Merge pull request #5525 from hashicorp/fix5524

use correct default region when deregistering AMIs.
9 years ago · a14e9f4d48
parent a495948dc5 d322fc6c19
commit a14e9f4d48
9 changed files with 113 additions and 103 deletions
--- a/builder/amazon/chroot/builder.go
+++ b/builder/amazon/chroot/builder.go
@ -121,7 +121,8 @@ func (b *Builder) Prepare(raws ...interface{}) ([]string, error) {
 	var warns []string

 	errs = packer.MultiErrorAppend(errs, b.config.AccessConfig.Prepare(&b.config.ctx)...)
-	errs = packer.MultiErrorAppend(errs, b.config.AMIConfig.Prepare(&b.config.ctx)...)
+	errs = packer.MultiErrorAppend(errs,
+		b.config.AMIConfig.Prepare(&b.config.AccessConfig, &b.config.ctx)...)

 	for _, mounts := range b.config.ChrootMounts {
 		if len(mounts) != 3 {
--- a/builder/amazon/common/access_config.go
+++ b/builder/amazon/common/access_config.go
@ -4,11 +4,13 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"time"

 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/ec2metadata"
 	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/hashicorp/go-cleanhttp"
 	"github.com/hashicorp/packer/template/interpolate"
 )

@ -32,18 +34,17 @@ func (c *AccessConfig) Session() (*session.Session, error) {
 		return c.session, nil
 	}

-	region, err := c.Region()
-	if err != nil {
-		return nil, err
-	}
-
 	if c.ProfileName != "" {
 		if err := os.Setenv("AWS_PROFILE", c.ProfileName); err != nil {
 			log.Printf("Set env error: %s", err)
 		}
 	}

-	config := aws.NewConfig().WithRegion(region).WithMaxRetries(11).WithCredentialsChainVerboseErrors(true)
+	config := aws.NewConfig().WithMaxRetries(11).WithCredentialsChainVerboseErrors(true)
+
+	if region := c.region(); region != "" {
+		config = config.WithRegion(region)
+	}

 	if c.CustomEndpointEc2 != "" {
 		config = config.WithEndpoint(c.CustomEndpointEc2)
@ -72,6 +73,7 @@ func (c *AccessConfig) Session() (*session.Session, error) {
 			return c.MFACode, nil
 		}
 	}
+	var err error
 	c.session, err = session.NewSessionWithOptions(opts)
 	if err != nil {
 		return nil, err
@ -80,27 +82,26 @@ func (c *AccessConfig) Session() (*session.Session, error) {
 	return c.session, nil
 }

-// Region returns the aws.Region object for access to AWS services, requesting
-// the region from the instance metadata if possible.
-func (c *AccessConfig) Region() (string, error) {
+// region returns either the region from config or region from metadata service
+func (c *AccessConfig) region() string {
 	if c.RawRegion != "" {
-		if !c.SkipValidation {
-			if valid := ValidateRegion(c.RawRegion); !valid {
-				return "", fmt.Errorf("Not a valid region: %s", c.RawRegion)
-			}
-		}
-		return c.RawRegion, nil
+		return c.RawRegion
 	}

-	sess := session.New()
-	ec2meta := ec2metadata.New(sess)
-	identity, err := ec2meta.GetInstanceIdentityDocument()
+	client := cleanhttp.DefaultClient()
+
+	// Keep the default timeout (100ms) low as we don't want to wait in non-EC2 environments
+	client.Timeout = 100 * time.Millisecond
+	ec2meta := ec2metadata.New(session.New(), &aws.Config{
+		HTTPClient: client,
+	})
+	region, err := ec2meta.Region()
 	if err != nil {
 		log.Println("Error getting region from metadata service, "+
 			"probably because we're not running on AWS.", err)
-		return "", nil
+		return ""
 	}
-	return identity.Region, nil
+	return region
 }

 func (c *AccessConfig) Prepare(ctx *interpolate.Context) []error {
--- a/builder/amazon/common/ami_config.go
+++ b/builder/amazon/common/ami_config.go
@ -38,8 +38,20 @@ func stringInSlice(s []string, searchstr string) bool {
 	return false
 }

