2017-03-30 16:33:54 +02:00
|
|
|
package azure
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"fmt"
|
|
|
|
|
|
2017-06-20 10:54:09 +02:00
|
|
|
armStorage "github.com/Azure/azure-sdk-for-go/arm/storage"
|
|
|
|
|
"github.com/Azure/azure-sdk-for-go/storage"
|
|
|
|
|
"github.com/Azure/go-autorest/autorest"
|
|
|
|
|
"github.com/Azure/go-autorest/autorest/adal"
|
2017-03-30 16:33:54 +02:00
|
|
|
"github.com/Azure/go-autorest/autorest/azure"
|
terraform: Ugly huge change to weave in new State and Plan types
Due to how often the state and plan types are referenced throughout
Terraform, there isn't a great way to switch them out gradually. As a
consequence, this huge commit gets us from the old world to a _compilable_
new world, but still has a large number of known test failures due to
key functionality being stubbed out.
The stubs here are for anything that interacts with providers, since we
now need to do the follow-up work to similarly replace the old
terraform.ResourceProvider interface with its replacement in the new
"providers" package. That work, along with work to fix the remaining
failing tests, will follow in subsequent commits.
The aim here was to replace all references to terraform.State and its
downstream types with states.State, terraform.Plan with plans.Plan,
state.State with statemgr.State, and switch to the new implementations of
the state and plan file formats. However, due to the number of times those
types are used, this also ended up affecting numerous other parts of core
such as terraform.Hook, the backend.Backend interface, and most of the CLI
commands.
Just as with 5861dbf3fc49b19587a31816eb06f511ab861bb4 before, I apologize
in advance to the person who inevitably just found this huge commit while
spelunking through the commit history.
2018-08-14 23:24:45 +02:00
|
|
|
|
2017-03-30 16:33:54 +02:00
|
|
|
"github.com/hashicorp/terraform/backend"
|
|
|
|
|
"github.com/hashicorp/terraform/helper/schema"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// New creates a new backend for S3 remote state.
|
|
|
|
|
func New() backend.Backend {
|
|
|
|
|
s := &schema.Backend{
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
2017-09-04 13:04:11 +02:00
|
|
|
"storage_account_name": {
|
2017-03-30 16:33:54 +02:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Required: true,
|
|
|
|
|
Description: "The name of the storage account.",
|
|
|
|
|
},
|
|
|
|
|
|
2017-09-04 13:04:11 +02:00
|
|
|
"container_name": {
|
2017-03-30 16:33:54 +02:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Required: true,
|
|
|
|
|
Description: "The container name.",
|
|
|
|
|
},
|
|
|
|
|
|
2017-09-04 13:04:11 +02:00
|
|
|
"key": {
|
2017-03-30 16:33:54 +02:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Required: true,
|
|
|
|
|
Description: "The blob key.",
|
|
|
|
|
},
|
|
|
|
|
|
2017-09-04 13:04:11 +02:00
|
|
|
"environment": {
|
2017-03-30 16:33:54 +02:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Description: "The Azure cloud environment.",
|
2017-11-06 17:59:48 +01:00
|
|
|
DefaultFunc: schema.EnvDefaultFunc("ARM_ENVIRONMENT", ""),
|
2017-03-30 16:33:54 +02:00
|
|
|
},
|
|
|
|
|
|
2017-09-04 13:04:11 +02:00
|
|
|
"access_key": {
|
2017-03-30 16:33:54 +02:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Description: "The access key.",
|
|
|
|
|
DefaultFunc: schema.EnvDefaultFunc("ARM_ACCESS_KEY", ""),
|
|
|
|
|
},
|
|
|
|
|
|
2017-09-04 13:04:11 +02:00
|
|
|
"resource_group_name": {
|
2017-03-30 16:33:54 +02:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Description: "The resource group name.",
