Merge pull request #6842 from gmmephisto/pr-master-aws-disable-ssl-verify
amazon: add option for skipping TLS verification
This commit is contained in:
Adrien Delorme
GitHub
commit
3315812c2c
|
|
@ -1,8 +1,10 @@
|
||||||
package common
|
package common
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
|
@ -19,17 +21,18 @@ import (
|
||||||
|
|
||||||
// AccessConfig is for common configuration related to AWS access
|
// AccessConfig is for common configuration related to AWS access
|
||||||
type AccessConfig struct {
|
type AccessConfig struct {
|
||||||
AccessKey string `mapstructure:"access_key"`
|
AccessKey string `mapstructure:"access_key"`
|
||||||
CustomEndpointEc2 string `mapstructure:"custom_endpoint_ec2"`
|
CustomEndpointEc2 string `mapstructure:"custom_endpoint_ec2"`
|
||||||
DecodeAuthZMessages bool `mapstructure:"decode_authorization_messages"`
|
DecodeAuthZMessages bool `mapstructure:"decode_authorization_messages"`
|
||||||
MFACode string `mapstructure:"mfa_code"`
|
InsecureSkipTLSVerify bool `mapstructure:"insecure_skip_tls_verify"`
|
||||||
ProfileName string `mapstructure:"profile"`
|
MFACode string `mapstructure:"mfa_code"`
|
||||||
RawRegion string `mapstructure:"region"`
|
ProfileName string `mapstructure:"profile"`
|
||||||
SecretKey string `mapstructure:"secret_key"`
|
RawRegion string `mapstructure:"region"`
|
||||||
SkipValidation bool `mapstructure:"skip_region_validation"`
|
SecretKey string `mapstructure:"secret_key"`
|
||||||
SkipMetadataApiCheck bool `mapstructure:"skip_metadata_api_check"`
|
SkipValidation bool `mapstructure:"skip_region_validation"`
|
||||||
Token string `mapstructure:"token"`
|
SkipMetadataApiCheck bool `mapstructure:"skip_metadata_api_check"`
|
||||||
session *session.Session
|
Token string `mapstructure:"token"`
|
||||||
|
session *session.Session
|
||||||
|
|
||||||
getEC2Connection func() ec2iface.EC2API
|
getEC2Connection func() ec2iface.EC2API
|
||||||
}
|
}
|
||||||
|
|
@ -60,6 +63,14 @@ func (c *AccessConfig) Session() (*session.Session, error) {
|
||||||
config = config.WithEndpoint(c.CustomEndpointEc2)
|
config = config.WithEndpoint(c.CustomEndpointEc2)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if c.InsecureSkipTLSVerify {
|
||||||
|
config := config.WithHTTPClient(cleanhttp.DefaultClient())
|
||||||
|
transport := config.HTTPClient.Transport.(*http.Transport)
|
||||||
|
transport.TLSClientConfig = &tls.Config{
|
||||||
|
InsecureSkipVerify: true,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
opts := session.Options{
|
opts := session.Options{
|
||||||
SharedConfigState: session.SharedConfigEnable,
|
SharedConfigState: session.SharedConfigEnable,
|
||||||
Config: *config,
|
Config: *config,
|
||||||
|
|
|
||||||
|
|
@ -154,6 +154,9 @@ each category, the available configuration keys are alphabetized.
|
||||||
associated with AMIs, which have been deregistered by `force_deregister`.
|
associated with AMIs, which have been deregistered by `force_deregister`.
|
||||||
Default `false`.
|
Default `false`.
|
||||||
|
|
||||||
|
- `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
|
||||||
|
the AWS EC2 endpoint. The default is `false`.
|
||||||
|
|
||||||
- `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot
|
- `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot
|
||||||
volume encryption. This only applies to the main `region`, other regions
|
volume encryption. This only applies to the main `region`, other regions
|
||||||
where the AMI will be copied will be encrypted by the default EBS KMS key.
|
where the AMI will be copied will be encrypted by the default EBS KMS key.
|
||||||
|
|
|
||||||
|
|
@ -242,6 +242,9 @@ builder.
|
||||||
profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
|
profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
|
||||||
to launch the EC2 instance with.
|
to launch the EC2 instance with.
|
||||||
|
|
||||||
|
- `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
|
||||||
|
the AWS EC2 endpoint. The default is `false`.
|
||||||
|
|
||||||
- `launch_block_device_mappings` (array of block device mappings) - Add one
|
- `launch_block_device_mappings` (array of block device mappings) - Add one
|
||||||
or more block devices before the Packer build starts. If you add instance
|
or more block devices before the Packer build starts. If you add instance
|
||||||
store volumes or EBS volumes in addition to the root device volume, the
|
store volumes or EBS volumes in addition to the root device volume, the
|
||||||
|
|
|
||||||
|
|
@ -235,6 +235,9 @@ builder.
|
||||||
profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
|
profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
|
||||||
to launch the EC2 instance with.
|
to launch the EC2 instance with.
|
||||||
|
|
||||||
|
- `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
|
||||||
|
the AWS EC2 endpoint. The default is `false`.
|
||||||
|
|
||||||
- `launch_block_device_mappings` (array of block device mappings) - Add one
|
- `launch_block_device_mappings` (array of block device mappings) - Add one
|
||||||
or more block devices before the Packer build starts. If you add instance
|
or more block devices before the Packer build starts. If you add instance
|
||||||
store volumes or EBS volumes in addition to the root device volume, the
|
store volumes or EBS volumes in addition to the root device volume, the
|
||||||
|
|
|
||||||
|
|
@ -189,6 +189,9 @@ builder.
|
||||||
profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
|
profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
|
||||||
to launch the EC2 instance with.
|
to launch the EC2 instance with.
|
||||||
|
|
||||||
|
- `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
|
||||||
|
the AWS EC2 endpoint. The default is `false`.
|
||||||
|
|
||||||
- `mfa_code` (string) - The MFA
|
- `mfa_code` (string) - The MFA
|
||||||
[TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm)
|
[TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm)
|
||||||
code. This should probably be a user variable since it changes all the
|
code. This should probably be a user variable since it changes all the
|
||||||
|
|
|
||||||
|
|
@ -85,6 +85,9 @@ Optional:
|
||||||
provider whose API is compatible with aws EC2. Specify another endpoint
|
provider whose API is compatible with aws EC2. Specify another endpoint
|
||||||
like this `https://ec2.custom.endpoint.com`.
|
like this `https://ec2.custom.endpoint.com`.
|
||||||
|
|
||||||
|
- `insecure_skip_tls_verify` (boolean) - This allows skipping TLS verification of
|
||||||
|
the AWS EC2 endpoint. The default is `false`.
|
||||||
|
|
||||||
- `license_type` (string) - The license type to be used for the Amazon
|
- `license_type` (string) - The license type to be used for the Amazon
|
||||||
Machine Image (AMI) after importing. Valid values: `AWS` or `BYOL`
|
Machine Image (AMI) after importing. Valid values: `AWS` or `BYOL`
|
||||||
(default). For more details regarding licensing, see
|
(default). For more details regarding licensing, see
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue