Adds `enable_secure_boot`, `enable_vtpm` and `enable_integrity_monitoring`
config options to enable building of custom Shielded GCP Compute images.
Feedback on this is more than welcome as this is my first attempt in
contributing to anything Packer related.
Packer is great for us to build custom images on top of GCP but we would
like to enhance that to support Shielded VM images. This will allow us
to have more secure and trusted images which our team(s) will be using.
There were 5 different formats for the Packer useragent string. This
fixes that and unifies it into a helper package.
I did not touch oracle's user-agent, because it looked kinda special.
The ability to use a service account other than the default was
introduced in #5928. This change adds to that by introducing the
'disable_default_service_account' config option. If true - and
'service_account_email' is not set - Packer will create a GCE VM
with no service account.
This commit allows user to specify the service account they want
to associate with the virtual machine provisionned by setting
the service_account_email field in the config.
It allows to manage permissions of the instantiated VM properly,
using a service account that can be tied up to IAM roles and
permissions.
This change constructs partial URLs for networks and subnetworks if they
are not already partial or full URLs (i.e., they do not contain a '/' in
their name). Network and subnetwork self-links are no longer retrieved
from the API.
Previously, if a user did not provide the network or subnetwork as a
fully-qualified URL (i.e., self-link), the builder would make
compute.(sub)networks.get API calls with the provided identifier to
discover the self-link. This requires the user or service account Packer
is using to have permission to describe those network resources, which
is becoming less common as IAM is used more. Specifically, a user may
have permission to launch a VM into a network/subnetwork, but will not
have permission to call APIs to describe network resources.
If full server URL's is used in subnetwork we can skip reading from the network
API. This is usefull when you can launch instances in a shared network but don't
have access to do GET on the network resources.
Closes: #5018
Megan Marsh
upodroid
Wei Cheng
Svetlin Zamfirov
Rens Sikma
Lars Lehtonen
Mason, Elliot
krisko
Adrien Delorme
Arnaud Dezandee
deepuashokan85
Seth Vargo
Evan Brown
Christophe Courtaut
Petr Hosek
Daniel Hess
Peter Mounce
Patrick Decat
Saulius Grusnys
Rickard von Essen
Matthew Hooker
Dimitri Rudnev
Troy Toman
Peter Schultz
YAMADA Tsuyoshi
Pieter Lazzaro
Yuki Takeichi