Support for updating instances

api/handlers_instances.go

@@ -443,3 +443,156 @@ func (s *server) InstanceSendCommandHandler(w http.ResponseWriter, r *http.Reque
 	handleResponseOk(w, out)
 
 }
+
+func (s *server) InstanceIDHandler(w http.ResponseWriter, r *http.Request) {
+	w = LogWriter{w}
+	w.WriteHeader(http.StatusNotImplemented)
+}
+
+func (s *server) CreateAssociationHandler(w http.ResponseWriter, r *http.Request) {
+	w = LogWriter{w}
+	vars := mux.Vars(r)
+	account := s.mapAccountNumber(vars["account"])
+	instanceId := vars["id"]
+
+	req := &SSMCreateRequest{}
+	if err := json.NewDecoder(r.Body).Decode(req); err != nil {
+		msg := fmt.Sprintf("cannot decode body into ssm create input: %s", err)
+		handleError(w, apierror.New(apierror.ErrBadRequest, msg, err))
+		return
+	}
+
+	if req.Document == "" {
+		handleError(w, apierror.New(apierror.ErrBadRequest, "Document is mandatory", nil))
+		return
+	}
+
+	role := fmt.Sprintf("arn:aws:iam::%s:role/%s", account, s.session.RoleName)
+
+	session, err := s.assumeRole(
+		r.Context(),
+		s.session.ExternalID,
+		role,
+		"",
+		"arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess",
+	)
+	if err != nil {
+		msg := fmt.Sprintf("failed to assume role in account: %s", account)
+		handleError(w, apierror.New(apierror.ErrForbidden, msg, err))
+		return
+	}
+
+	service := ssm.New(
+		ssm.WithSession(session.Session),
+	)
+
+	out, err := service.CreateAssociation(r.Context(), instanceId, req.Document)
+	if err != nil {
+		handleError(w, err)
+		return
+	}
+
+	handleResponseOk(w, struct{ AssociationId string }{AssociationId: *out.AssociationDescription.AssociationId})
+}
+
+func (s *server) InstancesTagsHandler(w http.ResponseWriter, r *http.Request) {
+	w = LogWriter{w}
+	vars := mux.Vars(r)
+	account := s.mapAccountNumber(vars["account"])
+	instanceId := vars["id"]
+
+	req := &Ec2ImageUpdateRequest{}
+	if err := json.NewDecoder(r.Body).Decode(req); err != nil {
+		msg := fmt.Sprintf("cannot decode body into update image input: %s", err)
+		handleError(w, apierror.New(apierror.ErrBadRequest, msg, err))
+		return
+	}
+
+	if len(req.Tags) == 0 {
+		handleError(w, apierror.New(apierror.ErrBadRequest, "missing required field: tags", nil))
+		return
+	}
+
+	role := fmt.Sprintf("arn:aws:iam::%s:role/%s", account, s.session.RoleName)
+	policy, err := tagCreatePolicy()
+	if err != nil {
+		handleError(w, err)
+		return
+	}
+
+	session, err := s.assumeRole(
+		r.Context(),
+		s.session.ExternalID,
+		role,
+		policy,
+		"arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess",
+	)
+	if err != nil {
+		msg := fmt.Sprintf("failed to assume role in account: %s", account)
+		handleError(w, apierror.New(apierror.ErrForbidden, msg, err))
+		return
+	}
+
+	service := ec2.New(
+		ec2.WithSession(session.Session),
+		ec2.WithOrg(s.org),
+	)
+
+	if err := service.UpdateTags(r.Context(), req.Tags, instanceId); err != nil {
+		handleError(w, err)
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}
+
+func (s *server) InstancesAttributeHandler(w http.ResponseWriter, r *http.Request) {
+	w = LogWriter{w}
+	vars := mux.Vars(r)
+	account := s.mapAccountNumber(vars["account"])
+	instanceId := vars["id"]
+
+	req := &Ec2InstancesAttributeUpdateRequest{}
+	if err := json.NewDecoder(r.Body).Decode(req); err != nil {
+		msg := fmt.Sprintf("cannot decode body into update image input: %s", err)
+		handleError(w, apierror.New(apierror.ErrBadRequest, msg, err))
+		return
+	}
+
+	if len(req.InstanceType) == 0 {
+		handleError(w, apierror.New(apierror.ErrBadRequest, "missing required field: tags", nil))
+		return
+	}
+
+	role := fmt.Sprintf("arn:aws:iam::%s:role/%s", account, s.session.RoleName)
+	policy, err := tagCreatePolicy()
+	if err != nil {
+		handleError(w, err)
+		return
+	}
+
+	session, err := s.assumeRole(
+		r.Context(),
+		s.session.ExternalID,
+		role,
+		policy,
+		"arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess",
+	)
+	if err != nil {
+		msg := fmt.Sprintf("failed to assume role in account: %s", account)
+		handleError(w, apierror.New(apierror.ErrForbidden, msg, err))
+		return
+	}
+
+	service := ec2.New(
+		ec2.WithSession(session.Session),
+		ec2.WithOrg(s.org),
+	)
+
+	if err := service.UpdateAttributes(r.Context(), req.InstanceType["value"], instanceId); err != nil {
+		handleError(w, err)
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}

