update to latest AWS SDK

newer SDK version included ipv6 rules on ingress permissions. surely hope this covers all the spots where those matter..
spinnaker · Feb 10, 2017 · a39b951 · a39b951
1 parent a05f2e6
commit a39b951
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 8 deletions.
diff --git a/build.gradle b/build.gradle
@@ -35,7 +35,7 @@ allprojects {
   apply plugin: 'groovy'
 
   ext {
-    spinnakerDependenciesVersion = project.hasProperty('spinnakerDependenciesVersion') ? project.property('spinnakerDependenciesVersion') : '0.68.0'
+    spinnakerDependenciesVersion = project.hasProperty('spinnakerDependenciesVersion') ? project.property('spinnakerDependenciesVersion') : '0.77.0'
   }
 
   def checkLocalVersions = [spinnakerDependenciesVersion: spinnakerDependenciesVersion]

diff --git a/...vy/com/netflix/spinnaker/clouddriver/aws/deploy/handlers/MigrateLoadBalancerStrategy.java b/...vy/com/netflix/spinnaker/clouddriver/aws/deploy/handlers/MigrateLoadBalancerStrategy.java
@@ -483,7 +483,8 @@ private void addPublicIngress(AmazonEC2 targetAmazonEC2, String elbGroupId, Load
       .withIpProtocol("tcp")
       .withFromPort(l.getListener().getLoadBalancerPort())
       .withToPort(l.getListener().getLoadBalancerPort())
-      .withIpRanges("0.0.0.0/0")
+      .withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0"))
+      //TODO(cfieber)-ipv6
     ).collect(Collectors.toList());
 
     targetAmazonEC2.authorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest()

diff --git a/...y/com/netflix/spinnaker/clouddriver/aws/deploy/handlers/MigrateSecurityGroupStrategy.java b/...y/com/netflix/spinnaker/clouddriver/aws/deploy/handlers/MigrateSecurityGroupStrategy.java
@@ -416,13 +416,20 @@ private void filterOutExistingRules(List<IpPermission> permissionsToApply, Secur
             && targetPermission.getUserIdGroupPairs().stream().anyMatch(t -> t.getGroupId().equals(pair.getGroupId()))
         )
       );
-      permission.getIpRanges().removeIf(range ->
+      permission.getIpv4Ranges().removeIf(range ->
         targetGroup.getIpPermissions().stream().anyMatch(targetPermission ->
           targetPermission.getFromPort().equals(permission.getFromPort())
             && targetPermission.getToPort().equals(permission.getToPort())
-            && targetPermission.getIpRanges().contains(range)
+            && targetPermission.getIpv4Ranges().contains(range)
         )
       );
+      permission.getIpv6Ranges().removeIf(range ->
+          targetGroup.getIpPermissions().stream().anyMatch(targetPermission ->
+              targetPermission.getFromPort().equals(permission.getFromPort())
+                  && targetPermission.getToPort().equals(permission.getToPort())
+                  && targetPermission.getIpv6Ranges().contains(range)
+          )
+      );
     });
   }
 

diff --git a/...x/spinnaker/clouddriver/aws/deploy/ops/securitygroup/SecurityGroupIngressConverter.groovy b/...x/spinnaker/clouddriver/aws/deploy/ops/securitygroup/SecurityGroupIngressConverter.groovy
@@ -83,12 +83,18 @@ class SecurityGroupIngressConverter {
           .withToPort(ipPermission.toPort)
           .withIpProtocol(ipPermission.ipProtocol)
           .withUserIdGroupPairs(it)
-      } + ipPermission.ipRanges.collect {
+      } + ipPermission.ipv4Ranges.collect {
         new IpPermission()
           .withFromPort(ipPermission.fromPort)
           .withToPort(ipPermission.toPort)
           .withIpProtocol(ipPermission.ipProtocol)
-          .withIpRanges(it)
+          .withIpv4Ranges(it)
+      } + ipPermission.ipv6Ranges.collect {
+        new IpPermission()
+          .withFromPort(ipPermission.fromPort)
+          .withToPort(ipPermission.toPort)
+          .withIpProtocol(ipPermission.ipProtocol)
+          .withIpv6Ranges(it)
       }
     }.flatten().unique()
   }

diff --git a/...netflix/spinnaker/clouddriver/aws/deploy/handlers/MigrateSecurityGroupStrategySpec.groovy b/...netflix/spinnaker/clouddriver/aws/deploy/handlers/MigrateSecurityGroupStrategySpec.groovy
@@ -19,6 +19,7 @@ package com.netflix.spinnaker.clouddriver.aws.deploy.handlers
 import com.amazonaws.services.ec2.AmazonEC2
 import com.amazonaws.services.ec2.model.DescribeVpcsResult
 import com.amazonaws.services.ec2.model.IpPermission
+import com.amazonaws.services.ec2.model.IpRange
 import com.amazonaws.services.ec2.model.SecurityGroup
 import com.amazonaws.services.ec2.model.Tag
 import com.amazonaws.services.ec2.model.UserIdGroupPair
@@ -540,10 +541,10 @@ class MigrateSecurityGroupStrategySpec extends Specification {
     def targetGroup1 = new SecurityGroup(groupName: 'group1', groupId: 'sg-5', ownerId: prodCredentials.accountId)
     def targetGroup2 = new SecurityGroup(groupName: 'group2', groupId: 'sg-6', ownerId: prodCredentials.accountId)
     sourceGroup.ipPermissions = [
-      new IpPermission().withUserIdGroupPairs([]).withIpRanges("1.2.3.4").withFromPort(7001).withToPort(7003)
+      new IpPermission().withUserIdGroupPairs([]).withIpv4Ranges(new IpRange().withCidrIp("1.2.3.4")).withFromPort(7001).withToPort(7003)
     ]
     targetGroup1.ipPermissions = [
-      new IpPermission().withUserIdGroupPairs([]).withIpRanges("1.2.3.4").withFromPort(7001).withToPort(7003)
+      new IpPermission().withUserIdGroupPairs([]).withIpv4Ranges(new IpRange().withCidrIp("1.2.3.4")).withFromPort(7001).withToPort(7003)
     ]
     def sourceUpdater = Stub(SecurityGroupUpdater) {
       getSecurityGroup() >> sourceGroup