From c3a352955e906e8e95eb9a7eaeeda252933e8bcd Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Fri, 2 Dec 2016 09:49:21 +0100 Subject: [PATCH] amazon: Added snapshot_users and snapshot_groups --- builder/amazon/chroot/builder.go | 10 ++-- builder/amazon/common/ami_config.go | 2 + .../common/step_modify_ami_attributes.go | 48 ++++++++++++------- builder/amazon/ebs/builder.go | 10 ++-- builder/amazon/instance/builder.go | 10 ++-- .../docs/builders/amazon-chroot.html.md | 14 ++++-- .../docs/builders/amazon-ebs-volume.html.md | 16 +++++-- .../source/docs/builders/amazon-ebs.html.md | 22 ++++++--- .../docs/builders/amazon-instance.html.md | 8 ++++ 9 files changed, 97 insertions(+), 43 deletions(-) diff --git a/builder/amazon/chroot/builder.go b/builder/amazon/chroot/builder.go index 8239584a3..507ff46ff 100644 --- a/builder/amazon/chroot/builder.go +++ b/builder/amazon/chroot/builder.go @@ -257,10 +257,12 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe Name: b.config.AMIName, }, &awscommon.StepModifyAMIAttributes{ - Description: b.config.AMIDescription, - Users: b.config.AMIUsers, - Groups: b.config.AMIGroups, - ProductCodes: b.config.AMIProductCodes, + Description: b.config.AMIDescription, + Users: b.config.AMIUsers, + Groups: b.config.AMIGroups, + ProductCodes: b.config.AMIProductCodes, + SnapshotUsers: b.config.SnapshotUsers, + SnapshotGroups: b.config.SnapshotGroups, }, &awscommon.StepCreateTags{ Tags: b.config.AMITags, diff --git a/builder/amazon/common/ami_config.go b/builder/amazon/common/ami_config.go index fa442cb5c..e8ab11303 100644 --- a/builder/amazon/common/ami_config.go +++ b/builder/amazon/common/ami_config.go @@ -23,6 +23,8 @@ type AMIConfig struct { AMIEncryptBootVolume bool `mapstructure:"encrypt_boot"` AMIKmsKeyId string `mapstructure:"kms_key_id"` SnapshotTags map[string]string `mapstructure:"snapshot_tags"` + SnapshotUsers []string `mapstructure:"snapshot_users"` + SnapshotGroups []string `mapstructure:"snapshot_groups"` } func (c *AMIConfig) Prepare(ctx *interpolate.Context) []error { diff --git a/builder/amazon/common/step_modify_ami_attributes.go b/builder/amazon/common/step_modify_ami_attributes.go index dff405083..3c0f1402a 100644 --- a/builder/amazon/common/step_modify_ami_attributes.go +++ b/builder/amazon/common/step_modify_ami_attributes.go @@ -11,10 +11,12 @@ import ( ) type StepModifyAMIAttributes struct { - Users []string - Groups []string - ProductCodes []string - Description string + Users []string + Groups []string + SnapshotUsers []string + SnapshotGroups []string + ProductCodes []string + Description string } func (s *StepModifyAMIAttributes) Run(state multistep.StateBag) multistep.StepAction { @@ -29,6 +31,8 @@ func (s *StepModifyAMIAttributes) Run(state multistep.StateBag) multistep.StepAc valid = valid || (s.Users != nil && len(s.Users) > 0) valid = valid || (s.Groups != nil && len(s.Groups) > 0) valid = valid || (s.ProductCodes != nil && len(s.ProductCodes) > 0) + valid = valid || (s.SnapshotUsers != nil && len(s.SnapshotUsers) > 0) + valid = valid || (s.SnapshotGroups != nil && len(s.SnapshotGroups) > 0) if !valid { return multistep.ActionContinue @@ -47,32 +51,35 @@ func (s *StepModifyAMIAttributes) Run(state multistep.StateBag) multistep.StepAc if len(s.Groups) > 0 { groups := make([]*string, len(s.Groups)) - addsImage := make([]*ec2.LaunchPermission, len(s.Groups)) addGroups := &ec2.ModifyImageAttributeInput{ LaunchPermission: &ec2.LaunchPermissionModifications{}, } - addsSnapshot := make([]*ec2.CreateVolumePermission, len(s.Groups)) - addSnapshotGroups := &ec2.ModifySnapshotAttributeInput{ - CreateVolumePermission: &ec2.CreateVolumePermissionModifications{}, - } - for i, g := range s.Groups { groups[i] = aws.String(g) addsImage[i] = &ec2.LaunchPermission{ Group: aws.String(g), } + } + addGroups.UserGroups = groups + options["groups"] = addGroups + } + + if len(s.SnapshotGroups) > 0 { + groups := make([]*string, len(s.SnapshotGroups)) + addsSnapshot := make([]*ec2.CreateVolumePermission, len(s.SnapshotGroups)) + addSnapshotGroups := &ec2.ModifySnapshotAttributeInput{ + CreateVolumePermission: &ec2.CreateVolumePermissionModifications{}, + } + + for i, g := range s.SnapshotGroups { + groups[i] = aws.String(g) addsSnapshot[i] = &ec2.CreateVolumePermission{ Group: aws.String(g), } } - - addGroups.UserGroups = groups - addGroups.LaunchPermission.Add = addsImage - options["groups"] = addGroups - addSnapshotGroups.GroupNames = groups addSnapshotGroups.CreateVolumePermission.Add = addsSnapshot snapshotOptions["groups"] = addSnapshotGroups @@ -81,11 +88,9 @@ func (s *StepModifyAMIAttributes) Run(state multistep.StateBag) multistep.StepAc