Skip to content

Commit

Permalink
✨ Update to cnspec v9
Browse files Browse the repository at this point in the history
Signed-off-by: Christian Zunker <[email protected]>
  • Loading branch information
czunker committed Oct 10, 2023
1 parent 958e6c0 commit 56637e3
Show file tree
Hide file tree
Showing 9 changed files with 681 additions and 1,243 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/pr-test-lint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ on:
- 'go.sum'

env:
GO_VERSION: '1.20'
GO_VERSION: '1.21'

jobs:
goreleaser:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.20'
go-version: '1.21'
cache: false
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v4
Expand Down
28 changes: 27 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,40 @@ COUNT?=1
TEST?=$(shell go list ./...)
HASHICORP_PACKER_PLUGIN_SDK_VERSION?=$(shell go list -m github.com/hashicorp/packer-plugin-sdk | cut -d " " -f2)

ifndef LATEST_VERSION_TAG
# echo "read LATEST_VERSION_TAG from git"
LATEST_VERSION_TAG=$(shell git describe --abbrev=0 --tags)
endif

ifndef MANIFEST_VERSION
# echo "read MANIFEST_VERSION from git"
MANIFEST_VERSION=$(shell git describe --abbrev=0 --tags)
endif

ifndef TAG
# echo "read TAG from git"
TAG=$(shell git log --pretty=format:'%h' -n 1)
endif

ifndef VERSION
# echo "read VERSION from git"
VERSION=${LATEST_VERSION_TAG}+$(shell git rev-list --count HEAD)
endif

.PHONY: dev

build:
CGO_ENABLED=0 go build -o ${BINARY} -ldflags="-X go.mondoo.com/packer-plugin-cnspec/version.Version=0.0.0 -X go.mondoo.com/packer-plugin-cnspec/version.Build=dev"
CGO_ENABLED=0 go build -o ${BINARY} -ldflags="-X go.mondoo.com/packer-plugin-cnspec/version.Version=${VERSION} -X go.mondoo.com/packer-plugin-cnspec/version.Build=${TAG}"

dev: build
@mkdir -p ~/.packer.d/plugins/
@mv ${BINARY} ~/.packer.d/plugins/${BINARY}

.PHONY: dev/linux
dev/linux: build
@mkdir -p ~/.packer.d/plugins/github.com/mondoohq/cnspec/
@mv ${BINARY} ~/.packer.d/plugins/github.com/mondoohq/cnspec/${BINARY}_v${VERSION}_x5.0_linux_amd64
@cat ~/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v${VERSION}_x5.0_linux_amd64 | sha256sum -z --tag | cut -d"=" -f2 | tr -d " " > ~/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v${VERSION}_x5.0_linux_amd64_SHA256SUM

test:
@go test -race -count $(COUNT) $(TEST) -timeout=3m
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ Packer plugin cnspec is designed to work in one of two modes:

Check out the Packer tutorials on the Mondoo documentation site:

- [Building secure AMIs with Mondoo and Packer]([https://mondoo.com/docs/cnspec/cnspec-aws/cnspec-aws-packer/)
- [Building secure AMIs with Mondoo and Packer](https://mondoo.com/docs/cnspec/cnspec-aws/cnspec-aws-packer/)
- [Building secure VM images in Google Cloud with cnspec and HashiCorp Packer](https://mondoo.com/docs/cnspec/cnspec-gcp/cnspec-gcp-packer/)

