✨ Update to cnspec v9

Signed-off-by: Christian Zunker <[email protected]>
mondoohq · Oct 10, 2023 · 6af84ae · 6af84ae
1 parent 958e6c0
commit 6af84ae
Show file tree

Hide file tree

Showing 9 changed files with 695 additions and 1,242 deletions.
diff --git a/.github/workflows/pr-test-lint.yaml b/.github/workflows/pr-test-lint.yaml
@@ -9,7 +9,7 @@ on:
       - 'go.sum'
 
 env:
-  GO_VERSION: '1.20'
+  GO_VERSION: '1.21'
 
 jobs:
   goreleaser:

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -20,7 +20,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.20'
+          go-version: '1.21'
           cache: false
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v4

diff --git a/Makefile b/Makefile
@@ -5,14 +5,40 @@ COUNT?=1
 TEST?=$(shell go list ./...)
 HASHICORP_PACKER_PLUGIN_SDK_VERSION?=$(shell go list -m github.com/hashicorp/packer-plugin-sdk | cut -d " " -f2)
 
+ifndef LATEST_VERSION_TAG
+# echo "read LATEST_VERSION_TAG from git"
+LATEST_VERSION_TAG=$(shell git describe --abbrev=0 --tags)
+endif
+
+ifndef MANIFEST_VERSION
+# echo "read MANIFEST_VERSION from git"
+MANIFEST_VERSION=$(shell git describe --abbrev=0 --tags)
+endif
+
+ifndef TAG
+# echo "read TAG from git"
+TAG=$(shell git log --pretty=format:'%h' -n 1)
+endif
+
+ifndef VERSION
+# echo "read VERSION from git"
+VERSION=${LATEST_VERSION_TAG}+$(shell git rev-list --count HEAD)
+endif
+
 .PHONY: dev
 
 build:
-	CGO_ENABLED=0 go build -o ${BINARY} -ldflags="-X go.mondoo.com/packer-plugin-cnspec/version.Version=0.0.0 -X go.mondoo.com/packer-plugin-cnspec/version.Build=dev"
+	CGO_ENABLED=0 go build -o ${BINARY} -ldflags="-X go.mondoo.com/packer-plugin-cnspec/version.Version=${VERSION} -X go.mondoo.com/packer-plugin-cnspec/version.Build=${TAG}"
 
 dev: build
 	@mkdir -p ~/.packer.d/plugins/
 	@mv ${BINARY} ~/.packer.d/plugins/${BINARY}
+
+.PHONY: dev/linux
+dev/linux: build
+	@mkdir -p ~/.packer.d/plugins/github.com/mondoohq/cnspec/
+	@mv ${BINARY} ~/.packer.d/plugins/github.com/mondoohq/cnspec/${BINARY}_v${VERSION}_x5.0_linux_amd64
+	@cat ~/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v${VERSION}_x5.0_linux_amd64 | sha256sum -z --tag | cut -d"=" -f2 | tr -d " " > ~/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v${VERSION}_x5.0_linux_amd64_SHA256SUM
 
 test:
 	@go test -race -count $(COUNT) $(TEST) -timeout=3m

diff --git a/README.md b/README.md
@@ -17,7 +17,7 @@ Packer plugin cnspec is designed to work in one of two modes:
 
 Check out the Packer tutorials on the Mondoo documentation site:
 
-- [Building secure AMIs with Mondoo and Packer]([https://mondoo.com/docs/cnspec/cnspec-aws/cnspec-aws-packer/)
+- [Building secure AMIs with Mondoo and Packer](https://mondoo.com/docs/cnspec/cnspec-aws/cnspec-aws-packer/)
 - [Building secure VM images in Google Cloud with cnspec and HashiCorp Packer](https://mondoo.com/docs/cnspec/cnspec-gcp/cnspec-gcp-packer/) 
 
