diff --git a/builder/amazon/chroot/builder.go b/builder/amazon/chroot/builder.go index d91a40ed4..0de726de0 100644 --- a/builder/amazon/chroot/builder.go +++ b/builder/amazon/chroot/builder.go @@ -31,99 +31,139 @@ type Config struct { awscommon.AMIConfig `mapstructure:",squash"` awscommon.AccessConfig `mapstructure:",squash"` // This is a list of devices to - // mount into the chroot environment. This configuration parameter requires - // some additional documentation which is in the Chroot - // Mounts section. Please read that section for more - // information on how to use this. - ChrootMounts [][]string `mapstructure:"chroot_mounts" required:"false"` + // mount into the chroot environment. This configuration parameter requires + // some additional documentation which is in the Chroot + // Mounts section. Please read that section for more + // information on how to use this. + ChrootMounts [][]string `mapstructure:"chroot_mounts" required:"false"` // How to run shell commands. This defaults to - // {{.Command}}. This may be useful to set if you want to set environmental - // variables or perhaps run it with sudo or so on. This is a configuration - // template where the .Command variable is replaced with the command to be - // run. Defaults to {{.Command}}. - CommandWrapper string `mapstructure:"command_wrapper" required:"false"` + // {{.Command}}. This may be useful to set if you want to set environmental + // variables or perhaps run it with sudo or so on. This is a configuration + // template where the .Command variable is replaced with the command to be + // run. Defaults to {{.Command}}. + CommandWrapper string `mapstructure:"command_wrapper" required:"false"` // Paths to files on the running EC2 - // instance that will be copied into the chroot environment prior to - // provisioning. Defaults to /etc/resolv.conf so that DNS lookups work. Pass - // an empty list to skip copying /etc/resolv.conf. You may need to do this - // if you're building an image that uses systemd. - CopyFiles []string `mapstructure:"copy_files" required:"false"` + // instance that will be copied into the chroot environment prior to + // provisioning. Defaults to /etc/resolv.conf so that DNS lookups work. Pass + // an empty list to skip copying /etc/resolv.conf. You may need to do this + // if you're building an image that uses systemd. + CopyFiles []string `mapstructure:"copy_files" required:"false"` // The path to the device where the root volume of - // the source AMI will be attached. This defaults to "" (empty string), which - // forces Packer to find an open device automatically. - DevicePath string `mapstructure:"device_path" required:"false"` + // the source AMI will be attached. This defaults to "" (empty string), which + // forces Packer to find an open device automatically. + DevicePath string `mapstructure:"device_path" required:"false"` // When we call the mount command (by default - // mount -o device dir), the string provided in nvme_mount_path will - // replace device in that command. When this option is not set, device in - // that command will be something like /dev/sdf1, mirroring the attached - // device name. This assumption works for most instances but will fail with c5 - // and m5 instances. In order to use the chroot builder with c5 and m5 - // instances, you must manually set nvme_device_path and device_path. - NVMEDevicePath string `mapstructure:"nvme_device_path" required:"false"` + // mount -o device dir), the string provided in nvme_mount_path will + // replace device in that command. When this option is not set, device in + // that command will be something like /dev/sdf1, mirroring the attached + // device name. This assumption works for most instances but will fail with c5 + // and m5 instances. In order to use the chroot builder with c5 and m5 + // instances, you must manually set nvme_device_path and device_path. + NVMEDevicePath string `mapstructure:"nvme_device_path" required:"false"` // Build a new volume instead of starting from an - // existing AMI root volume snapshot. Default false. If true, source_ami - // is no longer used and the following options become required: - // ami_virtualization_type, pre_mount_commands and root_volume_size. The - // below options are also required in this mode only: - FromScratch bool `mapstructure:"from_scratch" required:"false"` + // existing AMI root volume snapshot. Default false. If true, source_ami + // is no longer used and the following options become required: + // ami_virtualization_type, pre_mount_commands and root_volume_size. The + // below options are also required in this mode only: + FromScratch bool `mapstructure:"from_scratch" required:"false"` // Options to supply the mount command - // when mounting devices. Each option will be prefixed with -o and supplied - // to the mount command ran by Packer. Because this command is ran in a - // shell, user discretion is advised. See this manual page for the mount - // command for valid file - // system specific options. - MountOptions []string `mapstructure:"mount_options" required:"false"` + // when mounting devices. Each option will be prefixed with -o and supplied + // to the mount command ran by Packer. Because this command is ran in a + // shell, user discretion is advised. See this manual page for the mount + // command for valid file + // system specific options. + MountOptions []string `mapstructure:"mount_options" required:"false"` // The partition number containing the / - // partition. By default this is the first partition of the volume, (for - // example, xvda1) but you can designate the entire block device by setting - // "mount_partition": "0" in your config, which will mount xvda instead. - MountPartition string `mapstructure:"mount_partition" required:"false"` + // partition. By default this is the first partition of the volume, (for + // example, xvda1) but you can designate the entire block device by setting + // "mount_partition": "0" in your config, which will mount xvda instead. + MountPartition string `mapstructure:"mount_partition" required:"false"` // The path where the volume will be mounted. This is - // where the chroot environment will be. This defaults to - // /mnt/packer-amazon-chroot-volumes/{{.Device}}. This is a configuration - // template where the .Device variable is replaced with the name of the - // device where the volume is attached. - MountPath string `mapstructure:"mount_path" required:"false"` + // where the chroot environment will be. This defaults to + // /mnt/packer-amazon-chroot-volumes/{{.Device}}. This is a configuration + // template where the .Device variable is replaced with the name of the + // device where the volume is attached. + MountPath string `mapstructure:"mount_path" required:"false"` // As pre_mount_commands, but the - // commands are executed after mounting the root device and before the extra - // mount and copy steps. The device and mount path are provided by - // {{.Device}} and {{.MountPath}}. - PostMountCommands []string `mapstructure:"post_mount_commands" required:"false"` + // commands are executed after mounting the root device and before the extra + // mount and copy steps. The device and