|
|
|
|
|
},
|
|
|
|
|
|
2017-09-04 13:04:11 +02:00
|
|
|
"arm_subscription_id": {
|
2017-03-30 16:33:54 +02:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Description: "The Subscription ID.",
|
|
|
|
|
DefaultFunc: schema.EnvDefaultFunc("ARM_SUBSCRIPTION_ID", ""),
|
|
|
|
|
},
|
|
|
|
|
|
2017-09-04 13:04:11 +02:00
|
|
|
"arm_client_id": {
|
2017-03-30 16:33:54 +02:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Description: "The Client ID.",
|
|
|
|
|
DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_ID", ""),
|
|
|
|
|
},
|
|
|
|
|
|
2017-09-04 13:04:11 +02:00
|
|
|
"arm_client_secret": {
|
2017-03-30 16:33:54 +02:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Description: "The Client Secret.",
|
|
|
|
|
DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_SECRET", ""),
|
|
|
|
|
},
|
|
|
|
|
|
2017-09-04 13:04:11 +02:00
|
|
|
"arm_tenant_id": {
|
2017-03-30 16:33:54 +02:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Description: "The Tenant ID.",
|
|
|
|
|
DefaultFunc: schema.EnvDefaultFunc("ARM_TENANT_ID", ""),
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result := &Backend{Backend: s}
|
|
|
|
|
result.Backend.ConfigureFunc = result.configure
|
|
|
|
|
return result
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type Backend struct {
|
|
|
|
|
*schema.Backend
|
|
|
|
|
|
|
|
|
|
// The fields below are set from configure
|
|
|
|
|
blobClient storage.BlobStorageClient
|
|
|
|
|
|
|
|
|
|
containerName string
|
|
|
|
|
keyName string
|
|
|
|
|
leaseID string
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-04 13:04:43 +02:00
|
|
|
type BackendConfig struct {
|
|
|
|
|
AccessKey string
|
|
|
|
|
Environment string
|
|
|
|
|
ClientID string
|
|
|
|
|
ClientSecret string
|
|
|
|
|
ResourceGroupName string
|
|
|
|
|
StorageAccountName string
|
|
|
|
|
SubscriptionID string
|
|
|
|
|
TenantID string
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-30 16:33:54 +02:00
|
|
|
func (b *Backend) configure(ctx context.Context) error {
|
|
|
|
|
if b.containerName != "" {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Grab the resource data
|
|
|
|
|
data := schema.FromContextBackendConfig(ctx)
|
|
|
|
|
|
|
|
|
|
b.containerName = data.Get("container_name").(string)
|
|
|
|
|
b.keyName = data.Get("key").(string)
|
|
|
|
|
|
2017-09-04 13:04:43 +02:00
|
|
|
config := BackendConfig{
|
|
|
|
|
AccessKey: data.Get("access_key").(string),
|
|
|
|
|
ClientID: data.Get("arm_client_id").(string),
|
|
|
|
|
ClientSecret: data.Get("arm_client_secret").(string),
|
|
|
|
|
Environment: data.Get("environment").(string),
|
|
|
|
|
ResourceGroupName: data.Get("resource_group_name").(string),
|
|
|
|
|
StorageAccountName: data.Get("storage_account_name").(string),
|
|
|
|
|
SubscriptionID: data.Get("arm_subscription_id").(string),
|
|
|
|
|
TenantID: data.Get("arm_tenant_id").(string),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
blobClient, err := getBlobClient(config)
|
2017-03-30 16:33:54 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
b.blobClient = blobClient
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-04 13:04:43 +02:00
|
|
|
func getBlobClient(config BackendConfig) (storage.BlobStorageClient, error) {
|
2017-03-30 16:33:54 +02:00
|
|
|
var client storage.BlobStorageClient
|
|
|
|
|
|
2017-09-04 13:04:43 +02:00
|
|
|
env, err := getAzureEnvironment(config.Environment)
|
2017-03-30 16:33:54 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return client, err
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-04 13:04:43 +02:00
|
|
|
