iSharkFly-Docs
/
packer-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #7551 from krzyszko/gcp_encryption_key 

Googlecompute builder image encryption support
This commit is contained in:
Megan Marsh 2019-05-07 15:59:59 -07:00 committed by GitHub
parent 01a27e4f37 e96bda6466
commit fdae14bc18
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 84 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
builder/googlecompute/config.go
View File

@ -13,6 +13,7 @@ import (
"github.com/hashicorp/packer/helper/config"
"github.com/hashicorp/packer/packer"
"github.com/hashicorp/packer/template/interpolate"
compute "google.golang.org/api/compute/v1"
)
var reImageFamily = regexp.MustCompile(`^[a-z]([-a-z0-9]{0,61}[a-z0-9])?$`)
@ -27,40 +28,41 @@ type Config struct {
AccountFile string `mapstructure:"account_file"`
ProjectId string `mapstructure:"project_id"`
AcceleratorType string `mapstructure:"accelerator_type"`
AcceleratorCount int64 `mapstructure:"accelerator_count"`
Address string `mapstructure:"address"`
DisableDefaultServiceAccount bool `mapstructure:"disable_default_service_account"`
DiskName string `mapstructure:"disk_name"`
DiskSizeGb int64 `mapstructure:"disk_size"`
DiskType string `mapstructure:"disk_type"`
ImageName string `mapstructure:"image_name"`
ImageDescription string `mapstructure:"image_description"`
ImageFamily string `mapstructure:"image_family"`
ImageLabels map[string]string `mapstructure:"image_labels"`
ImageLicenses []string `mapstructure:"image_licenses"`
InstanceName string `mapstructure:"instance_name"`
Labels map[string]string `mapstructure:"labels"`
MachineType string `mapstructure:"machine_type"`
Metadata map[string]string `mapstructure:"metadata"`
MinCpuPlatform string `mapstructure:"min_cpu_platform"`
Network string `mapstructure:"network"`
NetworkProjectId string `mapstructure:"network_project_id"`
OmitExternalIP bool `mapstructure:"omit_external_ip"`
OnHostMaintenance string `mapstructure:"on_host_maintenance"`
Preemptible bool `mapstructure:"preemptible"`
RawStateTimeout string `mapstructure:"state_timeout"`
Region string `mapstructure:"region"`
Scopes []string `mapstructure:"scopes"`
ServiceAccountEmail string `mapstructure:"service_account_email"`
SourceImage string `mapstructure:"source_image"`
SourceImageFamily string `mapstructure:"source_image_family"`
SourceImageProjectId string `mapstructure:"source_image_project_id"`
StartupScriptFile string `mapstructure:"startup_script_file"`
Subnetwork string `mapstructure:"subnetwork"`
Tags []string `mapstructure:"tags"`
UseInternalIP bool `mapstructure:"use_internal_ip"`
Zone string `mapstructure:"zone"`
AcceleratorType string `mapstructure:"accelerator_type"`
AcceleratorCount int64 `mapstructure:"accelerator_count"`
Address string `mapstructure:"address"`
DisableDefaultServiceAccount bool `mapstructure:"disable_default_service_account"`
DiskName string `mapstructure:"disk_name"`
DiskSizeGb int64 `mapstructure:"disk_size"`
DiskType string `mapstructure:"disk_type"`
ImageName string `mapstructure:"image_name"`
ImageDescription string `mapstructure:"image_description"`
ImageEncryptionKey *compute.CustomerEncryptionKey `mapstructure:"image_encryption_key"`
ImageFamily string `mapstructure:"image_family"`
ImageLabels map[string]string `mapstructure:"image_labels"`
ImageLicenses []string `mapstructure:"image_licenses"`
InstanceName string `mapstructure:"instance_name"`
Labels map[string]string `mapstructure:"labels"`
MachineType string `mapstructure:"machine_type"`
Metadata map[string]string `mapstructure:"metadata"`
MinCpuPlatform string `mapstructure:"min_cpu_platform"`
Network string `mapstructure:"network"`
NetworkProjectId string `mapstructure:"network_project_id"`
OmitExternalIP bool `mapstructure:"omit_external_ip"`
OnHostMaintenance string `mapstructure:"on_host_maintenance"`
Preemptible bool `mapstructure:"preemptible"`
RawStateTimeout string `mapstructure:"state_timeout"`
Region string `mapstructure:"region"`
Scopes []string `mapstructure:"scopes"`
ServiceAccountEmail string `mapstructure:"service_account_email"`
SourceImage string `mapstructure:"source_image"`
SourceImageFamily string `mapstructure:"source_image_family"`
SourceImageProjectId string `mapstructure:"source_image_project_id"`
StartupScriptFile string `mapstructure:"startup_script_file"`
Subnetwork string `mapstructure:"subnetwork"`
Tags []string `mapstructure:"tags"`
UseInternalIP bool `mapstructure:"use_internal_ip"`
Zone string `mapstructure:"zone"`
Account AccountFile
stateTimeout time.Duration

15
builder/googlecompute/config_test.go
View File

@ -156,6 +156,21 @@ func TestConfigPrepare(t *testing.T) {
"foo bar",
true,
},
{
"image_encryption_key",
map[string]string{"kmsKeyName": "foo"},
false,
},
{
"image_encryption_key",
map[string]string{"No such key": "foo"},
true,
},
{
"image_encryption_key",
map[string]string{"kmsKeyName": "foo", "RawKey": "foo"},
false,
},
{
"scopes",
[]string{},