mount path are provided by + // {{.Device}} and {{.MountPath}}. + PostMountCommands []string `mapstructure:"post_mount_commands" required:"false"` // A series of commands to execute - // after attaching the root volume and before mounting the chroot. This is not - // required unless using from_scratch. If so, this should include any - // partitioning and filesystem creation commands. The path to the device is - // provided by {{.Device}}. - PreMountCommands []string `mapstructure:"pre_mount_commands" required:"false"` + // after attaching the root volume and before mounting the chroot. This is not + // required unless using from_scratch. If so, this should include any + // partitioning and filesystem creation commands. The path to the device is + // provided by {{.Device}}. + PreMountCommands []string `mapstructure:"pre_mount_commands" required:"false"` // The root device name. For example, xvda. - RootDeviceName string `mapstructure:"root_device_name" required:"false"` + RootDeviceName string `mapstructure:"root_device_name" required:"false"` // The size of the root volume in GB for the - // chroot environment and the resulting AMI. Default size is the snapshot size - // of the source_ami unless from_scratch is true, in which case this - // field must be defined. - RootVolumeSize int64 `mapstructure:"root_volume_size" required:"false"` + // chroot environment and the resulting AMI. Default size is the snapshot size + // of the source_ami unless from_scratch is true, in which case this + // field must be defined. + RootVolumeSize int64 `mapstructure:"root_volume_size" required:"false"` // The type of EBS volume for the chroot - // environment and resulting AMI. The default value is the type of the - // source_ami, unless from_scratch is true, in which case the default - // value is gp2. You can only specify io1 if building based on top of a - // source_ami which is also io1. - RootVolumeType string `mapstructure:"root_volume_type" required:"false"` + // environment and resulting AMI. The default value is the type of the + // source_ami, unless from_scratch is true, in which case the default + // value is gp2. You can only specify io1 if building based on top of a + // source_ami which is also io1. + RootVolumeType string `mapstructure:"root_volume_type" required:"false"` // The source AMI whose root volume will be copied and - // provisioned on the currently running instance. This must be an EBS-backed - // AMI with a root volume snapshot that you have access to. Note: this is not - // used when from_scratch is set to true. - SourceAmi string `mapstructure:"source_ami" required:"true"` + // provisioned on the currently running instance. This must be an EBS-backed + // AMI with a root volume snapshot that you have access to. Note: this is not + // used when from_scratch is set to true. + SourceAmi string `mapstructure:"source_ami" required:"true"` // Filters used to populate the source_ami - // field. Example: - SourceAmiFilter awscommon.AmiFilterOptions `mapstructure:"source_ami_filter" required:"false"` + // field. Example: + // + // + // ``` json + // { + // "source_ami_filter": { + // "filters": { + // "virtualization-type": "hvm", + // "name": "ubuntu/images/*ubuntu-xenial-16.04-amd64-server-*", + // "root-device-type": "ebs" + // }, + // "owners": ["099720109477"], + // "most_recent": true + // } + // } + // ``` + // + // This selects the most recent Ubuntu 16.04 HVM EBS AMI from Canonical. NOTE: + // This will fail unless *exactly* one AMI is returned. In the above example, + // `most_recent` will cause this to succeed by selecting the newest image. + // + // - `filters` (map of strings) - filters used to select a `source_ami`. + // NOTE: This will fail unless *exactly* one AMI is returned. Any filter + // described in the docs for + // [DescribeImages](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html) + // is valid. + // + // - `owners` (array of strings) - Filters the images by their owner. You + // may specify one or more AWS account IDs, "self" (which will use the + // account whose credentials you are using to run Packer), or an AWS owner + // alias: for example, "amazon", "aws-marketplace", or "microsoft". This + // option is required for security reasons. + // + // - `most_recent` (boolean) - Selects the newest created image when true. + // This is most useful for selecting a daily distro build. + // + // You may set this in place of `source_ami` or in conjunction with it. If you + // set this in conjunction with `source_ami`, the `source_ami` will be added + // to the filter. The provided `source_ami` must meet all of the filtering + // criteria provided in `source_ami_filter`; this pins the AMI returned by the + // filter, but will cause Packer to fail if the `source_ami` does not exist. + SourceAmiFilter awscommon.AmiFilterOptions `mapstructure:"source_ami_filter" required:"false"` // Tags to apply to the - // volumes that are launched. This is a template - // engine, see Build template - // data for more information. - RootVolumeTags awscommon.TagMap `mapstructure:"root_volume_tags" required:"false"` + // volumes that are *launched*. This is a [template + // engine](/docs/templates/engine.html), see [Build template + // data](#build-template-data) for more information. + RootVolumeTags awscommon.TagMap `mapstructure:"root_volume_tags" required:"false"` // what architecture to use when registering the - // final AMI; valid options are "x86_64" or "arm64". Defaults to "x86_64". - Architecture string `mapstructure:"ami_architecture" required:"false"` + // final AMI; valid options are "x86_64" or "arm64". Defaults to "x86_64". + Architecture string `mapstructure:"ami_architecture" required:"false"` ctx interpolate.Context } diff --git a/builder/amazon/common/access_config.go b/builder/amazon/common/access_config.go index 5ef1de3f4..3dd5b2fa4 100644 --- a/builder/amazon/common/access_config.go +++ b/builder/amazon/common/access_config.go @@ -21,17 +21,17 @@ import ( ) type VaultAWSEngineOptions struct { - Name string `mapstructure:"name"` - RoleARN string `mapstructure:"role_arn"` + Name string `mapstructure:"name"` + RoleARN string `mapstructure:"role_arn"` // Specifies the TTL for the use of the STS token. This - // is specified as a string with a duration suffix. Valid only when - // credential_type is assumed_role or federation_token. When not - // specified, the default_sts_ttl set for the role will be used. If that - // is also not set, then the default value of 3600s will be used. AWS - // places limits on the maximum TTL allowed. See the AWS documentation on - // the DurationSeconds parameter for AssumeRole (for assumed_role - // credential types) and GetFederationToken (for federation_token - // credential types) for more details. + // is specified as a string with a duration suffix. Valid only when + // credential_type is assumed_role or federation_token. When not + // specified, the default_sts_ttl set for the role will be used. If that + // is also not set, then the default value of 3600s will be used. AWS + // places limits on the maximum TTL allowed. See the AWS documentation on + // the DurationSeconds parameter for AssumeRole (for