-func (c *AMIConfig) Prepare(ctx *interpolate.Context) []error {
+func (c *AMIConfig) Prepare(accessConfig *AccessConfig, ctx *interpolate.Context) []error {
 	var errs []error
+
+	if accessConfig != nil {
+		session, err := accessConfig.Session()
+		if err != nil {
+			errs = append(errs, err)
+		}
+		region := *session.Config.Region
+		if stringInSlice(c.AMIRegions, region) {
+			errs = append(errs, fmt.Errorf("Cannot copy AMI to AWS session region '%s', please remove it from `ami_regions`.", region))
+		}
+	}
+
 	if c.AMIName == "" {
 		errs = append(errs, fmt.Errorf("ami_name must be specified"))
 	}
@ -61,7 +73,6 @@ func (c *AMIConfig) Prepare(ctx *interpolate.Context) []error {
 				// Verify the region is real
 				if valid := ValidateRegion(region); !valid {
 					errs = append(errs, fmt.Errorf("Unknown region: %s", region))
-					continue
 				}
 			}

--- a/builder/amazon/common/ami_config_test.go
+++ b/builder/amazon/common/ami_config_test.go
@ -13,12 +13,12 @@ func testAMIConfig() *AMIConfig {

 func TestAMIConfigPrepare_name(t *testing.T) {
 	c := testAMIConfig()
-	if err := c.Prepare(nil); err != nil {
+	if err := c.Prepare(nil, nil); err != nil {
 		t.Fatalf("shouldn't have err: %s", err)
 	}

 	c.AMIName = ""
-	if err := c.Prepare(nil); err == nil {
+	if err := c.Prepare(nil, nil); err == nil {
 		t.Fatal("should have error")
 	}
 }
@ -26,22 +26,22 @@ func TestAMIConfigPrepare_name(t *testing.T) {
 func TestAMIConfigPrepare_regions(t *testing.T) {
 	c := testAMIConfig()
 	c.AMIRegions = nil
-	if err := c.Prepare(nil); err != nil {
+	if err := c.Prepare(nil, nil); err != nil {
 		t.Fatalf("shouldn't have err: %s", err)
 	}

 	c.AMIRegions = listEC2Regions()
-	if err := c.Prepare(nil); err != nil {
+	if err := c.Prepare(nil, nil); err != nil {
 		t.Fatalf("shouldn't have err: %s", err)
 	}

 	c.AMIRegions = []string{"foo"}
-	if err := c.Prepare(nil); err == nil {
+	if err := c.Prepare(nil, nil); err == nil {
 		t.Fatal("should have error")
 	}

 	c.AMIRegions = []string{"us-east-1", "us-west-1", "us-east-1"}
-	if err := c.Prepare(nil); err != nil {
+	if err := c.Prepare(nil, nil); err != nil {
 		t.Fatalf("bad: %s", err)
 	}

@ -52,7 +52,7 @@ func TestAMIConfigPrepare_regions(t *testing.T) {

 	c.AMIRegions = []string{"custom"}
 	c.AMISkipRegionValidation = true
-	if err := c.Prepare(nil); err != nil {
+	if err := c.Prepare(nil, nil); err != nil {
 		t.Fatal("shouldn't have error")
 	}
 	c.AMISkipRegionValidation = false
@ -63,7 +63,7 @@ func TestAMIConfigPrepare_regions(t *testing.T) {
 		"us-west-1": "789-012-3456",
 		"us-east-2": "456-789-0123",
 	}
-	if err := c.Prepare(nil); err != nil {
+	if err := c.Prepare(nil, nil); err != nil {
 		t.Fatal("shouldn't have error")
 	}

@ -73,7 +73,7 @@ func TestAMIConfigPrepare_regions(t *testing.T) {
 		"us-west-1": "789-012-3456",
 		"us-east-2": "",
 	}
-	if err := c.Prepare(nil); err != nil {
+	if err := c.Prepare(nil, nil); err != nil {
 		t.Fatal("should have passed; we are able to use default KMS key if not sharing")
 	}

