main: Use the new cliconfig package credentials source
This should not cause any change in behavior yet, but using this new implementation will allow the "terraform login" and "terraform logout" commands to store and forget credentials when they are implemented in subsequent commits.
This commit is contained in:
parent
8272d3b101
commit
22a2580e93
44
commands.go
44
commands.go
|
@ -1,7 +1,6 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"log"
|
|
||||||
"os"
|
"os"
|
||||||
"os/signal"
|
"os/signal"
|
||||||
|
|
||||||
|
@ -371,44 +370,7 @@ func makeShutdownCh() <-chan struct{} {
|
||||||
return resultCh
|
return resultCh
|
||||||
}
|
}
|
||||||
|
|
||||||
func credentialsSource(config *Config) auth.CredentialsSource {
|
func credentialsSource(config *Config) (auth.CredentialsSource, error) {
|
||||||
creds := auth.NoCredentials
|
helperPlugins := pluginDiscovery.FindPlugins("credentials", globalPluginDirs())
|
||||||
if len(config.Credentials) > 0 {
|
return config.CredentialsSource(helperPlugins)
|
||||||
staticTable := map[svchost.Hostname]map[string]interface{}{}
|
|
||||||
for userHost, creds := range config.Credentials {
|
|
||||||
host, err := svchost.ForComparison(userHost)
|
|
||||||
if err != nil {
|
|
||||||
// We expect the config was already validated by the time we get
|
|
||||||
// here, so we'll just ignore invalid hostnames.
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
staticTable[host] = creds
|
|
||||||
}
|
|
||||||
creds = auth.StaticCredentialsSource(staticTable)
|
|
||||||
}
|
|
||||||
|
|
||||||
for helperType, helperConfig := range config.CredentialsHelpers {
|
|
||||||
log.Printf("[DEBUG] Searching for credentials helper named %q", helperType)
|
|
||||||
available := pluginDiscovery.FindPlugins("credentials", globalPluginDirs())
|
|
||||||
available = available.WithName(helperType)
|
|
||||||
if available.Count() == 0 {
|
|
||||||
log.Printf("[ERROR] Unable to find credentials helper %q; ignoring", helperType)
|
|
||||||
break
|
|
||||||
}
|
|
||||||
|
|
||||||
selected := available.Newest()
|
|
||||||
|
|
||||||
helperSource := auth.HelperProgramCredentialsSource(selected.Path, helperConfig.Args...)
|
|
||||||
creds = auth.Credentials{
|
|
||||||
creds,
|
|
||||||
auth.CachingCredentialsSource(helperSource), // cached because external operation may be slow/expensive
|
|
||||||
}
|
|
||||||
|
|
||||||
// There should only be zero or one "credentials_helper" blocks. We
|
|
||||||
// assume that the config was validated earlier and so we don't check
|
|
||||||
// for extras here.
|
|
||||||
break
|
|
||||||
}
|
|
||||||
|
|
||||||
return creds
|
|
||||||
}
|
}
|
||||||
|
|
11
main.go
11
main.go
|
@ -145,7 +145,16 @@ func wrappedMain() int {
|
||||||
|
|
||||||
// Get any configured credentials from the config and initialize
|
// Get any configured credentials from the config and initialize
|
||||||
// a service discovery object.
|
// a service discovery object.
|
||||||
credsSrc := credentialsSource(config)
|
credsSrc, err := credentialsSource(config)
|
||||||
|
if err != nil {
|
||||||
|
// Most commands don't actually need credentials, and most situations
|
||||||
|
// that would get us here would already have been reported by the config
|
||||||
|
// loading above, so we'll just log this one as an aid to debugging
|
||||||
|
// in the unlikely event that it _does_ arise.
|
||||||
|
log.Printf("[WARN] Cannot initialize remote host credentials manager: %s", err)
|
||||||
|
// credsSrc may be nil in this case, but that's okay because the disco
|
||||||
|
// object checks that and just acts as though no credentials are present.
|
||||||
|
}
|
||||||
services := disco.NewWithCredentialsSource(credsSrc)
|
services := disco.NewWithCredentialsSource(credsSrc)
|
||||||
|
|
||||||
// Initialize the backends.
|
// Initialize the backends.
|
||||||
|
|
Loading…
Reference in New Issue