iSharkFly-Docs
/
packer-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #6842 from gmmephisto/pr-master-aws-disable-ssl-verify 

amazon: add option for skipping TLS verification
This commit is contained in:
Adrien Delorme 2018-10-30 13:29:28 +01:00 committed by GitHub
parent 5e79936b9a 9d4d41e32f
commit 3315812c2c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 37 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
builder/amazon/common/access_config.go
View File

@ -1,8 +1,10 @@
package common package common
import ( import (
"crypto/tls"
"fmt" "fmt"
"log" "log"
"net/http"
"strings" "strings"
"time" "time"
@ -19,17 +21,18 @@ import (
// AccessConfig is for common configuration related to AWS access // AccessConfig is for common configuration related to AWS access
type AccessConfig struct { type AccessConfig struct {
AccessKey string `mapstructure:"access_key"` AccessKey string `mapstructure:"access_key"`
CustomEndpointEc2 string `mapstructure:"custom_endpoint_ec2"` CustomEndpointEc2 string `mapstructure:"custom_endpoint_ec2"`
DecodeAuthZMessages bool `mapstructure:"decode_authorization_messages"` DecodeAuthZMessages bool `mapstructure:"decode_authorization_messages"`
MFACode string `mapstructure:"mfa_code"` InsecureSkipTLSVerify bool `mapstructure:"insecure_skip_tls_verify"`
ProfileName string `mapstructure:"profile"` MFACode string `mapstructure:"mfa_code"`
RawRegion string `mapstructure:"region"` ProfileName string `mapstructure:"profile"`
SecretKey string `mapstructure:"secret_key"` RawRegion string `mapstructure:"region"`
SkipValidation bool `mapstructure:"skip_region_validation"` SecretKey string `mapstructure:"secret_key"`
SkipMetadataApiCheck bool `mapstructure:"skip_metadata_api_check"` SkipValidation bool `mapstructure:"skip_region_validation"`
Token string `mapstructure:"token"` SkipMetadataApiCheck bool `mapstructure:"skip_metadata_api_check"`
session *session.Session Token string `mapstructure:"token"`
session *session.Session
getEC2Connection func() ec2iface.EC2API getEC2Connection func() ec2iface.EC2API
} }
@ -60,6 +63,14 @@ func (c *AccessConfig) Session() (*session.Session, error) {
config = config.WithEndpoint(c.CustomEndpointEc2) config = config.WithEndpoint(c.CustomEndpointEc2)
} }
if c.InsecureSkipTLSVerify {
config := config.WithHTTPClient(cleanhttp.DefaultClient())
transport := config.HTTPClient.Transport.(*http.Transport)
transport.TLSClientConfig = &tls.Config{
InsecureSkipVerify: true,
}
}
opts := session.Options{ opts := session.Options{
SharedConfigState: session.SharedConfigEnable, SharedConfigState: session.SharedConfigEnable,
Config: *config, Config: *config,

3
website/source/docs/builders/amazon-chroot.html.md
View File

@ -154,6 +154,9 @@ each category, the available configuration keys are alphabetized.
associated with AMIs, which have been deregistered by `force_deregister`. associated with AMIs, which have been deregistered by `force_deregister`.
Default `false`. Default `false`.
- `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
the AWS EC2 endpoint. The default is `false`.
- `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot - `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot
volume encryption. This only applies to the main `region`, other regions volume encryption. This only applies to the main `region`, other regions
where the AMI will be copied will be encrypted by the default EBS KMS key. where the AMI will be copied will be encrypted by the default EBS KMS key.

3
website/source/docs/builders/amazon-ebs.html.md
View File

@ -242,6 +242,9 @@ builder.
profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html) profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
to launch the EC2 instance with. to launch the EC2 instance with.
- `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
the AWS EC2 endpoint. The default is `false`.
- `launch_block_device_mappings` (array of block device mappings) - Add one - `launch_block_device_mappings` (array of block device mappings) - Add one
or more block devices before the Packer build starts. If you add instance or more block devices before the Packer build starts. If you add instance
store volumes or EBS volumes in addition to the root device volume, the store volumes or EBS volumes in addition to the root device volume, the

3
website/source/docs/builders/amazon-ebssurrogate.html.md
View File

@ -235,6 +235,9 @@ builder.
profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html) profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
to launch the EC2 instance with. to launch the EC2 instance with.
- `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
the AWS EC2 endpoint. The default is `false`.
- `launch_block_device_mappings` (array of block device mappings) - Add one - `launch_block_device_mappings` (array of block device mappings) - Add one
or more block devices before the Packer build starts. If you add instance or more block devices before the Packer build starts. If you add instance
store volumes or EBS volumes in addition to the root device volume, the store volumes or EBS volumes in addition to the root device volume, the

3
website/source/docs/builders/amazon-ebsvolume.html.md
View File

@ -189,6 +189,9 @@ builder.
profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html) profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
to launch the EC2 instance with. to launch the EC2 instance with.
- `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
the AWS EC2 endpoint. The default is `false`.
- `mfa_code` (string) - The MFA - `mfa_code` (string) - The MFA
[TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm)
code. This should probably be a user variable since it changes all the code. This should probably be a user variable since it changes all the

3
website/source/docs/post-processors/amazon-import.html.md
View File

@ -85,6 +85,9 @@ Optional:
provider whose API is compatible with aws EC2. Specify another endpoint provider whose API is compatible with aws EC2. Specify another endpoint
like this `https://ec2.custom.endpoint.com`. like this `https://ec2.custom.endpoint.com`.
- `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
the AWS EC2 endpoint. The default is `false`.
- `license_type` (string) - The license type to be used for the Amazon - `license_type` (string) - The license type to be used for the Amazon
Machine Image (AMI) after importing. Valid values: `AWS` or `BYOL` Machine Image (AMI) after importing. Valid values: `AWS` or `BYOL`
(default). For more details regarding licensing, see (default). For more details regarding licensing, see