 # Installation

diff --git a/examples/packer-docker/crash.log b/examples/packer-docker/crash.log
@@ -0,0 +1,109 @@
+2023/10/10 10:46:30 [INFO] Packer version: 1.9.4 [go1.20.7 linux amd64]
+2023/10/10 10:46:30 Old default config directory found: /home/christian/.packer.d
+2023/10/10 10:46:30 [TRACE] discovering plugins in /usr/bin
+2023/10/10 10:46:30 [TRACE] discovering plugins in .
+2023/10/10 10:46:30 [TRACE] discovering plugins in /home/christian/.packer.d/plugins
+2023/10/10 10:46:30 [INFO] Discovered potential plugin: docker = /home/christian/.packer.d/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_amd64
+2023/10/10 10:46:30 [INFO] Discovered potential plugin: cnspec = /home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v8.23.1_x5.0_linux_amd64
+2023/10/10 10:46:30 [INFO] Discovered potential plugin: cnspec = /home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64
+2023/10/10 10:46:30 [INFO] found external [-packer-default-plugin-name-] builders from docker plugin
+2023/10/10 10:46:30 [INFO] found external [import push save tag] post-processors from docker plugin
+2023/10/10 10:46:30 found external [-packer-default-plugin-name-] provisioner from cnspec plugin
+2023/10/10 10:46:30 [INFO] Discovered potential plugin: cnspec = packer-plugin-cnspec
+2023/10/10 10:46:30 found external [-packer-default-plugin-name-] provisioner from cnspec plugin
+2023/10/10 10:46:30 [INFO] Discovered potential plugin: cnspec = /home/christian/.packer.d/plugins/packer-plugin-cnspec
+2023/10/10 10:46:30 found external [-packer-default-plugin-name-] provisioner from cnspec plugin
+2023/10/10 10:46:30 [INFO] PACKER_CONFIG env var not set; checking the default config file path
+2023/10/10 10:46:30 [INFO] PACKER_CONFIG env var set; attempting to open config file: /home/christian/.packerconfig
+2023/10/10 10:46:30 [WARN] Config file doesn't exist: /home/christian/.packerconfig
+2023/10/10 10:46:30 Old default config directory found: /home/christian/.packer.d
+2023/10/10 10:46:30 [INFO] Setting cache directory: /home/christian/.cache/packer
+2023/10/10 10:46:30 Old default config directory found: /home/christian/.packer.d
+2023/10/10 10:46:30 [TRACE] listing potential installations for "github.com/mondoohq/cnspec" that match ">= 9.0.0". plugingetter.ListInstallationsOptions{FromFolders:[]string{"/usr/bin", ".", "/home/christian/.packer.d/plugins"}, BinaryInstallationOptions:plugingetter.BinaryInstallationOptions{APIVersionMajor:"5", APIVersionMinor:"0", OS:"linux", ARCH:"amd64", Ext:"", Checksummers:[]plugingetter.Checksummer{plugingetter.Checksummer{Type:"sha256", Hash:(*sha256.digest)(0xc00068a200)}}}}
+2023/10/10 10:46:30 [TRACE] version "v8.23.1" of file "/home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v8.23.1_x5.0_linux_amd64" does not match constraint ">= 9.0.0"
+2023/10/10 10:46:30 [TRACE] Found the following "github.com/mondoohq/cnspec" installations: [{/home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 v9.0.0}]
+2023/10/10 10:46:30 found external [-packer-default-plugin-name-] provisioner from cnspec plugin
+2023/10/10 10:46:30 [TRACE] listing potential installations for "github.com/hashicorp/docker" that match ">= 0.0.7". plugingetter.ListInstallationsOptions{FromFolders:[]string{"/usr/bin", ".", "/home/christian/.packer.d/plugins"}, BinaryInstallationOptions:plugingetter.BinaryInstallationOptions{APIVersionMajor:"5", APIVersionMinor:"0", OS:"linux", ARCH:"amd64", Ext:"", Checksummers:[]plugingetter.Checksummer{plugingetter.Checksummer{Type:"sha256", Hash:(*sha256.digest)(0xc00068a200)}}}}
