Skip to content

Support for disabling legacy IMDS endpoints in the OCI builder #137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Support for disabling legacy IMDS endpoints in the OCI builder #137

wants to merge 1 commit into from

Conversation

yugalarora
Copy link

@yugalarora yugalarora commented Jun 5, 2025
edited
Loading

Description

I've added support for disabling legacy IMDS endpoints in the OCI builder.

This introduces a new boolean option, instance_options_are_legacy_imds_endpoints_disabled, to the OCI builder configuration.

When you set this to true, the launched OCI instance will be configured to disable the legacy IMDSv1 endpoints. This enhances security by enforcing the use of IMDSv2.

Resolved Issues

If your PR resolves any open issue(s), please indicate them like this so they will be closed when your PR is merged:

Closes [#69 ]

Rollback Plan

If a change needs to be reverted, we will roll out an update to the code within 7 days.

Changes to Security Controls

N/A

@yugalarora yugalarora requested a review from a team as a code owner June 5, 2025 08:41
@shivanshsinghraghuvanshi
Copy link

Can we please get it reviewed

@yugalarora yugalarora changed the title I've added support for disabling legacy IMDS endpoints in the OCI builder Support for disabling legacy IMDS endpoints in the OCI builder Jun 5, 2025
@anshulsharma-hashicorp
Copy link

Can we please get it reviewed

Could you please add unit test cases for this change also generate check is breaking. please run make generate command and add the generated code as well in the same PR.

@anshulsharma-hashicorp
Copy link

Can we please get it reviewed

Could you please add unit test cases for this change also generate check is breaking. please run make generate command and add the generated code as well in the same PR.

Also please check this PR https://github.com/hashicorp/packer-plugin-oracle/pull/134/files for ref, if this looks okay we can go ahead with this, just let me know.

@hashicorp-cla-app HashiCorp CLA App
Copy link

hashicorp-cla-app bot commented Jun 11, 2025
edited
Loading

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Have you signed the CLA already but the status is still pending? Recheck it.

@yugalarora
Copy link
Author

@anshulsharma-hashicorp Done, please check now.

@yugalarora yugalarora force-pushed the feature/oci-disable-legacy-imds branch from f1f781f to 637d585 Compare June 11, 2025 18:18
@anshulsharma-hashicorp
Copy link

@anshulsharma-hashicorp Done, please check now.

Hey please sign the CLA

anshulsharma-hashicorp
anshulsharma-hashicorp reviewed Jun 12, 2025
View reviewed changes
builder/oci/step_create_instance_test.go
config := state.Get("config").(*Config)
config.InstanceOptionsAreLegacyImdsEndpointsDisabled = value

// Re-prepare the config to ensure LaunchInstanceDetails is updated
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove this comment, not a good place to add details.

@anshulsharma-hashicorp
Copy link

Also please check the formatting of the file in your mock file, please check the imports as lint check is breaking.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anshulsharma-hashicorp anshulsharma-hashicorp anshulsharma-hashicorp left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yugalarora @shivanshsinghraghuvanshi @anshulsharma-hashicorp