Merge pull request #7707 from CARFAX/master
Enable encrypted AMI sharing across accounts
This commit is contained in:
commit
078d888dba
|
@ -59,8 +59,18 @@ func (c *AMIConfig) Prepare(accessConfig *AccessConfig, ctx *interpolate.Context
|
||||||
|
|
||||||
errs = append(errs, c.prepareRegions(accessConfig)...)
|
errs = append(errs, c.prepareRegions(accessConfig)...)
|
||||||
|
|
||||||
if len(c.AMIUsers) > 0 && c.AMIEncryptBootVolume != nil && *c.AMIEncryptBootVolume {
|
// Prevent sharing of default KMS key encrypted volumes with other aws users
|
||||||
errs = append(errs, fmt.Errorf("Cannot share AMI with encrypted boot volume"))
|
if len(c.AMIUsers) > 0 {
|
||||||
|
if len(c.AMIKmsKeyId) == 0 && c.AMIEncryptBootVolume != nil && *c.AMIEncryptBootVolume {
|
||||||
|
errs = append(errs, fmt.Errorf("Cannot share AMI encrypted with default KMS key"))
|
||||||
|
}
|
||||||
|
if len(c.AMIRegionKMSKeyIDs) > 0 {
|
||||||
|
for _, kmsKey := range c.AMIRegionKMSKeyIDs {
|
||||||
|
if len(kmsKey) == 0 {
|
||||||
|
errs = append(errs, fmt.Errorf("Cannot share AMI encrypted with default KMS key for other regions"))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var kmsKeys []string
|
var kmsKeys []string
|
||||||
|
|
|
@ -169,10 +169,9 @@ func TestAMIConfigPrepare_Share_EncryptedBoot(t *testing.T) {
|
||||||
if err := c.Prepare(accessConf, nil); err == nil {
|
if err := c.Prepare(accessConf, nil); err == nil {
|
||||||
t.Fatal("shouldn't be able to share ami with encrypted boot volume")
|
t.Fatal("shouldn't be able to share ami with encrypted boot volume")
|
||||||
}
|
}
|
||||||
|
|
||||||
c.AMIKmsKeyId = "89c3fb9a-de87-4f2a-aedc-fddc5138193c"
|
c.AMIKmsKeyId = "89c3fb9a-de87-4f2a-aedc-fddc5138193c"
|
||||||
if err := c.Prepare(accessConf, nil); err == nil {
|
if err := c.Prepare(accessConf, nil); err != nil {
|
||||||
t.Fatal("shouldn't be able to share ami with encrypted boot volume")
|
t.Fatal("should be able to share ami with encrypted boot volume")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue