From efc460b4e6b26b8e52d98a39df532882372561a6 Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Thu, 22 Oct 2015 22:14:06 -0700 Subject: [PATCH] ami: automatically grant access to AMIs for testing --- oem/ami/copy_ami.sh | 13 ++++++++++++- oem/ami/import.sh | 13 ++++++++++++- oem/ami/prod.sh | 4 ++-- 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/oem/ami/copy_ami.sh b/oem/ami/copy_ami.sh index 58fadc880d..ad99f0782d 100755 --- a/oem/ami/copy_ami.sh +++ b/oem/ami/copy_ami.sh @@ -20,6 +20,8 @@ USAGE="Usage: $0 -a ami-id -V VERSION Find AMI by CoreOS version. -b BOARD Set to the board name, default is amd64-usr -g GROUP Set the update group, default is alpha + -l ACCOUNT Grant launch permission to a given AWS account ID. + -r REGION Copy to the specified region, may be repeated. -h this ;-) -v Verbose, see all the things! @@ -30,6 +32,7 @@ AMI= VER= BOARD="amd64-usr" GROUP="alpha" +GRANT_LAUNCH="" REGIONS=() add_region() { @@ -44,13 +47,14 @@ clean_version() { sed -e 's%[^A-Za-z0-9()\\./_-]%_%g' <<< "$1" } -while getopts "a:V:b:g:r:hv" OPTION +while getopts "a:V:b:g:l:r:hv" OPTION do case $OPTION in a) AMI="$OPTARG";; V) VER="$OPTARG";; b) BOARD="$OPTARG";; g) GROUP="$OPTARG";; + l) GRANT_LAUNCH="${OPTARG}";; r) add_region "$OPTARG";; h) echo "$USAGE"; exit;; v) set -x;; @@ -129,6 +133,13 @@ do_copy() { while ec2-describe-images "$r_amiid" --region="$r" | grep -q pending; do sleep 30 done + + if [[ -n "${GRANT_LAUNCH}" ]]; then + echo "Granting launch permission to ${GRANT_LAUNCH} for $r_amiid in $r" + ec2-modify-image-attribute --region="$r" "${r_amiid}" \ + --launch-permission --add "${GRANT_LAUNCH}" + fi + echo "AMI $virt_type copy to $r as $r_amiid in complete" } diff --git a/oem/ami/import.sh b/oem/ami/import.sh index 04980ed4db..107b38a103 100755 --- a/oem/ami/import.sh +++ b/oem/ami/import.sh @@ -19,6 +19,7 @@ IMAGE="coreos_production_ami_image.bin.bz2" GS_URL="gs://builds.release.core-os.net" IMG_URL="" IMG_PATH="" +GRANT_LAUNCH="" USE_GPG=1 # accepted via the environment : ${EC2_IMPORT_BUCKET:=} @@ -34,6 +35,7 @@ Options: -s STORAGE GS URL for Google storage (used to generate URL) -B BUCKET S3 bucket to use for temporary storage. -Z ZONE EC2 availability zone to use. + -l ACCOUNT Grant launch permission to a given AWS account ID. -X Disable GPG verification of downloads. -h this ;-) -v Verbose, see all the things! @@ -41,7 +43,7 @@ Options: This script must be run from an ec2 host with the ec2 tools installed. " -while getopts "V:b:g:p:u:s:t:B:Z:Xhv" OPTION +while getopts "V:b:g:p:u:s:t:l:B:Z:Xhv" OPTION do case $OPTION in V) VERSION="$OPTARG";; @@ -52,6 +54,7 @@ do s) GS_URL="$OPTARG";; B) EC2_IMPORT_BUCKET="${OPTARG}";; Z) EC2_IMPORT_ZONE="${OPTARG}";; + l) GRANT_LAUNCH="${OPTARG}";; t) export TMPDIR="$OPTARG";; X) USE_GPG=0;; h) echo "$USAGE"; exit;; @@ -227,6 +230,14 @@ amiid=$(ec2-register \ --block-device-mapping /dev/sdb=ephemeral0 | cut -f2) +if [[ -n "${GRANT_LAUNCH}" ]]; then + echo "Granting launch permission to ${GRANT_LAUNCH}" + ec2-modify-image-attribute "${hvm_amiid}" \ + --launch-permission --add "${GRANT_LAUNCH}" + ec2-modify-image-attribute "${amiid}" \ + --launch-permission --add "${GRANT_LAUNCH}" +fi + cat <