From 82576186ea920d40c86f67a759f474193960e2e7 Mon Sep 17 00:00:00 2001 From: labkey-stuartm <32204841+labkey-stuartm@users.noreply.github.com> Date: Fri, 22 Feb 2019 14:46:03 -0800 Subject: [PATCH] Merge updates from public repo (#1) * if iam returns no users at all, it is likey down (implementation merged from https://github.com/packetfairy/aws-ec2-ssh/blob/condoms/import_users.sh#L285) fixes #96 * Fix typo (#125) * Fix typo in rpm install output text * Fix file name * fix * fix * improved check * re added creation policy * changing aws command line detection to make it silent (#127) * fix RHEL * increase timeout * allow parallel tests * fix RHEL showcase * re-add creation policy * Update README.md bump version * added license to templates * Install from latest release instead of master (#133) Add argument to install script to specify release * document ##ALL## * fix tag enabled groups in multi account setup (#136) * added hint to AWS Systems Manager Session Manager * Changed URI for RPM to latest release version (#140) * fix IAM SSH access * fix * Update README.md --- README.md | 6 ++- authorized_keys_command.sh | 2 +- aws-ec2-ssh.conf | 2 +- aws-ec2-ssh.spec | 2 +- iam_crossaccount_policy.json | 4 ++ import_users.sh | 38 ++++++++++++------- install.sh | 21 ++++++++-- install_configure_sshd.sh | 21 +++++----- showcase-rpm.yaml | 33 ++++++++++++---- showcase.yaml | 34 +++++++++++++---- test/pom.xml | 9 +++++ .../java/de/widdix/awsec2ssh/AAWSTest.java | 14 ------- .../test/java/de/widdix/awsec2ssh/ATest.java | 14 ++++++- 13 files changed, 137 insertions(+), 63 deletions(-) diff --git a/README.md b/README.md index 0aed8a3..850b52b 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Manage AWS EC2 SSH access with IAM +> You might want to checkout the newly launched [AWS Systems Manager Session Manager for Shell Access to EC2 Instances](https://aws.amazon.com/de/blogs/aws/new-session-manager/) + Use your IAM user's public SSH key to get access via SSH to an **EC2 instance** running * Amazon Linux 2017.09 * Amazon Linux 2 2017.12 @@ -54,7 +56,7 @@ A picture is worth a thousand words: 4. Click the **Upload SSH public key** button at the bottom of the page 5. Paste your public SSH key into the text-area and click the **Upload SSH public key** button to save 2. Attach the IAM permissions defined in [`iam_ssh_policy.json`](./iam_ssh_policy.json) to the EC2 instances (by creating an IAM role and an Instance Profile) -3. Install the RPM1: `rpm -i https://s3-eu-west-1.amazonaws.com/widdix-aws-ec2-ssh-releases-eu-west-1/aws-ec2-ssh-1.7.0-1.el7.centos.noarch.rpm` +3. Install the RPM1: `rpm -i https://s3-eu-west-1.amazonaws.com/widdix-aws-ec2-ssh-releases-eu-west-1/aws-ec2-ssh-1.9.2-1.el7.centos.noarch.rpm` 4. The configuration file is placed into `/etc/aws-ec2-ssh.conf` 5. The RPM creates a crontab file to run import_users.sh every 10 minutes. This file is placed in `/etc/cron.d/import_users` @@ -102,7 +104,7 @@ one or more of the following lines: ``` ASSUMEROLE="IAM-role-arn" # IAM Role ARN for multi account. See below for more info IAM_AUTHORIZED_GROUPS="GROUPNAMES" # Comma separated list of IAM groups to import -SUDOERS_GROUPS="GROUPNAMES" # Comma seperated list of IAM groups that should have sudo access +SUDOERS_GROUPS="GROUPNAMES" # Comma seperated list of IAM groups that should have sudo access or `##ALL##` to allow all users