packer-cn/builder/amazon/common/ami_config.go

package common

import (
	"fmt"

	"github.com/hashicorp/packer/template/interpolate"
)

// AMIConfig is for common configuration related to creating AMIs.
type AMIConfig struct {
	AMIName                 string            `mapstructure:"ami_name"`
	AMIDescription          string            `mapstructure:"ami_description"`
	AMIVirtType             string            `mapstructure:"ami_virtualization_type"`
	AMIUsers                []string          `mapstructure:"ami_users"`
	AMIGroups               []string          `mapstructure:"ami_groups"`
	AMIProductCodes         []string          `mapstructure:"ami_product_codes"`
	AMIRegions              []string          `mapstructure:"ami_regions"`
	AMISkipRegionValidation bool              `mapstructure:"skip_region_validation"`
	AMITags                 map[string]string `mapstructure:"tags"`
	AMIENASupport           bool              `mapstructure:"ena_support"`
	AMISriovNetSupport      bool              `mapstructure:"sriov_support"`
	AMIForceDeregister      bool              `mapstructure:"force_deregister"`
	AMIForceDeleteSnapshot  bool              `mapstructure:"force_delete_snapshot"`
	AMIEncryptBootVolume    bool              `mapstructure:"encrypt_boot"`
	AMIKmsKeyId             string            `mapstructure:"kms_key_id"`
	AMIRegionKMSKeyIDs      map[string]string `mapstructure:"region_kms_key_ids"`
	SnapshotTags            map[string]string `mapstructure:"snapshot_tags"`
	SnapshotUsers           []string          `mapstructure:"snapshot_users"`
	SnapshotGroups          []string          `mapstructure:"snapshot_groups"`
}

func stringInSlice(s []string, searchstr string) bool {
	for _, item := range s {
		if item == searchstr {
			return true
		}
	}
	return false
}

func (c *AMIConfig) Prepare(ctx *interpolate.Context) []error {
	var errs []error
	if c.AMIName == "" {
		errs = append(errs, fmt.Errorf("ami_name must be specified"))
	}

	if len(c.AMIRegions) > 0 {
		regionSet := make(map[string]struct{})
		regions := make([]string, 0, len(c.AMIRegions))

		for _, region := range c.AMIRegions {
			// If we already saw the region, then don't look again
			if _, ok := regionSet[region]; ok {
				continue
			}

			// Mark that we saw the region
			regionSet[region] = struct{}{}

			if !c.AMISkipRegionValidation {
				// Verify the region is real
				if valid := ValidateRegion(region); !valid {
					errs = append(errs, fmt.Errorf("Unknown region: %s", region))
					continue
				}
			}

			// Make sure that if we have region_kms_key_ids defined,
			// the regions in ami_regions are also in region_kms_key_ids
			if len(c.AMIRegionKMSKeyIDs) > 0 {
				if _, ok := c.AMIRegionKMSKeyIDs[region]; !ok {
					errs = append(errs, fmt.Errorf("Region %s is in ami_regions but not in region_kms_key_ids", region))
				}
			}

			regions = append(regions, region)
		}

		c.AMIRegions = regions
	}
	// Make sure that if we have region_kms_key_ids defined,
	//  the regions in region_kms_key_ids are also in ami_regions
	if len(c.AMIRegionKMSKeyIDs) > 0 {
		for kmsKeyRegion := range c.AMIRegionKMSKeyIDs {
			if !stringInSlice(c.AMIRegions, kmsKeyRegion) {
				errs = append(errs, fmt.Errorf("Region %s is in region_kms_key_ids but not in ami_regions", kmsKeyRegion))
			}
		}
	}

	if len(c.AMIUsers) > 0 && c.AMIEncryptBootVolume {
		errs = append(errs, fmt.Errorf("Cannot share AMI with encrypted boot volume"))
	}

