Merge pull request #6842 from gmmephisto/pr-master-aws-disable-ssl-verify

amazon: add option for skipping TLS verification
2018-10-30 13:29:28 +01:00 · 2018-10-30 13:29:28 +01:00 · 3315812c2c
parent 5e79936b9a 9d4d41e32f
commit 3315812c2c
6 changed files with 37 additions and 11 deletions
--- a/builder/amazon/common/access_config.go
+++ b/builder/amazon/common/access_config.go
@ -1,8 +1,10 @@
 package common

 import (
+	"crypto/tls"
 	"fmt"
 	"log"
+	"net/http"
 	"strings"
 	"time"

@ -19,17 +21,18 @@ import (

 // AccessConfig is for common configuration related to AWS access
 type AccessConfig struct {
-	AccessKey            string `mapstructure:"access_key"`
-	CustomEndpointEc2    string `mapstructure:"custom_endpoint_ec2"`
-	DecodeAuthZMessages  bool   `mapstructure:"decode_authorization_messages"`
-	MFACode              string `mapstructure:"mfa_code"`
-	ProfileName          string `mapstructure:"profile"`
-	RawRegion            string `mapstructure:"region"`
-	SecretKey            string `mapstructure:"secret_key"`
-	SkipValidation       bool   `mapstructure:"skip_region_validation"`
-	SkipMetadataApiCheck bool   `mapstructure:"skip_metadata_api_check"`
-	Token                string `mapstructure:"token"`
-	session              *session.Session
+	AccessKey             string `mapstructure:"access_key"`
+	CustomEndpointEc2     string `mapstructure:"custom_endpoint_ec2"`
+	DecodeAuthZMessages   bool   `mapstructure:"decode_authorization_messages"`
+	InsecureSkipTLSVerify bool   `mapstructure:"insecure_skip_tls_verify"`
+	MFACode               string `mapstructure:"mfa_code"`
+	ProfileName           string `mapstructure:"profile"`
+	RawRegion             string `mapstructure:"region"`
+	SecretKey             string `mapstructure:"secret_key"`
+	SkipValidation        bool   `mapstructure:"skip_region_validation"`
+	SkipMetadataApiCheck  bool   `mapstructure:"skip_metadata_api_check"`
+	Token                 string `mapstructure:"token"`
+	session               *session.Session

 	getEC2Connection func() ec2iface.EC2API
 }
@ -60,6 +63,14 @@ func (c *AccessConfig) Session() (*session.Session, error) {
 		config = config.WithEndpoint(c.CustomEndpointEc2)
 	}

+	if c.InsecureSkipTLSVerify {
+		config := config.WithHTTPClient(cleanhttp.DefaultClient())
+		transport := config.HTTPClient.Transport.(*http.Transport)
+		transport.TLSClientConfig = &tls.Config{
+			InsecureSkipVerify: true,
+		}
+	}
+
 	opts := session.Options{
 		SharedConfigState: session.SharedConfigEnable,
 		Config:            *config,
--- a/website/source/docs/builders/amazon-chroot.html.md
+++ b/website/source/docs/builders/amazon-chroot.html.md
@ -154,6 +154,9 @@ each category, the available configuration keys are alphabetized.
    associated with AMIs, which have been deregistered by `force_deregister`.
    Default `false`.

+-   `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
+    the AWS EC2 endpoint. The default is `false`.
+
 -   `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot
    volume encryption. This only applies to the main `region`, other regions
    where the AMI will be copied will be encrypted by the default EBS KMS key.
--- a/website/source/docs/builders/amazon-ebs.html.md
+++ b/website/source/docs/builders/amazon-ebs.html.md
@ -242,6 +242,9 @@ builder.
    profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
    to launch the EC2 instance with.

+-   `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
+    the AWS EC2 endpoint. The default is `false`.
+
 -   `launch_block_device_mappings` (array of block device mappings) - Add one
    or more block devices before the Packer build starts. If you add instance
    store volumes or EBS volumes in addition to the root device volume, the
--- a/website/source/docs/builders/amazon-ebssurrogate.html.md
+++ b/website/source/docs/builders/amazon-ebssurrogate.html.md
@ -235,6 +235,9 @@ builder.
    profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
    to launch the EC2 instance with.

+-   `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
+    the AWS EC2 endpoint. The default is `false`.
+
 -   `launch_block_device_mappings` (array of block device mappings) - Add one
    or more block devices before the Packer build starts. If you add instance
    store volumes or EBS volumes in addition to the root device volume, the
--- a/website/source/docs/builders/amazon-ebsvolume.html.md
+++ b/website/source/docs/builders/amazon-ebsvolume.html.md
@ -189,6 +189,9 @@ builder.
    profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
    to launch the EC2 instance with.

+-   `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
+    the AWS EC2 endpoint. The default is `false`.
+
 -   `mfa_code` (string) - The MFA
    [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm)
    code. This should probably be a user variable since it changes all the
--- a/website/source/docs/post-processors/amazon-import.html.md
+++ b/website/source/docs/post-processors/amazon-import.html.md
@ -85,6 +85,9 @@ Optional:
    provider whose API is compatible with aws EC2. Specify another endpoint
    like this `https://ec2.custom.endpoint.com`.

+-   `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
+    the AWS EC2 endpoint. The default is `false`.
+
 -   `license_type` (string) - The license type to be used for the Amazon
    Machine Image (AMI) after importing. Valid values: `AWS` or `BYOL`
    (default). For more details regarding licensing, see