Merge pull request #466 from marineam/share

ami: automatically grant access to AMIs for testing
2025-08-09 22:16:58 +02:00 · 2015-10-23 10:19:30 -07:00 · 2015-10-23 10:19:30 -07:00 · c0ff1b2965
commit c0ff1b2965
parent f958ff3072 efc460b4e6
3 changed files with 26 additions and 4 deletions
--- a/oem/ami/copy_ami.sh
+++ b/oem/ami/copy_ami.sh
@ -20,6 +20,8 @@ USAGE="Usage: $0 -a ami-id
    -V VERSION  Find AMI by CoreOS version.
    -b BOARD    Set to the board name, default is amd64-usr
    -g GROUP    Set the update group, default is alpha
+    -l ACCOUNT  Grant launch permission to a given AWS account ID.
+    -r REGION   Copy to the specified region, may be repeated.
    -h          this ;-)
    -v          Verbose, see all the things!

@ -30,6 +32,7 @@ AMI=
 VER=
 BOARD="amd64-usr"
 GROUP="alpha"
+GRANT_LAUNCH=""
 REGIONS=()

 add_region() {
@ -44,13 +47,14 @@ clean_version() {
    sed -e 's%[^A-Za-z0-9()\\./_-]%_%g' <<< "$1"
 }

-while getopts "a:V:b:g:r:hv" OPTION
+while getopts "a:V:b:g:l:r:hv" OPTION
 do
    case $OPTION in
        a) AMI="$OPTARG";;
        V) VER="$OPTARG";;
        b) BOARD="$OPTARG";;
        g) GROUP="$OPTARG";;
+        l) GRANT_LAUNCH="${OPTARG}";;
        r) add_region "$OPTARG";;
        h) echo "$USAGE"; exit;;
        v) set -x;;
@ -129,6 +133,13 @@ do_copy() {
    while ec2-describe-images "$r_amiid" --region="$r" | grep -q pending; do
        sleep 30
    done
+
+    if [[ -n "${GRANT_LAUNCH}" ]]; then
+      echo "Granting launch permission to ${GRANT_LAUNCH} for $r_amiid in $r"
+      ec2-modify-image-attribute --region="$r" "${r_amiid}" \
+          --launch-permission --add "${GRANT_LAUNCH}"
+    fi
+
    echo "AMI $virt_type copy to $r as $r_amiid in complete"
 }

--- a/oem/ami/import.sh
+++ b/oem/ami/import.sh
@ -19,6 +19,7 @@ IMAGE="coreos_production_ami_image.bin.bz2"
 GS_URL="gs://builds.release.core-os.net"
 IMG_URL=""
 IMG_PATH=""
+GRANT_LAUNCH=""
 USE_GPG=1
 # accepted via the environment
 : ${EC2_IMPORT_BUCKET:=}
@ -34,6 +35,7 @@ Options:
    -s STORAGE  GS URL for Google storage (used to generate URL)
    -B BUCKET   S3 bucket to use for temporary storage.
    -Z ZONE     EC2 availability zone to use.
+    -l ACCOUNT  Grant launch permission to a given AWS account ID.
    -X          Disable GPG verification of downloads.
    -h          this ;-)
    -v          Verbose, see all the things!
@ -41,7 +43,7 @@ Options:
 This script must be run from an ec2 host with the ec2 tools installed.
 "

-while getopts "V:b:g:p:u:s:t:B:Z:Xhv" OPTION
+while getopts "V:b:g:p:u:s:t:l:B:Z:Xhv" OPTION
 do
    case $OPTION in
        V) VERSION="$OPTARG";;
@ -52,6 +54,7 @@ do
        s) GS_URL="$OPTARG";;
        B) EC2_IMPORT_BUCKET="${OPTARG}";;
        Z) EC2_IMPORT_ZONE="${OPTARG}";;
+        l) GRANT_LAUNCH="${OPTARG}";;
        t) export TMPDIR="$OPTARG";;
        X) USE_GPG=0;;
        h) echo "$USAGE"; exit;;
@ -227,6 +230,14 @@ amiid=$(ec2-register                                  \
  --block-device-mapping /dev/sdb=ephemeral0          |
  cut -f2)

+if [[ -n "${GRANT_LAUNCH}" ]]; then
+  echo "Granting launch permission to ${GRANT_LAUNCH}"
+  ec2-modify-image-attribute "${hvm_amiid}" \
+      --launch-permission --add "${GRANT_LAUNCH}"
+  ec2-modify-image-attribute "${amiid}" \
+      --launch-permission --add "${GRANT_LAUNCH}"
+fi
+
 cat <<EOF
 $description
 architecture: $arch
--- a/oem/ami/prod.sh
+++ b/oem/ami/prod.sh
@ -13,9 +13,9 @@ fi
 set -e
 source $DIR/marineam-auth.sh
 args="-b $BOARD -g $GROUP -V $VER"
-$DIR/import.sh ${args}
+$DIR/import.sh -l 477645798544 ${args}
 $DIR/test_ami.sh -v ${args}
-$DIR/copy_ami.sh ${args}
+$DIR/copy_ami.sh -l 477645798544 ${args}

 source $DIR/ami-builder-us-gov-auth.sh
 $DIR/import.sh ${args}