Add access config to generated amazon ami data source (#10634)

This commit is contained in:
Sylvia Moss 2021-02-15 17:35:03 +01:00 committed by GitHub
parent 00fce3c46f
commit e0557f84e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 171 additions and 17 deletions

View File

@ -15,6 +15,7 @@ import (
"github.com/hashicorp/hcl/v2/hclwrite"
hcl2shim "github.com/hashicorp/packer-plugin-sdk/hcl2helper"
"github.com/hashicorp/packer-plugin-sdk/template"
awscommon "github.com/hashicorp/packer/builder/amazon/common"
"github.com/hashicorp/packer/packer"
"github.com/mitchellh/mapstructure"
"github.com/posener/complete"
@ -191,6 +192,9 @@ func (c *HCL2UpgradeCommand) RunContext(_ context.Context, cla *HCL2UpgradeArgs)
builders = append(builders, builder)
}
}
sort.Slice(builders, func(i, j int) bool {
return builders[i].Type+builders[i].Name < builders[j].Type+builders[j].Name
})
amazonAmiDatasource := &AmazonAmiDatasourceParser{
Builders: builders,
@ -201,10 +205,6 @@ func (c *HCL2UpgradeCommand) RunContext(_ context.Context, cla *HCL2UpgradeArgs)
return 1
}
sort.Slice(builders, func(i, j int) bool {
return builders[i].Type+builders[i].Name < builders[j].Type+builders[j].Name
})
sources := &SourceParser{
Builders: builders,
BuilderPlugins: c.Meta.CoreConfig.Components.PluginConfig.Builders,
@ -234,18 +234,16 @@ func (c *HCL2UpgradeCommand) RunContext(_ context.Context, cla *HCL2UpgradeArgs)
// Write file
out := &bytes.Buffer{}
blocks := map[int]BlockParser{
1: packerBlock,
2: variables,
3: amazonSecretsDatasource,
4: amazonAmiDatasource,
5: locals,
6: sources,
7: build,
}
for i := 1; i <= len(blocks); i++ {
blocks[i].Write(out)
for _, block := range []BlockParser{
packerBlock,
variables,
amazonSecretsDatasource,
amazonAmiDatasource,
locals,
sources,
build,
} {
block.Write(out)
}
if _, err := output.Write(hclwrite.Format(out.Bytes())); err != nil {
@ -778,10 +776,15 @@ func (p *AmazonAmiDatasourceParser) Parse(_ *template.Template) error {
return fmt.Errorf("Failed to write amazon-ami data source: %v", err)
}
sourceAmiFilterCfg, err := copyAWSAccessConfig(sourceAmiFilterCfg, builder.Config)
if err != nil {
return err
}
duplicate := false
dataSourceName := fmt.Sprintf("autogenerated_%d", i)
for j, filter := range amazonAmiFilters {
if reflect.DeepEqual(filter, sourceAmiFilter) {
if reflect.DeepEqual(filter, sourceAmiFilterCfg) {
duplicate = true
dataSourceName = fmt.Sprintf("autogenerated_%d", j+1)
continue
@ -815,6 +818,23 @@ func (p *AmazonAmiDatasourceParser) Parse(_ *template.Template) error {
return nil
}
func copyAWSAccessConfig(sourceAmi map[string]interface{}, builder map[string]interface{}) (map[string]interface{}, error) {
// Transform access config to a map
accessConfigMap := map[string]interface{}{}
if err := mapstructure.Decode(awscommon.AccessConfig{}, &accessConfigMap); err != nil {
return sourceAmi, err
}
for k := range accessConfigMap {
// Copy only access config present in the builder
if v, ok := builder[k]; ok {
sourceAmi[k] = v
}
}
return sourceAmi, nil
}
func (p *AmazonAmiDatasourceParser) Write(out *bytes.Buffer) {
if len(p.out) > 0 {
if p.WithAnnotations {

View File

@ -25,6 +25,7 @@ func Test_hcl2_upgrade(t *testing.T) {
{folder: "minimal", flags: []string{"-with-annotations"}},
{folder: "source-name", flags: []string{"-with-annotations"}},
{folder: "error-cleanup-provisioner", flags: []string{"-with-annotations"}},
{folder: "aws-access-config", flags: []string{}},
}
for _, tc := range tc {

