atlassian-labs · dagguh · Jun 10, 2024 · Jun 10, 2024 · Jun 10, 2024 · Jun 10, 2024
@@ -23,6 +23,13 @@ Dropping a requirement of a major version of a dependency is a new contract.
 ## [Unreleased]
 [Unreleased]: https://github.com/atlassian-labs/aws-resources/compare/release-1.15.0...master
 
+### Added
+- Add `CanonicalAmiProvider.Builder.avoidUnattendedUpgrades` for bumping `imageName` to Focal or higher.
+
+### Fixed
+- Unpin Ubuntu Focal version in `CanonicalAmiProvider.Builder` by default.
+  You can still pin a specific release date, e.g. `imageName("ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20240531")`
+
 ## [1.15.0] - 2024-01-23
 [1.15.0]: https://github.com/atlassian-labs/aws-resources/compare/release-1.14.0...release-1.15.0
 

@@ -1,20 +1,15 @@
 package com.atlassian.performance.tools.aws
 
 import com.amazonaws.regions.Regions
+import com.amazonaws.regions.Regions.*
 
 /**
- * Based on https://ubuntu.com/server/docs/cloud-images/amazon-ec2
+ * Based on https://documentation.ubuntu.com/aws/en/latest/aws-how-to/instances/find-ubuntu-images/#ownership-verification
  */
 internal object CanonicalOwnerIdRegistry {
-    const val default = "099720109477"
-    val byRegion = Regions.values().associate {
-        it to when(it) {
-            Regions.GovCloud -> "513442679011"
-            Regions.CN_NORTH_1,
-            Regions.CN_NORTHWEST_1 -> "837727238323"
-            else -> default
-        }
+    fun forRegion(region: Regions?) = when (region) {
+        GovCloud -> "513442679011"
+        CN_NORTH_1, CN_NORTHWEST_1 -> "837727238323"
+        else -> "099720109477"
     }
-
-    fun forRegion(region: Regions?) = byRegion[region] ?: default
 }
diff --git a/src/main/kotlin/com/atlassian/performance/tools/aws/api/CanonicalImageIdByNameResolver.kt b/src/main/kotlin/com/atlassian/performance/tools/aws/api/CanonicalImageIdByNameResolver.kt
@@ -21,14 +21,10 @@ class CanonicalImageIdByNameResolver private constructor(
             )
         )
         .images
+        .sortedByDescending { it.creationDate }
         .map { it.imageId }
-        .let {
-            when {
-                it.isEmpty() -> throw Exception("Failed to find image $imageName in $region")
-                it.size > 1 -> throw Exception("More than one image found with name $imageName in declared region $region. Selecting any of them automatically could create a security risk, so we can't proceed")
-                else -> it.first()
-            }
-        }
+        .firstOrNull()
+        ?: throw Exception("Failed to find image containing $imageName in $region")
 
     class Builder(
         private val ec2: AmazonEC2

@@ -32,7 +32,7 @@ class CanonicalAmiProvider private constructor(
     }
 
     class Builder {
-        private val focal = "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20220610"
+        private val focal = "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server"
         private var imageName = focal
 
         /**
@@ -49,11 +49,16 @@ class CanonicalAmiProvider private constructor(
             this.imageName = imageName
         }
 
-        fun focal(): Builder {
-            avoidUnattendedUpgrades = true
-            return imageName(focal)
+        /**
+         * Make sure your [imageName] is Focal or newer.
+         */
+        fun avoidUnattendedUpgrades() = apply {
+            this.avoidUnattendedUpgrades = true
         }
 
+        fun focal() = imageName(focal)
+            .avoidUnattendedUpgrades()
+
         fun build(): CanonicalAmiProvider = CanonicalAmiProvider(imageName, avoidUnattendedUpgrades)
     }
 }
@@ -36,7 +36,7 @@ class CanonicalImageIdByNameResolverTest {
             assertThat(savedRequest).isNotNull
             assertThat(savedRequest!!.filters).contains(
                 Filter("name", listOf(queriedImageName)),
-                Filter("owner-id", listOf(CanonicalOwnerIdRegistry.byRegion[region]))
+                Filter("owner-id", listOf(CanonicalOwnerIdRegistry.forRegion(region)))
             )
         }
     }
@@ -63,7 +63,7 @@ class CanonicalImageIdByNameResolverTest {
         assertThat(savedRequest).isNotNull
         assertThat(savedRequest!!.filters).contains(
             Filter("name", listOf(queriedImageName)),
-            Filter("owner-id", listOf(CanonicalOwnerIdRegistry.default))
+            Filter("owner-id", listOf("099720109477"))
         )
     }
 
@@ -107,27 +107,23 @@ class CanonicalImageIdByNameResolverTest {
     }
 
     @Test
-    fun failsWhenMoreThanOneImageIsFound() {
+    fun picksTheNewestImage() {
         val queriedImageName = "name-of-single-image"
         val ec2 = object : AmazonEC2 by FakeEc2() {
             override fun describeImages(
                 describeImagesRequest: DescribeImagesRequest?
             ) = DescribeImagesResult()
                 .withImages(
-                    Image().withImageId("id-of-image-1"),
-                    Image().withImageId("id-of-image-2")
+                    Image().withImageId("id-of-image-1").withCreationDate("2022-07-07T00:49:01.000Z"),
+                    Image().withImageId("id-of-image-2").withCreationDate("2024-03-21T22:43:23.000Z"),
+                    Image().withImageId("id-of-image-3").withCreationDate("2023-03-01T23:16:36.000Z")
                 )
         }
         val resolver = CanonicalImageIdByNameResolver.Builder(ec2)
             .build()
 
-        val result = try {
-            resolver.invoke(queriedImageName)
-            null
-        } catch (e: Exception) {
-            e
-        }
+        val result = resolver.invoke(queriedImageName)
 
-        assertThat(result).isNotNull()
+        assertThat(result).isEqualTo("id-of-image-2")
     }
 }