+2023/10/10 10:46:30 [TRACE] Found the following "github.com/hashicorp/docker" installations: [{/home/christian/.packer.d/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_amd64 v1.0.8}]
+2023/10/10 10:46:30 [INFO] found external [-packer-default-plugin-name-] builders from docker plugin
+2023/10/10 10:46:30 [INFO] found external [import push save tag] post-processors from docker plugin
+2023/10/10 10:46:30 [INFO] Starting external plugin /home/christian/.packer.d/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_amd64 start builder -packer-default-plugin-name-
+2023/10/10 10:46:30 Starting plugin: /home/christian/.packer.d/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_amd64 []string{"/home/christian/.packer.d/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_amd64", "start", "builder", "-packer-default-plugin-name-"}
+2023/10/10 10:46:30 Waiting for RPC address for: /home/christian/.packer.d/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_amd64
+2023/10/10 10:46:30 packer-plugin-docker_v1.0.8_x5.0_linux_amd64 plugin: 2023/10/10 10:46:30 Plugin address: unix /tmp/packer-plugin1213252162
+2023/10/10 10:46:30 packer-plugin-docker_v1.0.8_x5.0_linux_amd64 plugin: 2023/10/10 10:46:30 Waiting for connection...
+2023/10/10 10:46:30 Received unix RPC address for /home/christian/.packer.d/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_amd64: addr is /tmp/packer-plugin1213252162
+2023/10/10 10:46:30 packer-plugin-docker_v1.0.8_x5.0_linux_amd64 plugin: 2023/10/10 10:46:30 Serving a plugin connection...
+2023/10/10 10:46:30 packer-plugin-docker_v1.0.8_x5.0_linux_amd64 plugin: 2023/10/10 10:46:30 [TRACE] starting builder -packer-default-plugin-name-
+2023/10/10 10:46:30 [INFO] Starting internal plugin packer-provisioner-shell
+2023/10/10 10:46:30 Starting plugin: /usr/bin/packer []string{"/usr/bin/packer", "plugin", "packer-provisioner-shell"}
+2023/10/10 10:46:30 Waiting for RPC address for: /usr/bin/packer
+2023/10/10 10:46:30 packer-provisioner-shell plugin: [INFO] Packer version: 1.9.4 [go1.20.7 linux amd64]
+2023/10/10 10:46:30 packer-provisioner-shell plugin: Old default config directory found: /home/christian/.packer.d
+2023/10/10 10:46:30 packer-provisioner-shell plugin: [INFO] PACKER_CONFIG env var not set; checking the default config file path
+2023/10/10 10:46:30 packer-provisioner-shell plugin: [INFO] PACKER_CONFIG env var set; attempting to open config file: /home/christian/.packerconfig
+2023/10/10 10:46:30 packer-provisioner-shell plugin: [WARN] Config file doesn't exist: /home/christian/.packerconfig
+2023/10/10 10:46:30 packer-provisioner-shell plugin: Old default config directory found: /home/christian/.packer.d
+2023/10/10 10:46:30 packer-provisioner-shell plugin: [INFO] Setting cache directory: /home/christian/.cache/packer
+2023/10/10 10:46:30 packer-provisioner-shell plugin: Old default config directory found: /home/christian/.packer.d
+2023/10/10 10:46:30 packer-provisioner-shell plugin: args: []string{"packer-provisioner-shell"}
+2023/10/10 10:46:30 packer-provisioner-shell plugin: Plugin address: unix /tmp/packer-plugin460564672