if len(s.Users) > 0 { users := make([]*string, len(s.Users)) addsImage := make([]*ec2.LaunchPermission, len(s.Users)) - addsSnapshot := make([]*ec2.CreateVolumePermission, len(s.Users)) for i, u := range s.Users { users[i] = aws.String(u) addsImage[i] = &ec2.LaunchPermission{UserId: aws.String(u)} - addsSnapshot[i] = &ec2.CreateVolumePermission{UserId: aws.String(u)} } options["users"] = &ec2.ModifyImageAttributeInput{ @@ -94,6 +99,15 @@ func (s *StepModifyAMIAttributes) Run(state multistep.StateBag) multistep.StepAc Add: addsImage, }, } + } + + if len(s.SnapshotUsers) > 0 { + users := make([]*string, len(s.SnapshotUsers)) + addsSnapshot := make([]*ec2.CreateVolumePermission, len(s.SnapshotUsers)) + for i, u := range s.SnapshotUsers { + users[i] = aws.String(u) + addsSnapshot[i] = &ec2.CreateVolumePermission{UserId: aws.String(u)} + } snapshotOptions["users"] = &ec2.ModifySnapshotAttributeInput{ UserIds: users, diff --git a/builder/amazon/ebs/builder.go b/builder/amazon/ebs/builder.go index 8f28ba17a..725a43adc 100644 --- a/builder/amazon/ebs/builder.go +++ b/builder/amazon/ebs/builder.go @@ -178,10 +178,12 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe Name: b.config.AMIName, }, &awscommon.StepModifyAMIAttributes{ - Description: b.config.AMIDescription, - Users: b.config.AMIUsers, - Groups: b.config.AMIGroups, - ProductCodes: b.config.AMIProductCodes, + Description: b.config.AMIDescription, + Users: b.config.AMIUsers, + Groups: b.config.AMIGroups, + ProductCodes: b.config.AMIProductCodes, + SnapshotUsers: b.config.SnapshotUsers, + SnapshotGroups: b.config.SnapshotGroups, }, &awscommon.StepCreateTags{ Tags: b.config.AMITags, diff --git a/builder/amazon/instance/builder.go b/builder/amazon/instance/builder.go index 6d67d6a5f..62644a2cd 100644 --- a/builder/amazon/instance/builder.go +++ b/builder/amazon/instance/builder.go @@ -259,10 +259,12 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe Name: b.config.AMIName, }, &awscommon.StepModifyAMIAttributes{ - Description: b.config.AMIDescription, - Users: b.config.AMIUsers, - Groups: b.config.AMIGroups, - ProductCodes: b.config.AMIProductCodes, + Description: b.config.AMIDescription, + Users: b.config.AMIUsers, + Groups: b.config.AMIGroups, + ProductCodes: b.config.AMIProductCodes, + SnapshotUsers: b.config.SnapshotUsers, + SnapshotGroups: b.config.SnapshotGroups, }, &awscommon.StepCreateTags{ Tags: b.config.AMITags, diff --git a/website/source/docs/builders/amazon-chroot.html.md b/website/source/docs/builders/amazon-chroot.html.md index 690dd8220..ec426c75a 100644 --- a/website/source/docs/builders/amazon-chroot.html.md +++ b/website/source/docs/builders/amazon-chroot.html.md @@ -207,6 +207,17 @@ each category, the available configuration keys are alphabetized. - `skip_region_validation` (boolean) - Set to true if you want to skip validation of the `ami_regions` configuration option. Default `false`. +- `snapshot_tags` (object of key/value strings) - Tags to apply to snapshot. + They will override AMI tags if already applied to snapshot. + +- `snapshot_groups` (array of strings) - A list of groups that have access to + create volumes from the snapshot(s). By default no groups have permission to create + volumes form the snapshot(s). `all` will make the snapshot publicly accessible. + +- `snapshot_users` (array of strings) - A list of account IDs that have access to + create volumes from the snapshot(s). By default no additional users other than the + user creating the AMI has permissions to create volumes from the backing snapshot(s). + - `source_ami_filter` (object) - Filters used to populate the `source_ami` field. Example: @@ -237,9 +248,6 @@ each category, the available configuration keys are alphabetized. - `most_recent` (bool) - Selects the newest created image when true. This is most useful for selecting a daily distro build. -- `snapshot_tags` (object of key/value strings) - Tags to apply to snapshot. - They will override AMI tags if already applied to snapshot. - - `tags` (object of key/value strings) - Tags applied to the AMI. ## Basic Example diff --git a/website/source/docs/builders/amazon-ebs-volume.html.md b/website/source/docs/builders/amazon-ebs-volume.html.md index aef2e4897..bf9d670ae 100644 --- a/website/source/docs/builders/amazon-ebs-volume.html.md +++ b/website/source/docs/builders/amazon-ebs-volume.html.md @@ -114,9 +114,21 @@ builder. described above. Note that if this is specified, you must omit the `security_group_id`. +- `shutdown_behaviour` (string) - Automatically terminate instances on shutdown + incase packer exits ungracefully. Possible values are "stop" and "terminate", + default is