remote-shell-client/container_info.go at master · webdestroya/remote-shell-client · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
package main

import (
	"context"
	"encoding/json"
	"log"
	"strings"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/service/ec2"
	ecsTypes "github.com/aws/aws-sdk-go-v2/service/ecs/types"
)

type RemoteShellDockerLabel struct {
	Cluster          string   `json:"cluster"`
	SubnetIds        []string `json:"subnets"`
	SecurityGroupIds []string `json:"security_groups"`
	AssignPublicIp   bool     `json:"public"`
	Port             int32    `json:"port"`
	Path             string   `json:"path,omitempty"`
}

type ContainerDetails struct {
	name         string
	port         int32
	containerDef ecsTypes.ContainerDefinition
	config       RemoteShellDockerLabel
}

func extractContainerDetails(taskDef *ecsTypes.TaskDefinition) ContainerDetails {
	var rshellConfig RemoteShellDockerLabel
	var containerName string
	var containerDef ecsTypes.ContainerDefinition
	// var containerAddress string

	for _, value := range taskDef.ContainerDefinitions {
		// check if container has our label
		if rshellConfigJson, ok := value.DockerLabels["cloud87.rshell"]; ok {

			// parse the json of the label
			if err := json.NewDecoder(strings.NewReader(rshellConfigJson)).Decode(&rshellConfig); err == nil {
				// fmt.Println("OK")
				// fmt.Println(rshellConfig)
				containerName = aws.ToString(value.Name)
				containerDef = value
				break
			}
		}
	}

	if containerName == "" {
		panic("This task definition does not have Cloud87 Remote Shell (cloud87.rshell) configuration label!")
	}

	return ContainerDetails{
		name:         containerName,
		port:         extractContainerPort(containerDef),
		containerDef: containerDef,
		config:       rshellConfig,
	}
}

func extractContainerPort(containerDef ecsTypes.ContainerDefinition) int32 {

	var desiredPorts = []int32{8722, 22}

	if len(containerDef.PortMappings) == 0 {
		panic("There are no open ports on this task definition!")
	}

	// search in order of preference for possible remote shell ports
	for _, desiredPort := range desiredPorts {
		for _, value := range containerDef.PortMappings {
			if value.Protocol == ecsTypes.TransportProtocolTcp && aws.ToInt32(value.ContainerPort) == desiredPort {
				return desiredPort
			}
		}
	}

	// nothing was found...
	log.Println("Could not determine port for remote shell... falling back to any open port.")
	for _, value := range containerDef.PortMappings {
		if value.Protocol == ecsTypes.TransportProtocolTcp {
			return aws.ToInt32(value.ContainerPort)
		}
	}

	panic("There are no open TCP ports on this task definition")
}

func extractContainerPrivateAddress(taskInfo ecsTypes.Task, containerDetails ContainerDetails) string {

	for _, value := range taskInfo.Containers {
		if aws.ToString(value.Name) == containerDetails.name {
			if len(value.NetworkInterfaces) > 0 {
				return aws.ToString(value.NetworkInterfaces[0].PrivateIpv4Address)
			}
			// value.NetworkInterfaces[0].PrivateIpv4Address
		}
	}

	panic("Container does not have any IPs?")
}

func extractContainerPublicAddress(ec2Client *ec2.Client, taskInfo ecsTypes.Task, containerDetails ContainerDetails) string {

	var attachmentId string

	for _, value := range taskInfo.Containers {
		if aws.ToString(value.Name) == containerDetails.name {
			if len(value.NetworkInterfaces) > 0 {
				attachmentId = aws.ToString(value.NetworkInterfaces[0].AttachmentId)
				break
			}
			// value.NetworkInterfaces[0].PrivateIpv4Address
		}
	}

	if attachmentId == "" {
		panic("Unable to find attached NetworkInterface")
	}

	var networkInferfaceId string
	for _, value := range taskInfo.Attachments {
		if aws.ToString(value.Id) == attachmentId {
			for _, detailValue := range value.Details {
				if aws.ToString(detailValue.Name) == "networkInterfaceId" {
					networkInferfaceId = aws.ToString(detailValue.Value)
					break
				}
			}
		}
	}

	if networkInferfaceId == "" {
		panic("Unable to determine NetworkInterfaceID for attachment")
	}

	result, err := ec2Client.DescribeNetworkInterfaces(context.TODO(), &ec2.DescribeNetworkInterfacesInput{
		NetworkInterfaceIds: []string{networkInferfaceId},
	})
	check(err)

	networkInterface := result.NetworkInterfaces[0]

	if networkInterface.Association == nil {
		panic("No association information")
	}

	publicIp := aws.ToString(networkInterface.Association.PublicIp)

	if publicIp == "" {
		panic("No public IP for this ENI")
	}

	return publicIp
}