From b6141fd532e61fdf16661d98fcdff0605a368985 Mon Sep 17 00:00:00 2001 From: Lucas Bajolet Date: Tue, 17 Dec 2024 14:59:59 -0500 Subject: [PATCH] command: copy AWS plugin structures for upgrade The hcl2_upgrade command transforms a JSON template into an HCL2 template for use with Packer. The command is quite fragile already, but given that this is the last remaining fragment that causes Packer to depend on the AWS SDK directly, we can do away with it. This commit therefore imports the definitions for AWS access config, so we can extract this information from the JSON template, and include it in the definition of the output source for AWS, since we manage this one differently from other sources. This allows us to not depend on the AWS plugin directly, which in turn makes Packer not need to link with the AWS plugin when compiling the executable. We are still depending on the AWS SDK for now since the SDK exposes a aws_secretsmanager function that can be used for interpolation (legacy JSON interpolation to be clear), so this cannot be removed from now, but we should consider some form of remediation in the future. --- command/hcl2_upgrade.go | 45 +++++++++++++++++++++++++++++++++++++++-- go.mod | 2 -- go.sum | 8 -------- 3 files changed, 43 insertions(+), 12 deletions(-) diff --git a/command/hcl2_upgrade.go b/command/hcl2_upgrade.go index 56edf175dd4..6bbd7928cbc 100644 --- a/command/hcl2_upgrade.go +++ b/command/hcl2_upgrade.go @@ -20,7 +20,6 @@ import ( "github.com/hashicorp/go-multierror" "github.com/hashicorp/hcl/v2/hclwrite" - awscommon "github.com/hashicorp/packer-plugin-amazon/builder/common" hcl2shim "github.com/hashicorp/packer-plugin-sdk/hcl2helper" "github.com/hashicorp/packer-plugin-sdk/template" "github.com/hashicorp/packer/packer" @@ -1170,10 +1169,52 @@ func (p *AmazonAmiDatasourceParser) Parse(_ *template.Template) error { return nil } +type AssumeRoleConfig struct { + AssumeRoleARN string `mapstructure:"role_arn" required:"false"` + AssumeRoleDurationSeconds int `mapstructure:"duration_seconds" required:"false"` + AssumeRoleExternalID string `mapstructure:"external_id" required:"false"` + AssumeRolePolicy string `mapstructure:"policy" required:"false"` + AssumeRolePolicyARNs []string `mapstructure:"policy_arns" required:"false"` + AssumeRoleSessionName string `mapstructure:"session_name" required:"false"` + AssumeRoleTags map[string]string `mapstructure:"tags" required:"false"` + AssumeRoleTransitiveTagKeys []string `mapstructure:"transitive_tag_keys" required:"false"` +} + +type VaultAWSEngineOptions struct { + Name string `mapstructure:"name"` + RoleARN string `mapstructure:"role_arn"` + TTL string `mapstructure:"ttl" required:"false"` + EngineName string `mapstructure:"engine_name"` +} + +type AWSPollingConfig struct { + MaxAttempts int `mapstructure:"max_attempts" required:"false"` + DelaySeconds int `mapstructure:"delay_seconds" required:"false"` +} + +type AwsAccessConfig struct { + AccessKey string `mapstructure:"access_key" required:"true"` + AssumeRole AssumeRoleConfig `mapstructure:"assume_role" required:"false"` + CustomEndpointEc2 string `mapstructure:"custom_endpoint_ec2" required:"false"` + CredsFilename string `mapstructure:"shared_credentials_file" required:"false"` + DecodeAuthZMessages bool `mapstructure:"decode_authorization_messages" required:"false"` + InsecureSkipTLSVerify bool `mapstructure:"insecure_skip_tls_verify" required:"false"` + MaxRetries int `mapstructure:"max_retries" required:"false"` + MFACode string `mapstructure:"mfa_code" required:"false"` + ProfileName string `mapstructure:"profile" required:"false"` + RawRegion string `mapstructure:"region" required:"true"` + SecretKey string `mapstructure:"secret_key" required:"true"` + SkipMetadataApiCheck bool `mapstructure:"skip_metadata_api_check"` + SkipCredsValidation bool `mapstructure:"skip_credential_validation"` + Token string `mapstructure:"token" required:"false"` + VaultAWSEngine VaultAWSEngineOptions `mapstructure:"vault_aws_engine" required:"false"` + PollingConfig *AWSPollingConfig `mapstructure:"aws_polling" required:"false"` +} + func copyAWSAccessConfig(sourceAmi map[string]interface{}, builder map[string]interface{}) (map[string]interface{}, error) { // Transform access config to a map accessConfigMap := map[string]interface{}{} - if err := mapstructure.Decode(awscommon.AccessConfig{}, &accessConfigMap); err != nil { + if err := mapstructure.Decode(AwsAccessConfig{}, &accessConfigMap); err != nil { return sourceAmi, err } diff --git a/go.mod b/go.mod index 0d549143b44..c888a7532f9 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,6 @@ require ( github.com/hashicorp/go-version v1.6.0 github.com/hashicorp/hcl/v2 v2.19.1 github.com/hashicorp/hcp-sdk-go v0.112.0 - github.com/hashicorp/packer-plugin-amazon v1.2.1 github.com/hashicorp/packer-plugin-sdk v0.5.4 github.com/jehiah/go-strftime v0.0.0-20171201141054-1d33003b3869 github.com/klauspost/compress v1.13.6 // indirect @@ -116,7 +115,6 @@ require ( github.com/google/uuid v1.4.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/googleapis/gax-go/v2 v2.12.0 // indirect - github.com/hashicorp/aws-sdk-go-base v0.7.1 // indirect github.com/hashicorp/consul/api v1.25.1 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect diff --git a/go.sum b/go.sum index ccc54480e0d..a92f04890a1 100644 --- a/go.sum +++ b/go.sum @@ -63,7 +63,6 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/aws/aws-sdk-go v1.31.9/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.44.114 h1:plIkWc/RsHr3DXBj4MEw9sEW4CcL/e2ryokc+CKyq1I= github.com/aws/aws-sdk-go v1.44.114/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -168,7 +167,6 @@ github.com/go-openapi/swag v0.22.5 h1:fVS63IE3M0lsuWRzuom3RLwUMVI2peDH01s6M70ugy github.com/go-openapi/swag v0.22.5/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0= github.com/go-openapi/validate v0.22.4 h1:5v3jmMyIPKTR8Lv9syBAIRxG6lY0RqeBPB1LKEijzk8= github.com/go-openapi/validate v0.22.4/go.mod h1:qm6O8ZIcPVdSY5219468Jv7kBdGvkiZLPOmqnqTUZ2A= -github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= @@ -234,8 +232,6 @@ github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56 github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= github.com/hako/durafmt v0.0.0-20200710122514-c0fb7b4da026 h1:BpJ2o0OR5FV7vrkDYfXYVJQeMNWa8RhklZOpW2ITAIQ= github.com/hako/durafmt v0.0.0-20200710122514-c0fb7b4da026/go.mod h1:5Scbynm8dF1XAPwIwkGPqzkM/shndPm79Jd1003hTjE= -github.com/hashicorp/aws-sdk-go-base v0.7.1 h1:7s/aR3hFn74tYPVihzDyZe7y/+BorN70rr9ZvpV3j3o= -github.com/hashicorp/aws-sdk-go-base v0.7.1/go.mod h1:2fRjWDv3jJBeN6mVWFHV6hFTNeFBx2gpDLQaZNxUVAY= github.com/hashicorp/consul/api v1.25.1 h1:CqrdhYzc8XZuPnhIYZWH45toM0LB9ZeYr/gvpLVI3PE= github.com/hashicorp/consul/api v1.25.1/go.mod h1:iiLVwR/htV7mas/sy0O+XSuEnrdBUUydemjxcUrAt4g= github.com/hashicorp/consul/sdk v0.14.1 h1:ZiwE2bKb+zro68sWzZ1SgHF3kRMBZ94TwOCFRF4ylPs= @@ -303,8 +299,6 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR/prTM= github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0= -github.com/hashicorp/packer-plugin-amazon v1.2.1 h1:0Xqr8KsTJJhIo0vvjqPYrVMgyVxNRuYH4DeB5m/WAtw= -github.com/hashicorp/packer-plugin-amazon v1.2.1/go.mod h1:qlp0h5TWVGgcPzN9mSxPiEAwOUOW3XU/zep0pGd0ZsM= github.com/hashicorp/packer-plugin-sdk v0.5.4 h1:5Bl5DMEa//G4gBNcl842JopM9L4KSSsxpvB4W1lEwIA= github.com/hashicorp/packer-plugin-sdk v0.5.4/go.mod h1:ALm0ZIK3c/F4iOqPNi7xVuHTgrR5dxzOK+DhFN5DHj4= github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY= @@ -323,7 +317,6 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOl github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jehiah/go-strftime v0.0.0-20171201141054-1d33003b3869 h1:IPJ3dvxmJ4uczJe5YQdrYB16oTJlGSC/OyZDqUk9xX4= github.com/jehiah/go-strftime v0.0.0-20171201141054-1d33003b3869/go.mod h1:cJ6Cj7dQo+O6GJNiMx+Pa94qKj+TG8ONdKHgMNIyyag= -github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= @@ -599,7 +592,6 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=