Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix security hole with ami filter #6585

Merged
merged 3 commits into from
Aug 15, 2018
Merged

fix security hole with ami filter #6585

merged 3 commits into from
Aug 15, 2018

Conversation

SwampDragons
Copy link
Contributor

Make "owners" field required on source_ami_filter.

Closes #6584

@SwampDragons SwampDragons requested a review from a team as a code owner August 14, 2018 00:02
@rickard-von-essen
Copy link
Collaborator

rickard-von-essen commented Aug 14, 2018
edited
Loading

👍

@SwampDragons SwampDragons merged commit 3362897 into master Aug 15, 2018
@SwampDragons SwampDragons added this to the upcoming-patch milestone Aug 15, 2018
@mwhooker mwhooker deleted the do_6584 branch August 20, 2018 19:07
@mwhooker
Copy link
Contributor

👍

rickard-von-essen added a commit to rickard-von-essen/amazon-eks-ami that referenced this pull request Sep 9, 2018
@rickard-von-essen
Move source_ami_filter owner to owners
67e6bd0 
owners will be required when using next version of Packer, see
hashicorp/packer#6585
@rickard-von-essen rickard-von-essen mentioned this pull request Sep 9, 2018
Merged
micahhausler pushed a commit to awslabs/amazon-eks-ami that referenced this pull request Sep 10, 2018
@rickard-von-essen @micahhausler
Move source_ami_filter owner to owners
cb86cc4 
owners will be required when using next version of Packer, see
hashicorp/packer#6585
@iam-decoder
Copy link

owners is required now, however, if I set my source filter like so:

    "source_ami_filter": {
      "filters": {
        "name": "ubuntu/images/*ubuntu-*-{{user `os_version`}}-amd64-server-*",
        "owners": "099720109477"
      }
    }

then I get the error:

1 error(s) occurred:

* For security reasons, your source AMI filter must declare an owner.'

if i set my source filter to this:

    "source_ami_filter": {
      "filters": {
        "name": "ubuntu/images/*ubuntu-*-{{user `os_version`}}-amd64-server-*",
        "owners": ["099720109477"]
      }
    }

then I get the error:

1 error(s) decoding:

* '\''source_ami_filter.Filters[owners]'\'' expected type '\''string'\'', got unconvertible type '\''[]interface {}'\'''

@SwampDragons
Copy link
Contributor Author

"owners" goes outside of that filters block. Try this instead:

    "source_ami_filter": {
      "filters": {
        "name": "ubuntu/images/*ubuntu-*-{{user `os_version`}}-amd64-server-*",
      }
"owners": ["099720109477"]
    }

@iam-decoder
Copy link

misread docs, thanks! I just converted my owner-id filter to owners haha

@ghost
Copy link

ghost commented Feb 13, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Feb 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
builder/amazon enhancement
Projects
None yet
Milestone
1.3.0-small
Development

Successfully merging this pull request may close these issues.

Make "owners" field of source_ami_filter required: RFC
4 participants
@SwampDragons @rickard-von-essen @mwhooker @iam-decoder