Add --ec2-security-group flag support

[serialx]

This PR makes the following changes:

• Adds --ec2-security-group flag support

I tested this PR by actually launching multiple clusters that we use everyday. :)

Fixes #72

BTW, having great fun using flintrock. We've replaced our internal production spark-ec2 scripts to flintrock. We are testing it right now. Great software!

[nchammas]

Thank you for the kind words @serialx, and sorry about the delay in reviewing this. I will try to look at it next weekend.

[nchammas]

I was thinking these would be security group names, not IDs. I think that's more user-friendly. Do you agree?

[nchammas]

Thanks for the clean PR, @serialx.

In addition to the line comments, there was one other minor issue: The error message when the user provides a nonexistent security group is confusing.

botocore.exceptions.ClientError: An error occurred (InvalidParameterValue) when calling
the RunInstances operation: Value () for parameter groupId is invalid. The value cannot be empty

If possible, I would prefer it if we could tell the user "Security group 'group-name' does not exist in VPC 'vpc-id'." Is there a relatively straightforward way of doing that?

[serialx]

Thank you for your detailed feedback. I've been testing out the group name approach and have not been successful with this error:

Traceback (most recent call last):
  File "/usr/local/bin/flintrock", line 9, in <module>
    load_entry_point('Flintrock==0.5.0.dev0', 'console_scripts', 'flintrock')()
  File "/usr/local/lib/python3.5/site-packages/flintrock/flintrock.py", line 880, in main
    cli(obj={})
  File "/usr/local/lib/python3.5/site-packages/click/core.py", line 716, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/click/core.py", line 696, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.5/site-packages/click/core.py", line 1060, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.5/site-packages/click/core.py", line 889, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.5/site-packages/click/core.py", line 534, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/click/decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/flintrock/flintrock.py", line 331, in launch
    instance_initiated_shutdown_behavior=ec2_instance_initiated_shutdown_behavior)
  File "/usr/local/lib/python3.5/site-packages/flintrock/ec2.py", line 46, in wrapper
    res = func(*args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/flintrock/ec2.py", line 611, in launch
    InstanceInitiatedShutdownBehavior=instance_initiated_shutdown_behavior)
  File "/usr/local/lib/python3.5/site-packages/boto3/resources/factory.py", line 481, in do_action
    response = action(self, *args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/boto3/resources/action.py", line 83, in __call__
    response = getattr(parent.meta.client, operation_name)(**params)
  File "/usr/local/lib/python3.5/site-packages/botocore/client.py", line 228, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/usr/local/lib/python3.5/site-packages/botocore/client.py", line 486, in _make_api_call
    raise ClientError(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (InvalidParameterCombination) when calling the RunInstances operation: The parameter groupName cannot be used with the parameter subnet

I guess this is not supported on VPC environments.

[serialx]

About the non-existent security group I get this error:

There was a problem with the launch. Cleaning up...
Traceback (most recent call last):
  File "/usr/local/bin/flintrock", line 9, in <module>
    load_entry_point('Flintrock==0.5.0.dev0', 'console_scripts', 'flintrock')()
  File "/usr/local/lib/python3.5/site-packages/flintrock/flintrock.py", line 880, in main
    cli(obj={})
  File "/usr/local/lib/python3.5/site-packages/click/core.py", line 716, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/click/core.py", line 696, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.5/site-packages/click/core.py", line 1060, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.5/site-packages/click/core.py", line 889, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.5/site-packages/click/core.py", line 534, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/click/decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/flintrock/flintrock.py", line 331, in launch
    instance_initiated_shutdown_behavior=ec2_instance_initiated_shutdown_behavior)
  File "/usr/local/lib/python3.5/site-packages/flintrock/ec2.py", line 46, in wrapper
    res = func(*args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/flintrock/ec2.py", line 611, in launch
    InstanceInitiatedShutdownBehavior=instance_initiated_shutdown_behavior)
  File "/usr/local/lib/python3.5/site-packages/boto3/resources/factory.py", line 481, in do_action
    response = action(self, *args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/boto3/resources/action.py", line 83, in __call__
    response = getattr(parent.meta.client, operation_name)(**params)
  File "/usr/local/lib/python3.5/site-packages/botocore/client.py", line 228, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/usr/local/lib/python3.5/site-packages/botocore/client.py", line 486, in _make_api_call
    raise ClientError(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (InvalidGroup.NotFound) when calling the RunInstances operation: The security group 'sg-12341234' does not exist in VPC 'vpc-**********'

Would this suffice? Maybe the botocore became more friendly on error cases. :)

[nchammas]

Regarding this error:

botocore.exceptions.ClientError: An error occurred (InvalidParameterCombination) when calling the 
RunInstances operation: The parameter groupName cannot be used with the parameter subnet

My intention was that we would let users pass in security group names, but wherever necessary we would translate them into security group IDs to satisfy AWS's API.

That lets us separate the user-interface from what we have to pass to AWS.

Does that make sense?

[serialx]

Totally got your message. Revised the commit to fully support group names. :)

Also, groups which are not found will issue the following error message.

Traceback (most recent call last):
  File "/usr/local/bin/flintrock", line 9, in <module>
    load_entry_point('Flintrock==0.5.0.dev0', 'console_scripts', 'flintrock')()
  File "/usr/local/lib/python3.5/site-packages/flintrock/flintrock.py", line 880, in main
    cli(obj={})
  File "/usr/local/lib/python3.5/site-packages/click/core.py", line 716, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/click/core.py", line 696, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.5/site-packages/click/core.py", line 1060, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.5/site-packages/click/core.py", line 889, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.5/site-packages/click/core.py", line 534, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/click/decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/flintrock/flintrock.py", line 331, in launch
    instance_initiated_shutdown_behavior=ec2_instance_initiated_shutdown_behavior)
  File "/usr/local/lib/python3.5/site-packages/flintrock/ec2.py", line 46, in wrapper
    res = func(*args, **kwargs)
  File "/usr/local/lib/python3.5/site-packages/flintrock/ec2.py", line 566, in launch
    security_groups=security_groups)
  File "/usr/local/lib/python3.5/site-packages/flintrock/ec2.py", line 322, in get_ec2_security_groups
    groups=non_found_groups))
Exception: Error security group not found: {'not-found-sg'}

[nchammas]

I think we can drop all the comments like this one since the code is pretty self-explanatory.

In general, I prefer to add comments to explain why something was done when it may not be obvious, as opposed to what was done which is usually clear enough from the code.

[nchammas]

@serialx - Apologies for taking so long to review this. It's summertime over here and I've been spending much less time at the keyboard than usual. 😄

This PR looks pretty good to me and I'd like to get it in soon. My only remaining concern is that we are allowing the user to mix specifying security groups by name and by ID. I'd prefer it if we allowed security groups to be specified only by name. It makes the interface and code a bit simpler.

Is that OK with you? Is there some case where someone might really need to specify the security group by ID and not by name?

[serialx]

I think supporting only group names is fine. Changed the commit including the the changes you mentioned in the comment.

[nchammas]

Thanks @serialx. Merging this in.