	if len(c.SnapshotUsers) > 0 {
		if len(c.AMIKmsKeyId) == 0 && c.AMIEncryptBootVolume {
			errs = append(errs, fmt.Errorf("Cannot share snapshot encrypted with default KMS key"))
		}
		if len(c.AMIRegionKMSKeyIDs) > 0 {
			for _, kmsKey := range c.AMIRegionKMSKeyIDs {
				if len(kmsKey) == 0 {
					errs = append(errs, fmt.Errorf("Cannot share snapshot encrypted with default KMS key"))
				}
			}
		}
	}

	if len(c.AMIName) < 3 || len(c.AMIName) > 128 {
		errs = append(errs, fmt.Errorf("ami_name must be between 3 and 128 characters long"))
	}

	if c.AMIName != templateCleanAMIName(c.AMIName) {
		errs = append(errs, fmt.Errorf("AMIName should only contain "+
			"alphanumeric characters, parentheses (()), square brackets ([]), spaces "+
			"( ), periods (.), slashes (/), dashes (-), single quotes ('), at-signs "+
			"(@), or underscores(_). You can use the `clean_ami_name` template "+
			"filter to automatically clean your ami name."))
	}

	if len(errs) > 0 {
		return errs
	}

	return nil
}
builder/amazon/common: AMIConfig common config /cc @jmassara - I pulled out the AMI stuff into a common config struct and also added in the new template stuff (that didn't exist when you made the pull, so not your fault! :)) 2013-08-09 01:50:23 -04:00			`package common`

			`import (`
			`"fmt"`
Formatting as per make fmt 2017-04-04 21:02:23 -04:00
move packer to hashicorp 2017-04-04 16:39:01 -04:00			`"github.com/hashicorp/packer/template/interpolate"`
builder/amazon/common: AMIConfig common config /cc @jmassara - I pulled out the AMI stuff into a common config struct and also added in the new template stuff (that didn't exist when you made the pull, so not your fault! :)) 2013-08-09 01:50:23 -04:00			`)`

			`// AMIConfig is for common configuration related to creating AMIs.`
			`type AMIConfig struct {`
make fmt run 2016-06-06 14:37:09 -04:00			AMIName string `mapstructure:"ami_name"`
			AMIDescription string `mapstructure:"ami_description"`
			AMIVirtType string `mapstructure:"ami_virtualization_type"`
			AMIUsers []string `mapstructure:"ami_users"`
			AMIGroups []string `mapstructure:"ami_groups"`
			AMIProductCodes []string `mapstructure:"ami_product_codes"`
			AMIRegions []string `mapstructure:"ami_regions"`
			AMISkipRegionValidation bool `mapstructure:"skip_region_validation"`
			AMITags map[string]string `mapstructure:"tags"`
use ami prefix to make it clear that these variables are amazon specific add fixer, fixer tests 2017-08-28 12:18:23 -04:00			AMIENASupport bool `mapstructure:"ena_support"`
			AMISriovNetSupport bool `mapstructure:"sriov_support"`
make fmt run 2016-06-06 14:37:09 -04:00			AMIForceDeregister bool `mapstructure:"force_deregister"`
Revert "Merge pull request #4230 from mitchellh/revert-4223-closes_3320" This reverts commit bda89b0c42deb186f18a68931c001afbe406dffb, reversing changes made to f9f9d8241967bfde493529ad0b9b42f3e422fd51. 2016-11-30 16:28:34 -05:00			AMIForceDeleteSnapshot bool `mapstructure:"force_delete_snapshot"`
allow packer to create an encrypted copy of the AMI 2016-03-23 13:35:47 -04:00			AMIEncryptBootVolume bool `mapstructure:"encrypt_boot"`
Added KMS CMK support to EBS builder Added the 'kms_key_id' parameter. This supports supplying a customer master key (CMK) when encrypting the EBS volume. The parameter is optional and only takes effect when 'encrypted' is true. When 'encrypted' is true but 'kms_key_id' is missing the 'aws/ebs' key will be used. 2016-10-18 08:30:38 -04:00			AMIKmsKeyId string `mapstructure:"kms_key_id"`
update docs and clean up 2017-05-31 16:41:32 -04:00			AMIRegionKMSKeyIDs map[string]string `mapstructure:"region_kms_key_ids"`
Closes #3908: Adds snapshot tag overrides This commit adds the ability to configure unique tags on snapshots that are separate from the tags defined on the AMI. Anything applied to the AMI will also be applied to the snapshots, but `snapshot_tags` will override and append tags to the tags already applied to the snapshots 2016-10-16 22:19:55 -04:00			SnapshotTags map[string]string `mapstructure:"snapshot_tags"`
amazon: Added snapshot_users and snapshot_groups 2016-12-02 03:49:21 -05:00			SnapshotUsers []string `mapstructure:"snapshot_users"`
			SnapshotGroups []string `mapstructure:"snapshot_groups"`
builder/amazon/common: AMIConfig common config /cc @jmassara - I pulled out the AMI stuff into a common config struct and also added in the new template stuff (that didn't exist when you made the pull, so not your fault! :)) 2013-08-09 01:50:23 -04:00			`}`

