Add access config to generated amazon ami data source (#10634)

2021-02-15 17:35:03 +01:00 · 2021-02-15 17:35:03 +01:00 · e0557f84e9
parent 00fce3c46f
commit e0557f84e9
6 changed files with 171 additions and 17 deletions
--- a/command/hcl2_upgrade.go
+++ b/command/hcl2_upgrade.go
@ -15,6 +15,7 @@ import (
 	"github.com/hashicorp/hcl/v2/hclwrite"
 	hcl2shim "github.com/hashicorp/packer-plugin-sdk/hcl2helper"
 	"github.com/hashicorp/packer-plugin-sdk/template"
+	awscommon "github.com/hashicorp/packer/builder/amazon/common"
 	"github.com/hashicorp/packer/packer"
 	"github.com/mitchellh/mapstructure"
 	"github.com/posener/complete"
@ -191,6 +192,9 @@ func (c *HCL2UpgradeCommand) RunContext(_ context.Context, cla *HCL2UpgradeArgs)
 			builders = append(builders, builder)
 		}
 	}
+	sort.Slice(builders, func(i, j int) bool {
+		return builders[i].Type+builders[i].Name < builders[j].Type+builders[j].Name
+	})

 	amazonAmiDatasource := &AmazonAmiDatasourceParser{
 		Builders:        builders,
@ -201,10 +205,6 @@ func (c *HCL2UpgradeCommand) RunContext(_ context.Context, cla *HCL2UpgradeArgs)
 		return 1
 	}

-	sort.Slice(builders, func(i, j int) bool {
-		return builders[i].Type+builders[i].Name < builders[j].Type+builders[j].Name
-	})
-
 	sources := &SourceParser{
 		Builders:        builders,
 		BuilderPlugins:  c.Meta.CoreConfig.Components.PluginConfig.Builders,
@ -234,18 +234,16 @@ func (c *HCL2UpgradeCommand) RunContext(_ context.Context, cla *HCL2UpgradeArgs)

 	// Write file
 	out := &bytes.Buffer{}
-
-	blocks := map[int]BlockParser{
-		1: packerBlock,
-		2: variables,
-		3: amazonSecretsDatasource,
-		4: amazonAmiDatasource,
-		5: locals,
-		6: sources,
-		7: build,
-	}
-	for i := 1; i <= len(blocks); i++ {
-		blocks[i].Write(out)
+	for _, block := range []BlockParser{
+		packerBlock,
+		variables,
+		amazonSecretsDatasource,
+		amazonAmiDatasource,
+		locals,
+		sources,
+		build,
+	} {
+		block.Write(out)
 	}

 	if _, err := output.Write(hclwrite.Format(out.Bytes())); err != nil {
@ -778,10 +776,15 @@ func (p *AmazonAmiDatasourceParser) Parse(_ *template.Template) error {
 					return fmt.Errorf("Failed to write amazon-ami data source: %v", err)
 				}

+				sourceAmiFilterCfg, err := copyAWSAccessConfig(sourceAmiFilterCfg, builder.Config)
+				if err != nil {
+					return err
+				}
+
 				duplicate := false
 				dataSourceName := fmt.Sprintf("autogenerated_%d", i)
 				for j, filter := range amazonAmiFilters {
-					if reflect.DeepEqual(filter, sourceAmiFilter) {
+					if reflect.DeepEqual(filter, sourceAmiFilterCfg) {
 						duplicate = true
 						dataSourceName = fmt.Sprintf("autogenerated_%d", j+1)
 						continue
@ -815,6 +818,23 @@ func (p *AmazonAmiDatasourceParser) Parse(_ *template.Template) error {
 	return nil
 }

+func copyAWSAccessConfig(sourceAmi map[string]interface{}, builder map[string]interface{}) (map[string]interface{}, error) {
+	// Transform access config to a map
+	accessConfigMap := map[string]interface{}{}
+	if err := mapstructure.Decode(awscommon.AccessConfig{}, &accessConfigMap); err != nil {
+		return sourceAmi, err
+	}
+
+	for k := range accessConfigMap {
+		// Copy only access config present in the builder
+		if v, ok := builder[k]; ok {
+			sourceAmi[k] = v
+		}
+	}
+
+	return sourceAmi, nil
+}
+
 func (p *AmazonAmiDatasourceParser) Write(out *bytes.Buffer) {
 	if len(p.out) > 0 {
 		if p.WithAnnotations {
--- a/command/hcl2_upgrade_test.go
+++ b/command/hcl2_upgrade_test.go
@ -25,6 +25,7 @@ func Test_hcl2_upgrade(t *testing.T) {
 		{folder: "minimal", flags: []string{"-with-annotations"}},
 		{folder: "source-name", flags: []string{"-with-annotations"}},
 		{folder: "error-cleanup-provisioner", flags: []string{"-with-annotations"}},
+		{folder: "aws-access-config", flags: []string{}},
 	}