assumed_role + // credential types) and GetFederationToken (for federation_token + // credential types) for more details. TTL string `mapstructure:"ttl" required:"false"` EngineName string `mapstructure:"engine_name"` } @@ -43,55 +43,77 @@ func (v *VaultAWSEngineOptions) Empty() bool { // AccessConfig is for common configuration related to AWS access type AccessConfig struct { - // The access key used to communicate with AWS. Learn - // how to set this - AccessKey string `mapstructure:"access_key" required:"true"` + // The access key used to communicate with AWS. [Learn how to set this] + // (/docs/builders/amazon.html#specifying-amazon-credentials). On EBS, this + // is not required if you are using `use_vault_aws_engine` for + // authentication instead. + AccessKey string `mapstructure:"access_key" required:"true"` // This option is useful if you use a cloud - // provider whose API is compatible with aws EC2. Specify another endpoint - // like this https://ec2.custom.endpoint.com. - CustomEndpointEc2 string `mapstructure:"custom_endpoint_ec2" required:"false"` - // Enable automatic decoding of - // any encoded authorization (error) messages using the - // sts:DecodeAuthorizationMessage API. Note: requires that the effective - // user/role have permissions to sts:DecodeAuthorizationMessage on resource - // *. Default false. - DecodeAuthZMessages bool `mapstructure:"decode_authorization_messages" required:"false"` + // provider whose API is compatible with aws EC2. Specify another endpoint + // like this https://ec2.custom.endpoint.com. + CustomEndpointEc2 string `mapstructure:"custom_endpoint_ec2" required:"false"` + // Enable automatic decoding of any encoded authorization (error) messages + // using the `sts:DecodeAuthorizationMessage` API. Note: requires that the + // effective user/role have permissions to `sts:DecodeAuthorizationMessage` + // on resource `*`. Default `false`. + DecodeAuthZMessages bool `mapstructure:"decode_authorization_messages" required:"false"` // This allows skipping TLS - // verification of the AWS EC2 endpoint. The default is false. - InsecureSkipTLSVerify bool `mapstructure:"insecure_skip_tls_verify" required:"false"` - // The MFA - // TOTP - // code. This should probably be a user variable since it changes all the - // time. - MFACode string `mapstructure:"mfa_code" required:"false"` + // verification of the AWS EC2 endpoint. The default is false. + InsecureSkipTLSVerify bool `mapstructure:"insecure_skip_tls_verify" required:"false"` + // The MFA TOTP code. This should probably be a user variable since it + // changes all the time. + MFACode string `mapstructure:"mfa_code" required:"false"` // The profile to use in the shared credentials file for - // AWS. See Amazon's documentation on specifying - // profiles - // for more details. - ProfileName string `mapstructure:"profile" required:"false"` - // The name of the region, such as us-east-1, in which - // to launch the EC2 instance to create the AMI. - RawRegion string `mapstructure:"region" required:"true"` - // The secret key used to communicate with AWS. Learn - // how to set this - SecretKey string `mapstructure:"secret_key" required:"true"` + // AWS. See Amazon's documentation on [specifying + // profiles](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-profiles) + // for more details. + ProfileName string `mapstructure:"profile" required:"false"` + // The name of the region, such as `us-east-1`, in which + // to launch the EC2 instance to create the AMI. + // When chroot building, this value is guessed from environment. + RawRegion string `mapstructure:"region" required:"true"` + // The secret key used to communicate with AWS. [Learn how to set + // this](amazon.html#specifying-amazon-credentials). This is not required + // if you are using `use_vault_aws_engine` for authentication instead. + SecretKey string `mapstructure:"secret_key" required:"true"` // Set to true if you want to skip - // validation of the ami_regions configuration option. Default false. - SkipValidation bool `mapstructure:"skip_region_validation" required:"false"` - SkipMetadataApiCheck bool `mapstructure:"skip_metadata_api_check"` + // validation of the ami_regions configuration option. Default false. + SkipValidation bool `mapstructure:"skip_region_validation" required:"false"` + SkipMetadataApiCheck bool `mapstructure:"skip_metadata_api_check"` // The access token to use. This is different from the - // access key and secret key. If you're not sure what this is, then you - // probably don't need it. This will also be read from the AWS_SESSION_TOKEN - // environmental variable. - Token string `mapstructure:"token" required:"false"` - session *session.Session + // access key and secret key. If you're not sure what this is, then you + // probably don't need it. This will also be read from the AWS_SESSION_TOKEN + // environmental variable. + Token string `mapstructure:"token" required:"false"` + session *session.Session // Get credentials from Hashicorp Vault's aws - // secrets engine. You must already have created a role to use. For more - // information about generating credentials via the Vault engine, see the - // Vault - // docs. - // If you set this flag, you must also set the below options: - VaultAWSEngine VaultAWSEngineOptions `mapstructure:"vault_aws_engine" required:"false"` + // secrets engine. You must already have created a role to use. For more + // information about generating credentials via the Vault engine, see the + // Vault + // docs. + // If you set this flag, you must also set the below options: + // - `name` (string) - Required. Specifies the name of the role to generate + // credentials against. This is part of the request URL. + // - `engine_name` (string) - The name of the aws secrets engine. In the + // Vault docs, this is normally referred to as "aws", and Packer will + // default to "aws" if `engine_name` is not set. + // - `role_arn` (string)- The ARN of the role to assume if credential\_type + // on the Vault role is assumed\_role. Must match one of the allowed role + // ARNs in the Vault role. Optional if the Vault role only allows a single + // AWS role ARN; required otherwise. + // - `ttl` (string) - Specifies the TTL for the use of the STS token. This + // is specified as a string with a duration suffix. Valid only when + // credential\_type is assumed\_role or federation\_token. When not + // specified, the default\_sts\_ttl set for the role will be used. If that + // is also not set, then the default value of 3600s will be used. AWS + // places limits on the maximum TTL allowed. See the AWS documentation on + // the DurationSeconds parameter for AssumeRole (for assumed\_role + // credential types) and GetFederationToken (for federation\_token + // credential types) for more details. + // + // Example: + // `json { "vault_aws_engine": { "name": "myrole", "role_arn": "myarn", + VaultAWSEngine VaultAWSEngineOptions `mapstructure:"vault_aws_engine" required:"false"` getEC2Connection func() ec2iface.EC2API } diff --git a/builder/amazon/common/ami_config.go b/builder/amazon/common/ami_config.go index 5aefb7a43..efd919424 100644 --- a/builder/amazon/common/ami_config.go +++ b/builder/amazon/common/ami_config.go @@ -13,106 +13,105 @@ import ( // AMIConfig is for common configuration related to creating AMIs. type AMIConfig struct { // The name of the resulting AMI that will appear when - // managing AMIs in the AWS console or via APIs. This must be unique. To help - // make this unique, use a function like timestamp (see template - // engine for more info). - AMIName string `mapstructure:"ami_name" required:"true"` + // managing AMIs in the AWS console or via APIs. This must be unique. To help + // make this unique, use a function like timestamp (see [template + // engine](../templates/engine.html) for more info). + AMIName string `mapstructure:"ami_name" required:"true"` // The description to set for the resulting - // AMI(s). By default this description is empty. This is a template - // engine, see Build template - // data for more information. - AMIDescription string `mapstructure:"ami_description" required:"false"` - // The type of virtualization for the AMI - // you are building. This option is required to register HVM images. Can be - // paravirtual (default) or hvm. - AMIVirtType string `mapstructure:"ami_virtualization_type" required:"false"` + // AMI(s). By default this description is empty. This is a template + // engine, see Build template + // data for more information. + AMIDescription string `mapstructure:"ami_description" required:"false"` + // The description to set for the resulting AMI(s). By default this + // description is empty. This is a [template + // engine](../templates/engine.html), see [Build template + // data](#build-template-data) for more information. + AMIVirtType string `mapstructure:"ami_virtualization_type" required:"false"` // A list of account IDs that have access to - // launch the resulting AMI(s). By default no additional users other than the - // user creating the AMI has permissions to launch it. - AMIUsers []string `mapstructure:"ami_users" required:"false"` + // launch the resulting AMI(s). By default no additional users other than the + // user creating the AMI has permissions to launch it. + AMIUsers []string `mapstructure:"ami_users" required:"false"` // A list of groups that have access to - // launch the resulting AMI(s). By default no groups have permission to launch - // the AMI. all will make the AMI publicly accessible. - AMIGroups []string `mapstructure:"ami_groups" required:"false"` + // launch the resulting AMI(s). By default no groups have permission to launch + // the AMI. all will make the AMI publicly accessible. + AMIGroups []string `mapstructure:"ami_groups" required:"false"` // A list of product codes to - // associate with the AMI. By default no product codes are associated with the - // AMI. - AMIProductCodes []string `mapstructure:"ami_product_codes" required:"false"` + // associate with the AMI. By default no product codes are associated with the + // AMI. + AMIProductCodes []string `mapstructure:"ami_product_codes" required:"false"` // A list of regions to copy the AMI to. - // Tags and attributes are copied along with the AMI. AMI copying takes time - // depending on the size of the AMI, but will generally take many minutes. - AMIRegions []string `mapstructure:"ami_regions" required:"false"` + // Tags and attributes are copied along with the AMI. AMI copying takes time + // depending on the size of the AMI, but will generally take many minutes. + AMIRegions []string `mapstructure:"ami_regions" required:"false"` // Set to true if you want to skip - // validation of the ami_regions configuration option. Default false. - AMISkipRegionValidation bool `mapstructure:"skip_region_validation" required:"false"` + // validation of the ami_regions configuration option. Default false. + AMISkipRegionValidation bool `mapstructure:"skip_region_validation" required:"false"` // Tags applied to the AMI. This is a - // template engine, see Build template - // data for more information. - AMITags TagMap `mapstructure:"tags" required:"false"` + // [template engine](/docs/templates/engine.html), see [Build template + // data](#build-template-data) for more information. + AMITags TagMap `mapstructure:"tags" required:"false"` // Enable enhanced networking (ENA but not - // SriovNetSupport) on HVM-compatible AMIs. If set, add - // ec2:ModifyInstanceAttribute to your AWS IAM policy. If false, this will - // disable enhanced networking in the final AMI as opposed to passing the - // setting through unchanged from the source. Note: you must make sure - // enhanced networking is enabled on your instance. See Amazon's - // documentation on enabling enhanced - // networking. - AMIENASupport *bool `mapstructure:"ena_support" required:"false"` + // SriovNetSupport) on HVM-compatible AMIs. If set, add + // ec2:ModifyInstanceAttribute to your AWS IAM policy. If false, this will + // disable enhanced networking in the final AMI as opposed to passing the + // setting through unchanged from the source. Note: you must make sure + // enhanced networking is enabled on your instance. [Amazon's + // documentation on enabling enhanced + // networking](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html#enabling_enhanced_networking). + AMIENASupport *bool `mapstructure:"ena_support" required:"false"` // Enable enhanced networking (SriovNetSupport but - // not ENA) on HVM-compatible AMIs. If true, add - // ec2:ModifyInstanceAttribute to your AWS IAM policy. Note: you must make - // sure enhanced networking is enabled on your instance. See Amazon's - // documentation on enabling enhanced - // networking. - // Default false. - AMISriovNetSupport bool `mapstructure:"sriov_support" required:"false"` + // not ENA) on HVM-compatible AMIs. If true, add + // ec2:ModifyInstanceAttribute to your AWS IAM policy. Note: you must make + // sure enhanced networking is enabled on your instance. See Amazon's + // documentation on enabling enhanced + // networking. + // Default false. + AMISriovNetSupport bool `mapstructure:"sriov_support" required:"false"` // Force Packer to first deregister an existing - // AMI if one with the same name already exists. Default false. - AMIForceDeregister bool `mapstructure:"force_deregister" required:"false"` + // AMI if one with the same name already exists. Default false. + AMIForceDeregister bool `mapstructure:"force_deregister" required:"false"` // Force Packer to delete snapshots - // associated with AMIs, which have been deregistered by force_deregister. - // Default false. - AMIForceDeleteSnapshot bool `mapstructure:"force_delete_snapshot" required:"false"` + // associated with AMIs, which have been deregistered by force_deregister. + // Default false. + AMIForceDeleteSnapshot bool `mapstructure:"force_delete_snapshot" required:"false"` // Whether or not to encrypt the resulting AMI when - // copying a provisioned instance to an AMI. By default, Packer will keep the - // encryption setting to what it was in the source image. Setting false will - // result in an unencrypted image, and true will result in an encrypted one. - AMIEncryptBootVolume *bool `mapstructure:"encrypt_boot" required:"false"` - // ID, alias or ARN of the KMS key to use for boot - // volume encryption. This only applies to