IAM_AUTHORIZED_GROUPS_TAG="KeyTag" # Key Tag of EC2 that contains a Comma separated list of IAM groups to import - IAM_AUTHORIZED_GROUPS_TAG will override IAM_AUTHORIZED_GROUPS, you can use only one of them SUDOERS_GROUPS_TAG="KeyTag" # Key Tag of EC2 that contains a Comma separated list of IAM groups that should have sudo access - SUDOERS_GROUPS_TAG will override SUDOERS_GROUPS, you can use only one of them SUDOERSGROUP="GROUPNAME" # Deprecated! IAM group that should have sudo access. Please use SUDOERS_GROUPS as this variable will be removed in future release. diff --git a/authorized_keys_command.sh b/authorized_keys_command.sh index 7763507..44efeb7 100755 --- a/authorized_keys_command.sh +++ b/authorized_keys_command.sh @@ -5,7 +5,7 @@ if [ -z "$1" ]; then fi # check if AWS CLI exists -if ! which aws; then +if ! [ -x "$(which aws)" ]; then echo "aws executable not found - exiting!" exit 1 fi diff --git a/aws-ec2-ssh.conf b/aws-ec2-ssh.conf index f28d16d..7d089a0 100644 --- a/aws-ec2-ssh.conf +++ b/aws-ec2-ssh.conf @@ -6,5 +6,5 @@ ASSUMEROLE="" # Remove or set to 0 if you are done with configuration # To change the interval of the sync change the file -# /etc/cron.d/aws-ec2-ssh +# /etc/cron.d/import_users DONOTSYNC=0 diff --git a/aws-ec2-ssh.spec b/aws-ec2-ssh.spec index 25a827a..60a7a09 100644 --- a/aws-ec2-ssh.spec +++ b/aws-ec2-ssh.spec @@ -46,7 +46,7 @@ chmod 0644 ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.d/import_users %include install_configure_sshd.sh %include install_configure_selinux.sh %include install_restart_sshd.sh -echo "To configure the aws-ec2-ssh package, edit /etc/aws-ec-ssh.conf. No users will be synchronized before you did this." +echo "To configure the aws-ec2-ssh package, edit /etc/aws-ec2-ssh.conf. No users will be synchronized before you did this." %postun diff --git a/iam_crossaccount_policy.json b/iam_crossaccount_policy.json index bf51b7a..c03f714 100644 --- a/iam_crossaccount_policy.json +++ b/iam_crossaccount_policy.json @@ -6,5 +6,9 @@ "Resource": [ "arn:aws:iam:::role/" ] + },{ + "Effect": "Allow", + "Action": "ec2:DescribeTags", + "Resource": "*" }] } diff --git a/import_users.sh b/import_users.sh index 8efda08..933df65 100755 --- a/import_users.sh +++ b/import_users.sh @@ -1,8 +1,12 @@ #!/bin/bash -e +function log() { + /usr/bin/logger -i -p auth.info -t aws-ec2-ssh "$@" +} + # check if AWS CLI exists -if ! which aws; then - echo "aws executable not found - exiting!" +if ! [ -x "$(which aws)" ]; then + log "aws executable not found - exiting!" exit 1 fi @@ -14,7 +18,7 @@ fi if [ ${DONOTSYNC} -eq 1 ] then - echo "Please configure aws-ec2-ssh by editing /etc/aws-ec2-ssh.conf" + log "Please configure aws-ec2-ssh by editing /etc/aws-ec2-ssh.conf" exit 1 fi @@ -54,10 +58,6 @@ fi INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep region | awk -F\" '{print $4}') -function log() { - /usr/bin/logger -i -p auth.info -t aws-ec2-ssh "$@" -} - function setup_aws_credentials() { local stscredentials if [[ ! -z "${ASSUMEROLE}" ]] @@ -171,7 +171,7 @@ function create_or_update_local_user() { # check that username contains only alphanumeric, period (.), underscore (_), and hyphen (-) for a safe eval if [[ ! "${username}" =~ ^[0-9a-zA-Z\._\-]{1,32}$ ]] then - echo "Local user name ${username} contains illegal characters" + log "Local user name ${username} contains illegal characters" exit 1 