CY-893: Detach eni from lambda function

Mohammed AbuAisha · Mohammed AbuAisha · commit ab8aab3f319a · 2018-12-27T14:12:12.000+02:00
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
@@ -1,3 +1,10 @@
+2.8.1:
+ - Fix issue with removing elastic network interface created by lambda invoke function
+2.8.0:
+  - Upgrade boto3 library version to 1.9.57
+  - Upgrade botocore library version to 1.12.57
+  - Update all plugin examples to use the latest version of the plugin
+  - Fix bugs for plugin
 2.7.1:
   - Remove tagging for EIP as it is not supported.
   - Add use_ipv6_ip property to compute.
diff --git a/cloudify_awssdk/ec2/resources/eni.py b/cloudify_awssdk/ec2/resources/eni.py
@@ -67,6 +67,14 @@ def status(self):
             return None
         return props['Status']
 
+    def list_network_interfaces(self, filters=None):
+        params = dict()
+        if filters:
+            params['Filters'] = filters
+
+        resources = self.client.describe_network_interfaces(**params)
+        return resources.get(NETWORKINTERFACES) if resources else []
+
     def create(self, params):
         """
             Create a new AWS EC2 NetworkInterface.
diff --git a/cloudify_awssdk/iam/resources/role.py b/cloudify_awssdk/iam/resources/role.py
@@ -150,7 +150,7 @@ def delete(ctx, iface, resource_config, **_):
         for policy in ctx.instance.runtime_properties['policies']:
             payload = dict()
             payload['PolicyArn'] = policy
-            iface.attach_policy(payload)
+            iface.detach_policy(payload)
 
     iface.delete(resource_config)
 
diff --git a/cloudify_awssdk/lambda_serverless/resources/function.py b/cloudify_awssdk/lambda_serverless/resources/function.py
@@ -158,6 +158,12 @@ def create(ctx, iface, resource_config, **_):
     utils.update_resource_arn(
         ctx.instance, create_response['FunctionArn'])
 
+    # Save vpc_config to be used later on when remove eni created by invoke
+    # function
+    if vpc_config and create_response.get('VpcConfig'):
+        ctx.instance.runtime_properties['vpc_config'] =\
+            create_response['VpcConfig']
+
 
 @decorators.aws_resource(LambdaFunction, RESOURCE_TYPE,
                          ignore_properties=True)
diff --git a/cloudify_awssdk/lambda_serverless/resources/invoke.py b/cloudify_awssdk/lambda_serverless/resources/invoke.py
@@ -20,6 +20,7 @@
 # Cloudify
 from cloudify_awssdk.common import decorators, utils
 from cloudify_awssdk.lambda_serverless.resources.function import LambdaFunction
+from cloudify_awssdk.ec2.resources import eni
 
 RESOURCE_TYPE = 'Lambda Function Invocation'
 
@@ -49,4 +50,52 @@ def attach_to(ctx, resource_config, **_):
 @decorators.aws_relationship(resource_type=RESOURCE_TYPE)
 def detach_from(ctx, resource_config, **_):
     '''Detaches an Lambda Invoke from something else'''
-    pass
+    props = ctx.target.instance.runtime_properties
+    function_name = props.get('aws_resource_id')
+    vpc_config = props.get('vpc_config')
+
+    # Check to see if the invoked function is placed in vpc or not so that we
+    # can remove the eni created by invoke method
+    if vpc_config:
+        eni_instance = eni.EC2NetworkInterface(
+            ctx_node=ctx.target.node,
+            logger=ctx.logger
+        )
+
+        eni_filter = [
+            {
+                'Name': 'vpc-id',
+                'Values': [vpc_config['VpcId']]
+            },
+            {
+                'Name': 'group-id',
+                'Values': [
+                    group_id for group_id in
+                    vpc_config['SecurityGroupIds']
+                ]
+            },
+            {
+                'Name': 'description',
+                'Values': ['AWS Lambda VPC ENI:*']
+            },
+            {
+                'Name': 'requester-id',
+                'Values': ['*:{0}*'.format(function_name)]
+            }
+        ]
+
+        eni_interfaces = eni_instance.list_network_interfaces(eni_filter)
+        if eni_interfaces:
+            eni_interface = eni_interfaces[0]
+            eni_id = eni_interface['NetworkInterfaceId']
+            attachment = eni_interface.get('Attachment')
+            if attachment:
+                eni_attachment_id = attachment.get('AttachmentId')
+                params = {
+                    eni.ATTACHMENT_ID: eni_attachment_id
+                }
+                eni_instance.detach(params)
+
+            params = dict()
+            params[eni.NETWORKINTERFACE_ID] = eni_id
+            eni_instance.delete(params)
diff --git a/plugin.yaml b/plugin.yaml
@@ -2,9 +2,9 @@ plugins:
 
   awssdk:
     executor: central_deployment_agent
-    source: https://github.com/cloudify-incubator/cloudify-awssdk-plugin/archive/2.8.0.zip
+    source: https://github.com/cloudify-incubator/cloudify-awssdk-plugin/archive/2.8.1.zip
     package_name: cloudify-awssdk-plugin
-    package_version: '2.8.0'
+    package_version: '2.8.1'
 
 data_types:
 
diff --git a/setup.py b/setup.py
@@ -20,7 +20,7 @@
 
 setup(
     name='cloudify-awssdk-plugin',
-    version='2.8.0',
+    version='2.8.1',
     license='LICENSE',
     packages=find_packages(exclude=['tests*']),
     description='A Cloudify plugin for AWS',