# Installation
Expand Down
109 changes: 109 additions & 0 deletions examples/packer-docker/crash.log
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
2023/10/10 10:46:30 [INFO] Packer version: 1.9.4 [go1.20.7 linux amd64]
2023/10/10 10:46:30 Old default config directory found: /home/christian/.packer.d
2023/10/10 10:46:30 [TRACE] discovering plugins in /usr/bin
2023/10/10 10:46:30 [TRACE] discovering plugins in .
2023/10/10 10:46:30 [TRACE] discovering plugins in /home/christian/.packer.d/plugins
2023/10/10 10:46:30 [INFO] Discovered potential plugin: docker = /home/christian/.packer.d/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_amd64
2023/10/10 10:46:30 [INFO] Discovered potential plugin: cnspec = /home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v8.23.1_x5.0_linux_amd64
2023/10/10 10:46:30 [INFO] Discovered potential plugin: cnspec = /home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64
2023/10/10 10:46:30 [INFO] found external [-packer-default-plugin-name-] builders from docker plugin
2023/10/10 10:46:30 [INFO] found external [import push save tag] post-processors from docker plugin
2023/10/10 10:46:30 found external [-packer-default-plugin-name-] provisioner from cnspec plugin
2023/10/10 10:46:30 [INFO] Discovered potential plugin: cnspec = packer-plugin-cnspec
2023/10/10 10:46:30 found external [-packer-default-plugin-name-] provisioner from cnspec plugin
2023/10/10 10:46:30 [INFO] Discovered potential plugin: cnspec = /home/christian/.packer.d/plugins/packer-plugin-cnspec
2023/10/10 10:46:30 found external [-packer-default-plugin-name-] provisioner from cnspec plugin
2023/10/10 10:46:30 [INFO] PACKER_CONFIG env var not set; checking the default config file path
2023/10/10 10:46:30 [INFO] PACKER_CONFIG env var set; attempting to open config file: /home/christian/.packerconfig
2023/10/10 10:46:30 [WARN] Config file doesn't exist: /home/christian/.packerconfig
2023/10/10 10:46:30 Old default config directory found: /home/christian/.packer.d
2023/10/10 10:46:30 [INFO] Setting cache directory: /home/christian/.cache/packer
2023/10/10 10:46:30 Old default config directory found: /home/christian/.packer.d
2023/10/10 10:46:30 [TRACE] listing potential installations for "github.com/mondoohq/cnspec" that match ">= 9.0.0". plugingetter.ListInstallationsOptions{FromFolders:[]string{"/usr/bin", ".", "/home/christian/.packer.d/plugins"}, BinaryInstallationOptions:plugingetter.BinaryInstallationOptions{APIVersionMajor:"5", APIVersionMinor:"0", OS:"linux", ARCH:"amd64", Ext:"", Checksummers:[]plugingetter.Checksummer{plugingetter.Checksummer{Type:"sha256", Hash:(*sha256.digest)(0xc00068a200)}}}}
2023/10/10 10:46:30 [TRACE] version "v8.23.1" of file "/home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v8.23.1_x5.0_linux_amd64" does not match constraint ">= 9.0.0"
2023/10/10 10:46:30 [TRACE] Found the following "github.com/mondoohq/cnspec" installations: [{/home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 v9.0.0}]
2023/10/10 10:46:30 found external [-packer-default-plugin-name-] provisioner from cnspec plugin
2023/10/10 10:46:30 [TRACE] listing potential installations for "github.com/hashicorp/docker" that match ">= 0.0.7". plugingetter.ListInstallationsOptions{FromFolders:[]string{"/usr/bin", ".", "/home/christian/.packer.d/plugins"}, BinaryInstallationOptions:plugingetter.BinaryInstallationOptions{APIVersionMajor:"5", APIVersionMinor:"0", OS:"linux", ARCH:"amd64", Ext:"", Checksummers:[]plugingetter.Checksummer{plugingetter.Checksummer{Type:"sha256", Hash:(*sha256.digest)(0xc00068a200)}}}}
2023/10/10 10:46:30 [TRACE] Found the following "github.com/hashicorp/docker" installations: [{/home/christian/.packer.d/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_amd64 v1.0.8}]
2023/10/10 10:46:30 [INFO] found external [-packer-default-plugin-name-] builders from docker plugin
2023/10/10 10:46:30 [INFO] found external [import push save tag] post-processors from docker plugin
2023/10/10 10:46:30 [INFO] Starting external plugin /home/christian/.packer.d/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_amd64 start builder -packer-default-plugin-name-
2023/10/10 10:46:30 Starting plugin: /home/christian/.packer.d/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_amd64 []string{"/home/christian/.packer.d/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_amd64", "start", "builder", "-packer-default-plugin-name-"}
2023/10/10 10:46:30 Waiting for RPC address for: /home/christian/.packer.d/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_amd64
2023/10/10 10:46:30 packer-plugin-docker_v1.0.8_x5.0_linux_amd64 plugin: 2023/10/10 10:46:30 Plugin address: unix /tmp/packer-plugin1213252162
