions.
diff --git a/...groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/CopyLastAsgAtomicOperation.groovy b/...groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/CopyLastAsgAtomicOperation.groovy
@@ -18,6 +18,7 @@ package com.netflix.spinnaker.clouddriver.aws.deploy.ops
 import com.amazonaws.services.autoscaling.model.AutoScalingGroup
 import com.amazonaws.services.autoscaling.model.DescribeAutoScalingGroupsRequest
 import com.amazonaws.services.ec2.model.DescribeSubnetsRequest
+import com.amazonaws.services.ec2.model.LaunchTemplateVersion
 import com.amazonaws.services.elasticloadbalancingv2.model.DescribeTargetGroupsRequest
 import com.netflix.frigga.Names
 import com.netflix.frigga.autoscaling.AutoScalingGroupNameBuilder
@@ -130,19 +131,77 @@ class CopyLastAsgAtomicOperation implements AtomicOperation<DeploymentResult> {
       }
 
       if (ancestorAsg) {
+        String iamInstanceProfile
+        String imageId
+        String instanceType
+        String spotPrice
+        String keyName
+        String kernelId
+        String ramdiskId
+        String userData
+        String classicLinkVPCId = null
 
-        def ancestorLaunchConfiguration = sourceRegionScopedProvider.asgService.getLaunchConfiguration(ancestorAsg.launchConfigurationName)
+        Boolean ebsOptimized
+        Boolean instanceMonitoring
+        Boolean associatePublicIpAddress
+
+        List<String> securityGroups
+        List<String> classicLinkVPCSecurityGroups = null
+        if (ancestorAsg.launchTemplate != null) {
+          LaunchTemplateVersion launchTemplateVersion = sourceRegionScopedProvider
+            .launchTemplateService.getLaunchTemplateVersion(ancestorAsg.launchTemplate)
+            .orElseThrow({
+              new IllegalStateException("Requested launch template $ancestorAsg.launchTemplate was not found")
+            })
+
+          def launchTemplateData = launchTemplateVersion.launchTemplateData
+
+          newDescription.setLaunchTemplate = true
+          imageId = launchTemplateData.imageId
+          keyName = launchTemplateData.keyName
+          kernelId = launchTemplateData.kernelId
+          userData = launchTemplateData.userData
+          ramdiskId = launchTemplateData.ramDiskId
+          instanceType = launchTemplateData.instanceType
+          securityGroups = launchTemplateData.securityGroups
+          ebsOptimized = launchTemplateData.ebsOptimized
+          iamInstanceProfile = launchTemplateData.iamInstanceProfile?.name
+          instanceMonitoring = launchTemplateData.monitoring?.enabled
+          spotPrice = launchTemplateData.instanceMarketOptions?.spotOptions?.maxPrice
+          newDescription.requireIMDSv2 = launchTemplateData.metadataOptions?.httpTokens == "required"
+          if (!launchTemplateData.networkInterfaces?.empty && launchTemplateData.networkInterfaces*.associatePublicIpAddress?.any()) {
+            associatePublicIpAddress = true
+          }
+        } else {
+          def ancestorLaunchConfiguration = sourceRegionScopedProvider
+            .asgService.getLaunchConfiguration(ancestorAsg.launchConfigurationName)
+
+          keyName = ancestorLaunchConfiguration.keyName
+          imageId = ancestorLaunchConfiguration.imageId
+          kernelId = ancestorLaunchConfiguration.kernelId
+          userData = ancestorLaunchConfiguration.userData
+          ramdiskId = ancestorLaunchConfiguration.ramdiskId
+          spotPrice = ancestorLaunchConfiguration.spotPrice
+          ebsOptimized = ancestorLaunchConfiguration.ebsOptimized
+          instanceType = ancestorLaunchConfiguration.instanceType
+          securityGroups = ancestorLaunchConfiguration.securityGroups
+          classicLinkVPCId = ancestorLaunchConfiguration.classicLinkVPCId
+          iamInstanceProfile = ancestorLaunchConfiguration.iamInstanceProfile
+          instanceMonitoring = ancestorLaunchConfiguration.instanceMonitoring?.enabled
+          associatePublicIpAddress = ancestorLaunchConfiguration.associatePublicIpAddress
+          classicLinkVPCSecurityGroups = ancestorLaunchConfiguration.classicLinkVPCSecurityGroups
+        }
 