update docs and clean up 2017-05-31 16:41:32 -04:00			`func stringInSlice(s []string, searchstr string) bool {`
			`for _, item := range s {`
New map: region_kms_key_ids, allowing custom encryption keys on a per-region basis. Also new tests. 2017-05-25 17:42:03 -04:00			`if item == searchstr {`
			`return true`
			`}`
			`}`
			`return false`
			`}`

amazon/ebs: use new interpolation stuff 2015-05-27 14:35:56 -04:00			`func (c AMIConfig) Prepare(ctx interpolate.Context) []error {`
			`var errs []error`
builder/amazon/common: AMIConfig common config /cc @jmassara - I pulled out the AMI stuff into a common config struct and also added in the new template stuff (that didn't exist when you made the pull, so not your fault! :)) 2013-08-09 01:50:23 -04:00			`if c.AMIName == "" {`
			`errs = append(errs, fmt.Errorf("ami_name must be specified"))`
			`}`

Make sure ami_regions are valid 2013-08-21 21:44:14 -04:00			`if len(c.AMIRegions) > 0 {`
builder/amazon/common: remove duplicates from ami_region /cc @jmassara 2013-08-22 17:58:21 -04:00			`regionSet := make(map[string]struct{})`
			`regions := make([]string, 0, len(c.AMIRegions))`

Make sure ami_regions are valid 2013-08-21 21:44:14 -04:00			`for _, region := range c.AMIRegions {`
builder/amazon/common: remove duplicates from ami_region /cc @jmassara 2013-08-22 17:58:21 -04:00			`// If we already saw the region, then don't look again`
			`if _, ok := regionSet[region]; ok {`
			`continue`
			`}`

			`// Mark that we saw the region`
			`regionSet[region] = struct{}{}`

changing if conditionals to be ! instead of == false 2016-06-07 09:21:43 -04:00			`if !c.AMISkipRegionValidation {`
			`// Verify the region is real`
simplify some code 2017-03-28 21:29:55 -04:00			`if valid := ValidateRegion(region); !valid {`
Adding ability to skip region validation when using AWS 2016-06-06 14:17:12 -04:00			`errs = append(errs, fmt.Errorf("Unknown region: %s", region))`
			`continue`
			`}`
Make sure ami_regions are valid 2013-08-21 21:44:14 -04:00			`}`
builder/amazon/common: remove duplicates from ami_region /cc @jmassara 2013-08-22 17:58:21 -04:00
update docs and clean up 2017-05-31 16:41:32 -04:00			`// Make sure that if we have region_kms_key_ids defined,`
			`// the regions in ami_regions are also in region_kms_key_ids`
			`if len(c.AMIRegionKMSKeyIDs) > 0 {`
			`if _, ok := c.AMIRegionKMSKeyIDs[region]; !ok {`
New map: region_kms_key_ids, allowing custom encryption keys on a per-region basis. Also new tests. 2017-05-25 17:42:03 -04:00			`errs = append(errs, fmt.Errorf("Region %s is in ami_regions but not in region_kms_key_ids", region))`
			`}`
			`}`

