diff --git a/builder/amazon/common/ami_config.go b/builder/amazon/common/ami_config.go index 716697c73..c842a4aca 100644 --- a/builder/amazon/common/ami_config.go +++ b/builder/amazon/common/ami_config.go @@ -24,15 +24,13 @@ type AMIConfig struct { AMISriovNetSupport bool `mapstructure:"sriov_support"` AMIForceDeregister bool `mapstructure:"force_deregister"` AMIForceDeleteSnapshot bool `mapstructure:"force_delete_snapshot"` - RawAMIEncryptBootVolume config.Trilean `mapstructure:"encrypt_boot"` + AMIEncryptBootVolume config.Trilean `mapstructure:"encrypt_boot"` AMIKmsKeyId string `mapstructure:"kms_key_id"` AMIRegionKMSKeyIDs map[string]string `mapstructure:"region_kms_key_ids"` SnapshotTags TagMap `mapstructure:"snapshot_tags"` SnapshotUsers []string `mapstructure:"snapshot_users"` SnapshotGroups []string `mapstructure:"snapshot_groups"` AMISkipBuildRegion bool `mapstructure:"skip_save_build_region"` - - AMIEncryptBootVolume *bool } func stringInSlice(s []string, searchstr string) bool { @@ -63,10 +61,9 @@ func (c *AMIConfig) Prepare(accessConfig *AccessConfig, ctx *interpolate.Context errs = append(errs, c.prepareRegions(accessConfig)...) - c.AMIEncryptBootVolume = c.RawAMIEncryptBootVolume.ToBoolPointer() // Prevent sharing of default KMS key encrypted volumes with other aws users if len(c.AMIUsers) > 0 { - if len(c.AMIKmsKeyId) == 0 && c.AMIEncryptBootVolume != nil && *c.AMIEncryptBootVolume { + if len(c.AMIKmsKeyId) == 0 && c.AMIEncryptBootVolume.True() { errs = append(errs, fmt.Errorf("Cannot share AMI encrypted with default KMS key")) } if len(c.AMIRegionKMSKeyIDs) > 0 { @@ -96,7 +93,7 @@ func (c *AMIConfig) Prepare(accessConfig *AccessConfig, ctx *interpolate.Context } if len(c.SnapshotUsers) > 0 { - if len(c.AMIKmsKeyId) == 0 && c.AMIEncryptBootVolume != nil && *c.AMIEncryptBootVolume { + if len(c.AMIKmsKeyId) == 0 && c.AMIEncryptBootVolume.True() { errs = append(errs, fmt.Errorf("Cannot share snapshot encrypted with default KMS key")) } if len(c.AMIRegionKMSKeyIDs) > 0 { diff --git a/builder/amazon/common/ami_config_test.go b/builder/amazon/common/ami_config_test.go index 27fc91266..b1057673b 100644 --- a/builder/amazon/common/ami_config_test.go +++ b/builder/amazon/common/ami_config_test.go @@ -139,7 +139,7 @@ func TestAMIConfigPrepare_regions(t *testing.T) { c.SnapshotUsers = []string{"foo", "bar"} c.AMIKmsKeyId = "123-abc-456" - c.RawAMIEncryptBootVolume = config.TriTrue + c.AMIEncryptBootVolume = config.TriTrue c.AMIRegions = []string{"us-east-1", "us-west-1"} c.AMIRegionKMSKeyIDs = map[string]string{ "us-east-1": "123-456-7890", @@ -162,7 +162,7 @@ func TestAMIConfigPrepare_regions(t *testing.T) { func TestAMIConfigPrepare_Share_EncryptedBoot(t *testing.T) { c := testAMIConfig() c.AMIUsers = []string{"testAccountID"} - c.RawAMIEncryptBootVolume = config.TriTrue + c.AMIEncryptBootVolume = config.TriTrue accessConf := testAccessConfig() diff --git a/builder/amazon/ebs/step_create_ami.go b/builder/amazon/ebs/step_create_ami.go index d4d35638f..46347f7a3 100644 --- a/builder/amazon/ebs/step_create_ami.go +++ b/builder/amazon/ebs/step_create_ami.go @@ -27,7 +27,7 @@ func (s *stepCreateAMI) Run(ctx context.Context, state multistep.StateBag) multi // Create the image amiName := config.AMIName state.Put("intermediary_image", false) - if config.AMIEncryptBootVolume != nil && *config.AMIEncryptBootVolume != false || s.AMISkipBuildRegion { + if config.AMIEncryptBootVolume.True() || s.AMISkipBuildRegion { state.Put("intermediary_image", true) // From AWS SDK docs: You can encrypt a copy of an unencrypted snapshot,