View File

@ -0,0 +1,72 @@
packer {
required_version = ">= 1.6.0"
}
variable "aws_access_key" {
type = string
default = ""
sensitive = true
}
variable "aws_region" {
type = string
}
variable "aws_secret_key" {
type = string
default = ""
sensitive = true
}
data "amazon-ami" "autogenerated_1" {
access_key = "NJDBFASJDbsajhbda5487"
filters = {
name = "ubuntu/images/*/ubuntu-xenial-16.04-amd64-server-*"
root-device-type = "ebs"
virtualization-type = "hvm"
}
most_recent = true
owners = ["099720109477"]
region = "us-west-2"
secret_key = "ASEfewdsfAWASTT51874"
}
data "amazon-ami" "autogenerated_2" {
access_key = "${var.aws_access_key}"
filters = {
name = "ubuntu/images/*/ubuntu-xenial-16.04-amd64-server-*"
root-device-type = "ebs"
virtualization-type = "hvm"
}
most_recent = true
owners = ["099720109477"]
region = "${var.aws_region}"
secret_key = "${var.aws_secret_key}"
}
locals { timestamp = regex_replace(timestamp(), "[- TZ:]", "") }
source "amazon-ebs" "autogenerated_1" {
access_key = "NJDBFASJDbsajhbda5487"
ami_name = "ubuntu-16-04-test-${local.timestamp}"
region = "us-west-2"
secret_key = "ASEfewdsfAWASTT51874"
source_ami = "${data.amazon-ami.autogenerated_1.id}"
ssh_interface = "session_manager"
ssh_username = "ubuntu"
}
source "amazon-ebs" "named_builder" {
access_key = "${var.aws_access_key}"
ami_name = "ubuntu-16-04-test-${local.timestamp}"
region = "${var.aws_region}"
secret_key = "${var.aws_secret_key}"
source_ami = "${data.amazon-ami.autogenerated_2.id}"
ssh_interface = "session_manager"
ssh_username = "ubuntu"
}
build {
sources = ["source.amazon-ebs.autogenerated_1", "source.amazon-ebs.named_builder"]
}

View File

@ -0,0 +1,55 @@
{
"min_packer_version": "1.6.0",
"variables": {
"aws_region": null,
"aws_secret_key": "",
"aws_access_key": ""
},
"sensitive-variables": [
"aws_secret_key",
"aws_access_key"
],
"builders": [
{
"type": "amazon-ebs",
"region": "us-west-2",
"secret_key": "ASEfewdsfAWASTT51874",
"access_key": "NJDBFASJDbsajhbda5487",
"ami_name": "ubuntu-16-04-test-{{ timestamp }}",
"source_ami_filter": {
"filters": {
"virtualization-type": "hvm",
"name": "ubuntu/images/*/ubuntu-xenial-16.04-amd64-server-*",
"root-device-type": "ebs"
},
"owners": [
"099720109477"
],
"most_recent": true
},
"ssh_username": "ubuntu",
"ssh_interface": "session_manager"
},
{
"type": "amazon-ebs",
"name": "named_builder",
"region": "{{ user `aws_region` }}",
"secret_key": "{{ user `aws_secret_key` }}",
"access_key": "{{ user `aws_access_key` }}",
"ami_name": "ubuntu-16-04-test-{{ timestamp }}",
"source_ami_filter": {
"filters": {
"virtualization-type": "hvm",
"name": "ubuntu/images/*/ubuntu-xenial-16.04-amd64-server-*",
"root-device-type": "ebs"
},
"owners": [
"099720109477"
],
"most_recent": true
},
"ssh_username": "ubuntu",
"ssh_interface": "session_manager"
}
]
}

View File

@ -78,6 +78,7 @@ data "amazon-secretsmanager" "autogenerated_4" {
# Read the documentation for the Amazon AMI Data Source here:
# https://www.packer.io/docs/datasources/amazon/ami
data "amazon-ami" "autogenerated_1" {
access_key = "${var.aws_access_key}"
filters = {
name = "ubuntu/images/*/ubuntu-xenial-16.04-amd64-server-*"
root-device-type = "ebs"
@ -85,6 +86,8 @@ data "amazon-ami" "autogenerated_1" {
}
most_recent = true
owners = ["099720109477"]
region = "${var.aws_region}"
secret_key = "${var.aws_secret_key}"
}
# "timestamp" template function replacement

View File

@ -48,6 +48,7 @@ data "amazon-secretsmanager" "autogenerated_4" {
}
data "amazon-ami" "autogenerated_1" {
access_key = "${var.aws_access_key}"
filters = {
name = "ubuntu/images/*/ubuntu-xenial-16.04-amd64-server-*"
root-device-type = "ebs"
@ -55,6 +56,8 @@ data "amazon-ami" "autogenerated_1" {
}
most_recent = true
owners = ["099720109477"]
region = "${var.aws_region}"
secret_key = "${var.aws_secret_key}"
}
locals { timestamp = regex_replace(timestamp(), "[- TZ:]", "") }