Merge pull request #6585 from hashicorp/do_6584

fix security hole with ami filter
8 years ago · 3362897c44
parent fa7b9da808 d57b599f3c
commit 3362897c44
7 changed files with 25 additions and 7 deletions
--- a/builder/amazon/common/run_config.go
+++ b/builder/amazon/common/run_config.go
@ -25,6 +25,10 @@ func (d *AmiFilterOptions) Empty() bool {
 	return len(d.Owners) == 0 && len(d.Filters) == 0
 }

+func (d *AmiFilterOptions) NoOwner() bool {
+	return len(d.Owners) == 0
+}
+
 // RunConfig contains configuration for running an instance from a source
 // AMI and details on how to access that launched image.
 type RunConfig struct {
@ -101,6 +105,10 @@ func (c *RunConfig) Prepare(ctx *interpolate.Context) []error {
 		errs = append(errs, fmt.Errorf("A source_ami or source_ami_filter must be specified"))
 	}

+	if c.SourceAmi == "" && c.SourceAmiFilter.NoOwner() {
+		errs = append(errs, fmt.Errorf("For security reasons, your source AMI filter must declare an owner."))
+	}
+
 	if c.InstanceType == "" {
 		errs = append(errs, fmt.Errorf("An instance_type must be specified"))
 	}
--- a/builder/amazon/common/run_config_test.go
+++ b/builder/amazon/common/run_config_test.go
@ -55,18 +55,28 @@ func TestRunConfigPrepare_InstanceType(t *testing.T) {
 func TestRunConfigPrepare_SourceAmi(t *testing.T) {
 	c := testConfig()
 	c.SourceAmi = ""
-	if err := c.Prepare(nil); len(err) != 1 {
+	if err := c.Prepare(nil); len(err) != 2 {
 		t.Fatalf("Should error if a source_ami (or source_ami_filter) is not specified")
 	}
 }

 func TestRunConfigPrepare_SourceAmiFilterBlank(t *testing.T) {
 	c := testConfigFilter()
-	if err := c.Prepare(nil); len(err) != 1 {
+	if err := c.Prepare(nil); len(err) != 2 {
 		t.Fatalf("Should error if source_ami_filter is empty or not specified (and source_ami is not specified)")
 	}
 }

+func TestRunConfigPrepare_SourceAmiFilterOwnersBlank(t *testing.T) {
+	c := testConfigFilter()
+	filter_key := "name"
+	filter_value := "foo"
+	c.SourceAmiFilter = AmiFilterOptions{Filters: map[*string]*string{&filter_key: &filter_value}}
+	if err := c.Prepare(nil); len(err) != 1 {
+		t.Fatalf("Should error if Owners is not specified)")
+	}
+}
+
 func TestRunConfigPrepare_SourceAmiFilterGood(t *testing.T) {
 	c := testConfigFilter()
 	owner := "123"
--- a/website/source/docs/builders/amazon-chroot.html.md
+++ b/website/source/docs/builders/amazon-chroot.html.md
@ -300,7 +300,7 @@ each category, the available configuration keys are alphabetized.
        is valid.

    -   `owners` (array of strings) - This scopes the AMIs to certain Amazon account IDs.
-        This is helpful to limit the AMIs to a trusted third party, or to your own account.
+        This is a required option, necessary to limit the AMIs your account or a trusted third party.

    -   `most_recent` (boolean) - Selects the newest created image when true.
        This is most useful for selecting a daily distro build.
--- a/website/source/docs/builders/amazon-ebs.html.md
+++ b/website/source/docs/builders/amazon-ebs.html.md
@ -319,7 +319,7 @@ builder.
        is valid.

    -   `owners` (array of strings) - This scopes the AMIs to certain Amazon account IDs.
-        This is helpful to limit the AMIs to a trusted third party, or to your own account.
+        This is a required option, necessary to limit the AMIs your account or a trusted third party.

    -   `most_recent` (boolean) - Selects the newest created image when true.
        This is most useful for selecting a daily distro build.
--- a/website/source/docs/builders/amazon-ebssurrogate.html.md
+++ b/website/source/docs/builders/amazon-ebssurrogate.html.md
@ -312,7 +312,7 @@ builder.
        is valid.

    -   `owners` (array of strings) - This scopes the AMIs to certain Amazon account IDs.
-        This is helpful to limit the AMIs to a trusted third party, or to your own account.
+        This is a required option, necessary to limit the AMIs your account or a trusted third party.

    -   `most_recent` (boolean) - Selects the newest created image when true.
        This is most useful for selecting a daily distro build.
--- a/website/source/docs/builders/amazon-ebsvolume.html.md
+++ b/website/source/docs/builders/amazon-ebsvolume.html.md
@ -240,7 +240,7 @@ builder.
        is valid.

    -   `owners` (array of strings) - This scopes the AMIs to certain Amazon account IDs.
-        This is helpful to limit the AMIs to a trusted third party, or to your own account.
+        This is a required option, necessary to limit the AMIs your account or a trusted third party.

    -   `most_recent` (boolean) - Selects the newest created image when true.
        This is most useful for selecting a daily distro build.
--- a/website/source/docs/builders/amazon-instance.html.md
+++ b/website/source/docs/builders/amazon-instance.html.md
@ -312,7 +312,7 @@ builder.
        is valid.

    -   `owners` (array of strings) - This scopes the AMIs to certain Amazon account IDs.
-        This is helpful to limit the AMIs to a trusted third party, or to your own account.
+        This is a required option, necessary to limit the AMIs your account or a trusted third party.

    -   `most_recent` (boolean) - Selects the newest created image when true.
        This is most useful for selecting a daily distro build.