Subnet information is only really needed when the specified `vpc_id` is
not the default VPC for the region where the builder is being executed.
This change uses the AWS API to determine if the VPC provided is a
non-default VPC and only validates the existence of a `subnet_id` if a
user has provided a non-default `vpc_id`.
Tests after change
```
> make test TEST=./builder/amazon/... TESTARGS='-count=1 -v -run=TestStepPreValidate_checkVpc'
...
=== RUN TestStepPreValidate_checkVpc
=== RUN TestStepPreValidate_checkVpc/DefaultVpc
=== RUN TestStepPreValidate_checkVpc/NonDefaultVpcNoSubnet
=== RUN TestStepPreValidate_checkVpc/NonDefaultVpcWithSubnet
=== RUN TestStepPreValidate_checkVpc/SubnetWithNoVpc
=== RUN TestStepPreValidate_checkVpc/NoVpcInformation
--- PASS: TestStepPreValidate_checkVpc (0.00s)
--- PASS: TestStepPreValidate_checkVpc/DefaultVpc (0.00s)
--- PASS: TestStepPreValidate_checkVpc/NonDefaultVpcNoSubnet (0.00s)
--- PASS: TestStepPreValidate_checkVpc/NonDefaultVpcWithSubnet (0.00s)
--- PASS: TestStepPreValidate_checkVpc/SubnetWithNoVpc (0.00s)
--- PASS: TestStepPreValidate_checkVpc/NoVpcInformation (0.00s)
PASS
...
```
to accept a list of strings (for Amazon builders).
Per this change, `temporary_security_group_source_cidr` in the configuration:
1. Will be renamed to `temporary_security_group_source_cidrs`.
2. Will accept a list of CIDRs.
3. Will have its documentation updated to reflect this change.
4. Will have a fixer attached for newer templates to avail of.
* removed packer.Cache and references since packer.Cache is never used except in the download step. The download step now uses the new func packer.CachePath(targetPath) for this, the behavior is the same.
* removed download code from packer that was reimplemented into the go-getter library: progress bar, http download restart, checksuming from file, skip already downloaded files, symlinking, make a download cancellable by context.
* on windows if packer is running without symlinking rights and we are getting a local file, the file will be copied instead to avoid errors.
* added unit tests for step_download that are now CI tested on windows, mac & linux.
* files are now downloaded under cache dir `sha1(filename + "?checksum=" + checksum) + file_extension`
* since the output dir is based on the source url and the checksum, when the checksum fails, the file is auto deleted.
* a download file is protected and locked by a file lock,
* updated docs
* updated go modules and vendors
to retain current encryption settings
this changes the fields :
* ami_config.encrypt_boot
* block_device.encrypted
This also removes StepCreateEncryptedAMICopy as this step is now done in StepAMIRegionCopy
This means it now has three states, `true`, `false`, & `nil`. The
default state is now `nil` which does nothing instead of `false` which
now will explicitly disable ENA support instead of just not enabling it.
This adds a new parameter to the EBS builders named `spot_tags'. This
parameter accepts a map of tags, much like `tags'. These tags will be
applied to a spot request that is created.
Improve visibility.
We can't tag on instance creation when we're in "restricted" regions,
so let's add the tags after the resources have been created.
Adds methods to AccessConfig to detect if we're in China or US Gov
regions (i.e. "restricted").
Also turns tag:tag maps into a type, and moves methods around validating
and converting them to ec2Tags to methods of the type.
Run now takes a context as well as a statebag. We'll assign the context
to the blank identifier to prevent namespace collisions. We'll let the
step authors opt-in to using the context.
`find . -iname "step_*.go" -exec gsed -i'' 's/func \(.*\)Run(/func \1Run(_ context.Context, /' {} \;`
This commit adds a change which ensures that the Session Token
config struct item is removed from log output.
Signed-off-by: Krzysztof Wilczynski <kw@linux.com>
StepTagEBSVolumes is no longer needed, since this functionality is now
taken over by StepRunSourceInstance and StepRunSpotInstance. So remove
this functionality from the codebase.
The EBS builder will now use the tag-on-creation pattern, so
that it's possible to restrict packer to only create volumes that are
properly tagged by using an AWS policy.
In AWS we can derive the `VpcId` and AZ from the `SubnetId`, so now we do. In the config you can now only specify the `SubnetId`.
This fixes issue #4693.
As pointed out in the initial code review of #4351, some of the steps
from the standard EBS builder were (intetionally) omitted. It turns out
that these actually are useful, and the original rationale for the
omission was wrong. Consequently, this commit adds in the following
steps:
- `StepPrevalidate`
- `StepTagEBSVolumes`
- `StepDeregisterAMI`
- `StepCreateEncryptedAMICopy`
- `StepAMIRegionCopy`
- `StepModifyAMIAttribute`
- `StepCreateTags`
We also fix the interpolation filter and documentation to reflect these
additions, though the majority were already documented and just not
functional.
When an ebs volume fails to delete, Packer reports that there
was an error deleting the volume and the volume id. But it doesn't
give you the details of what that error is. This commit adds the
error reported back to the standard output.
Added the 'kms_key_id' parameter. This supports supplying a customer master key (CMK) when encrypting the EBS volume.
The parameter is optional and only takes effect when 'encrypted' is true. When 'encrypted' is true but 'kms_key_id' is missing the 'aws/ebs' key will be used.
This PR adds the ability for Packer to clean up snapshots in addition to
deregistering AMIs at build time.
To test this, I used the following `test.json` file:
```json
{
"builders": [
{
"type": "amazon-ebs",
"region": "us-east-1",
"source_ami": "ami-fce3c696",
"ami_name": "packer-test",
"instance_type": "m3.medium",
"ssh_username": "ubuntu",
"vpc_id": "some-vpc-id",
"subnet_id": "some-subnet-routed-through-igw",
"security_group_id": "some-security-group-with-port-22-access",
"force_delete_snapshot": true
}
],
"provisioners": [
{
"type": "shell-local",
"command": "echo 'hello'"
}
]
}
```
I appreciate any constructive feedbakc that can be given. Cheers!
While implementing my acceptance test, I stumbled upon a comment stating
that snapshot deletion should also be implemented, so I snuck that in. I
can't help but wonder if there is some generic logic that is implemented
a few times throughout the packer code base that could maybe better serve
us if it were abstracted to the common package.
This commit adds the ability to configure unique tags on snapshots
that are separate from the tags defined on the AMI. Anything applied
to the AMI will also be applied to the snapshots, but `snapshot_tags`
will override and append tags to the tags already applied to the snapshots
This commit adds an option to use the local SSH Agent to authenticate
connections to source instances started by the the EBS and Instance
Store builders.
This is of use when the source AMI _already_ has configuration for
authorized SSH keys - for example if one uses an SSH certificate
authority.
A further extension (not implemented in this commit) is to allow SSH
agent use with a pre-defined key pair, in order to allow keys with
passphrases to be used without giving the passphrase to Packer.
Megan Marsh
nywilken
Bernard Baltrusaitis
Adrien Delorme
Akshat Mahajan
Matt Dainty
Matthew Hooker
Adrien Delorme
Sargun Dhillon
RenaudS
Rickard von Essen
Anshul Sharma
James Nugent
Mark Meyer
DanHam
AlessioT
Rong Chen
Krzysztof Wilczynski
John Davies-Colley
Mark Meyer
Zanetti, David
Paul Thrasher
Roman Zhuzha
Richard Moore
Ari Aviran
poida
Arthur Burkart
Richard Owen