2023/10/10 10:46:30 packer-plugin-docker_v1.0.8_x5.0_linux_amd64 plugin: 2023/10/10 10:46:30 Waiting for connection...
2023/10/10 10:46:30 Received unix RPC address for /home/christian/.packer.d/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_amd64: addr is /tmp/packer-plugin1213252162
2023/10/10 10:46:30 packer-plugin-docker_v1.0.8_x5.0_linux_amd64 plugin: 2023/10/10 10:46:30 Serving a plugin connection...
2023/10/10 10:46:30 packer-plugin-docker_v1.0.8_x5.0_linux_amd64 plugin: 2023/10/10 10:46:30 [TRACE] starting builder -packer-default-plugin-name-
2023/10/10 10:46:30 [INFO] Starting internal plugin packer-provisioner-shell
2023/10/10 10:46:30 Starting plugin: /usr/bin/packer []string{"/usr/bin/packer", "plugin", "packer-provisioner-shell"}
2023/10/10 10:46:30 Waiting for RPC address for: /usr/bin/packer
2023/10/10 10:46:30 packer-provisioner-shell plugin: [INFO] Packer version: 1.9.4 [go1.20.7 linux amd64]
2023/10/10 10:46:30 packer-provisioner-shell plugin: Old default config directory found: /home/christian/.packer.d
2023/10/10 10:46:30 packer-provisioner-shell plugin: [INFO] PACKER_CONFIG env var not set; checking the default config file path
2023/10/10 10:46:30 packer-provisioner-shell plugin: [INFO] PACKER_CONFIG env var set; attempting to open config file: /home/christian/.packerconfig
2023/10/10 10:46:30 packer-provisioner-shell plugin: [WARN] Config file doesn't exist: /home/christian/.packerconfig
2023/10/10 10:46:30 packer-provisioner-shell plugin: Old default config directory found: /home/christian/.packer.d
2023/10/10 10:46:30 packer-provisioner-shell plugin: [INFO] Setting cache directory: /home/christian/.cache/packer
2023/10/10 10:46:30 packer-provisioner-shell plugin: Old default config directory found: /home/christian/.packer.d
2023/10/10 10:46:30 packer-provisioner-shell plugin: args: []string{"packer-provisioner-shell"}
2023/10/10 10:46:30 packer-provisioner-shell plugin: Plugin address: unix /tmp/packer-plugin460564672
2023/10/10 10:46:30 packer-provisioner-shell plugin: Waiting for connection...
2023/10/10 10:46:30 Received unix RPC address for /usr/bin/packer: addr is /tmp/packer-plugin460564672
2023/10/10 10:46:30 packer-provisioner-shell plugin: Serving a plugin connection...
2023/10/10 10:46:30 [INFO] Starting external plugin /home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 start provisioner -packer-default-plugin-name-
2023/10/10 10:46:30 Starting plugin: /home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 []string{"/home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64", "start", "provisioner", "-packer-default-plugin-name-"}
2023/10/10 10:46:30 Waiting for RPC address for: /home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64
2023/10/10 10:46:30 packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 plugin: {"level":"debug","path":"/opt/mondoo/providers","time":"2023-10-10T10:46:30+02:00","message":"searching providers in path"}
2023/10/10 10:46:30 packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 plugin: {"level":"debug","path":"/home/christian/.config/mondoo/providers","time":"2023-10-10T10:46:30+02:00","message":"searching providers in path"}
2023/10/10 10:46:30 packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 plugin: {"level":"debug","time":"2023-10-10T10:46:30+02:00","message":"Started a new runtime (1 total)"}
2023/10/10 10:46:30 packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 plugin: 2023/10/10 10:46:30 Plugin address: unix /tmp/packer-plugin912326400
2023/10/10 10:46:30 packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 plugin: 2023/10/10 10:46:30 Waiting for connection...
2023/10/10 10:46:30 Received unix RPC address for /home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64: addr is /tmp/packer-plugin912326400
2023/10/10 10:46:30 packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 plugin: 2023/10/10 10:46:30 Serving a plugin connection...
2023/10/10 10:46:30 packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 plugin: 2023/10/10 10:46:30 [TRACE] starting provisioner -packer-default-plugin-name-
2023/10/10 10:46:30 ConfigSpec failed: gob: type cty.Type has no exported fields
2023/10/10 10:46:30 waiting for all plugin processes to complete...
2023/10/10 10:46:30 /home/christian/.packer.d/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_amd64: plugin process exited
2023/10/10 10:46:30 /usr/bin/packer: plugin process exited
2023/10/10 10:46:30 /home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64: plugin process exited
panic: ConfigSpec failed: gob: type cty.Type has no exported fields [recovered]
panic: ConfigSpec failed: gob: type cty.Type has no exported fields

