amazon: Added snapshot_users and snapshot_groups

2016-12-02 09:49:21 +01:00 · 2016-12-02 09:49:21 +01:00 · c3a352955e
parent 46f217f255
commit c3a352955e
9 changed files with 97 additions and 43 deletions
--- a/builder/amazon/chroot/builder.go
+++ b/builder/amazon/chroot/builder.go
@ -257,10 +257,12 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 			Name:         b.config.AMIName,
 		},
 		&awscommon.StepModifyAMIAttributes{
-			Description:  b.config.AMIDescription,
-			Users:        b.config.AMIUsers,
-			Groups:       b.config.AMIGroups,
-			ProductCodes: b.config.AMIProductCodes,
+			Description:    b.config.AMIDescription,
+			Users:          b.config.AMIUsers,
+			Groups:         b.config.AMIGroups,
+			ProductCodes:   b.config.AMIProductCodes,
+			SnapshotUsers:  b.config.SnapshotUsers,
+			SnapshotGroups: b.config.SnapshotGroups,
 		},
 		&awscommon.StepCreateTags{
 			Tags:         b.config.AMITags,
--- a/builder/amazon/common/ami_config.go
+++ b/builder/amazon/common/ami_config.go
@ -23,6 +23,8 @@ type AMIConfig struct {
 	AMIEncryptBootVolume    bool              `mapstructure:"encrypt_boot"`
 	AMIKmsKeyId             string            `mapstructure:"kms_key_id"`
 	SnapshotTags            map[string]string `mapstructure:"snapshot_tags"`
+	SnapshotUsers           []string          `mapstructure:"snapshot_users"`
+	SnapshotGroups          []string          `mapstructure:"snapshot_groups"`
 }

 func (c *AMIConfig) Prepare(ctx *interpolate.Context) []error {
--- a/builder/amazon/common/step_modify_ami_attributes.go
+++ b/builder/amazon/common/step_modify_ami_attributes.go
@ -11,10 +11,12 @@ import (
 )

 type StepModifyAMIAttributes struct {
-	Users        []string
-	Groups       []string
-	ProductCodes []string
-	Description  string
+	Users          []string
+	Groups         []string
+	SnapshotUsers  []string
+	SnapshotGroups []string
+	ProductCodes   []string
+	Description    string
 }

 func (s *StepModifyAMIAttributes) Run(state multistep.StateBag) multistep.StepAction {
@ -29,6 +31,8 @@ func (s *StepModifyAMIAttributes) Run(state multistep.StateBag) multistep.StepAc
 	valid = valid || (s.Users != nil && len(s.Users) > 0)
 	valid = valid || (s.Groups != nil && len(s.Groups) > 0)
 	valid = valid || (s.ProductCodes != nil && len(s.ProductCodes) > 0)
+	valid = valid || (s.SnapshotUsers != nil && len(s.SnapshotUsers) > 0)
+	valid = valid || (s.SnapshotGroups != nil && len(s.SnapshotGroups) > 0)

 	if !valid {
 		return multistep.ActionContinue
@ -47,32 +51,35 @@ func (s *StepModifyAMIAttributes) Run(state multistep.StateBag) multistep.StepAc

 	if len(s.Groups) > 0 {
 		groups := make([]*string, len(s.Groups))
-
 		addsImage := make([]*ec2.LaunchPermission, len(s.Groups))
 		addGroups := &ec2.ModifyImageAttributeInput{
 			LaunchPermission: &ec2.LaunchPermissionModifications{},
 		}

-		addsSnapshot := make([]*ec2.CreateVolumePermission, len(s.Groups))
-		addSnapshotGroups := &ec2.ModifySnapshotAttributeInput{
-			CreateVolumePermission: &ec2.CreateVolumePermissionModifications{},
-		}
-
 		for i, g := range s.Groups {
 			groups[i] = aws.String(g)
 			addsImage[i] = &ec2.LaunchPermission{
 				Group: aws.String(g),
 			}
+		}

+		addGroups.UserGroups = groups
+		options["groups"] = addGroups
+	}
+
+	if len(s.SnapshotGroups) > 0 {
+		groups := make([]*string, len(s.SnapshotGroups))
+		addsSnapshot := make([]*ec2.CreateVolumePermission, len(s.SnapshotGroups))
+		addSnapshotGroups := &ec2.ModifySnapshotAttributeInput{
+			CreateVolumePermission: &ec2.CreateVolumePermissionModifications{},
+		}
+
+		for i, g := range s.SnapshotGroups {
+			groups[i] = aws.String(g)
 			addsSnapshot[i] = &ec2.CreateVolumePermission{
 				Group: aws.String(g),
 			}
 		}
-
-		addGroups.UserGroups = groups
-		addGroups.LaunchPermission.Add = addsImage
-		options["groups"] = addGroups
-
 		addSnapshotGroups.GroupNames = groups
 		addSnapshotGroups.CreateVolumePermission.Add = addsSnapshot
 		snapshotOptions["groups"] = addSnapshotGroups
@ -81,11 +88,9 @@ func (s *StepModifyAMIAttributes) Run(state multistep.StateBag) multistep.StepAc
 	if len(s.Users) > 0 {
 		users := make([]*string, len(s.Users))
 		addsImage := make([]*ec2.LaunchPermission, len(s.Users))
-		addsSnapshot := make([]*ec2.CreateVolumePermission, len(s.Users))
 		for i, u := range s.Users {
 			users[i] = aws.String(u)
 			addsImage[i] = &ec2.LaunchPermission{UserId: aws.String(u)}
-			addsSnapshot[i] = &ec2.CreateVolumePermission{UserId: aws.String(u)}
 		}

 		options["users"] = &ec2.ModifyImageAttributeInput{
@ -94,6 +99,15 @@ func (s *StepModifyAMIAttributes) Run(state multistep.StateBag) multistep.StepAc
 				Add: addsImage,
 			},
 		}
+	}
+
+	if len(s.SnapshotUsers) > 0 {
+		users := make([]*string, len(s.SnapshotUsers))
+		addsSnapshot := make([]*ec2.CreateVolumePermission, len(s.SnapshotUsers))
+		for i, u := range s.SnapshotUsers {
+			users[i] = aws.String(u)
+			addsSnapshot[i] = &ec2.CreateVolumePermission{UserId: aws.String(u)}
+		}

 		snapshotOptions["users"] = &ec2.ModifySnapshotAttributeInput{
 			UserIds: users,
--- a/builder/amazon/ebs/builder.go
+++ b/builder/amazon/ebs/builder.go
@ -178,10 +178,12 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 			Name:         b.config.AMIName,
 		},
 		&awscommon.StepModifyAMIAttributes{
-			Description:  b.config.AMIDescription,
-			Users:        b.config.AMIUsers,
-			Groups:       b.config.AMIGroups,
-			ProductCodes: b.config.AMIProductCodes,
+			Description:    b.config.AMIDescription,
+			Users:          b.config.AMIUsers,
+			Groups:         b.config.AMIGroups,
+			ProductCodes:   b.config.AMIProductCodes,
+			SnapshotUsers:  b.config.SnapshotUsers,
+			SnapshotGroups: b.config.SnapshotGroups,
 		},
 		&awscommon.StepCreateTags{
 			Tags:         b.config.AMITags,
--- a/builder/amazon/instance/builder.go
+++ b/builder/amazon/instance/builder.go
@ -259,10 +259,12 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 			Name:         b.config.AMIName,
 		},
 		&awscommon.StepModifyAMIAttributes{
-			Description:  b.config.AMIDescription,
-			Users:        b.config.AMIUsers,
-			Groups:       b.config.AMIGroups,
-			ProductCodes: b.config.AMIProductCodes,
+			Description:    b.config.AMIDescription,
+			Users:          b.config.AMIUsers,
+			Groups:         b.config.AMIGroups,
+			ProductCodes:   b.config.AMIProductCodes,
+			SnapshotUsers:  b.config.SnapshotUsers,
+			SnapshotGroups: b.config.SnapshotGroups,
 		},
 		&awscommon.StepCreateTags{
 			Tags:         b.config.AMITags,
--- a/website/source/docs/builders/amazon-chroot.html.md
+++ b/website/source/docs/builders/amazon-chroot.html.md
@ -207,6 +207,17 @@ each category, the available configuration keys are alphabetized.
 -   `skip_region_validation` (boolean) - Set to true if you want to skip
    validation of the `ami_regions` configuration option. Default `false`.

+-   `snapshot_tags` (object of key/value strings) - Tags to apply to snapshot.
+     They will override AMI tags if already applied to snapshot.
+
+-   `snapshot_groups` (array of strings) - A list of groups that have access to
+    create volumes from the snapshot(s). By default no groups have permission to create
+    volumes form the snapshot(s). `all` will make the snapshot publicly accessible.
+
+-   `snapshot_users` (array of strings) - A list of account IDs that have access to
+    create volumes from the snapshot(s). By default no additional users other than the
+    user creating the AMI has permissions to create volumes from the backing snapshot(s).
+
 -   `source_ami_filter` (object) - Filters used to populate the `source_ami` field.
    Example:

@ -237,9 +248,6 @@ each category, the available configuration keys are alphabetized.
    -   `most_recent` (bool) - Selects the newest created image when true.
         This is most useful for selecting a daily distro build.