fi @@ -227,16 +227,13 @@ function clean_iam_username() { function sync_accounts() { if [ -z "${LOCAL_MARKER_GROUP}" ] then - echo "Please specify a local group to mark imported users. eg iam-synced-users" + log "Please specify a local group to mark imported users. eg iam-synced-users" exit 1 fi # Check if local marker group exists, if not, create it /usr/bin/getent group "${LOCAL_MARKER_GROUP}" >/dev/null 2>&1 || /usr/sbin/groupadd "${LOCAL_MARKER_GROUP}" - # setup the aws credentials if needed - setup_aws_credentials - # declare and set some variables local iam_users local sudo_users @@ -249,8 +246,23 @@ function sync_accounts() { get_iam_groups_from_tag get_sudoers_groups_from_tag + # setup the aws credentials if needed + setup_aws_credentials + iam_users=$(get_clean_iam_users | sort | uniq) + if [[ -z "${iam_users}" ]] + then + log "we just got back an empty iam_users user list which is likely caused by an IAM outage!" + exit 1 + fi + sudo_users=$(get_clean_sudoers_users | sort | uniq) + if [[ ! -z "${SUDOERS_GROUPS}" ]] && [[ ! "${SUDOERS_GROUPS}" == "##ALL##" ]] && [[ -z "${sudo_users}" ]] + then + log "we just got back an empty sudo_users user list which is likely caused by an IAM outage!" + exit 1 + fi + local_users=$(get_local_users | sort | uniq) intersection=$(echo ${local_users} ${iam_users} | tr " " "\n" | sort | uniq -D | uniq) @@ -262,7 +274,7 @@ function sync_accounts() { then create_or_update_local_user "${user}" "$sudo_users" else - echo "Can not import IAM user ${user}. User name is longer than 32 characters." + log "Can not import IAM user ${user}. User name is longer than 32 characters." fi done diff --git a/install.sh b/install.sh index 679d118..8a7c99d 100755 --- a/install.sh +++ b/install.sh @@ -2,7 +2,7 @@ show_help() { cat << EOF -Usage: ${0##*/} [-hv] [-a ARN] [-i GROUP,GROUP,...] [-l GROUP,GROUP,...] [-s GROUP] [-p PROGRAM] [-u "ARGUMENTS"] +Usage: ${0##*/} [-hv] [-a ARN] [-i GROUP,GROUP,...] [-l GROUP,GROUP,...] [-s GROUP] [-p PROGRAM] [-u "ARGUMENTS"] [-r RELEASE] Install import_users.sh and authorized_key_commands. -h display this help and exit @@ -23,6 +23,9 @@ Install import_users.sh and authorized_key_commands. Defaults to '/usr/sbin/useradd' -u "useradd args" Specify arguments to use with useradd. Defaults to '--create-home --shell /bin/bash' + -r release Specify a release of aws-ec2-ssh to download from GitHub. This argument is + passed to \`git clone -b\` and so works with branches and tags. + Defaults to 'master' EOF @@ -39,8 +42,9 @@ LOCAL_GROUPS="" ASSUME_ROLE="" USERADD_PROGRAM="" USERADD_ARGS="" +RELEASE="master" -while getopts :hva:i:l:s: opt +while getopts :hva:i:l:s:p:u:r: opt do case $opt in h) @@ -68,6 +72,9 @@ do u) USERADD_ARGS="$OPTARG" ;; + r) + RELEASE="$OPTARG" + ;; \?) echo "Invalid option: -$OPTARG" >&2 show_help @@ -88,16 +95,22 @@ export USERADD_PROGRAM export USERADD_ARGS # check if AWS CLI exists -if ! which aws; then +if ! [ -x "$(which aws)" ]; then echo "aws executable not found - exiting!" exit 1 fi +# check if git exists +if ! [ -x "$(which git)" ]; then + echo "git executable not found - exiting!" + exit 1 +fi + tmpdir=$(mktemp -d) cd "$tmpdir" -git clone -b master https://github.com/widdix/aws-ec2-ssh.git +git clone -b "$RELEASE" https://github.com/widdix/aws-ec2-ssh.git cd "$tmpdir/aws-ec2-ssh" diff --git a/install_configure_sshd.sh b/install_configure_sshd.sh index e7b9564..8d8bcf5 100755 --- a/install_configure_sshd.sh +++ b/install_configure_sshd.sh @@ -1,17 +1,14 @@ #!