goroutine 1 [running]:
log.Panic({0xc000b2e168?, 0x0?, 0xc000b2e1c8?})
log/log.go:384 +0x65
github.com/hashicorp/packer/packer.(*cmdProvisioner).checkExit(0x416250?, {0x294c620, 0xc00001a230}, 0x0)
github.com/hashicorp/packer/packer/cmd_provisioner.go:50 +0x7f
github.com/hashicorp/packer/packer.(*cmdProvisioner).ConfigSpec.func1()
github.com/hashicorp/packer/packer/cmd_provisioner.go:22 +0x39
panic({0x294c620, 0xc00001a230})
runtime/panic.go:884 +0x213
github.com/hashicorp/packer-plugin-sdk/rpc.(*commonClient).ConfigSpec(0xc0004ee0e0)
github.com/hashicorp/[email protected]/rpc/common.go:47 +0x297
github.com/hashicorp/packer/packer.(*cmdProvisioner).ConfigSpec(0xc000b2e5a0?)
github.com/hashicorp/packer/packer/cmd_provisioner.go:25 +0x65
github.com/hashicorp/packer/hcl2template.decodeHCL2Spec({0x38d0b20, 0xc0009167e0}, 0x0?, {0x7f5c7c8980c0?, 0xc0004da1e0?})
github.com/hashicorp/packer/hcl2template/decode.go:20 +0x39
github.com/hashicorp/packer/hcl2template.(*HCL2Provisioner).HCL2Prepare(0xc000493110, 0xc000493080?)
github.com/hashicorp/packer/hcl2template/types.hcl_provisioner.go:54 +0x41c
github.com/hashicorp/packer/hcl2template.(*PackerConfig).startProvisioner(0xc00017a280, {{{0xc0000199b7, 0x6}, {0xc0000199be, 0x6}}, {0x0, 0x0}, {0x38d0b20, 0xc00047b380}}, 0xc00042f680, ...)
github.com/hashicorp/packer/hcl2template/types.build.provisioners.go:202 +0x6aa
github.com/hashicorp/packer/hcl2template.(*PackerConfig).getCoreBuildProvisioner(0x0?, {{{0xc0000199b7, 0x6}, {0xc0000199be, 0x6}}, {0x0, 0x0}, {0x38d0b20, 0xc00047b380}}, 0xc00042f680, ...)
github.com/hashicorp/packer/hcl2template/types.packer_config.go:490 +0xf1
github.com/hashicorp/packer/hcl2template.(*PackerConfig).getCoreBuildProvisioners(0x294c620?, {{{0xc0000199b7, 0x6}, {0xc0000199be, 0x6}}, {0x0, 0x0}, {0x38d0b20, 0xc00047b380}}, {0xc000383210, ...}, ...)
github.com/hashicorp/packer/hcl2template/types.packer_config.go:478 +0x234
github.com/hashicorp/packer/hcl2template.(*PackerConfig).GetBuilds(0xc00017a280, {{0x0, 0x0, 0x0}, {0x0, 0x0, 0x0}, 0x0, 0x0, {0x0, ...}, ...})
github.com/hashicorp/packer/hcl2template/types.packer_config.go:688 +0x161c
github.com/hashicorp/packer/command.(*BuildCommand).RunContext(0xc000493c50, {0x38d0420?, 0xc0000b80f0}, 0xc000518480)
github.com/hashicorp/packer/command/build.go:123 +0x3bd
github.com/hashicorp/packer/command.(*BuildCommand).Run(0xc000493c50, {0xc000120170, 0x1, 0x1})
github.com/hashicorp/packer/command/build.go:41 +0xc5
github.com/mitchellh/cli.(*CLI).Run(0xc00054c000)
github.com/mitchellh/[email protected]/cli.go:262 +0x5f8
main.wrappedMain()
github.com/hashicorp/packer/main.go:265 +0xcc5
main.realMain()
github.com/hashicorp/packer/main.go:52 +0xf5
main.main()
github.com/hashicorp/packer/main.go:38 +0x19
49 changes: 49 additions & 0 deletions examples/packer-docker/docker-ubuntu.pkr.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# Copyright (c) Mondoo, Inc.
# SPDX-License-Identifier: BUSL-1.1

packer {
required_plugins {
docker = {
version = ">= 0.0.7"
source = "github.com/hashicorp/docker"
}
cnspec = {
version = ">= 9.0.0"
source = "github.com/mondoohq/cnspec"
}
}
}

variable "image_prefix" {
type = string
description = "Prefix to be applied to image name"
default = "mondoo-gcp-ubuntu-2004-secure-base"
}

locals { timestamp = regex_replace(timestamp(), "[- TZ:]", "") }

source "docker" "ubuntu" {
image = "ubuntu:jammy"
commit = true
}

build {
name = "mondoo-docker-ubuntu-2204-secure-base"
sources = [
"source.docker.ubuntu"
]

provisioner "shell" {
inline = [
"echo \"${var.image_prefix}-${local.timestamp}\" > /etc/hostname",
]
}

provisioner "cnspec" {
on_failure = "continue"
asset_name = "${var.image_prefix}-${local.timestamp}"
annotations = {
Name = "${var.image_prefix}-${local.timestamp}"
}
}
}
Loading

0 comments on commit 56637e3

Please sign in to comment.