the main region, other regions - // where the AMI will be copied will be encrypted by the default EBS KMS key. - // For valid formats see KmsKeyId in the AWS API docs - - // CopyImage. - // This field is validated by Packer, when using an alias, you will have to - // prefix kms_key_id with alias/. - AMIKmsKeyId string `mapstructure:"kms_key_id" required:"false"` - // a map of regions to copy the ami - // to, along with the custom kms key id (alias or arn) to use for encryption - // for that region. Keys must match the regions provided in ami_regions. If - // you just want to encrypt using a default ID, you can stick with - // kms_key_id and ami_regions. If you want a region to be encrypted with - // that region's default key ID, you can use an empty string "" instead of a - // key id in this map. (e.g. "us-east-1": "") However, you cannot use - // default key IDs if you are using this in conjunction with snapshot_users - // -- in that situation you must use custom keys. For valid formats see - // KmsKeyId in the AWS API docs - - // CopyImage. - AMIRegionKMSKeyIDs map[string]string `mapstructure:"region_kms_key_ids" required:"false"` + // copying a provisioned instance to an AMI. By default, Packer will keep the + // encryption setting to what it was in the source image. Setting false will + // result in an unencrypted image, and true will result in an encrypted one. + AMIEncryptBootVolume *bool `mapstructure:"encrypt_boot" required:"false"` + // ID, alias or ARN of the KMS key to use for boot volume encryption. This + // only applies to the main `region`, other regions where the AMI will be + // copied will be encrypted by the default EBS KMS key. For valid formats + // see *KmsKeyId* in the [AWS API docs - + // CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html). + // This field is validated by Packer, when using an alias, you will have to + // prefix `kms_key_id` with `alias/`. + AMIKmsKeyId string `mapstructure:"kms_key_id" required:"false"` + // a map of regions to copy the ami to, along with the custom kms key id + // (alias or arn) to use for encryption for that region. Keys must match + // the regions provided in ami_regions. If you just want to encrypt using a + // default ID, you can stick with kms_key_id and ami_regions. If you want a + // region to be encrypted with that region's default key ID, you can use an + // empty string "" instead of a key id in this map. (e.g. "us-east-1": "") + // However, you cannot use default key IDs if you are using this in + // conjunction with snapshot_users -- in that situation you must use custom + // keys. For valid formats see KmsKeyId in the AWS API docs - CopyImage. + AMIRegionKMSKeyIDs map[string]string `mapstructure:"region_kms_key_ids" required:"false"` // Tags to apply to snapshot. - // They will override AMI tags if already applied to snapshot. This is a - // template engine, see Build template - // data for more information. - SnapshotTags TagMap `mapstructure:"snapshot_tags" required:"false"` + // They will override AMI tags if already applied to snapshot. This is a + // template engine, see Build template + // data for more information. + SnapshotTags TagMap `mapstructure:"snapshot_tags" required:"false"` // A list of account IDs that have - // access to create volumes from the snapshot(s). By default no additional - // users other than the user creating the AMI has permissions to create - // volumes from the backing snapshot(s). - SnapshotUsers []string `mapstructure:"snapshot_users" required:"false"` + // access to create volumes from the snapshot(s). By default no additional + // users other than the user creating the AMI has permissions to create + // volumes from the backing snapshot(s). + SnapshotUsers []string `mapstructure:"snapshot_users" required:"false"` // A list of groups that have access to - // create volumes from the snapshot(s). By default no groups have permission - // to create volumes from the snapshot(s). all will make the snapshot - // publicly accessible. - SnapshotGroups []string `mapstructure:"snapshot_groups" required:"false"` + // create volumes from the snapshot(s). By default no groups have permission + // to create volumes from the snapshot(s). all will make the snapshot + // publicly accessible. + SnapshotGroups []string `mapstructure:"snapshot_groups" required:"false"` } func stringInSlice(s []string, searchstr string) bool { diff --git a/builder/amazon/common/block_device.go b/builder/amazon/common/block_device.go index 4504b3ac4..494a71e9c 100644 --- a/builder/amazon/common/block_device.go +++ b/builder/amazon/common/block_device.go @@ -14,51 +14,51 @@ import ( // BlockDevice type BlockDevice struct { // Indicates whether the EBS volume is - // deleted on instance termination. Default false. NOTE: If this - // value is not explicitly set to true and volumes are not cleaned up by - // an alternative method, additional volumes will accumulate after every - // build. - DeleteOnTermination bool `mapstructure:"delete_on_termination" required:"false"` + // deleted on instance termination. Default false. NOTE: If this + // value is not explicitly set to true and volumes are not cleaned up by + // an alternative method, additional volumes will accumulate after every + // build. + DeleteOnTermination bool `mapstructure:"delete_on_termination" required:"false"` // The device name exposed to the instance (for - // example, /dev/sdh or xvdh). Required for every device in the block - // device mapping. - DeviceName string `mapstructure:"device_name" required:"false"` + // example, /dev/sdh or xvdh). Required for every device in the block + // device mapping. + DeviceName string `mapstructure:"device_name" required:"false"` // Indicates whether or not to encrypt the volume. - // By default, Packer will keep the encryption setting to what it was in - // the source image. Setting false will result in an unencrypted device, - // and true will result in an encrypted one. - Encrypted *bool `mapstructure:"encrypted" required:"false"` + // By default, Packer will keep the encryption setting to what it was in + // the source image. Setting false will result in an unencrypted device, + // and true will result in an encrypted one. + Encrypted *bool `mapstructure:"encrypted" required:"false"` // The number of I/O operations per second (IOPS) that - // the volume supports. See the documentation on - // IOPs - // for more information - IOPS int64 `mapstructure:"iops" required:"false"` + // the volume supports. See the documentation on + // IOPs + // for more information + IOPS int64 `mapstructure:"iops" required:"false"` // Suppresses the specified device included in the - // block device mapping of the AMI. - NoDevice bool `mapstructure:"no_device" required:"false"` + // block device mapping of the AMI. + NoDevice bool `mapstructure:"no_device" required:"false"` // The ID of the snapshot. - SnapshotId string `mapstructure:"snapshot_id" required:"false"` + SnapshotId string `mapstructure:"snapshot_id" required:"false"` // The virtual device name. See the - // documentation on Block Device - // Mapping - // for more information. - VirtualName string `mapstructure:"virtual_name" required:"false"` + // documentation