builder/amazon/common: remove duplicates from ami_region /cc @jmassara 2013-08-22 17:58:21 -04:00			`regions = append(regions, region)`
Make sure ami_regions are valid 2013-08-21 21:44:14 -04:00			`}`
builder/amazon/common: remove duplicates from ami_region /cc @jmassara 2013-08-22 17:58:21 -04:00
			`c.AMIRegions = regions`
Make sure ami_regions are valid 2013-08-21 21:44:14 -04:00			`}`
update docs and clean up 2017-05-31 16:41:32 -04:00			`// Make sure that if we have region_kms_key_ids defined,`
			`// the regions in region_kms_key_ids are also in ami_regions`
			`if len(c.AMIRegionKMSKeyIDs) > 0 {`
			`for kmsKeyRegion := range c.AMIRegionKMSKeyIDs {`
			`if !stringInSlice(c.AMIRegions, kmsKeyRegion) {`
golang has different style than python 2017-05-31 15:27:45 -04:00			`errs = append(errs, fmt.Errorf("Region %s is in region_kms_key_ids but not in ami_regions", kmsKeyRegion))`
New map: region_kms_key_ids, allowing custom encryption keys on a per-region basis. Also new tests. 2017-05-25 17:42:03 -04:00			`}`
			`}`
			`}`
Make sure ami_regions are valid 2013-08-21 21:44:14 -04:00
It's not possible to share encrypted AMI's 2016-12-04 09:14:53 -05:00			`if len(c.AMIUsers) > 0 && c.AMIEncryptBootVolume {`
			`errs = append(errs, fmt.Errorf("Cannot share AMI with encrypted boot volume"))`
throw error if encrypted ami is shared 2016-05-12 12:21:44 -04:00			`}`

New map: region_kms_key_ids, allowing custom encryption keys on a per-region basis. Also new tests. 2017-05-25 17:42:03 -04:00			`if len(c.SnapshotUsers) > 0 {`
			`if len(c.AMIKmsKeyId) == 0 && c.AMIEncryptBootVolume {`
			`errs = append(errs, fmt.Errorf("Cannot share snapshot encrypted with default KMS key"))`
			`}`
update docs and clean up 2017-05-31 16:41:32 -04:00			`if len(c.AMIRegionKMSKeyIDs) > 0 {`
			`for _, kmsKey := range c.AMIRegionKMSKeyIDs {`
			`if len(kmsKey) == 0 {`
New map: region_kms_key_ids, allowing custom encryption keys on a per-region basis. Also new tests. 2017-05-25 17:42:03 -04:00			`errs = append(errs, fmt.Errorf("Cannot share snapshot encrypted with default KMS key"))`
			`}`
			`}`
			`}`
Replace unencrypted EBS snapshots with encrypted To ensure that groups and users attributes are added to the encrypted snapshots. 2016-12-04 14:18:27 -05:00			`}`

Added AMIName validation (issue 4761) 2017-04-04 20:46:44 -04:00			`if len(c.AMIName) < 3 \|\| len(c.AMIName) > 128 {`
correct ami_name error reporting 2017-05-25 16:02:36 -04:00			`errs = append(errs, fmt.Errorf("ami_name must be between 3 and 128 characters long"))`
Added AMIName validation (issue 4761) 2017-04-04 20:46:44 -04:00			`}`

fix ami name validation 2017-05-19 05:11:43 -04:00			`if c.AMIName != templateCleanAMIName(c.AMIName) {`
			`errs = append(errs, fmt.Errorf("AMIName should only contain "+`
			`"alphanumeric characters, parentheses (()), square brackets ([]), spaces "+`
			`"( ), periods (.), slashes (/), dashes (-), single quotes ('), at-signs "+`
			"(@), or underscores(_). You can use the `clean_ami_name` template "+
			`"filter to automatically clean your ami name."))`
Added AMIName validation (issue 4761) 2017-04-04 20:46:44 -04:00			`}`

builder/amazon/common: AMIConfig common config /cc @jmassara - I pulled out the AMI stuff into a common config struct and also added in the new template stuff (that didn't exist when you made the pull, so not your fault! :)) 2013-08-09 01:50:23 -04:00			`if len(errs) > 0 {`
			`return errs`
			`}`

			`return nil`
			`}`