amazon: Added snapshot_users and snapshot_groups

This commit is contained in:
Rickard von Essen 2016-12-02 09:49:21 +01:00
parent 46f217f255
commit c3a352955e
9 changed files with 97 additions and 43 deletions

View File

@ -261,6 +261,8 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
Users: b.config.AMIUsers,
Groups: b.config.AMIGroups,
ProductCodes: b.config.AMIProductCodes,
SnapshotUsers: b.config.SnapshotUsers,
SnapshotGroups: b.config.SnapshotGroups,
},
&awscommon.StepCreateTags{
Tags: b.config.AMITags,

View File

@ -23,6 +23,8 @@ type AMIConfig struct {
AMIEncryptBootVolume bool `mapstructure:"encrypt_boot"`
AMIKmsKeyId string `mapstructure:"kms_key_id"`
SnapshotTags map[string]string `mapstructure:"snapshot_tags"`
SnapshotUsers []string `mapstructure:"snapshot_users"`
SnapshotGroups []string `mapstructure:"snapshot_groups"`
}
func (c *AMIConfig) Prepare(ctx *interpolate.Context) []error {

View File

@ -13,6 +13,8 @@ import (
type StepModifyAMIAttributes struct {
Users []string
Groups []string
SnapshotUsers []string
SnapshotGroups []string
ProductCodes []string
Description string
}
@ -29,6 +31,8 @@ func (s *StepModifyAMIAttributes) Run(state multistep.StateBag) multistep.StepAc
valid = valid || (s.Users != nil && len(s.Users) > 0)
valid = valid || (s.Groups != nil && len(s.Groups) > 0)
valid = valid || (s.ProductCodes != nil && len(s.ProductCodes) > 0)
valid = valid || (s.SnapshotUsers != nil && len(s.SnapshotUsers) > 0)
valid = valid || (s.SnapshotGroups != nil && len(s.SnapshotGroups) > 0)
if !valid {
return multistep.ActionContinue
@ -47,32 +51,35 @@ func (s *StepModifyAMIAttributes) Run(state multistep.StateBag) multistep.StepAc
if len(s.Groups) > 0 {
groups := make([]*string, len(s.Groups))
addsImage := make([]*ec2.LaunchPermission, len(s.Groups))
addGroups := &ec2.ModifyImageAttributeInput{
LaunchPermission: &ec2.LaunchPermissionModifications{},
}
addsSnapshot := make([]*ec2.CreateVolumePermission, len(s.Groups))
addSnapshotGroups := &ec2.ModifySnapshotAttributeInput{
CreateVolumePermission: &ec2.CreateVolumePermissionModifications{},
}
for i, g := range s.Groups {
groups[i] = aws.String(g)
addsImage[i] = &ec2.LaunchPermission{
Group: aws.String(g),
}
}
addGroups.UserGroups = groups
options["groups"] = addGroups
}
if len(s.SnapshotGroups) > 0 {
groups := make([]*string, len(s.SnapshotGroups))
addsSnapshot := make([]*ec2.CreateVolumePermission, len(s.SnapshotGroups))
addSnapshotGroups := &ec2.ModifySnapshotAttributeInput{
CreateVolumePermission: &ec2.CreateVolumePermissionModifications{},
}
for i, g := range s.SnapshotGroups {
groups[i] = aws.String(g)
addsSnapshot[i] = &ec2.CreateVolumePermission{
Group: aws.String(g),
}
}
addGroups.UserGroups = groups
addGroups.LaunchPermission.Add = addsImage
options["groups"] = addGroups
addSnapshotGroups.GroupNames = groups
addSnapshotGroups.CreateVolumePermission.Add = addsSnapshot
snapshotOptions["groups"] = addSnapshotGroups
@ -81,11 +88,9 @@ func (s *StepModifyAMIAttributes) Run(state multistep.StateBag) multistep.StepAc
if len(s.Users) > 0 {
users := make([]*string, len(s.Users))
addsImage := make([]*ec2.LaunchPermission, len(s.Users))
addsSnapshot := make([]*ec2.CreateVolumePermission, len(s.Users))
for i, u := range s.Users {
users[i] = aws.String(u)
addsImage[i] = &ec2.LaunchPermission{UserId: aws.String(u)}
addsSnapshot[i] = &ec2.CreateVolumePermission{UserId: aws.String(u)}
}
options["users"] = &ec2.ModifyImageAttributeInput{
@ -94,6 +99,15 @@ func (s *StepModifyAMIAttributes) Run(state multistep.StateBag) multistep.StepAc
Add: addsImage,
},
}
}
if len(s.SnapshotUsers) > 0 {
users := make([]*string, len(s.SnapshotUsers))
addsSnapshot := make([]*ec2.CreateVolumePermission, len(s.SnapshotUsers))
for i, u := range s.SnapshotUsers {
users[i] = aws.String(u)
addsSnapshot[i] = &ec2.CreateVolumePermission{UserId: aws.String(u)}
}
snapshotOptions["users"] = &ec2.ModifySnapshotAttributeInput{
UserIds: users,

View File

@ -182,6 +182,8 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
Users: b.config.AMIUsers,
Groups: b.config.AMIGroups,
ProductCodes: b.config.AMIProductCodes,
SnapshotUsers: b.config.SnapshotUsers,
SnapshotGroups: b.config.SnapshotGroups,
},
&awscommon.StepCreateTags{
Tags: b.config.AMITags,