stop. + - `skip_region_validation` (boolean) - Set to true if you want to skip validation of the region configuration option. Defaults to false. +- `snapshot_groups` (array of strings) - A list of groups that have access to + create volumes from the snapshot(s). By default no groups have permission to create + volumes form the snapshot(s). `all` will make the snapshot publicly accessible. + +- `snapshot_users` (array of strings) - A list of account IDs that have access to + create volumes from the snapshot(s). By default no additional users other than the + user creating the AMI has permissions to create volumes from the backing snapshot(s). + - `source_ami_filter` (object) - Filters used to populate the `source_ami` field. Example: @@ -196,10 +208,6 @@ builder. - `windows_password_timeout` (string) - The timeout for waiting for a Windows password for Windows instances. Defaults to 20 minutes. Example value: "10m" -- `shutdown_behaviour` (string) - Automatically terminate instances on shutdown - incase packer exits ungracefully. Possible values are "stop" and "terminate", - default is stop. - ## Basic Example ``` diff --git a/website/source/docs/builders/amazon-ebs.html.md b/website/source/docs/builders/amazon-ebs.html.md index 00615e2eb..11850a2d5 100644 --- a/website/source/docs/builders/amazon-ebs.html.md +++ b/website/source/docs/builders/amazon-ebs.html.md @@ -190,9 +190,24 @@ builder. described above. Note that if this is specified, you must omit the `security_group_id`. +- `shutdown_behaviour` (string) - Automatically terminate instances on shutdown + incase packer exits ungracefully. Possible values are "stop" and "terminate", + default is stop. + - `skip_region_validation` (boolean) - Set to true if you want to skip validation of the region configuration option. Default `false`. +- `snapshot_groups` (array of strings) - A list of groups that have access to + create volumes from the snapshot(s). By default no groups have permission to create + volumes form the snapshot(s). `all` will make the snapshot publicly accessible. + +- `snapshot_users` (array of strings) - A list of account IDs that have access to + create volumes from the snapshot(s). By default no additional users other than the + user creating the AMI has permissions to create volumes from the backing snapshot(s). + +- `snapshot_tags` (object of key/value strings) - Tags to apply to snapshot. + They will override AMI tags if already applied to snapshot. + - `source_ami_filter` (object) - Filters used to populate the `source_ami` field. Example: @@ -223,9 +238,6 @@ builder. - `most_recent` (bool) - Selects the newest created image when true. This is most useful for selecting a daily distro build. -- `snapshot_tags` (object of key/value strings) - Tags to apply to snapshot. - They will override AMI tags if already applied to snapshot. - - `spot_price` (string) - The maximum hourly price to pay for a spot instance to create the AMI. Spot instances are a type of instance that EC2 starts when the current spot price is less than the maximum price you specify. Spot @@ -287,10 +299,6 @@ builder. - `windows_password_timeout` (string) - The timeout for waiting for a Windows password for Windows instances. Defaults to 20 minutes. Example value: "10m" -- `shutdown_behaviour` (string) - Automatically terminate instances on shutdown - incase packer exits ungracefully. Possible values are "stop" and "terminate", - default is stop. - ## Basic Example Here is a basic example. You will need to provide access keys, and may need to change the AMI IDs according to what images exist at the time the template is run: diff --git a/website/source/docs/builders/amazon-instance.html.md b/website/source/docs/builders/amazon-instance.html.md index b050cad81..41572af85 100644 --- a/website/source/docs/builders/amazon-instance.html.md +++ b/website/source/docs/builders/amazon-instance.html.md @@ -207,6 +207,14 @@ builder. - `skip_region_validation` (boolean) - Set to true if you want to skip validation of the region configuration option. Default `false`. +- `snapshot_groups` (array of strings) - A list of groups that have access to + create volumes from the snapshot(s). By default no groups have permission to create + volumes form the snapshot(s). `all` will make the snapshot publicly accessible. + +- `snapshot_users` (array of strings) - A list of account IDs that have access to + create volumes from the snapshot(s). By default no additional users other than the + user creating the AMI has permissions to create volumes from the backing snapshot(s). + - `source_ami_filter` (object) - Filters used to populate the `source_ami` field. Example: