From c22b97dd439502102e3ffd34775cc38f96a806b5 Mon Sep 17 00:00:00 2001 From: "Zanetti, David" Date: Tue, 29 Nov 2016 16:54:02 +1300 Subject: [PATCH 1/2] Support setting AMI attributes when using amazon-import post-processor - ami_user and ami_group for launch permissions - ami_description to set the description attribute Closes #3981 --- .../amazon-import/post-processor.go | 67 +++++++++++++++++-- .../post-processors/amazon-import.html.md | 6 ++ 2 files changed, 68 insertions(+), 5 deletions(-) diff --git a/post-processor/amazon-import/post-processor.go b/post-processor/amazon-import/post-processor.go index 2d8d77c12..a339da040 100644 --- a/post-processor/amazon-import/post-processor.go +++ b/post-processor/amazon-import/post-processor.go @@ -26,11 +26,14 @@ type Config struct { awscommon.AccessConfig `mapstructure:",squash"` // Variables specific to this post processor - S3Bucket string `mapstructure:"s3_bucket_name"` - S3Key string `mapstructure:"s3_key_name"` - SkipClean bool `mapstructure:"skip_clean"` - Tags map[string]string `mapstructure:"tags"` - Name string `mapstructure:"ami_name"` + S3Bucket string `mapstructure:"s3_bucket_name"` + S3Key string `mapstructure:"s3_key_name"` + SkipClean bool `mapstructure:"skip_clean"` + Tags map[string]string `mapstructure:"tags"` + Name string `mapstructure:"ami_name"` + Description string `mapstructure:"ami_description"` + Users []string `mapstructure:"ami_users"` + Groups []string `mapstrcuture:"ami_groups"` ctx interpolate.Context } @@ -304,6 +307,60 @@ func (p *PostProcessor) PostProcess(ui packer.Ui, artifact packer.Artifact) (pac } + // Apply atttributes for AMI specified in config + // (duped from builder/amazon/common/step_modify_ami_attributes.go) + options := make(map[string]*ec2.ModifyImageAttributeInput) + if p.config.Description != "" { + options["description"] = &ec2.ModifyImageAttributeInput{ + Description: &ec2.AttributeValue{Value: &p.config.Description}, + } + } + + if len(p.config.Groups) > 0 { + groups := make([]*string, len(p.config.Groups)) + adds := make([]*ec2.LaunchPermission, len(p.config.Groups)) + addGroups := &ec2.ModifyImageAttributeInput{ + LaunchPermission: &ec2.LaunchPermissionModifications{}, + } + + for i, g := range p.config.Groups { + groups[i] = aws.String(g) + adds[i] = &ec2.LaunchPermission{ + Group: aws.String(g), + } + } + addGroups.UserGroups = groups + addGroups.LaunchPermission.Add = adds + + options["groups"] = addGroups + } + + if len(p.config.Users) > 0 { + users := make([]*string, len(p.config.Users)) + adds := make([]*ec2.LaunchPermission, len(p.config.Users)) + for i, u := range p.config.Users { + users[i] = aws.String(u) + adds[i] = &ec2.LaunchPermission{UserId: aws.String(u)} + } + options["users"] = &ec2.ModifyImageAttributeInput{ + UserIds: users, + LaunchPermission: &ec2.LaunchPermissionModifications{ + Add: adds, + }, + } + } + + if len(options) > 0 { + for name, input := range options { + ui.Message(fmt.Sprintf("Modifying: %s", name)) + input.ImageId = &createdami + _, err := ec2conn.ModifyImageAttribute(input) + if err != nil { + return nil, false, fmt.Errorf("Error modifying AMI attributes: %s", err) + } + } + } + // Add the reported AMI ID to the artifact list log.Printf("Adding created AMI ID %s in region %s to output artifacts", createdami, *config.Region) artifact = &awscommon.Artifact{ diff --git a/website/source/docs/post-processors/amazon-import.html.md b/website/source/docs/post-processors/amazon-import.html.md index c41b1aa4c..8e6ee00ca 100644 --- a/website/source/docs/post-processors/amazon-import.html.md +++ b/website/source/docs/post-processors/amazon-import.html.md @@ -51,6 +51,12 @@ Optional: - `tags` (object of key/value strings) - Tags applied to the created AMI and relevant snapshots. +- `ami_users` (array of strings) - A list of account IDs that have access to launch the imported AMI. By default no additional users other than the user importing the AMI has permission to launch it. + +- `ami_groups` (array of strings) - A list of groups that have access to launch the imported AMI. By default no groups have permission to launch the AMI. `all` will make the AMI publically accessible. AWS currently doesn't accept any value other than "all". + +- `ami_description` (string) - The description to set for the resulting imported AMI. By default this description is empty. + ## Basic Example Here is a basic example. This assumes that the builder has produced an OVA artifact for us to work with, and IAM roles for import exist in the AWS account being imported into. From a0e179b556a1d711b855cc94b9b85f843bd51957 Mon Sep 17 00:00:00 2001 From: "Zanetti, David" Date: Tue, 29 Nov 2016 16:58:14 +1300 Subject: [PATCH 2/2] Description on imported AMIs is not actually empty, it's set by AMI importer --- website/source/docs/post-processors/amazon-import.html.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/docs/post-processors/amazon-import.html.md b/website/source/docs/post-processors/amazon-import.html.md index 8e6ee00ca..618a9516e 100644 --- a/website/source/docs/post-processors/amazon-import.html.md +++ b/website/source/docs/post-processors/amazon-import.html.md @@ -55,7 +55,7 @@ Optional: - `ami_groups` (array of strings) - A list of groups that have access to launch the imported AMI. By default no groups have permission to launch the AMI. `all` will make the AMI publically accessible. AWS currently doesn't accept any value other than "all". -- `ami_description` (string) - The description to set for the resulting imported AMI. By default this description is empty. +- `ami_description` (string) - The description to set for the resulting imported AMI. By default this description is generated by the AMI import process. ## Basic Example