@ -84,7 +84,7 @@ func TestAMIConfigPrepare_regions(t *testing.T) {
 		"us-west-1": "789-012-3456",
 		"us-east-2": "",
 	}
-	if err := c.Prepare(nil); err == nil {
+	if err := c.Prepare(nil, nil); err == nil {
 		t.Fatal("should have an error b/c can't use default KMS key if sharing")
 	}

@ -94,7 +94,7 @@ func TestAMIConfigPrepare_regions(t *testing.T) {
 		"us-west-1": "789-012-3456",
 		"us-east-2": "456-789-0123",
 	}
-	if err := c.Prepare(nil); err == nil {
+	if err := c.Prepare(nil, nil); err == nil {
 		t.Fatal("should have error b/c theres a region in the key map that isn't in ami_regions")
 	}

@ -103,7 +103,7 @@ func TestAMIConfigPrepare_regions(t *testing.T) {
 		"us-east-1": "123-456-7890",
 		"us-west-1": "789-012-3456",
 	}
-	if err := c.Prepare(nil); err == nil {
+	if err := c.Prepare(nil, nil); err == nil {
 		t.Fatal("should have error b/c theres a region in in ami_regions that isn't in the key map")
 	}

@ -115,7 +115,7 @@ func TestAMIConfigPrepare_regions(t *testing.T) {
 		"us-east-1": "123-456-7890",
 		"us-west-1": "",
 	}
-	if err := c.Prepare(nil); err == nil {
+	if err := c.Prepare(nil, nil); err == nil {
 		t.Fatal("should have error b/c theres a region in in ami_regions that isn't in the key map")
 	}
 }
@ -126,12 +126,12 @@ func TestAMIConfigPrepare_Share_EncryptedBoot(t *testing.T) {
 	c.AMIEncryptBootVolume = true

 	c.AMIKmsKeyId = ""
-	if err := c.Prepare(nil); err == nil {
+	if err := c.Prepare(nil, nil); err == nil {
 		t.Fatal("shouldn't be able to share ami with encrypted boot volume")
 	}

 	c.AMIKmsKeyId = "89c3fb9a-de87-4f2a-aedc-fddc5138193c"
-	if err := c.Prepare(nil); err == nil {
+	if err := c.Prepare(nil, nil); err == nil {
 		t.Fatal("shouldn't be able to share ami with encrypted boot volume")
 	}
 }
@ -140,7 +140,7 @@ func TestAMINameValidation(t *testing.T) {
 	c := testAMIConfig()

 	c.AMIName = "aa"
-	if err := c.Prepare(nil); err == nil {
+	if err := c.Prepare(nil, nil); err == nil {
 		t.Fatal("shouldn't be able to have an ami name with less than 3 characters")
 	}

@ -149,22 +149,22 @@ func TestAMINameValidation(t *testing.T) {
 		longAmiName += "a"
 	}
 	c.AMIName = longAmiName
-	if err := c.Prepare(nil); err == nil {
+	if err := c.Prepare(nil, nil); err == nil {
 		t.Fatal("shouldn't be able to have an ami name with great than 128 characters")
 	}

 	c.AMIName = "+aaa"
-	if err := c.Prepare(nil); err == nil {
+	if err := c.Prepare(nil, nil); err == nil {
 		t.Fatal("shouldn't be able to have an ami name with invalid characters")
 	}

 	c.AMIName = "fooBAR1()[] ./-'@_"
-	if err := c.Prepare(nil); err != nil {
+	if err := c.Prepare(nil, nil); err != nil {
 		t.Fatal("should be able to use all of the allowed AMI characters")
 	}

 	c.AMIName = `xyz-base-2017-04-05-1934`
-	if err := c.Prepare(nil); err != nil {
+	if err := c.Prepare(nil, nil); err != nil {
 		t.Fatalf("expected `xyz-base-2017-04-05-1934` to pass validation.")
 	}

--- a/builder/amazon/common/step_deregister_ami.go
+++ b/builder/amazon/common/step_deregister_ami.go
@ -18,68 +18,69 @@ type StepDeregisterAMI struct {
 }

 func (s *StepDeregisterAMI) Run(state multistep.StateBag) multistep.StepAction {
-	ui := state.Get("ui").(packer.Ui)
-	regions := s.Regions
-	if len(regions) == 0 {
-		regions = append(regions, s.AccessConfig.RawRegion)
+	// Check for force deregister
+	if !s.ForceDeregister {
+		return multistep.ActionContinue
 	}

-	// Check for force deregister
-	if s.ForceDeregister {
-		for _, region := range regions {
-			// get new connection for each region in which we need to deregister vms
-			session, err := s.AccessConfig.Session()
-			if err != nil {
-				return multistep.ActionHalt
-			}
+	ui := state.Get("ui").(packer.Ui)
+	ec2conn := state.Get("ec2").(*ec2.EC2)
+	// Add the session region to list of regions will will deregister AMIs in
+	regions := append(s.Regions, *ec2conn.Config.Region)

-			regionconn := ec2.New(session.Copy(&aws.Config{
-				Region: aws.String(region)},
-			))
+	for _, region := range regions {
+		// get new connection for each region in which we need to deregister vms
+		session, err := s.AccessConfig.Session()
+		if err != nil {
+			return multistep.ActionHalt
+		}

-			resp, err := regionconn.DescribeImages(&ec2.DescribeImagesInput{
-				Filters: []*ec2.Filter{{
-					Name:   aws.String("name"),
-					Values: []*string{aws.String(s.AMIName)},
-				}}})
+		regionconn := ec2.New(session.Copy(&aws.Config{
+			Region: aws.String(region)},
+		))
+
+		resp, err := regionconn.DescribeImages(&ec2.DescribeImagesInput{
+			Filters: []*ec2.Filter{{
+				Name:   aws.String("name"),
+				Values: []*string{aws.String(s.AMIName)},
+			}}})
+
+		if err != nil {
+			err := fmt.Errorf("Error describing AMI: %s", err)
+			state.Put("error", err)
+			ui.Error(err.Error())
+			return multistep.ActionHalt
+		}
+
+		// Deregister image(s) by name
+		for _, i := range resp.Images {
+			_, err := regionconn.DeregisterImage(&ec2.DeregisterImageInput{
+				ImageId: i.ImageId,
+			})

 			if err != nil {
-				err := fmt.Errorf("Error describing AMI: %s", err)
+				err := fmt.Errorf("Error deregistering existing AMI: %s", err)
 				state.Put("error", err)
 				ui.Error(err.Error())
 				return multistep.ActionHalt
 			}
+			ui.Say(fmt.Sprintf("Deregistered AMI %s, id: %s", s.AMIName, *i.ImageId))

-			// Deregister image(s) by name
-			for _, i := range resp.Images {
-				_, err := regionconn.DeregisterImage(&ec2.DeregisterImageInput{
-					ImageId: i.ImageId,
-				})
-
-				if err != nil {
-					err := fmt.Errorf("Error deregistering existing AMI: %s", err)
-					state.Put("error", err)
-					ui.Error(err.Error())
-					return multistep.ActionHalt
-				}
-				ui.Say(fmt.Sprintf("Deregistered AMI %s, id: %s", s.AMIName, *i.ImageId))
-
-				// Delete snapshot(s) by image
-				if s.ForceDeleteSnapshot {
-					for _, b := range i.BlockDeviceMappings {
-						if b.Ebs != nil && aws.StringValue(b.Ebs.SnapshotId) != "" {
-							_, err := regionconn.DeleteSnapshot(&ec2.DeleteSnapshotInput{
-								SnapshotId: b.Ebs.SnapshotId,
-							})
+			// Delete snapshot(s) by image
+			if s.ForceDeleteSnapshot {
+				for _, b := range i.BlockDeviceMappings {
+					if b.Ebs != nil && aws.StringValue(b.Ebs.SnapshotId) != "" {
+						_, err := regionconn.DeleteSnapshot(&ec2.DeleteSnapshotInput{
+							SnapshotId: b.Ebs.SnapshotId,
+						})

