change AMIEncryptBootVolume to trilean

2019-08-22 14:04:26 -07:00 · 2019-08-22 14:04:26 -07:00 · 1d9bba6fe3
parent f7c8321a7e
commit 1d9bba6fe3
3 changed files with 6 additions and 9 deletions
--- a/builder/amazon/common/ami_config.go
+++ b/builder/amazon/common/ami_config.go
@ -24,15 +24,13 @@ type AMIConfig struct {
 	AMISriovNetSupport      bool              `mapstructure:"sriov_support"`
 	AMIForceDeregister      bool              `mapstructure:"force_deregister"`
 	AMIForceDeleteSnapshot  bool              `mapstructure:"force_delete_snapshot"`
-	RawAMIEncryptBootVolume config.Trilean    `mapstructure:"encrypt_boot"`
+	AMIEncryptBootVolume    config.Trilean    `mapstructure:"encrypt_boot"`
 	AMIKmsKeyId             string            `mapstructure:"kms_key_id"`
 	AMIRegionKMSKeyIDs      map[string]string `mapstructure:"region_kms_key_ids"`
 	SnapshotTags            TagMap            `mapstructure:"snapshot_tags"`
 	SnapshotUsers           []string          `mapstructure:"snapshot_users"`
 	SnapshotGroups          []string          `mapstructure:"snapshot_groups"`
 	AMISkipBuildRegion      bool              `mapstructure:"skip_save_build_region"`
-
-	AMIEncryptBootVolume *bool
 }

 func stringInSlice(s []string, searchstr string) bool {
@ -63,10 +61,9 @@ func (c *AMIConfig) Prepare(accessConfig *AccessConfig, ctx *interpolate.Context

 	errs = append(errs, c.prepareRegions(accessConfig)...)

-	c.AMIEncryptBootVolume = c.RawAMIEncryptBootVolume.ToBoolPointer()
 	// Prevent sharing of default KMS key encrypted volumes with other aws users
 	if len(c.AMIUsers) > 0 {
-		if len(c.AMIKmsKeyId) == 0 && c.AMIEncryptBootVolume != nil && *c.AMIEncryptBootVolume {
+		if len(c.AMIKmsKeyId) == 0 && c.AMIEncryptBootVolume.True() {
 			errs = append(errs, fmt.Errorf("Cannot share AMI encrypted with default KMS key"))
 		}
 		if len(c.AMIRegionKMSKeyIDs) > 0 {
@ -96,7 +93,7 @@ func (c *AMIConfig) Prepare(accessConfig *AccessConfig, ctx *interpolate.Context
 	}

 	if len(c.SnapshotUsers) > 0 {
-		if len(c.AMIKmsKeyId) == 0 && c.AMIEncryptBootVolume != nil && *c.AMIEncryptBootVolume {
+		if len(c.AMIKmsKeyId) == 0 && c.AMIEncryptBootVolume.True() {
 			errs = append(errs, fmt.Errorf("Cannot share snapshot encrypted with default KMS key"))
 		}
 		if len(c.AMIRegionKMSKeyIDs) > 0 {
--- a/builder/amazon/common/ami_config_test.go
+++ b/builder/amazon/common/ami_config_test.go
@ -139,7 +139,7 @@ func TestAMIConfigPrepare_regions(t *testing.T) {

 	c.SnapshotUsers = []string{"foo", "bar"}
 	c.AMIKmsKeyId = "123-abc-456"
-	c.RawAMIEncryptBootVolume = config.TriTrue
+	c.AMIEncryptBootVolume = config.TriTrue
 	c.AMIRegions = []string{"us-east-1", "us-west-1"}
 	c.AMIRegionKMSKeyIDs = map[string]string{
 		"us-east-1": "123-456-7890",
@ -162,7 +162,7 @@ func TestAMIConfigPrepare_regions(t *testing.T) {
 func TestAMIConfigPrepare_Share_EncryptedBoot(t *testing.T) {
 	c := testAMIConfig()
 	c.AMIUsers = []string{"testAccountID"}
-	c.RawAMIEncryptBootVolume = config.TriTrue
+	c.AMIEncryptBootVolume = config.TriTrue

 	accessConf := testAccessConfig()

--- a/builder/amazon/ebs/step_create_ami.go
+++ b/builder/amazon/ebs/step_create_ami.go
@ -27,7 +27,7 @@ func (s *stepCreateAMI) Run(ctx context.Context, state multistep.StateBag) multi
 	// Create the image
 	amiName := config.AMIName
 	state.Put("intermediary_image", false)
-	if config.AMIEncryptBootVolume != nil && *config.AMIEncryptBootVolume != false || s.AMISkipBuildRegion {
+	if config.AMIEncryptBootVolume.True() || s.AMISkipBuildRegion {
 		state.Put("intermediary_image", true)

 		// From AWS SDK docs: You can encrypt a copy of an unencrypted snapshot,