 	for _, tc := range tc {
--- a/command/test-fixtures/hcl2_upgrade/aws-access-config/expected.pkr.hcl
+++ b/command/test-fixtures/hcl2_upgrade/aws-access-config/expected.pkr.hcl
@ -0,0 +1,72 @@
+packer {
+  required_version = ">= 1.6.0"
+}
+
+variable "aws_access_key" {
+  type      = string
+  default   = ""
+  sensitive = true
+}
+
+variable "aws_region" {
+  type = string
+}
+
+variable "aws_secret_key" {
+  type      = string
+  default   = ""
+  sensitive = true
+}
+
+data "amazon-ami" "autogenerated_1" {
+  access_key = "NJDBFASJDbsajhbda5487"
+  filters = {
+    name                = "ubuntu/images/*/ubuntu-xenial-16.04-amd64-server-*"
+    root-device-type    = "ebs"
+    virtualization-type = "hvm"
+  }
+  most_recent = true
+  owners      = ["099720109477"]
+  region      = "us-west-2"
+  secret_key  = "ASEfewdsfAWASTT51874"
+}
+
+data "amazon-ami" "autogenerated_2" {
+  access_key = "${var.aws_access_key}"
+  filters = {
+    name                = "ubuntu/images/*/ubuntu-xenial-16.04-amd64-server-*"
+    root-device-type    = "ebs"
+    virtualization-type = "hvm"
+  }
+  most_recent = true
+  owners      = ["099720109477"]
+  region      = "${var.aws_region}"
+  secret_key  = "${var.aws_secret_key}"
+}
+
+locals { timestamp = regex_replace(timestamp(), "[- TZ:]", "") }
+
+source "amazon-ebs" "autogenerated_1" {
+  access_key    = "NJDBFASJDbsajhbda5487"
+  ami_name      = "ubuntu-16-04-test-${local.timestamp}"
+  region        = "us-west-2"
+  secret_key    = "ASEfewdsfAWASTT51874"
+  source_ami    = "${data.amazon-ami.autogenerated_1.id}"
+  ssh_interface = "session_manager"
+  ssh_username  = "ubuntu"
+}
+
+source "amazon-ebs" "named_builder" {
+  access_key    = "${var.aws_access_key}"
+  ami_name      = "ubuntu-16-04-test-${local.timestamp}"
+  region        = "${var.aws_region}"
+  secret_key    = "${var.aws_secret_key}"
+  source_ami    = "${data.amazon-ami.autogenerated_2.id}"
+  ssh_interface = "session_manager"
+  ssh_username  = "ubuntu"
+}
+
+build {
+  sources = ["source.amazon-ebs.autogenerated_1", "source.amazon-ebs.named_builder"]
+
+}
--- a/command/test-fixtures/hcl2_upgrade/aws-access-config/input.json
+++ b/command/test-fixtures/hcl2_upgrade/aws-access-config/input.json
@ -0,0 +1,55 @@
+{
+    "min_packer_version": "1.6.0",
+    "variables": {
+        "aws_region": null,
+        "aws_secret_key": "",
+        "aws_access_key": ""
+    },
+    "sensitive-variables": [
+        "aws_secret_key",
+        "aws_access_key"
+    ],
+    "builders": [
+        {
+            "type": "amazon-ebs",
+            "region": "us-west-2",
+            "secret_key": "ASEfewdsfAWASTT51874",
+            "access_key": "NJDBFASJDbsajhbda5487",
+            "ami_name": "ubuntu-16-04-test-{{ timestamp }}",
+            "source_ami_filter": {
+                "filters": {
+                    "virtualization-type": "hvm",
+                    "name": "ubuntu/images/*/ubuntu-xenial-16.04-amd64-server-*",
+                    "root-device-type": "ebs"
+                },
+                "owners": [
+                    "099720109477"
+                ],
+                "most_recent": true
+            },
+            "ssh_username": "ubuntu",
+            "ssh_interface": "session_manager"
+        },
+        {
+            "type": "amazon-ebs",
+            "name": "named_builder",
+            "region": "{{ user `aws_region` }}",
+            "secret_key": "{{ user `aws_secret_key` }}",
+            "access_key": "{{ user `aws_access_key` }}",
+            "ami_name": "ubuntu-16-04-test-{{ timestamp }}",
+            "source_ami_filter": {
+                "filters": {
+                    "virtualization-type": "hvm",
+                    "name": "ubuntu/images/*/ubuntu-xenial-16.04-amd64-server-*",
+                    "root-device-type": "ebs"
+                },
+                "owners": [
+                    "099720109477"
+                ],
+                "most_recent": true
+            },
+            "ssh_username": "ubuntu",
+            "ssh_interface": "session_manager"
+        }
+    ]
+}
--- a/command/test-fixtures/hcl2_upgrade/complete/expected.pkr.hcl
+++ b/command/test-fixtures/hcl2_upgrade/complete/expected.pkr.hcl
@ -78,6 +78,7 @@ data "amazon-secretsmanager" "autogenerated_4" {
 # Read the documentation for the Amazon AMI Data Source here:
 # https://www.packer.io/docs/datasources/amazon/ami
 data "amazon-ami" "autogenerated_1" {
+  access_key = "${var.aws_access_key}"
  filters = {
    name                = "ubuntu/images/*/ubuntu-xenial-16.04-amd64-server-*"
    root-device-type    = "ebs"
@ -85,6 +86,8 @@ data "amazon-ami" "autogenerated_1" {
  }
  most_recent = true
  owners      = ["099720109477"]
+  region      = "${var.aws_region}"
+  secret_key  = "${var.aws_secret_key}"
 }

 # "timestamp" template function replacement
--- a/command/test-fixtures/hcl2_upgrade/without-annotations/expected.pkr.hcl
+++ b/command/test-fixtures/hcl2_upgrade/without-annotations/expected.pkr.hcl
@ -48,6 +48,7 @@ data "amazon-secretsmanager" "autogenerated_4" {
 }

 data "amazon-ami" "autogenerated_1" {
+  access_key = "${var.aws_access_key}"
  filters = {
    name                = "ubuntu/images/*/ubuntu-xenial-16.04-amd64-server-*"
    root-device-type    = "ebs"
@ -55,6 +56,8 @@ data "amazon-ami" "autogenerated_1" {
  }
  most_recent = true
  owners      = ["099720109477"]
+  region      = "${var.aws_region}"
+  secret_key  = "${var.aws_secret_key}"
 }

 locals { timestamp = regex_replace(timestamp(), "[- TZ:]", "") }