lib/chef/knife/ec2_server_create.rb in knife-ec2-0.13.0 vs lib/chef/knife/ec2_server_create.rb in knife-ec2-0.14.0

@@ -65,15 +65,33 @@
         :long => "--groups X,Y,Z",
         :description => "The security groups for this server; not allowed when using VPC",
         :proc => Proc.new { |groups| groups.split(',') }
 
       option :security_group_ids,
-        :short => "-g 'X,Y,Z'",
         :long => "--security-group-ids 'X,Y,Z'",
-        :description => "The security group ids for this server; required when using VPC,Please provide values in format --security-group-ids 'X,Y,Z'",
-        :proc => Proc.new { |security_group_ids| security_group_ids.split(',') }
+        :description => "The security group ids for this server; required when using VPC. Provide values in format --security-group-ids 'X,Y,Z'. [DEPRECATED] This option will be removed in future release. Use the new --security-group-id option. ",
+        :proc => Proc.new { |security_group_ids|
+          ui.warn('[DEPRECATED] This option will be removed in future release. Use the new --security-group-id option multiple times when specifying multiple groups for e.g. -g sg-e985168d -g sg-e7f06383 -g sg-ec1b7e88.')
+          if security_group_ids.gsub(' ', '').split(',').size > 1
+            Chef::Config[:knife][:security_group_ids] = security_group_ids.gsub(' ', '').split(',')
+          else
+            Chef::Config[:knife][:security_group_ids] ||= []
+            Chef::Config[:knife][:security_group_ids].push(security_group_ids)
+            Chef::Config[:knife][:security_group_ids]
+          end
+        }
 
+      option :security_group_id,
+        :short => "-g SECURITY_GROUP_ID",
+        :long => "--security-group-id ID",
+        :description => "The security group id for this server; required when using VPC. Use the --security-group-id option multiple times when specifying multiple groups for e.g. -g sg-e985168d -g sg-e7f06383 -g sg-ec1b7e88.",
+        :proc => Proc.new { |security_group_id|
+          Chef::Config[:knife][:security_group_ids] ||= []
+          Chef::Config[:knife][:security_group_ids].push(security_group_id)
+          Chef::Config[:knife][:security_group_ids]
+        }
+
       option :associate_eip,
         :long => "--associate-eip IP_ADDRESS",
         :description => "Associate existing elastic IP address with instance after launch"
 
       option :dedicated_instance,
@@ -424,21 +442,20 @@
         :boolean => true,
         :default => false
 
       def run
         $stdout.sync = true
-
         validate!
 
         requested_elastic_ip = config[:associate_eip] if config[:associate_eip]
 
         # For VPC EIP assignment we need the allocation ID so fetch full EIP details
         elastic_ip = connection.addresses.detect{|addr| addr if addr.public_ip == requested_elastic_ip}
 
         if locate_config_value(:spot_price)
           server_def = create_server_def
-          server_def[:groups] = config[:security_group_ids] if vpc_mode?
+          server_def[:groups] = server_def[:security_group_ids] if vpc_mode?
           spot_request = connection.spot_requests.create(server_def)
           msg_pair("Spot Request ID", spot_request.id)
           msg_pair("Spot Request Type", spot_request.request_type)
           msg_pair("Spot Price", spot_request.price)
 
@@ -467,11 +484,17 @@
             ready?
           end
           puts("\n")
           @server = connection.servers.get(spot_request.instance_id)
         else
-          @server = connection.servers.create(create_server_def)
+          begin
+            @server = connection.servers.create(create_server_def)
+          rescue => error
+            ui.error error.message
+            Chef::Log.debug("#{error.backtrace.join("\n")}")
+            exit
+          end
         end
 
         hashed_tags={}
         tags.map{ |t| key,val=t.split('='); hashed_tags[key]=val} unless tags.nil?
 
@@ -694,11 +717,11 @@
         bootstrap.config[:first_boot_attributes] = locate_config_value(:first_boot_attributes)
         bootstrap.config[:first_boot_attributes_from_file] = locate_config_value(:first_boot_attributes_from_file)
         bootstrap.config[:encrypted_data_bag_secret] = s3_secret || locate_config_value(:secret)
         bootstrap.config[:encrypted_data_bag_secret_file] = locate_config_value(:secret_file)
         # retrieving the secret from S3 is unique to knife-ec2, so we need to set "command line secret" to the value fetched from S3
-        # When linux vm is spawned, the chef's secret option proc function sets the value "command line secret" and this value is used by 
+        # When linux vm is spawned, the chef's secret option proc function sets the value "command line secret" and this value is used by
         # chef's code to check if secret option is passed through command line or not
         Chef::Knife::DataBagSecretOptions.set_cl_secret(s3_secret) if locate_config_value(:s3_secret)
         bootstrap.config[:secret] = s3_secret || locate_config_value(:secret)
         bootstrap.config[:secret_file] = locate_config_value(:secret_file)
         bootstrap.config[:node_ssl_verify_mode] = locate_config_value(:node_ssl_verify_mode)
@@ -850,11 +873,12 @@
         if config[:security_groups] && config[:security_groups].class == String
           ui.error("Invalid value type for knife[:security_groups] in knife configuration file (i.e knife.rb). Type should be array. e.g - knife[:security_groups] = ['sgroup1']")
           exit 1
         end
 
-        if config[:security_group_ids] && config[:security_group_ids].class == String
+        # Validation for security_group_ids passed through knife.rb. It will raise error if values are not provided in Array.
+        if locate_config_value(:security_group_ids) && locate_config_value(:security_group_ids).class == String
           ui.error("Invalid value type for knife[:security_group_ids] in knife configuration file (i.e knife.rb). Type should be array. e.g - knife[:security_group_ids] = ['sgroup1']")
           exit 1
         end
 
         if config[:classic_link_vpc_id].nil? ^ config[:classic_link_vpc_security_group_ids].nil?
@@ -930,14 +954,14 @@
         end
       end
 
       def ssl_config_user_data
       user_related_commands = ""
-      winrm_user = locate_config_value(:winrm_user).split("\\") 
+      winrm_user = locate_config_value(:winrm_user).split("\\")
       if (winrm_user[0] == ".") || (winrm_user[0] == "") ||(winrm_user.length == 1)
         user_related_commands = <<-EOH
-net user /add #{locate_config_value(:winrm_user).delete('.\\')} #{windows_password}; 
+net user /add #{locate_config_value(:winrm_user).delete('.\\')} #{windows_password};
 net localgroup Administrators /add #{locate_config_value(:winrm_user).delete('.\\')};
         EOH
       end
 <<-EOH
 #{user_related_commands}
@@ -983,16 +1007,17 @@
 
       def create_server_def
         server_def = {
           :image_id => locate_config_value(:image),
           :groups => config[:security_groups],
-          :security_group_ids => locate_config_value(:security_group_ids),
           :flavor_id => locate_config_value(:flavor),
           :key_name => locate_config_value(:ssh_key_name),
           :availability_zone => locate_config_value(:availability_zone),
           :price => locate_config_value(:spot_price),
           :request_type => locate_config_value(:spot_request_type)
         }
+
+        server_def[:security_group_ids] = locate_config_value(:security_group_ids)
         server_def[:subnet_id] = locate_config_value(:subnet_id) if vpc_mode?
         server_def[:private_ip_address] = locate_config_value(:private_ip_address) if vpc_mode?
         server_def[:placement_group] = locate_config_value(:placement_group)
         server_def[:iam_instance_profile_name] = locate_config_value(:iam_instance_profile)
         server_def[:tenancy] = "dedicated" if vpc_mode? and locate_config_value(:dedicated_instance)