+2023/10/10 10:46:30 packer-provisioner-shell plugin: Waiting for connection...
+2023/10/10 10:46:30 Received unix RPC address for /usr/bin/packer: addr is /tmp/packer-plugin460564672
+2023/10/10 10:46:30 packer-provisioner-shell plugin: Serving a plugin connection...
+2023/10/10 10:46:30 [INFO] Starting external plugin /home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 start provisioner -packer-default-plugin-name-
+2023/10/10 10:46:30 Starting plugin: /home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 []string{"/home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64", "start", "provisioner", "-packer-default-plugin-name-"}
+2023/10/10 10:46:30 Waiting for RPC address for: /home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64
+2023/10/10 10:46:30 packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 plugin: {"level":"debug","path":"/opt/mondoo/providers","time":"2023-10-10T10:46:30+02:00","message":"searching providers in path"}
+2023/10/10 10:46:30 packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 plugin: {"level":"debug","path":"/home/christian/.config/mondoo/providers","time":"2023-10-10T10:46:30+02:00","message":"searching providers in path"}
+2023/10/10 10:46:30 packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 plugin: {"level":"debug","time":"2023-10-10T10:46:30+02:00","message":"Started a new runtime (1 total)"}
+2023/10/10 10:46:30 packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 plugin: 2023/10/10 10:46:30 Plugin address: unix /tmp/packer-plugin912326400
+2023/10/10 10:46:30 packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 plugin: 2023/10/10 10:46:30 Waiting for connection...
+2023/10/10 10:46:30 Received unix RPC address for /home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64: addr is /tmp/packer-plugin912326400
+2023/10/10 10:46:30 packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 plugin: 2023/10/10 10:46:30 Serving a plugin connection...
+2023/10/10 10:46:30 packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64 plugin: 2023/10/10 10:46:30 [TRACE] starting provisioner -packer-default-plugin-name-
+2023/10/10 10:46:30 ConfigSpec failed: gob: type cty.Type has no exported fields
+2023/10/10 10:46:30 waiting for all plugin processes to complete...
+2023/10/10 10:46:30 /home/christian/.packer.d/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_amd64: plugin process exited
+2023/10/10 10:46:30 /usr/bin/packer: plugin process exited
+2023/10/10 10:46:30 /home/christian/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v9.0.0_x5.0_linux_amd64: plugin process exited
+panic: ConfigSpec failed: gob: type cty.Type has no exported fields [recovered]
+	panic: ConfigSpec failed: gob: type cty.Type has no exported fields
+
+goroutine 1 [running]:
+log.Panic({0xc000b2e168?, 0x0?, 0xc000b2e1c8?})
+	log/log.go:384 +0x65
+github.com/hashicorp/packer/packer.(*cmdProvisioner).checkExit(0x416250?, {0x294c620, 0xc00001a230}, 0x0)
+	github.com/hashicorp/packer/packer/cmd_provisioner.go:50 +0x7f
+github.com/hashicorp/packer/packer.(*cmdProvisioner).ConfigSpec.func1()
+	github.com/hashicorp/packer/packer/cmd_provisioner.go:22 +0x39
+panic({0x294c620, 0xc00001a230})
+	runtime/panic.go:884 +0x213
+github.com/hashicorp/packer-plugin-sdk/rpc.(*commonClient).ConfigSpec(0xc0004ee0e0)
+	github.com/hashicorp/[email protected]/rpc/common.go:47 +0x297
+github.com/hashicorp/packer/packer.(*cmdProvisioner).ConfigSpec(0xc000b2e5a0?)
+	github.com/hashicorp/packer/packer/cmd_provisioner.go:25 +0x65
+github.com/hashicorp/packer/hcl2template.decodeHCL2Spec({0x38d0b20, 0xc0009167e0}, 0x0?, {0x7f5c7c8980c0?, 0xc0004da1e0?})
+	github.com/hashicorp/packer/hcl2template/decode.go:20 +0x39
+github.com/hashicorp/packer/hcl2template.(*HCL2Provisioner).HCL2Prepare(0xc000493110, 0xc000493080?)
+	github.com/hashicorp/packer/hcl2template/types.hcl_provisioner.go:54 +0x41c
+github.com/hashicorp/packer/hcl2template.(*PackerConfig).startProvisioner(0xc00017a280, {{{0xc0000199b7, 0x6}, {0xc0000199be, 0x6}}, {0x0, 0x0}, {0x38d0b20, 0xc00047b380}}, 0xc00042f680, ...)
+	github.com/hashicorp/packer/hcl2template/types.build.provisioners.go:202 +0x6aa
+github.com/hashicorp/packer/hcl2template.(*PackerConfig).getCoreBuildProvisioner(0x0?, {{{0xc0000199b7, 0x6}, {0xc0000199be, 0x6}}, {0x0, 0x0}, {0x38d0b20, 0xc00047b380}}, 0xc00042f680, ...)
+	github.com/hashicorp/packer/hcl2template/types.packer_config.go:490 +0xf1
+github.com/hashicorp/packer/hcl2template.(*PackerConfig).getCoreBuildProvisioners(0x294c620?, {{{0xc0000199b7, 0x6}, {0xc0000199be, 0x6}}, {0x0, 0x0}, {0x38d0b20, 0xc00047b380}}, {0xc000383210, ...}, ...)
+	github.com/hashicorp/packer/hcl2template/types.packer_config.go:478 +0x234
+github.com/hashicorp/packer/hcl2template.(*PackerConfig).GetBuilds(0xc00017a280, {{0x0, 0x0, 0x0}, {0x0, 0x0, 0x0}, 0x0, 0x0, {0x0, ...}, ...})
+	github.com/hashicorp/packer/hcl2template/types.packer_config.go:688 +0x161c
+github.com/hashicorp/packer/command.(*BuildCommand).RunContext(0xc000493c50, {0x38d0420?, 0xc0000b80f0}, 0xc000518480)
+	github.com/hashicorp/packer/command/build.go:123 +0x3bd
+github.com/hashicorp/packer/command.(*BuildCommand).Run(0xc000493c50, {0xc000120170, 0x1, 0x1})
+	github.com/hashicorp/packer/command/build.go:41 +0xc5
+github.com/mitchellh/cli.(*CLI).Run(0xc00054c000)
+	github.com/mitchellh/[email protected]/cli.go:262 +0x5f8
+main.wrappedMain()
+	github.com/hashicorp/packer/main.go:265 +0xcc5
+main.realMain()
+	github.com/hashicorp/packer/main.go:52 +0xf5
+main.main()
+	github.com/hashicorp/packer/main.go:38 +0x19
diff --git a/examples/packer-docker/docker-ubuntu.pkr.hcl b/examples/packer-docker/docker-ubuntu.pkr.hcl
@@ -0,0 +1,49 @@
+# Copyright (c) Mondoo, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+packer {
+  required_plugins {
+    docker = {
+      version = ">= 0.0.7"
+      source = "github.com/hashicorp/docker"
+    }
+    cnspec = {
+      version = ">= 9.0.0"
+      source  = "github.com/mondoohq/cnspec"
+    }
+  }
+}
+
+variable "image_prefix" {
+  type        = string
+  description = "Prefix to be applied to image name"
+  default     = "mondoo-gcp-ubuntu-2004-secure-base"
+}
+
+locals { timestamp = regex_replace(timestamp(), "[- TZ:]", "") }
+
+source "docker" "ubuntu" {
+  image  = "ubuntu:jammy"
+  commit = true
+}
+
+build {
+  name    = "mondoo-docker-ubuntu-2204-secure-base"
+  sources = [
+    "source.docker.ubuntu"
+  ]
+
+  provisioner "shell" {
+    inline = [
+      "echo \"${var.image_prefix}-${local.timestamp}\" > /etc/hostname",
+    ]
+  }
+
+  provisioner "cnspec" {
+    on_failure = "continue"
+    asset_name = "${var.image_prefix}-${local.timestamp}"
+    annotations = {
+      Name          = "${var.image_prefix}-${local.timestamp}"
+    }
+  }
+}