accessKey, err := getAccessKey(config, env)
|
2017-03-30 16:33:54 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return client, err
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-04 13:04:43 +02:00
|
|
|
storageClient, err := storage.NewClient(config.StorageAccountName, accessKey, env.StorageEndpointSuffix,
|
2017-03-30 16:33:54 +02:00
|
|
|
storage.DefaultAPIVersion, true)
|
|
|
|
|
if err != nil {
|
2017-09-04 13:04:43 +02:00
|
|
|
return client, fmt.Errorf("Error creating storage client for storage account %q: %s", config.StorageAccountName, err)
|
2017-03-30 16:33:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
client = storageClient.GetBlobService()
|
|
|
|
|
return client, nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-04 13:04:43 +02:00
|
|
|
func getAccessKey(config BackendConfig, env azure.Environment) (string, error) {
|
|
|
|
|
if config.AccessKey != "" {
|
|
|
|
|
return config.AccessKey, nil
|
2017-03-30 16:33:54 +02:00
|
|
|
}
|
|
|
|
|
|
2017-09-04 13:04:43 +02:00
|
|
|
rgOk := config.ResourceGroupName != ""
|
|
|
|
|
subOk := config.SubscriptionID != ""
|
|
|
|
|
clientIDOk := config.ClientID != ""
|
|
|
|
|
clientSecretOK := config.ClientSecret != ""
|
|
|
|
|
tenantIDOk := config.TenantID != ""
|
2017-03-30 16:33:54 +02:00
|
|
|
if !rgOk || !subOk || !clientIDOk || !clientSecretOK || !tenantIDOk {
|
|
|
|
|
return "", fmt.Errorf("resource_group_name and credentials must be provided when access_key is absent")
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-04 13:04:43 +02:00
|
|
|
oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, config.TenantID)
|
2017-03-30 16:33:54 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-04 13:04:43 +02:00
|
|
|
spt, err := adal.NewServicePrincipalToken(*oauthConfig, config.ClientID, config.ClientSecret, env.ResourceManagerEndpoint)
|
2017-03-30 16:33:54 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-04 13:04:43 +02:00
|
|
|
accountsClient := armStorage.NewAccountsClientWithBaseURI(env.ResourceManagerEndpoint, config.SubscriptionID)
|
2017-06-20 10:54:09 +02:00
|
|
|
accountsClient.Authorizer = autorest.NewBearerAuthorizer(spt)
|
2017-03-30 16:33:54 +02:00
|
|
|
|
2017-09-04 13:04:43 +02:00
|
|
|
keys, err := accountsClient.ListKeys(config.ResourceGroupName, config.StorageAccountName)
|
2017-03-30 16:33:54 +02:00
|
|
|
if err != nil {
|
2017-09-04 13:04:43 +02:00
|
|
|
return "", fmt.Errorf("Error retrieving keys for storage account %q: %s", config.StorageAccountName, err)
|
2017-03-30 16:33:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if keys.Keys == nil {
|
2017-09-04 13:04:43 +02:00
|
|
|
return "", fmt.Errorf("Nil key returned for storage account %q", config.StorageAccountName)
|
2017-03-30 16:33:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
accessKeys := *keys.Keys
|
|
|
|
|
return *accessKeys[0].Value, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getAzureEnvironment(environment string) (azure.Environment, error) {
|
|
|
|
|
if environment == "" {
|
|
|
|
|
return azure.PublicCloud, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
env, err := azure.EnvironmentFromName(environment)
|
|
|
|
|
if err != nil {
|
|
|
|
|
// try again with wrapped value to support readable values like german instead of AZUREGERMANCLOUD
|
|
|
|
|
var innerErr error
|
|
|
|
|
env, innerErr = azure.EnvironmentFromName(fmt.Sprintf("AZURE%sCLOUD", environment))
|
|
|
|
|
if innerErr != nil {
|
|
|
|
|
return env, fmt.Errorf("invalid 'environment' configuration: %s", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return env, nil
|
|
|
|
|
}
|