GCP informed us that the GuestOsFeature SECURE_BOOT is deprecated and
that they are using UEFI_COMPATIBLE instead. This means, using an image
with 'UEFI_COMPATIBLE' guest OS feature confirms the 'secureBoot'
feature compatibility.
Adds `enable_secure_boot`, `enable_vtpm` and `enable_integrity_monitoring`
config options to enable building of custom Shielded GCP Compute images.
Feedback on this is more than welcome as this is my first attempt in
contributing to anything Packer related.
Packer is great for us to build custom images on top of GCP but we would
like to enhance that to support Shielded VM images. This will allow us
to have more secure and trusted images which our team(s) will be using.
- startup scripts don't run for Windows since it is isn't implemented yet.
- startup scripts use instance metadata instead of serial port output to flag when they are done.
- added licenses to Image data type (to check if an Image is a Windows Image).
- added GetImage and GetImageFromProject to googlecompute Drivers.
- changed some of the builder/googlecompute tests to use github.com/stretchr/testify/assert.
Tests:
- (in the Packer directory) `go test .`, `go test ./builder/googlecompute`, and `go test ./post-processor/googlecompute-export`
- manual run of `packer build packer_template.json` with the following files
--packer_template.json--
{
"builders": [
{
"type": "googlecompute",
"account_file": "creds.json",
"project_id": "google.com:packer-test",
"source_image": "debian-8-jessie-v20160629",
"zone": "us-central1-a",
"startup_script_file": "startup_script.sh",
"metadata": {
"startup-script": "#!/bin/sh\necho \"This should be overwritten.\"",
"startup-script-log-dest": "gs://packer-test.google.com.a.appspot.com/startup-script.log"
},
"image_name": "test-packer-modifications",
"ssh_username": "foo"
}
],
"post-processors": [
{
"type": "googlecompute-export",
"paths": [
"gs://packer-test.google.com.a.appspot.com/foo.tar.gz",
"gs://packer-test.google.com.a.appspot.com/bar.tar.gz"
],
"keep_input_artifact": true
}
]
}
--startup_script.sh--
\#!/bin/sh
echo "Hi, my name is Scott. I'm waiting 60 seconds!" >> /scott
sleep 60
echo "I'm done waiting!" >> /scott