iSharkFly-Docs
/
packer-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow custom encrypted AMIs to be shared 

When using a custom KMS key to encrypt the boot volume of an AMI, packer should allow it to be shared with other users.
This commit is contained in:
poida 2016-12-02 21:30:14 +11:00
parent 3eed6fd508
commit 7ea17e1630
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
builder/amazon/common/ami_config.go
View File

@ -58,8 +58,8 @@ func (c *AMIConfig) Prepare(ctx *interpolate.Context) []error {
c.AMIRegions = regions c.AMIRegions = regions
} }
if len(c.AMIUsers) > 0 && c.AMIEncryptBootVolume { if len(c.AMIUsers) > 0 && len(c.AMIKmsKeyId) == 0 && c.AMIEncryptBootVolume {
errs = append(errs, fmt.Errorf("Cannot share AMI with encrypted boot volume")) errs = append(errs, fmt.Errorf("Cannot share AMI with encrypted boot volume unless key is specified with kms_key_id"))
} }
if len(errs) > 0 { if len(errs) > 0 {

11
builder/amazon/common/ami_config_test.go
View File

@ -59,11 +59,18 @@ func TestAMIConfigPrepare_regions(t *testing.T) {
} }
func TestAMIConfigPrepare_EncryptBoot(t *testing.T) { func TestAMIConfigPrepare_Share_EncryptedBoot(t *testing.T) {
c := testAMIConfig() c := testAMIConfig()
c.AMIUsers = []string{"testAccountID"} c.AMIUsers = []string{"testAccountID"}
c.AMIEncryptBootVolume = true c.AMIEncryptBootVolume = true
c.AMIKmsKeyId = ""
if err := c.Prepare(nil); err == nil { if err := c.Prepare(nil); err == nil {
t.Fatal("should have error") t.Fatal("shouldn't be able to share ami with encrypted boot volume unless the kms_key_id param is provided")
}
c.AMIKmsKeyId = "89c3fb9a-de87-4f2a-aedc-fddc5138193c"
if err := c.Prepare(nil); err != nil {
t.Fatal("should be able to share ami with encrypted boot volume if the kms_key_id param is provided")
} }
} }