/bin/bash -e -if grep -q '#AuthorizedKeysCommand none' "$SSHD_CONFIG_FILE"; then - sed -i "s:#AuthorizedKeysCommand none:AuthorizedKeysCommand ${AUTHORIZED_KEYS_COMMAND_FILE}:g" "$SSHD_CONFIG_FILE" -else - if ! grep -q "AuthorizedKeysCommand ${AUTHORIZED_KEYS_COMMAND_FILE}" "$SSHD_CONFIG_FILE"; then - echo "AuthorizedKeysCommand ${AUTHORIZED_KEYS_COMMAND_FILE}" >> "$SSHD_CONFIG_FILE" - fi +# add new line if file does not end with new line +if [ -n "$(tail -c1 ${SSHD_CONFIG_FILE})" ]; then + echo >> ${SSHD_CONFIG_FILE} fi -if grep -q '#AuthorizedKeysCommandUser nobody' "$SSHD_CONFIG_FILE"; then - sed -i "s:#AuthorizedKeysCommandUser nobody:AuthorizedKeysCommandUser nobody:g" "$SSHD_CONFIG_FILE" -else - if ! grep -q 'AuthorizedKeysCommandUser nobody' "$SSHD_CONFIG_FILE"; then - echo "AuthorizedKeysCommandUser nobody" >> "$SSHD_CONFIG_FILE" - fi +if ! grep -q '^AuthorizedKeysCommand /opt/authorized_keys_command.sh' ${SSHD_CONFIG_FILE}; then + sed -e '/AuthorizedKeysCommand / s/^#*/#/' -i ${SSHD_CONFIG_FILE}; echo "AuthorizedKeysCommand ${AUTHORIZED_KEYS_COMMAND_FILE}" >> ${SSHD_CONFIG_FILE} +fi + +if ! grep -q '^AuthorizedKeysCommandUser nobody' ${SSHD_CONFIG_FILE}; then + sed -e '/AuthorizedKeysCommandUser / s/^#*/#/' -i ${SSHD_CONFIG_FILE}; echo 'AuthorizedKeysCommandUser nobody' >> ${SSHD_CONFIG_FILE} fi diff --git a/showcase-rpm.yaml b/showcase-rpm.yaml index 477d012..3d4014d 100644 --- a/showcase-rpm.yaml +++ b/showcase-rpm.yaml @@ -1,4 +1,13 @@ --- +# The MIT License (MIT) +# +# Copyright (c) 2016 widdix GmbH +# +# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. AWSTemplateFormatVersion: '2010-09-09' Description: 'AWS EC2 SSH access with IAM showcase using RPM' Parameters: @@ -35,16 +44,19 @@ Mappings: AmazonLinux: RegionMap: RegionMapAmazonLinux UserData: | + trap '/opt/aws/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR /opt/aws/bin/cfn-init --verbose --stack=${STACKNAME} --region=${REGION} --resource=Instance /opt/aws/bin/cfn-signal -e 0 --stack=${STACKNAME} --region=${REGION} --resource=Instance AmazonLinux2: RegionMap: RegionMapAmazonLinux2 UserData: | + trap '/opt/aws/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR /opt/aws/bin/cfn-init --verbose --stack=${STACKNAME} --region=${REGION} --resource=Instance /opt/aws/bin/cfn-signal -e 0 --stack=${STACKNAME} --region=${REGION} --resource=Instance SUSELinuxEnterpriseServer: RegionMap: RegionMapSUSELinuxEnterpriseServer UserData: | + trap '/usr/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR mkdir aws-cfn-bootstrap-latest curl -s -m 60 https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz | tar xz -C aws-cfn-bootstrap-latest --strip-components 1 easy_install aws-cfn-bootstrap-latest @@ -53,6 +65,7 @@ Mappings: RHEL: RegionMap: RegionMapRHEL UserData: | + trap '/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR mkdir aws-cfn-bootstrap-latest curl -s -m 60 https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz | tar xz -C aws-cfn-bootstrap-latest --strip-components 1 easy_install aws-cfn-bootstrap-latest @@ -61,6 +74,7 @@ Mappings: CentOS: RegionMap: RegionMapCentOS UserData: | + trap '/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR mkdir aws-cfn-bootstrap-latest curl -s -m 60 https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz | tar xz -C aws-cfn-bootstrap-latest --strip-components 1 easy_install aws-cfn-bootstrap-latest @@ -299,13 +313,19 @@ Resources: prepareSUSELinuxEnterpriseServer: {} prepareRHEL: packages: - rpm: - epel: 'http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm' yum: git: [] - python2-pip: [] - python: - awscli: [] + unzip: [] + commands: + a_download: + command: 'curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"' + cwd: '/tmp' + b_extract: + command: 'unzip awscli-bundle.zip' + cwd: '/tmp' + c_install: + command: './awscli-bundle/install -i /usr/local/aws -b /bin/aws' + cwd: '/tmp' prepareCentOS: packages: rpm: @@ -330,7 +350,6 @@ Resources: 'Fn::Base64': !Sub - | #!/bin/bash -ex - trap '/opt/aws/bin/cfn-signal -e 1 --stack=${AWS::StackName} --region=${AWS::Region} --resource=Instance' ERR export REGION=${AWS::Region} export STACKNAME=${AWS::StackName} ${UserData} @@ -348,7 +367,7 @@ Resources: CreationPolicy: ResourceSignal: Count: 1 - Timeout: PT15M + Timeout: PT20M Outputs: PublicName: Description: 'The public name of the EC2 instance.' diff --git a/showcase.yaml b/showcase.yaml index 309e8ac..f48dc8a 100644 --- a/showcase.yaml +++ b/showcase.yaml @@ -1,4 +1,13 @@ --- +# The MIT License (MIT) +# +# Copyright (c) 2016 widdix GmbH +# +# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. AWSTemplateFormatVersion: '2010-09-09' Description: 'AWS EC2 SSH access with IAM showcase using install.sh' Parameters: @@ -32,16 +41,19 @@ Mappings: AmazonLinux: RegionMap: RegionMapAmazonLinux UserData: | + trap '/opt/aws/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR /opt/aws/bin/cfn-init --verbose --stack=${STACKNAME} --region=${REGION} --resource=Instance /opt/aws/bin/cfn-signal -e 0 --stack=${STACKNAME} --region=${REGION} --resource=Instance AmazonLinux2: RegionMap: RegionMapAmazonLinux2 UserData: | + trap '/opt/aws/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR /opt/aws/bin/cfn-init --verbose --stack=${STACKNAME} --region=${REGION} --resource=Instance /opt/aws/bin/cfn-signal -e 0 --stack=${STACKNAME} --region=${REGION} --resource=Instance Ubuntu: RegionMap: RegionMapUbuntu UserData: | + trap '/usr/local/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR apt-get update apt-get -y install python-setuptools mkdir aws-cfn-bootstrap-latest @@ -52,6 +64,7 @@ Mappings: SUSELinuxEnterpriseServer: RegionMap: RegionMapSUSELinuxEnterpriseServer UserData: | + trap '/usr/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR mkdir aws-cfn-bootstrap-latest curl -s -m 60 https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz | tar xz -C aws-cfn-bootstrap-latest --strip-components 1 easy_install aws-cfn-bootstrap-latest @@ -60,6 +73,7 @@ Mappings: RHEL: RegionMap: RegionMapRHEL UserData: | + trap '/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR mkdir aws-cfn-bootstrap-latest curl -s -m 60 https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz | tar xz -C aws-cfn-bootstrap-latest --strip-components 1 easy_install aws-cfn-bootstrap-latest @@ -68,6 +82,7 @@ Mappings: CentOS: RegionMap: RegionMapCentOS UserData: | + trap '/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR mkdir aws-cfn-bootstrap-latest curl -s -m 60 https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz | tar xz -C aws-cfn-bootstrap-latest --strip-components 1 easy_install aws-cfn-bootstrap-latest @@ -342,13 +357,19 @@ Resources: prepareSUSELinuxEnterpriseServer: {} prepareRHEL: packages: - rpm: - epel: 'http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm' yum: git: [] - python2-pip: [] - python: - awscli: [] + unzip: [] + commands: + a_download: + command: 'curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"' + cwd: '/tmp' + b_extract: + command: 'unzip awscli-bundle.zip' + cwd: '/tmp' + c_install: + command: './awscli-bundle/install -i /usr/local/aws -b /bin/aws' + cwd: '/tmp' prepareCentOS: packages: rpm: @@ -376,7 +397,6 @@ Resources: 'Fn::Base64': !Sub - | #!/bin/bash -ex - trap '/opt/aws/bin/cfn-signal -e 1 --stack=${AWS::StackName} --region=${AWS::Region} --resource=Instance' ERR export REGION=${AWS::Region} export STACKNAME=${AWS::StackName} ${UserData} @@ -394,7 +414,7 @@ Resources: CreationPolicy: ResourceSignal: Count: 1 - Timeout: PT15M + Timeout: PT20M Outputs: PublicName: Description: 'The public name of the EC2 instance.' diff --git a/test/pom.xml b/test/pom.xml index 7a30fd4..40e3fb1 100644 --- a/test/pom.xml +++ b/test/pom.xml @@ -78,6 +78,15 @@ 1.8 + + org.apache.maven.plugins + maven-surefire-plugin + 2.20 + + methods + 2 + + diff --git a/test/src/test/java/de/widdix/awsec2ssh/AAWSTest.java b/test/src/test/java/de/widdix/awsec2ssh/AAWSTest.java index 841b8cb..8585179 100644 --- a/test/src/test/java/de/widdix/awsec2ssh/AAWSTest.java +++ b/test/src/test/java/de/widdix/awsec2ssh/AAWSTest.java @@ -14,9 +14,6 @@ import com.jcraft.jsch.KeyPair; import java.io.ByteArrayOutputStream; -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import java.util.Base64; import java.util.List; import java.util.UUID; @@ -42,17 +39,6 @@ public AAWSTest() { this.iam = AmazonIdentityManagementClientBuilder.standard().withCredentials(this.credentialsProvider).build(); } - public static final class User { - public final String userName; - public final byte[] sshPrivateKeyBlob; - public final String sshPublicKeyId; - public User(final String userName, final byte[] sshPrivateKeyBlob, final String sshPublicKeyId) { - super(); - this.userName = userName; - this.sshPrivateKeyBlob = sshPrivateKeyBlob; - this.sshPublicKeyId = sshPublicKeyId; - } - } protected final User createUser(final String userName) throws JSchException { final JSch jsch = new JSch(); final KeyPair keyPair = KeyPair.genKeyPair(jsch, KeyPair.RSA, 2048); diff --git a/test/src/test/java/de/widdix/awsec2ssh/ATest.java b/test/src/test/java/de/widdix/awsec2ssh/ATest.java index 8e29ac0..7b58f57 100644 --- a/test/src/test/java/de/widdix/awsec2ssh/ATest.java +++ b/test/src/test/java/de/widdix/awsec2ssh/ATest.java @@ -33,7 +33,19 @@ protected final T retry(Callable callable) { return (T) results.getResult(); } - protected final void probeSSH(final String host, final AAWSTest.User user) { + public static final class User { + public final String userName; + public final byte[] sshPrivateKeyBlob; + public final String sshPublicKeyId; + public User(final String userName, final byte[] sshPrivateKeyBlob, final String sshPublicKeyId) { + super(); + this.userName = userName; + this.sshPrivateKeyBlob = sshPrivateKeyBlob; + this.sshPublicKeyId = sshPublicKeyId; + } + } + + protected final void probeSSH(final String host, final User user) { final Callable callable = () -> { final JSch jsch = new JSch(); final Session session = jsch.getSession(user.userName, host);