-   `snapshot_tags` (object of key/value strings) - Tags to apply to snapshot.
-     They will override AMI tags if already applied to snapshot.
-
 -   `tags` (object of key/value strings) - Tags applied to the AMI.

 ## Basic Example
--- a/website/source/docs/builders/amazon-ebs-volume.html.md
+++ b/website/source/docs/builders/amazon-ebs-volume.html.md
@ -114,9 +114,21 @@ builder.
    described above. Note that if this is specified, you must omit the
    `security_group_id`.

+-   `shutdown_behaviour` (string) - Automatically terminate instances on shutdown
+    incase packer exits ungracefully. Possible values are "stop" and "terminate",
+    default is stop.
+
 -   `skip_region_validation` (boolean) - Set to true if you want to skip 
    validation of the region configuration option.  Defaults to false.

+-   `snapshot_groups` (array of strings) - A list of groups that have access to
+    create volumes from the snapshot(s). By default no groups have permission to create
+    volumes form the snapshot(s). `all` will make the snapshot publicly accessible.
+
+-   `snapshot_users` (array of strings) - A list of account IDs that have access to
+    create volumes from the snapshot(s). By default no additional users other than the
+    user creating the AMI has permissions to create volumes from the backing snapshot(s).
+
 -   `source_ami_filter` (object) - Filters used to populate the `source_ami` field.
    Example:

@ -196,10 +208,6 @@ builder.
 -   `windows_password_timeout` (string) - The timeout for waiting for a Windows
    password for Windows instances. Defaults to 20 minutes. Example value: "10m"

-   `shutdown_behaviour` (string) - Automatically terminate instances on shutdown
-    incase packer exits ungracefully. Possible values are "stop" and "terminate",
-    default is stop.
-
 ## Basic Example

 ```
--- a/website/source/docs/builders/amazon-ebs.html.md
+++ b/website/source/docs/builders/amazon-ebs.html.md
@ -190,9 +190,24 @@ builder.
    described above. Note that if this is specified, you must omit the
    `security_group_id`.

+-   `shutdown_behaviour` (string) - Automatically terminate instances on shutdown
+    incase packer exits ungracefully. Possible values are "stop" and "terminate",
+    default is stop.
+
 -   `skip_region_validation` (boolean) - Set to true if you want to skip
    validation of the region configuration option.  Default `false`.

+-   `snapshot_groups` (array of strings) - A list of groups that have access to
+    create volumes from the snapshot(s). By default no groups have permission to create
+    volumes form the snapshot(s). `all` will make the snapshot publicly accessible.
+
+-   `snapshot_users` (array of strings) - A list of account IDs that have access to
+    create volumes from the snapshot(s). By default no additional users other than the
+    user creating the AMI has permissions to create volumes from the backing snapshot(s).
+
+-   `snapshot_tags` (object of key/value strings) - Tags to apply to snapshot.
+     They will override AMI tags if already applied to snapshot.
+
 -   `source_ami_filter` (object) - Filters used to populate the `source_ami` field.
    Example:

@ -223,9 +238,6 @@ builder.
    -   `most_recent` (bool) - Selects the newest created image when true.
         This is most useful for selecting a daily distro build.

-   `snapshot_tags` (object of key/value strings) - Tags to apply to snapshot.
-     They will override AMI tags if already applied to snapshot.
-
 -   `spot_price` (string) - The maximum hourly price to pay for a spot instance
    to create the AMI. Spot instances are a type of instance that EC2 starts
    when the current spot price is less than the maximum price you specify. Spot
@ -287,10 +299,6 @@ builder.
 -   `windows_password_timeout` (string) - The timeout for waiting for a Windows
    password for Windows instances. Defaults to 20 minutes. Example value: "10m"

-   `shutdown_behaviour` (string) - Automatically terminate instances on shutdown
-    incase packer exits ungracefully. Possible values are "stop" and "terminate",
-    default is stop.
-
 ## Basic Example

 Here is a basic example. You will need to provide access keys, and may need to change the AMI IDs according to what images exist at the time the template is run:
--- a/website/source/docs/builders/amazon-instance.html.md
+++ b/website/source/docs/builders/amazon-instance.html.md
@ -207,6 +207,14 @@ builder.
 -   `skip_region_validation` (boolean) - Set to true if you want to skip
    validation of the region configuration option.  Default `false`.

+-   `snapshot_groups` (array of strings) - A list of groups that have access to
+    create volumes from the snapshot(s). By default no groups have permission to create
+    volumes form the snapshot(s). `all` will make the snapshot publicly accessible.
+
+-   `snapshot_users` (array of strings) - A list of account IDs that have access to
+    create volumes from the snapshot(s). By default no additional users other than the
+    user creating the AMI has permissions to create volumes from the backing snapshot(s).
+
 -   `source_ami_filter` (object) - Filters used to populate the `source_ami` field.
    Example: