Fix adding groups to AMI launch permissions.

Previously, groups were granted launch permissions by submitting a ModifyImageAttribute request with the UserGroups parameter set appropriately. This is no longer valid, as the LaunchPermission parameter must be set.

Fix adding groups to AMI launch permissions.
Previously, groups were granted launch permissions by submitting a ModifyImageAttribute request with the UserGroups parameter set appropriately. This is no longer valid, as the LaunchPermission parameter must be set.
016d916d · Tom Cahill · fe0fde19 · 016d916d · 016d916d
Commit 016d916d authored Jun 25, 2015 by Tom Cahill
Showing with 31 additions and 10 deletions

builder/amazon/common/step_modify_ami_attributes.go builder/amazon/common/step_modify_ami_attributes.go +12 -3

builder/amazon/ebs/builder_acc_test.go builder/amazon/ebs/builder_acc_test.go +19 -7

No files found.
--- a/builder/amazon/common/step_modify_ami_attributes.go
+++ b/builder/amazon/common/step_modify_ami_attributes.go
@@ -44,12 +44,21 @@ func (s *StepModifyAMIAttributes) Run(state multistep.StateBag) multistep.StepAc

 	if len(s.Groups) > 0 {
 		groups := make([]*string, len(s.Groups))
+		adds := make([]*ec2.LaunchPermission, len(s.Groups))
+		addGroups := &ec2.ModifyImageAttributeInput{
+			LaunchPermission: &ec2.LaunchPermissionModifications{},
+		}
+
 		for i, g := range s.Groups {
 			groups[i] = &g
+			adds[i] = &ec2.LaunchPermission{
+				Group: &g,
+			}
 		}
-		options["groups"] = &ec2.ModifyImageAttributeInput{
-			UserGroups: groups,
-		}
+		addGroups.UserGroups = groups
+		addGroups.LaunchPermission.Add = adds
+
+		options["groups"] = addGroups
 	}

 	if len(s.Users) > 0 {

--- a/builder/amazon/ebs/builder_acc_test.go
+++ b/builder/amazon/ebs/builder_acc_test.go
@@ -50,11 +50,11 @@ func TestBuilderAcc_amiSharing(t *testing.T) {
 		PreCheck: func() { testAccPreCheck(t) },
 		Builder:  &Builder{},
 		Template: testBuilderAccSharing,
-		Check:    checkAMISharing(1, "932021504756"),
+		Check:    checkAMISharing(2, "932021504756", "all"),
 	})
 }

-func checkAMISharing(count int, uid string) builderT.TestCheckFunc {
+func checkAMISharing(count int, uid, group string) builderT.TestCheckFunc {
 	return func(artifacts []packer.Artifact) error {
 		if len(artifacts) > 1 {
 			return fmt.Errorf("more than 1 artifact")
@@ -84,17 +84,28 @@ func checkAMISharing(count int, uid string) builderT.TestCheckFunc {
 			return fmt.Errorf("Error in Image Attributes, expected (%d) Launch Permissions, got (%d)", count, len(imageResp.LaunchPermissions))
 		}

-		found := false
+		userFound := false
 		for _, lp := range imageResp.LaunchPermissions {
-			if uid == *lp.UserID {
-				found = true
+			if lp.UserID != nil && uid == *lp.UserID {
+				userFound = true
 			}
 		}

-		if !found {
+		if !userFound {
 			return fmt.Errorf("Error in Image Attributes, expected User ID (%s) to have Launch Permissions, but was not found", uid)
 		}

+		groupFound := false
+		for _, lp := range imageResp.LaunchPermissions {
+			if lp.Group != nil && group == *lp.Group {
+				groupFound = true
+			}
+		}
+
+		if !groupFound {
+			return fmt.Errorf("Error in Image Attributes, expected Group ID (%s) to have Launch Permissions, but was not found", group)
+		}
+
 		return nil
 	}
 }
@@ -203,7 +214,8 @@ const testBuilderAccSharing = `
 		"source_ami": "ami-76b2a71e",
 		"ssh_username": "ubuntu",
 		"ami_name": "packer-test {{timestamp}}",
-		"ami_users":["932021504756"]
+		"ami_users":["932021504756"],
+		"ami_groups":["all"]
 	}]
 }
 `