-							if err != nil {
-								err := fmt.Errorf("Error deleting existing snapshot: %s", err)
-								state.Put("error", err)
-								ui.Error(err.Error())
-								return multistep.ActionHalt
-							}
-							ui.Say(fmt.Sprintf("Deleted snapshot: %s", *b.Ebs.SnapshotId))
+						if err != nil {
+							err := fmt.Errorf("Error deleting existing snapshot: %s", err)
+							state.Put("error", err)
+							ui.Error(err.Error())
+							return multistep.ActionHalt
 						}
+						ui.Say(fmt.Sprintf("Deleted snapshot: %s", *b.Ebs.SnapshotId))
 					}
 				}
 			}
--- a/builder/amazon/ebs/builder.go
+++ b/builder/amazon/ebs/builder.go
@ -64,8 +64,9 @@ func (b *Builder) Prepare(raws ...interface{}) ([]string, error) {
 	// Accumulate any errors
 	var errs *packer.MultiError
 	errs = packer.MultiErrorAppend(errs, b.config.AccessConfig.Prepare(&b.config.ctx)...)
+	errs = packer.MultiErrorAppend(errs,
+		b.config.AMIConfig.Prepare(&b.config.AccessConfig, &b.config.ctx)...)
 	errs = packer.MultiErrorAppend(errs, b.config.BlockDevices.Prepare(&b.config.ctx)...)
-	errs = packer.MultiErrorAppend(errs, b.config.AMIConfig.Prepare(&b.config.ctx)...)
 	errs = packer.MultiErrorAppend(errs, b.config.RunConfig.Prepare(&b.config.ctx)...)

 	if errs != nil && len(errs.Errors) > 0 {
--- a/builder/amazon/ebssurrogate/builder.go
+++ b/builder/amazon/ebssurrogate/builder.go
@ -64,7 +64,8 @@ func (b *Builder) Prepare(raws ...interface{}) ([]string, error) {
 	var errs *packer.MultiError
 	errs = packer.MultiErrorAppend(errs, b.config.AccessConfig.Prepare(&b.config.ctx)...)
 	errs = packer.MultiErrorAppend(errs, b.config.RunConfig.Prepare(&b.config.ctx)...)
-	errs = packer.MultiErrorAppend(errs, b.config.AMIConfig.Prepare(&b.config.ctx)...)
+	errs = packer.MultiErrorAppend(errs,
+		b.config.AMIConfig.Prepare(&b.config.AccessConfig, &b.config.ctx)...)
 	errs = packer.MultiErrorAppend(errs, b.config.BlockDevices.Prepare(&b.config.ctx)...)
 	errs = packer.MultiErrorAppend(errs, b.config.RootDevice.Prepare(&b.config.ctx)...)

--- a/builder/amazon/instance/builder.go
+++ b/builder/amazon/instance/builder.go
@ -127,7 +127,8 @@ func (b *Builder) Prepare(raws ...interface{}) ([]string, error) {
 	var errs *packer.MultiError
 	errs = packer.MultiErrorAppend(errs, b.config.AccessConfig.Prepare(&b.config.ctx)...)
 	errs = packer.MultiErrorAppend(errs, b.config.BlockDevices.Prepare(&b.config.ctx)...)
-	errs = packer.MultiErrorAppend(errs, b.config.AMIConfig.Prepare(&b.config.ctx)...)
+	errs = packer.MultiErrorAppend(errs,
+		b.config.AMIConfig.Prepare(&b.config.AccessConfig, &b.config.ctx)...)
 	errs = packer.MultiErrorAppend(errs, b.config.RunConfig.Prepare(&b.config.ctx)...)

 	if b.config.AccountId == "" {
--- a/builder/amazon/instance/step_upload_bundle.go
+++ b/builder/amazon/instance/step_upload_bundle.go
@ -29,17 +29,10 @@ func (s *StepUploadBundle) Run(state multistep.StateBag) multistep.StepAction {
 	manifestPath := state.Get("manifest_path").(string)
 	ui := state.Get("ui").(packer.Ui)

-	region, err := config.Region()
-	if err != nil {
-		err := fmt.Errorf("Error retrieving region: %s", err)
-		state.Put("error", err)
-		ui.Error(err.Error())
-		return multistep.ActionHalt
-	}
-
 	accessKey := config.AccessKey
 	secretKey := config.SecretKey
 	session, err := config.AccessConfig.Session()
+	region := *session.Config.Region
 	accessConfig := session.Config
 	var token string
 	if err == nil && accessKey == "" && secretKey == "" {