         if (ancestorAsg.VPCZoneIdentifier) {
           task.updateStatus BASE_PHASE, "Looking up subnet type..."
           newDescription.subnetType = description.subnetType != null ? description.subnetType : getPurposeForSubnet(sourceRegion, ancestorAsg.VPCZoneIdentifier.tokenize(',').getAt(0))
           task.updateStatus BASE_PHASE, "Found: ${newDescription.subnetType}."
         }
 
-        newDescription.iamRole = description.iamRole ?: ancestorLaunchConfiguration.iamInstanceProfile
-        newDescription.amiName = description.amiName ?: ancestorLaunchConfiguration.imageId
+        newDescription.iamRole = description.iamRole ?: iamInstanceProfile
+        newDescription.amiName = description.amiName ?: imageId
         newDescription.availabilityZones = [(targetRegion): description.availabilityZones[targetRegion] ?: ancestorAsg.availabilityZones]
-        newDescription.instanceType = description.instanceType ?: ancestorLaunchConfiguration.instanceType
+        newDescription.instanceType = description.instanceType ?: instanceType
         newDescription.loadBalancers = description.loadBalancers != null ? description.loadBalancers : ancestorAsg.loadBalancerNames
         newDescription.targetGroups = description.targetGroups
         if (newDescription.targetGroups == null && ancestorAsg.targetGroupARNs && ancestorAsg.targetGroupARNs.size() > 0) {
@@ -151,24 +210,24 @@ class CopyLastAsgAtomicOperation implements AtomicOperation<DeploymentResult> {
           newDescription.targetGroups = targetGroupNames
         }
 
