Visit the Terraform hcp provider for a full list of arguments and attributes for the hcp_packer_iteration and hcp_packer_image data resources.Read more about revoking image iterations in the HCP Packer documentation.Complete the Immediately Revoke Insecure Image Iterations tutorial to learn how to prevent users from referencing insecure images.Any attempts to query a channel with a revoked iteration will fail.īy integrating both immediate and scheduled iteration revocation in your workflows, you can ensure your organization uses secure and compliant images.įor more information on topics covered in this tutorial, check out the following resources: Though you can schedule a revocation for an iteration assigned to an image channel, when the revocation date passes, the channel will reference a revoked iteration. In the process, you reviewed how scheduled revocations strengthen your compliance posture by setting expiration dates on iterations, preventing users from using outdated images. In this tutorial, you used scheduled an iteration revocation and restored a revoked iteration. To clean up your provisioned infrastructure, run terraform destroy and respond yes to the prompt to confirm the operation. Terraform will successfully create the plan. In the tf-channel directory, generate a Terraform plan. Verify scheduled image iteration revocation HCP Packer displays the reason why this image was scheduled to be revoked. Open the first iteration by clicking on 1. The dashboard now shows a scheduled revocation for the first iteration. For example, if it is currently 10:00, enter 10:05.Įnter Learning about scheduling revocation for the revocation reason, and click Revoke Iteration to revoke the iteration. The time is in UTC ( current time in UTC). Select Revoke at a future date and enter the time for 5 minutes from your current time. Scheduled revocations, unlike immediate ones, can apply to iterations assigned to image channels. Schedule a revocation date for the first iteration by clicking on. Go to the learn-packer-ubuntu's Iterations page. To enforce this policy, you can schedule a revocation date and time. Set up a channel named production for your image bucket.Īssume that your company policy requires that images expire after 30 days to ensure no one deploys a stale image.Built an image and push its metadata to HCP Packer.Configured your AWS credentials as environment variables.Set your client ID and secret as environment variables.To complete this tutorial, you must have completed the HCP Packer Get Started tutorials. In the process, you will learn the relationship between HCP Packer image channels and revoked iterations, and how image revocation prevents downstream image consumers from referencing outdated images. In this tutorial, you will schedule a revocation. Scheduled revocation is an HCP Packer Plus tier feature.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |