main: Use the new cliconfig package credentials source

This should not cause any change in behavior yet, but using this new
implementation will allow the "terraform login" and "terraform logout"
commands to store and forget credentials when they are implemented in
subsequent commits.
This commit is contained in:
Martin Atkins 2019-08-08 17:08:49 -07:00
parent 8272d3b101
commit 22a2580e93
2 changed files with 13 additions and 42 deletions

View File

@ -1,7 +1,6 @@
package main package main
import ( import (
"log"
"os" "os"
"os/signal" "os/signal"
@ -371,44 +370,7 @@ func makeShutdownCh() <-chan struct{} {
return resultCh return resultCh
} }
func credentialsSource(config *Config) auth.CredentialsSource { func credentialsSource(config *Config) (auth.CredentialsSource, error) {
creds := auth.NoCredentials helperPlugins := pluginDiscovery.FindPlugins("credentials", globalPluginDirs())
if len(config.Credentials) > 0 { return config.CredentialsSource(helperPlugins)
staticTable := map[svchost.Hostname]map[string]interface{}{}
for userHost, creds := range config.Credentials {
host, err := svchost.ForComparison(userHost)
if err != nil {
// We expect the config was already validated by the time we get
// here, so we'll just ignore invalid hostnames.
continue
}
staticTable[host] = creds
}
creds = auth.StaticCredentialsSource(staticTable)
}
for helperType, helperConfig := range config.CredentialsHelpers {
log.Printf("[DEBUG] Searching for credentials helper named %q", helperType)
available := pluginDiscovery.FindPlugins("credentials", globalPluginDirs())
available = available.WithName(helperType)
if available.Count() == 0 {
log.Printf("[ERROR] Unable to find credentials helper %q; ignoring", helperType)
break
}
selected := available.Newest()
helperSource := auth.HelperProgramCredentialsSource(selected.Path, helperConfig.Args...)
creds = auth.Credentials{
creds,
auth.CachingCredentialsSource(helperSource), // cached because external operation may be slow/expensive
}
// There should only be zero or one "credentials_helper" blocks. We
// assume that the config was validated earlier and so we don't check
// for extras here.
break
}
return creds
} }

11
main.go
View File

@ -145,7 +145,16 @@ func wrappedMain() int {
// Get any configured credentials from the config and initialize // Get any configured credentials from the config and initialize
// a service discovery object. // a service discovery object.
credsSrc := credentialsSource(config) credsSrc, err := credentialsSource(config)
if err != nil {
// Most commands don't actually need credentials, and most situations
// that would get us here would already have been reported by the config
// loading above, so we'll just log this one as an aid to debugging
// in the unlikely event that it _does_ arise.
log.Printf("[WARN] Cannot initialize remote host credentials manager: %s", err)
// credsSrc may be nil in this case, but that's okay because the disco
// object checks that and just acts as though no credentials are present.
}
services := disco.NewWithCredentialsSource(credsSrc) services := disco.NewWithCredentialsSource(credsSrc)
// Initialize the backends. // Initialize the backends.