on Block Device + // Mapping + // for more information. + VirtualName string `mapstructure:"virtual_name" required:"false"` // The volume type. gp2 for General Purpose - // (SSD) volumes, io1 for Provisioned IOPS (SSD) volumes, st1 for - // Throughput Optimized HDD, sc1 for Cold HDD, and standard for - // Magnetic volumes. - VolumeType string `mapstructure:"volume_type" required:"false"` + // (SSD) volumes, io1 for Provisioned IOPS (SSD) volumes, st1 for + // Throughput Optimized HDD, sc1 for Cold HDD, and standard for + // Magnetic volumes. + VolumeType string `mapstructure:"volume_type" required:"false"` // The size of the volume, in GiB. Required if - // not specifying a snapshot_id. - VolumeSize int64 `mapstructure:"volume_size" required:"false"` + // not specifying a snapshot_id. + VolumeSize int64 `mapstructure:"volume_size" required:"false"` // ID, alias or ARN of the KMS key to use for boot - // volume encryption. This only applies to the main region, other regions - // where the AMI will be copied will be encrypted by the default EBS KMS key. - // For valid formats see KmsKeyId in the AWS API docs - - // CopyImage. - // This field is validated by Packer, when using an alias, you will have to - // prefix kms_key_id with alias/. - KmsKeyId string `mapstructure:"kms_key_id" required:"false"` + // volume encryption. This only applies to the main region, other regions + // where the AMI will be copied will be encrypted by the default EBS KMS key. + // For valid formats see KmsKeyId in the [AWS API docs - + // CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html) + // This field is validated by Packer, when using an alias, you will have to + // prefix kms_key_id with alias/. + KmsKeyId string `mapstructure:"kms_key_id" required:"false"` // ebssurrogate only OmitFromArtifact bool `mapstructure:"omit_from_artifact"` } @@ -70,26 +70,26 @@ type BlockDevices struct { type AMIBlockDevices struct { // Add one or - // more block device - // mappings - // to the AMI. These will be attached when booting a new instance from your - // AMI. If this field is populated, and you are building from an existing source image, - // the block device mappings in the source image will be overwritten. This means you - // must have a block device mapping entry for your root volume, root_volume_size, - // and root_device_name. `Your options here may vary depending on the type of VM - // you use. The block device mappings allow for the following configuration: + // more block device + // mappings + // to the AMI. These will be attached when booting a new instance from your + // AMI. If this field is populated, and you are building from an existing source image, + // the block device mappings in the source image will be overwritten. This means you + // must have a block device mapping entry for your root volume, root_volume_size, + // and root_device_name. `Your options here may vary depending on the type of VM + // you use. The block device mappings allow for the following configuration: AMIMappings []BlockDevice `mapstructure:"ami_block_device_mappings" required:"false"` } type LaunchBlockDevices struct { // Add one - // or more block devices before the Packer build starts. If you add instance - // store volumes or EBS volumes in addition to the root device volume, the - // created AMI will contain block device mapping information for those - // volumes. Amazon creates snapshots of the source instance's root volume and - // any other EBS volumes described here. When you launch an instance from this - // new AMI, the instance automatically launches with these additional volumes, - // and will restore them from snapshots taken from the source instance. + // or more block devices before the Packer build starts. If you add instance + // store volumes or EBS volumes in addition to the root device volume, the + // created AMI will contain block device mapping information for those + // volumes. Amazon creates snapshots of the source instance's root volume and + // any other EBS volumes described here. When you launch an instance from this + // new AMI, the instance automatically launches with these additional volumes, + // and will restore them from snapshots taken from the source instance. LaunchMappings []BlockDevice `mapstructure:"launch_block_device_mappings" required:"false"` } diff --git a/builder/amazon/common/run_config.go b/builder/amazon/common/run_config.go index f4e6ae56e..63da11d33 100644 --- a/builder/amazon/common/run_config.go +++ b/builder/amazon/common/run_config.go @@ -61,147 +61,176 @@ func (d *SecurityGroupFilterOptions) Empty() bool { // AMI and details on how to access that launched image. type RunConfig struct { // If using a non-default VPC, - // public IP addresses are not provided by default. If this is true, your - // new instance will get a Public IP. default: false - AssociatePublicIpAddress bool `mapstructure:"associate_public_ip_address" required:"false"` + // public IP addresses are not provided by default. If this is true, your + // new instance will get a Public IP. default: false + AssociatePublicIpAddress bool `mapstructure:"associate_public_ip_address" required:"false"` // Destination availability zone to launch - // instance in. Leave this empty to allow Amazon to auto-assign. - AvailabilityZone string `mapstructure:"availability_zone" required:"false"` + // instance in. Leave this empty to allow Amazon to auto-assign. + AvailabilityZone string `mapstructure:"availability_zone" required:"false"` // Requires spot_price to be set. The - // required duration for the Spot Instances (also known as Spot blocks). This - // value must be a multiple of 60 (60, 120, 180, 240, 300, or 360). You can't - // specify an Availability Zone group or a launch group if you specify a - // duration. - BlockDurationMinutes int64 `mapstructure:"block_duration_minutes" required:"false"` - // Packer normally stops the build - // instance after all provisioners have run. For Windows instances, it is - // sometimes desirable to run - // Sysprep - // which will stop the instance for you. If this is set to true, Packer - // will not stop the instance but will assume that you will send the stop - // signal yourself through your final provisioner. You can do this with a - // windows-shell - // provisioner. - DisableStopInstance bool `mapstructure:"disable_stop_instance" required:"false"` - // Mark instance as EBS - // Optimized. - // Default false. - EbsOptimized bool `mapstructure:"ebs_optimized" required:"false"` - // Enabling T2 Unlimited allows the source - // instance to burst additional CPU beyond its available CPU - // Credits - // for as long as the demand exists. This is in contrast to the standard - // configuration that only allows an instance to consume up to its available - // CPU Credits. See the AWS documentation for T2 - // Unlimited - // and the T2 Unlimited Pricing section of the Amazon EC2 On-Demand - // Pricing document for more - // information. By default this option is disabled and Packer will set up a - // T2 - // Standard - // instance instead. - EnableT2Unlimited bool `mapstructure:"enable_t2_unlimited" required:"false"` + // required duration for