Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it.  We invite you to submit your ideas using the form below.  Please be sure to include the problem for which you are solving and the benefits of implementing the idea.  Thanks for collaborating with us!

kitchen-ec2 image filter for CentOS is not strict enough

I came across an issue this week where the default image search for CentOS in kitchen-ec2 tried to pull in an image not provided by CentOS themselves. It seems sketchy to say the least, and is likely a potential security issue for anyone just blindly accepting marketplace subscriptions.

 

Here are the details of the ticket I opened (24494). I was instructed to submit this as an enhancement in addition to it being marked as a bug on the backend.

 

----------

 

I noticed a very strange issue with kitchen-ec2 today. The CentOS image filter appears to be broken in that it does not point to the official CentOS AMIs. The error (attached in a text file) points to this marketplace URL which looks sketchy to say the least: https://aws.amazon.com/marketplace/pp?sku=67xglex2rdpaymxh17620nfoy

My guess is that this line isn't a great way to filter the images?
https://github.com/test-kitchen/kitchen-ec2/blob/master/lib/kitchen/driver/aws/standard_platform/centos.rb#L37

If I adjust my kitchen file under the centos-7 platform with filters, a more correct image is chosen.

platforms:
- name: centos-7
driver:
image_search:
owner-alias: aws-marketplace
product-code: aw0evgkw8e5c1q413zgy5pjce

That product code is pulled directly from the CentOS wiki: https://wiki.centos.org/Cloud/AWS#Images

A further mystery (I think this is outside of your scope) is why the latest image is used according to the AWS portal, but the /etc/centos-release file does not match).

  • Guest
  • Feb 27 2020
  • Attach files