api/routes.go

@@ -65,12 +65,12 @@ func (s *server) routes() {
 	api.HandleFunc("/{account}/images", s.ProxyRequestHandler).Methods(http.MethodPost)
 
 	api.HandleFunc("/{account}/images/{id}/tags", s.ImageUpdateHandler).Methods(http.MethodPut)
-	api.HandleFunc("/{account}/instances/{id}", s.ProxyRequestHandler).Methods(http.MethodPut)
+	api.HandleFunc("/{account}/instances/{id}", s.InstanceIDHandler).Methods(http.MethodPut)
 	api.HandleFunc("/{account}/instances/{id}/power", s.InstanceStateHandler).Methods(http.MethodPut)
 	api.HandleFunc("/{account}/instances/{id}/ssm/command", s.InstanceSendCommandHandler).Methods(http.MethodPut)
-	api.HandleFunc("/{account}/instances/{id}/ssm/association", s.ProxyRequestHandler).Methods(http.MethodPut)
-	api.HandleFunc("/{account}/instances/{id}/tags", s.ProxyRequestHandler).Methods(http.MethodPut)
-	api.HandleFunc("/{account}/instances/{id}/attribute", s.ProxyRequestHandler).Methods(http.MethodPut)
+	api.HandleFunc("/{account}/instances/{id}/ssm/association", s.CreateAssociationHandler).Methods(http.MethodPut)
+	api.HandleFunc("/{account}/instances/{id}/tags", s.InstancesTagsHandler).Methods(http.MethodPut)
+	api.HandleFunc("/{account}/instances/{id}/attribute", s.InstancesAttributeHandler).Methods(http.MethodPut)
 	api.HandleFunc("/{account}/sgs/{id}", s.SecurityGroupUpdateHandler).Methods(http.MethodPut)
 	api.HandleFunc("/{account}/sgs/{id}/tags", s.ProxyRequestHandler).Methods(http.MethodPut)
 	api.HandleFunc("/{account}/volumes/{id}", s.ProxyRequestHandler).Methods(http.MethodPut)

api/types.go

@@ -656,6 +656,10 @@ func toSSMGetCommandInvocationOutput(rawOut *ssm.GetCommandInvocationOutput) *SS
 type Ec2ImageUpdateRequest struct {
 	Tags map[string]string
 }
+
+type Ec2InstancesAttributeUpdateRequest struct {
+	InstanceType map[string]string `json:"instance_type,omitempty"`
+}
 type AssociationDescription struct {
 	Name                        string              `json:"name"`
 	InstanceId                  string              `json:"instance_id"`
@@ -728,6 +732,10 @@ type Ec2InstanceStateChangeRequest struct {
 	State string
 }
 
+type SSMCreateRequest struct {
+	Document string
+}
+
 type SsmCommandRequest struct {
 	DocumentName   string               `json:"document_name"`
 	Parameters     map[string][]*string `json:"parameters"`

ec2/attributes.go

@@ -0,0 +1,30 @@
+package ec2
+
+import (
+	"context"
+
+	"github.com/YaleSpinup/apierror"
+	"github.com/YaleSpinup/ec2-api/common"
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ec2"
+	log "github.com/sirupsen/logrus"
+)
+
+func (e *Ec2) UpdateAttributes(ctx context.Context, instanceType, instanceId string) error {
+	if len(instanceId) == 0 || len(instanceType) == 0 {
+		return apierror.New(apierror.ErrBadRequest, "invalid input", nil)
+	}
+
+	log.Infof("updating attributes: %v with instance type %+v", instanceId, instanceType)
+
+	input := ec2.ModifyInstanceAttributeInput{
+		InstanceType: &ec2.AttributeValue{Value: aws.String(instanceType)},
+		InstanceId:   aws.String(instanceId),
+	}
+
+	if _, err := e.Service.ModifyInstanceAttributeWithContext(ctx, &input); err != nil {
+		return common.ErrCode("updating attributes", err)
+	}
+
+	return nil
+}

ec2/attributes_test.go

@@ -0,0 +1,72 @@
+package ec2
+
+import (
+	"context"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/aws/aws-sdk-go/service/ec2/ec2iface"
+)
+
+func (m *mockEC2Client) ModifyInstanceAttributeWithContext(ctx aws.Context, inp *ec2.ModifyInstanceAttributeInput, opt ...request.Option) (*ec2.ModifyInstanceAttributeOutput, error) {
+	if m.err != nil {
+		return nil, m.err
+	}
+	return &ec2.ModifyInstanceAttributeOutput{}, nil
+
+}
+func TestEc2_UpdateAttributes(t *testing.T) {
+	type fields struct {
+		Service ec2iface.EC2API
+	}
+	type args struct {
+		ctx          context.Context
+		instanceType string
+		instanceId   string
+	}
+	tests := []struct {
+		name    string
+		fields  fields
+		e       *Ec2
+		args    args
+		wantErr bool
+	}{
+		{
+			name:    "success case",
+			args:    args{ctx: context.TODO(), instanceType: "Type1", instanceId: "i-123"},
+			fields:  fields{Service: newmockEC2Client(t, nil)},
+			wantErr: false,
+		},
+		{
+			name:    "aws error",
+			args:    args{ctx: context.TODO(), instanceType: "Type1", instanceId: "i-123"},
+			fields:  fields{Service: newmockEC2Client(t, awserr.New("Bad Request", "boom.", nil))},
+			wantErr: true,
+		},
+		{
+			name:    "invalid input, instance id is empty",
+			args:    args{ctx: context.TODO(), instanceType: "Type1", instanceId: ""},
+			fields:  fields{Service: newmockEC2Client(t, nil)},
+			wantErr: true,
+		},
+		{
+			name:    "invalid input, instance type is empty",
+			args:    args{ctx: context.TODO(), instanceType: "", instanceId: "i-123"},
+			fields:  fields{Service: newmockEC2Client(t, nil)},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			e := &Ec2{
+				Service: tt.fields.Service,
+			}
+			if err := e.UpdateAttributes(tt.args.ctx, tt.args.instanceType, tt.args.instanceId); (err != nil) != tt.wantErr {
+				t.Errorf("Ec2.UpdateAttributes() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}

ssm/association.go

@@ -24,3 +24,19 @@ func (s *SSM) DescribeAssociation(ctx context.Context, instanceId, docName strin
 	log.Debugf("got output describing SSM Association: %+v", out)
 	return out, nil
 }
+
+func (s *SSM) CreateAssociation(ctx context.Context, instanceId, docName string) (*ssm.CreateAssociationOutput, error) {
+	if instanceId == "" || docName == "" {
+		return nil, apierror.New(apierror.ErrBadRequest, "both instanceId and docName should be present", nil)
+	}
+	inp:=  &ssm.CreateAssociationInput{
+		Name:       aws.String(docName),
+		InstanceId: aws.String(instanceId),
+	}
+	out, err := s.Service.CreateAssociationWithContext(ctx,inp)
+	if err != nil {
+		return nil, common.ErrCode("failed to create association", err)
+	}
+	log.Debugf("got output creating SSM Association: %+v", out)
+	return out, nil
+}