From f59827af8eb522754ef116ec433b6816106ce2cf Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Thu, 24 Oct 2019 12:13:37 -0400
Subject: [PATCH] platform/api/aws: copy createVolumePermission when
 replicating

We should just match whatever permissions are set on the source
snapshot.

Closes: #1111
---
 platform/api/aws/images.go | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/platform/api/aws/images.go b/platform/api/aws/images.go
index f64e2616b..5f7da169a 100644
--- a/platform/api/aws/images.go
+++ b/platform/api/aws/images.go
@@ -555,6 +555,15 @@ func (a *API) CopyImage(sourceImageID string, regions []string) (map[string]Imag
 	}
 	snapshot := describeSnapshotRes.Snapshots[0]
 
+	describeSnapshotAttributeRes, err := a.ec2.DescribeSnapshotAttribute(&ec2.DescribeSnapshotAttributeInput{
+		Attribute:  aws.String("createVolumePermission"),
+		SnapshotId: aws.String(snapshotID),
+	})
+	if err != nil {
+		return nil, fmt.Errorf("couldn't describe createVolumePermission: %v", err)
+	}
+	createVolumePermissions := describeSnapshotAttributeRes.CreateVolumePermissions
+
 	describeAttributeRes, err := a.ec2.DescribeImageAttribute(&ec2.DescribeImageAttributeInput{
 		Attribute: aws.String("launchPermission"),
 		ImageId:   aws.String(sourceImageID),
@@ -580,7 +589,7 @@ func (a *API) CopyImage(sourceImageID string, regions []string) (map[string]Imag
 			res.data, res.err = aa.copyImageIn(a.opts.Region, sourceImageID,
 				*image.Name, *image.Description,
 				image.Tags, snapshot.Tags,
-				launchPermissions)
+				launchPermissions, createVolumePermissions)
 			ch <- res
 		}()
 	}
@@ -599,7 +608,7 @@ func (a *API) CopyImage(sourceImageID string, regions []string) (map[string]Imag
 	return amis, err
 }
 
-func (a *API) copyImageIn(sourceRegion, sourceImageID, name, description string, imageTags, snapshotTags []*ec2.Tag, launchPermissions []*ec2.LaunchPermission) (ImageData, error) {
+func (a *API) copyImageIn(sourceRegion, sourceImageID, name, description string, imageTags, snapshotTags []*ec2.Tag, launchPermissions []*ec2.LaunchPermission, createVolumePermissions []*ec2.CreateVolumePermission) (ImageData, error) {
 	imageID, err := a.FindImage(name)
 	if err != nil {
 		return ImageData{}, err
@@ -658,6 +667,19 @@ func (a *API) copyImageIn(sourceRegion, sourceImageID, name, description string,
 		}
 	}
 
+	if len(createVolumePermissions) > 0 {
+		_, err = a.ec2.ModifySnapshotAttribute(&ec2.ModifySnapshotAttributeInput{
+			Attribute:  aws.String("createVolumePermission"),
+			SnapshotId: &snapshotID,
+			CreateVolumePermission: &ec2.CreateVolumePermissionModifications{
+				Add: createVolumePermissions,
+			},
+		})
+		if err != nil {
+			return ImageData{}, fmt.Errorf("couldn't grant createVolumePermissions: %v", err)
+		}
+	}
+
 	if len(launchPermissions) > 0 {
 		_, err = a.ec2.ModifyImageAttribute(&ec2.ModifyImageAttributeInput{
 			Attribute: aws.String("launchPermission"),