-        newDescription.securityGroups = description.securityGroups != null ? description.securityGroups : translateSecurityGroupIds(ancestorLaunchConfiguration.securityGroups)
+        newDescription.securityGroups = description.securityGroups != null ? description.securityGroups : translateSecurityGroupIds(securityGroups)
         newDescription.capacity.min = description.capacity?.min != null ? description.capacity.min : ancestorAsg.minSize
         newDescription.capacity.max = description.capacity?.max != null ? description.capacity.max : ancestorAsg.maxSize
         newDescription.capacity.desired = description.capacity?.desired != null ? description.capacity.desired : ancestorAsg.desiredCapacity
-        newDescription.keyPair = description.keyPair ?: (sourceIsTarget ? ancestorLaunchConfiguration.keyName : description.credentials.defaultKeyPair)
-        newDescription.associatePublicIpAddress = description.associatePublicIpAddress != null ? description.associatePublicIpAddress : ancestorLaunchConfiguration.associatePublicIpAddress
+        newDescription.keyPair = description.keyPair ?: (sourceIsTarget ? keyName : description.credentials.defaultKeyPair)
+        newDescription.associatePublicIpAddress = description.associatePublicIpAddress != null ? description.associatePublicIpAddress : associatePublicIpAddress
         newDescription.cooldown = description.cooldown != null ? description.cooldown : ancestorAsg.defaultCooldown
         newDescription.enabledMetrics = description.enabledMetrics != null ? description.enabledMetrics : ancestorAsg.enabledMetrics*.metric
         newDescription.healthCheckGracePeriod = description.healthCheckGracePeriod != null ? description.healthCheckGracePeriod : ancestorAsg.healthCheckGracePeriod
         newDescription.healthCheckType = description.healthCheckType ?: ancestorAsg.healthCheckType
         newDescription.suspendedProcesses = description.suspendedProcesses != null ? description.suspendedProcesses : ancestorAsg.suspendedProcesses*.processName
         newDescription.terminationPolicies = description.terminationPolicies != null ? description.terminationPolicies : ancestorAsg.terminationPolicies
-        newDescription.kernelId = description.kernelId ?: (ancestorLaunchConfiguration.kernelId ?: null)
-        newDescription.ramdiskId = description.ramdiskId ?: (ancestorLaunchConfiguration.ramdiskId ?: null)
-        newDescription.instanceMonitoring = description.instanceMonitoring != null ? description.instanceMonitoring : ancestorLaunchConfiguration.instanceMonitoring?.enabled
-        newDescription.ebsOptimized = description.ebsOptimized != null ? description.ebsOptimized : ancestorLaunchConfiguration.ebsOptimized
-        newDescription.classicLinkVpcId = description.classicLinkVpcId != null ? description.classicLinkVpcId : ancestorLaunchConfiguration.classicLinkVPCId
-        newDescription.classicLinkVpcSecurityGroups = description.classicLinkVpcSecurityGroups != null ? description.classicLinkVpcSecurityGroups : translateSecurityGroupIds(ancestorLaunchConfiguration.classicLinkVPCSecurityGroups)
+        newDescription.kernelId = description.kernelId ?: (kernelId ?: null)
+        newDescription.ramdiskId = description.ramdiskId ?: (ramdiskId ?: null)
+        newDescription.instanceMonitoring = description.instanceMonitoring != null ? description.instanceMonitoring : instanceMonitoring
+        newDescription.ebsOptimized = description.ebsOptimized != null ? description.ebsOptimized : ebsOptimized
+        newDescription.classicLinkVpcId = description.classicLinkVpcId != null ? description.classicLinkVpcId : classicLinkVPCId
+        newDescription.classicLinkVpcSecurityGroups = description.classicLinkVpcSecurityGroups != null ? description.classicLinkVpcSecurityGroups : translateSecurityGroupIds(classicLinkVPCSecurityGroups)
         newDescription.tags = description.tags != null ? description.tags : ancestorAsg.tags.collectEntries {
           [(it.getKey()): it.getValue()]
         }
@@ -179,11 +238,11 @@ class CopyLastAsgAtomicOperation implements AtomicOperation<DeploymentResult> {
           This is to avoid having duplicate user data.
          */
         if (localFileUserDataProperties && !localFileUserDataProperties.enabled) {
-          newDescription.base64UserData = description.base64UserData != null ? description.base64UserData : ancestorLaunchConfiguration.userData
+          newDescription.base64UserData = description.base64UserData != null ? description.base64UserData : userData
         }
 
         if (description.spotPrice == null) {
-          newDescription.spotPrice = ancestorLaunchConfiguration.spotPrice
+          newDescription.spotPrice = spotPrice
         } else if (description.spotPrice) {
           newDescription.spotPrice = description.spotPrice
         } else { // ""

diff --git a/...src/main/groovy/com/netflix/spinnaker/clouddriver/aws/services/LaunchTemplateService.java b/...src/main/groovy/com/netflix/spinnaker/clouddriver/aws/services/LaunchTemplateService.java
@@ -96,8 +96,7 @@ public LaunchTemplate createLaunchTemplate(
                     .withName(settings.getIamRole()))
             .withMonitoring(
                 new LaunchTemplatesMonitoringRequest()
-                    .withEnabled(settings.getInstanceMonitoring()))
-            .withSecurityGroupIds(settings.getSecurityGroups());
+                    .withEnabled(settings.getInstanceMonitoring()));
 
     if (settings.getBase64UserData() != null) {
       request.setUserData(settings.getBase64UserData().trim());
@@ -135,7 +134,9 @@ public LaunchTemplate createLaunchTemplate(
     // network interfaces
     request.withNetworkInterfaces(
         new LaunchTemplateInstanceNetworkInterfaceSpecificationRequest()
-            .withAssociatePublicIpAddress(settings.getAssociatePublicIpAddress()));
+            .withAssociatePublicIpAddress(settings.getAssociatePublicIpAddress())
+            .withGroups(settings.getSecurityGroups())
+            .withDeviceIndex(0));
 
     return retrySupport.retry(
         () -> {