4
builder/googlecompute/driver.go
View File

@ -3,6 +3,8 @@ package googlecompute
import (
"crypto/rsa"
"time"
compute "google.golang.org/api/compute/v1"
)
// Driver is the interface that has to be implemented to communicate
@ -11,7 +13,7 @@ import (
type Driver interface {
// CreateImage creates an image from the given disk in Google Compute
// Engine.
CreateImage(name, description, family, zone, disk string, image_labels map[string]string, image_licenses []string) (<-chan *Image, <-chan error)
CreateImage(name, description, family, zone, disk string, image_labels map[string]string, image_licenses []string, image_encryption_key *compute.CustomerEncryptionKey) (<-chan *Image, <-chan error)
// DeleteImage deletes the image with the given name.
DeleteImage(name string) <-chan error

17
builder/googlecompute/driver_gce.go
View File

@ -104,15 +104,16 @@ func NewDriverGCE(ui packer.Ui, p string, a *AccountFile) (Driver, error) {
}, nil
}
func (d *driverGCE) CreateImage(name, description, family, zone, disk string, image_labels map[string]string, image_licenses []string) (<-chan *Image, <-chan error) {
func (d *driverGCE) CreateImage(name, description, family, zone, disk string, image_labels map[string]string, image_licenses []string, image_encryption_key *compute.CustomerEncryptionKey) (<-chan *Image, <-chan error) {
gce_image := &compute.Image{
Description: description,
Name: name,
Family: family,
Labels: image_labels,
Licenses: image_licenses,
SourceDisk: fmt.Sprintf("%s%s/zones/%s/disks/%s", d.service.BasePath, d.projectId, zone, disk),
SourceType: "RAW",
Description: description,
Name: name,
Family: family,
Labels: image_labels,
Licenses: image_licenses,
ImageEncryptionKey: image_encryption_key,
SourceDisk: fmt.Sprintf("%s%s/zones/%s/disks/%s", d.service.BasePath, d.projectId, zone, disk),
SourceType: "RAW",
}
imageCh := make(chan *Image, 1)

10
builder/googlecompute/driver_mock.go
View File

@ -1,6 +1,10 @@
package googlecompute
import "fmt"
import (
"fmt"
compute "google.golang.org/api/compute/v1"
)
// DriverMock is a Driver implementation that is a mocked out so that
// it can be used for tests.
@ -8,6 +12,7 @@ type DriverMock struct {
CreateImageName string
CreateImageDesc string
CreateImageFamily string
CreateImageEncryptionKey *compute.CustomerEncryptionKey
CreateImageLabels map[string]string
CreateImageLicenses []string
CreateImageZone string
@ -82,7 +87,7 @@ type DriverMock struct {
WaitForInstanceErrCh <-chan error
}
func (d *DriverMock) CreateImage(name, description, family, zone, disk string, image_labels map[string]string, image_licenses []string) (<-chan *Image, <-chan error) {
func (d *DriverMock) CreateImage(name, description, family, zone, disk string, image_labels map[string]string, image_licenses []string, image_encryption_key *compute.CustomerEncryptionKey) (<-chan *Image, <-chan error) {
d.CreateImageName = name
d.CreateImageDesc = description
d.CreateImageFamily = family
@ -90,6 +95,7 @@ func (d *DriverMock) CreateImage(name, description, family, zone, disk string, i
d.CreateImageLicenses = image_licenses
d.CreateImageZone = zone
d.CreateImageDisk = disk
d.CreateImageEncryptionKey = image_encryption_key
if d.CreateImageResultProjectId == "" {
d.CreateImageResultProjectId = "test"
}

2
builder/googlecompute/step_create_image.go
View File

@ -40,7 +40,7 @@ func (s *StepCreateImage) Run(ctx context.Context, state multistep.StateBag) mul
imageCh, errCh := driver.CreateImage(
config.ImageName, config.ImageDescription, config.ImageFamily, config.Zone,
config.DiskName, config.ImageLabels, config.ImageLicenses)
config.DiskName, config.ImageLabels, config.ImageLicenses, config.ImageEncryptionKey)
var err error
select {
case err = <-errCh:

1
builder/googlecompute/step_create_image_test.go
View File

@ -47,6 +47,7 @@ func TestStepCreateImage(t *testing.T) {
assert.Equal(t, d.CreateImageDisk, c.DiskName, "Incorrect disk passed to driver.")
assert.Equal(t, d.CreateImageLabels, c.ImageLabels, "Incorrect image_labels passed to driver.")
assert.Equal(t, d.CreateImageLicenses, c.ImageLicenses, "Incorrect image_licenses passed to driver.")
assert.Equal(t, d.CreateImageEncryptionKey, c.ImageEncryptionKey, "Incorrect image_encryption_key passed to driver.")
}
func TestStepCreateImage_errorOnChannel(t *testing.T) {

11
website/source/docs/builders/googlecompute.html.md
View File

@ -270,6 +270,17 @@ builder.
- `image_name` (string) - The unique name of the resulting image. Defaults to
`"packer-{{timestamp}}"`.
- `image_encryption_key` (object of encryption key) - Image encryption key to apply to the created image. Possible values:
* kmsKeyName - The name of the encryption key that is stored in Google Cloud KMS.
* RawKey: - A 256-bit customer-supplied encryption key, encodes in RFC 4648 base64.
example:
``` json
{
"kmsKeyName": "projects/${project}/locations/${region}/keyRings/computeEngine/cryptoKeys/computeEngine/cryptoKeyVersions/4"
}
```
- `instance_name` (string) - A name to give the launched instance. Beware
that this must be unique. Defaults to `"packer-{{uuid}}"`.