the Spot Instances (also known as Spot blocks). This + // value must be a multiple of 60 (60, 120, 180, 240, 300, or 360). You can't + // specify an Availability Zone group or a launch group if you specify a + // duration. + BlockDurationMinutes int64 `mapstructure:"block_duration_minutes" required:"false"` + // Packer normally stops the build instance after all provisioners have + // run. For Windows instances, it is sometimes desirable to [run + // Sysprep](http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ami-create-standard.html) + // which will stop the instance for you. If this is set to `true`, Packer + // *will not* stop the instance but will assume that you will send the stop + // signal yourself through your final provisioner. You can do this with a + // [windows-shell + // provisioner](https://www.packer.io/docs/provisioners/windows-shell.html). + // Note that Packer will still wait for the instance to be stopped, and + // failing to send the stop signal yourself, when you have set this flag to + // `true`, will cause a timeout. + // Example of a valid shutdown command: + // + // ``` json + // { + // "type": "windows-shell", + // "inline": ["\"c:\\Program Files\\Amazon\\Ec2ConfigService\\ec2config.exe\" -sysprep"] + // } + // ``` + DisableStopInstance bool `mapstructure:"disable_stop_instance" required:"false"` + // Mark instance as [EBS + // Optimized](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html). + // Default `false`. + EbsOptimized bool `mapstructure:"ebs_optimized" required:"false"` + // Enabling T2 Unlimited allows the source instance to burst additional CPU + // beyond its available [CPU + // Credits](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-credits-baseline-concepts.html) + // for as long as the demand exists. This is in contrast to the standard + // configuration that only allows an instance to consume up to its + // available CPU Credits. See the AWS documentation for [T2 + // Unlimited](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-unlimited.html) + // and the **T2 Unlimited Pricing** section of the [Amazon EC2 On-Demand + // Pricing](https://aws.amazon.com/ec2/pricing/on-demand/) document for + // more information. By default this option is disabled and Packer will set + // up a [T2 + // Standard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-std.html) + // instance instead. + // + // To use T2 Unlimited you must use a T2 instance type, e.g. `t2.micro`. + // Additionally, T2 Unlimited cannot be used in conjunction with Spot + // Instances, e.g. when the `spot_price` option has been configured. + // Attempting to do so will cause an error. + // + // !> **Warning!** Additional costs may be incurred by enabling T2 + // Unlimited - even for instances that would usually qualify for the + // [AWS Free Tier](https://aws.amazon.com/free/). + EnableT2Unlimited bool `mapstructure:"enable_t2_unlimited" required:"false"` // The name of an IAM instance - // profile - // to launch the EC2 instance with. - IamInstanceProfile string `mapstructure:"iam_instance_profile" required:"false"` + // profile + // to launch the EC2 instance with. + IamInstanceProfile string `mapstructure:"iam_instance_profile" required:"false"` // Automatically terminate instances on - // shutdown in case Packer exits ungracefully. Possible values are stop and - // terminate. Defaults to stop. - InstanceInitiatedShutdownBehavior string `mapstructure:"shutdown_behavior" required:"false"` + // shutdown in case Packer exits ungracefully. Possible values are stop and + // terminate. Defaults to stop. + InstanceInitiatedShutdownBehavior string `mapstructure:"shutdown_behavior" required:"false"` // The EC2 instance type to use while building the - // AMI, such as t2.small. - InstanceType string `mapstructure:"instance_type" required:"true"` + // AMI, such as t2.small. + InstanceType string `mapstructure:"instance_type" required:"true"` // Filters used to populate the - // security_group_ids field. Example: - SecurityGroupFilter SecurityGroupFilterOptions `mapstructure:"security_group_filter" required:"false"` + // `security_group_ids` field. Example: + // + // ``` json + // { + // "security_group_filter": { + // "filters": { + // "tag:Class": "packer" + // } + // } + // } + // ``` + SecurityGroupFilter SecurityGroupFilterOptions `mapstructure:"security_group_filter" required:"false"` // Tags to apply to the instance - // that is launched to create the AMI. These tags are not applied to the - // resulting AMI unless they're duplicated in tags. This is a template - // engine, see Build template - // data for more information. - RunTags map[string]string `mapstructure:"run_tags" required:"false"` + // that is launched to create the AMI. These tags are not applied to the + // resulting AMI unless they're duplicated in tags. This is a template + // engine, see Build template + // data for more information. + RunTags map[string]string `mapstructure:"run_tags" required:"false"` // The ID (not the name) of the security - // group to assign to the instance. By default this is not set and Packer will - // automatically create a new temporary security group to allow SSH access. - // Note that if this is specified, you must be sure the security group allows - // access to the ssh_port given below. - SecurityGroupId string `mapstructure:"security_group_id" required:"false"` + // group to assign to the instance. By default this is not set and Packer will + // automatically create a new temporary security group to allow SSH access. + // Note that if this is specified, you must be sure the security group allows + // access to the ssh_port given below. + SecurityGroupId string `mapstructure:"security_group_id" required:"false"` // A list of security groups as - // described above. Note that if this is specified, you must omit the - // security_group_id. - SecurityGroupIds []string `mapstructure:"security_group_ids" required:"false"` + // described above. Note that if this is specified, you must omit the + // security_group_id. + SecurityGroupIds []string `mapstructure:"security_group_ids" required:"false"` // The source AMI whose root volume will be copied and - // provisioned on the currently running instance. This must be an EBS-backed - // AMI with a root volume snapshot that you have access to. Note: this is not - // used when from_scratch is set to true. - SourceAmi string `mapstructure:"source_ami" required:"true"` + // provisioned on the currently running instance. This must be an EBS-backed + // AMI with a root volume snapshot that you have access to. Note: this is not + // used when from_scratch is set to true. + SourceAmi string `mapstructure:"source_ami" required:"true"` // Filters used to populate the source_ami - // field. Example: - SourceAmiFilter AmiFilterOptions `mapstructure:"source_ami_filter" required:"false"` + // field. Example: + SourceAmiFilter AmiFilterOptions `mapstructure:"source_ami_filter" required:"false"` // a list of acceptable instance - // types to run your build on. We will request a spot instance using the max - // price of spot_price and the allocation strategy of "lowest price". - // Your instance will be launched on an instance type of the lowest available - // price that you have in your list. This is used in place of instance_type. - // You may only set either spot_instance_types or instance_type, not both. - // This feature exists to help prevent situations where a Packer build fails - // because a particular availability zone does not have capacity for the - // specific instance_type requested in instance_type. - SpotInstanceTypes []string `mapstructure:"spot_instance_types" required:"false"` + // types to run your build on. We will request a spot instance using the max + // price of spot_price and the allocation strategy of "lowest price". + // Your instance will be launched on an instance type of the lowest available + // price that you have in your list. This is used in place of instance_type. + // You may only set either spot_instance_types or instance_type, not both. + // This feature exists to help prevent situations where a Packer build fails + // because a particular availability zone does not have capacity for the + // specific instance_type requested in instance_type. + SpotInstanceTypes []string `mapstructure:"spot_instance_types" required:"false"` // The maximum hourly price to pay for a spot instance - // to create the AMI. Spot instances are a type of instance that EC2 starts - // when the current spot price is less than the maximum price you specify. - // Spot price will be updated based on available spot instance capacity and - // current spot instance requests. It may save you some costs. You can set - // this to auto for Packer to automatically discover the best spot price or - // to "0" to use an on demand instance (default). - SpotPrice string `mapstructure:"spot_price" required:"false"` + // to create the AMI. Spot instances are a type of instance that EC2 starts + // when the current spot price is less than the maximum price you specify. + // Spot price will be updated based on available spot instance capacity and + // current spot instance requests. It may save you some costs. You can set + // this to auto for Packer to automatically discover the best spot price or + // to "0" to use an on demand instance (default). + SpotPrice string `mapstructure:"spot_price" required:"false"` // Required if spot_price is set to - // auto. This tells Packer what sort of AMI you're launching to find the - // best spot price. This must be one of: Linux/UNIX, SUSE Linux, - // Windows, Linux/UNIX (Amazon VPC), SUSE Linux (Amazon VPC), - // Windows (Amazon VPC) - SpotPriceAutoProduct string `mapstructure:"spot_price_auto_product" required:"false"` + // auto. This tells Packer what sort of AMI you're launching to find the + // best spot price. This must be one of: Linux/UNIX, SUSE Linux, + // Windows, Linux/UNIX (Amazon VPC), SUSE Linux (Amazon VPC), + // Windows (Amazon VPC) + SpotPriceAutoProduct string `mapstructure:"spot_price_auto_product" required:"false"` // Requires spot_price to be - // set. This tells Packer to apply tags to the spot request that is issued. - SpotTags map[string]string `mapstructure:"spot_tags" required:"false"` + // set. This tells Packer to apply tags to the spot request that is issued. + SpotTags map[string]string `mapstructure:"spot_tags" required:"false"` // Filters used to populate the subnet_id field. - // Example: - SubnetFilter SubnetFilterOptions `mapstructure:"subnet_filter" required:"false"` + // Example: + SubnetFilter SubnetFilterOptions `mapstructure:"subnet_filter" required:"false"` // If using VPC, the ID of the subnet, such as - // subnet-12345def, where Packer will launch the EC2 instance. This field is - // required if you are using an non-default VPC. - SubnetId string `mapstructure:"subnet_id" required:"false"` + // subnet-12345def, where Packer will launch the EC2 instance. This field is + // required if you are using an non-default VPC. + SubnetId string `mapstructure:"subnet_id" required:"false"` // The name of the temporary key pair to - // generate. By default, Packer generates a name that looks like - // packer_, where is a 36 character unique identifier. - TemporaryKeyPairName string `mapstructure:"temporary_key_pair_name" required:"false"` + // generate. By default, Packer generates a name that looks like + // packer_, where is a 36 character unique identifier. + TemporaryKeyPairName string `mapstructure:"temporary_key_pair_name" required:"false"` // A list of IPv4 - // CIDR blocks to be authorized access to the instance, when packer is creating a temporary security group. - TemporarySGSourceCidrs []string `mapstructure:"temporary_security_group_source_cidrs" required:"false"` + // CIDR blocks to be authorized access to the instance, when packer is creating a temporary security group. + TemporarySGSourceCidrs []string `mapstructure:"temporary_security_group_source_cidrs" required:"false"` // User data to apply when launching the instance. Note - // that you need to be careful about escaping characters due to the templates - // being JSON. It is often more convenient to use user_data_file, instead. - // Packer will not automatically wait for a user script to finish before - // shutting down the instance this must be handled in a provisioner. - UserData string `mapstructure:"user_data" required:"false"` + // that you need to be careful about escaping characters due to the templates + // being JSON. It is often more convenient to use user_data_file, instead. + // Packer will not automatically wait for a user script to finish before + // shutting down the instance this must be handled in a provisioner. + UserData string `mapstructure:"user_data" required:"false"` // Path to a file that will be used for the user - // data when launching the instance. - UserDataFile string `mapstructure:"user_data_file" required:"false"` + // data when launching the instance. + UserDataFile string `mapstructure:"user_data_file" required:"false"` // Filters used to populate the vpc_id field. - // vpc_id take precedence over this. - // Example: - VpcFilter VpcFilterOptions `mapstructure:"vpc_filter" required:"false"` + // vpc_id take precedence over this. + // Example: + VpcFilter VpcFilterOptions `mapstructure:"vpc_filter" required:"false"` // If launching into a VPC subnet, Packer needs the VPC ID - // in order to create a temporary security group within the VPC. Requires - // subnet_id to be set. If this field is left blank, Packer will try to get - // the VPC ID from the subnet_id. - VpcId string `mapstructure:"vpc_id" required:"false"` + // in order to create a temporary security group within the VPC. Requires + // subnet_id to be set. If this field is left blank, Packer will try to get + // the VPC ID from the subnet_id. + VpcId string `mapstructure:"vpc_id" required:"false"` // The timeout for waiting for a Windows - // password for Windows instances. Defaults to 20 minutes. Example value: - // 10m - WindowsPasswordTimeout time.Duration `mapstructure:"windows_password_timeout" required:"false"` + // password for Windows instances. Defaults to 20 minutes. Example value: + // 10m + WindowsPasswordTimeout time.Duration `mapstructure:"windows_password_timeout" required:"false"` // Communicator settings Comm communicator.Config `mapstructure:",squash"`