View File

@ -263,6 +263,8 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
Users: b.config.AMIUsers,
Groups: b.config.AMIGroups,
ProductCodes: b.config.AMIProductCodes,
SnapshotUsers: b.config.SnapshotUsers,
SnapshotGroups: b.config.SnapshotGroups,
},
&awscommon.StepCreateTags{
Tags: b.config.AMITags,

View File

@ -207,6 +207,17 @@ each category, the available configuration keys are alphabetized.
- `skip_region_validation` (boolean) - Set to true if you want to skip
validation of the `ami_regions` configuration option. Default `false`.
- `snapshot_tags` (object of key/value strings) - Tags to apply to snapshot.
They will override AMI tags if already applied to snapshot.
- `snapshot_groups` (array of strings) - A list of groups that have access to
create volumes from the snapshot(s). By default no groups have permission to create
volumes form the snapshot(s). `all` will make the snapshot publicly accessible.
- `snapshot_users` (array of strings) - A list of account IDs that have access to
create volumes from the snapshot(s). By default no additional users other than the
user creating the AMI has permissions to create volumes from the backing snapshot(s).
- `source_ami_filter` (object) - Filters used to populate the `source_ami` field.
Example:
@ -237,9 +248,6 @@ each category, the available configuration keys are alphabetized.
- `most_recent` (bool) - Selects the newest created image when true.
This is most useful for selecting a daily distro build.
- `snapshot_tags` (object of key/value strings) - Tags to apply to snapshot.
They will override AMI tags if already applied to snapshot.
- `tags` (object of key/value strings) - Tags applied to the AMI.
## Basic Example

View File

@ -114,9 +114,21 @@ builder.
described above. Note that if this is specified, you must omit the
`security_group_id`.
- `shutdown_behaviour` (string) - Automatically terminate instances on shutdown
incase packer exits ungracefully. Possible values are "stop" and "terminate",
default is stop.
- `skip_region_validation` (boolean) - Set to true if you want to skip
validation of the region configuration option. Defaults to false.
- `snapshot_groups` (array of strings) - A list of groups that have access to
create volumes from the snapshot(s). By default no groups have permission to create
volumes form the snapshot(s). `all` will make the snapshot publicly accessible.
- `snapshot_users` (array of strings) - A list of account IDs that have access to
create volumes from the snapshot(s). By default no additional users other than the
user creating the AMI has permissions to create volumes from the backing snapshot(s).
- `source_ami_filter` (object) - Filters used to populate the `source_ami` field.
Example:
@ -196,10 +208,6 @@ builder.
- `windows_password_timeout` (string) - The timeout for waiting for a Windows
password for Windows instances. Defaults to 20 minutes. Example value: "10m"
- `shutdown_behaviour` (string) - Automatically terminate instances on shutdown
incase packer exits ungracefully. Possible values are "stop" and "terminate",
default is stop.
## Basic Example
```

View File

@ -190,9 +190,24 @@ builder.
described above. Note that if this is specified, you must omit the
`security_group_id`.
- `shutdown_behaviour` (string) - Automatically terminate instances on shutdown
incase packer exits ungracefully. Possible values are "stop" and "terminate",
default is stop.
- `skip_region_validation` (boolean) - Set to true if you want to skip
validation of the region configuration option. Default `false`.
- `snapshot_groups` (array of strings) - A list of groups that have access to
create volumes from the snapshot(s). By default no groups have permission to create
volumes form the snapshot(s). `all` will make the snapshot publicly accessible.
- `snapshot_users` (array of strings) - A list of account IDs that have access to
create volumes from the snapshot(s). By default no additional users other than the
user creating the AMI has permissions to create volumes from the backing snapshot(s).
- `snapshot_tags` (object of key/value strings) - Tags to apply to snapshot.
They will override AMI tags if already applied to snapshot.
- `source_ami_filter` (object) - Filters used to populate the `source_ami` field.
Example:
@ -223,9 +238,6 @@ builder.
- `most_recent` (bool) - Selects the newest created image when true.
This is most useful for selecting a daily distro build.
- `snapshot_tags` (object of key/value strings) - Tags to apply to snapshot.
They will override AMI tags if already applied to snapshot.
- `spot_price` (string) - The maximum hourly price to pay for a spot instance
to create the AMI. Spot instances are a type of instance that EC2 starts
when the current spot price is less than the maximum price you specify. Spot
@ -287,10 +299,6 @@ builder.
- `windows_password_timeout` (string) - The timeout for waiting for a Windows
password for Windows instances. Defaults to 20 minutes. Example value: "10m"
- `shutdown_behaviour` (string) - Automatically terminate instances on shutdown
incase packer exits ungracefully. Possible values are "stop" and "terminate",
default is stop.
## Basic Example
Here is a basic example. You will need to provide access keys, and may need to change the AMI IDs according to what images exist at the time the template is run:

View File

@ -207,6 +207,14 @@ builder.
- `skip_region_validation` (boolean) - Set to true if you want to skip
validation of the region configuration option. Default `false`.
- `snapshot_groups` (array of strings) - A list of groups that have access to
create volumes from the snapshot(s). By default no groups have permission to create
volumes form the snapshot(s). `all` will make the snapshot publicly accessible.
- `snapshot_users` (array of strings) - A list of account IDs that have access to
create volumes from the snapshot(s). By default no additional users other than the
user creating the AMI has permissions to create volumes from the backing snapshot(s).
- `source_ami_filter` (object) - Filters used to populate the `source_ami` field.
Example: