support custom endpoints for AWS EC2 ELB and IAM
This commit is contained in:
Hasan Türken
clint shryock
parent
a6d3c4e181
commit
231604e8b7
|
|
@ -45,6 +45,8 @@ import (
|
||||||
"github.com/aws/aws-sdk-go/service/s3"
|
"github.com/aws/aws-sdk-go/service/s3"
|
||||||
"github.com/aws/aws-sdk-go/service/sns"
|
"github.com/aws/aws-sdk-go/service/sns"
|
||||||
"github.com/aws/aws-sdk-go/service/sqs"
|
"github.com/aws/aws-sdk-go/service/sqs"
|
||||||
|
"net/http"
|
||||||
|
"crypto/tls"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Config struct {
|
type Config struct {
|
||||||
|
|
@ -61,6 +63,10 @@ type Config struct {
|
||||||
|
|
||||||
DynamoDBEndpoint string
|
DynamoDBEndpoint string
|
||||||
KinesisEndpoint string
|
KinesisEndpoint string
|
||||||
|
Ec2Endpoint string
|
||||||
|
IamEndpoint string
|
||||||
|
ElbEndpoint string
|
||||||
|
Insecure bool
|
||||||
}
|
}
|
||||||
|
|
||||||
type AWSClient struct {
|
type AWSClient struct {
|
||||||
|
|
@ -136,9 +142,21 @@ func (c *Config) Client() (interface{}, error) {
|
||||||
HTTPClient: cleanhttp.DefaultClient(),
|
HTTPClient: cleanhttp.DefaultClient(),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if c.Insecure {
|
||||||
|
transport := awsConfig.HTTPClient.Transport.(*http.Transport)
|
||||||
|
transport.TLSClientConfig = &tls.Config{
|
||||||
|
InsecureSkipVerify:true,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
log.Println("[INFO] Initializing IAM Connection")
|
log.Println("[INFO] Initializing IAM Connection")
|
||||||
sess := session.New(awsConfig)
|
sess := session.New(awsConfig)
|
||||||
client.iamconn = iam.New(sess)
|
|
||||||
|
awsIamConfig := *awsConfig
|
||||||
|
awsIamConfig.Endpoint = aws.String(c.IamEndpoint)
|
||||||
|
|
||||||
|
awsIamSess := session.New(&awsIamConfig)
|
||||||
|
client.iamconn = iam.New(awsIamSess)
|
||||||
|
|
||||||
err = c.ValidateCredentials(client.iamconn)
|
err = c.ValidateCredentials(client.iamconn)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -166,7 +184,12 @@ func (c *Config) Client() (interface{}, error) {
|
||||||
client.dynamodbconn = dynamodb.New(dynamoSess)
|
client.dynamodbconn = dynamodb.New(dynamoSess)
|
||||||
|
|
||||||
log.Println("[INFO] Initializing ELB connection")
|
log.Println("[INFO] Initializing ELB connection")
|
||||||
client.elbconn = elb.New(sess)
|
awsElbConfig := *awsConfig
|
||||||
|
awsElbConfig.Endpoint = aws.String(c.ElbEndpoint)
|
||||||
|
|
||||||
|
awsElbSess := session.New(&awsElbConfig)
|
||||||
|
|
||||||
|
client.elbconn = elb.New(awsElbSess)
|
||||||
|
|
||||||
log.Println("[INFO] Initializing S3 connection")
|
log.Println("[INFO] Initializing S3 connection")
|
||||||
client.s3conn = s3.New(sess)
|
client.s3conn = s3.New(sess)
|
||||||
|
|
@ -199,7 +222,12 @@ func (c *Config) Client() (interface{}, error) {
|
||||||
client.autoscalingconn = autoscaling.New(sess)
|
client.autoscalingconn = autoscaling.New(sess)
|
||||||
|
|
||||||
log.Println("[INFO] Initializing EC2 Connection")
|
log.Println("[INFO] Initializing EC2 Connection")
|
||||||
client.ec2conn = ec2.New(sess)
|
|
||||||
|
awsEc2Config := *awsConfig
|
||||||
|
awsEc2Config.Endpoint = aws.String(c.Ec2Endpoint)
|
||||||
|
|
||||||
|
awsEc2Sess := session.New(&awsEc2Config)
|
||||||
|
client.ec2conn = ec2.New(awsEc2Sess)
|
||||||
|
|
||||||
log.Println("[INFO] Initializing ECR Connection")
|
log.Println("[INFO] Initializing ECR Connection")
|
||||||
client.ecrconn = ecr.New(sess)
|
client.ecrconn = ecr.New(sess)
|
||||||
|
|
|
||||||
|
|
@ -96,6 +96,31 @@ func Provider() terraform.ResourceProvider {
|
||||||
Default: "",
|
Default: "",
|
||||||
Description: descriptions["kinesis_endpoint"],
|
Description: descriptions["kinesis_endpoint"],
|
||||||
},
|
},
|
||||||
|
"iam_endpoint": &schema.Schema{
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Optional: true,
|
||||||
|
Default: "",
|
||||||
|
Description: descriptions["iam_endpoint"],
|
||||||
|
},
|
||||||
|
|
||||||
|
"ec2_endpoint": &schema.Schema{
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Optional: true,
|
||||||
|
Default: "",
|
||||||
|
Description: descriptions["ec2_endpoint"],
|
||||||
|
},
|
||||||
|
"elb_endpoint": &schema.Schema{
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Optional: true,
|
||||||
|
Default: "",
|
||||||
|
Description: descriptions["elb_endpoint"],
|
||||||
|
},
|
||||||
|
"insecure": &schema.Schema{
|
||||||
|
Type: schema.TypeBool,
|
||||||
|
Optional: true,
|
||||||
|
Default: false,
|
||||||
|
Description: descriptions["insecure"],
|
||||||
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
ResourcesMap: map[string]*schema.Resource{
|
ResourcesMap: map[string]*schema.Resource{
|
||||||
|
|
@ -249,6 +274,15 @@ func init() {
|
||||||
|
|
||||||
"kinesis_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n" +
|
"kinesis_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n" +
|
||||||
"It's typically used to connect to kinesalite.",
|
"It's typically used to connect to kinesalite.",
|
||||||
|
|
||||||
|
"iam_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n",
|
||||||
|
|
||||||
|
"ec2_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n",
|
||||||
|
|
||||||
|
"elb_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n",
|
||||||
|
|
||||||
|
"insecure" : "Explicitly allow the provider to perform \"insecure\" SSL requests. If omitted," +
|
||||||
|
"default value is `false`",
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -263,6 +297,10 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
|
||||||
MaxRetries: d.Get("max_retries").(int),
|
MaxRetries: d.Get("max_retries").(int),
|
||||||
DynamoDBEndpoint: d.Get("dynamodb_endpoint").(string),
|
DynamoDBEndpoint: d.Get("dynamodb_endpoint").(string),
|
||||||
KinesisEndpoint: d.Get("kinesis_endpoint").(string),
|
KinesisEndpoint: d.Get("kinesis_endpoint").(string),
|
||||||
|
IamEndpoint: d.Get("iam_endpoint").(string),
|
||||||
|
Ec2Endpoint: d.Get("ec2_endpoint").(string),
|
||||||
|
ElbEndpoint: d.Get("elb_endpoint").(string),
|
||||||
|
Insecure: d.Get("insecure").(bool),
|
||||||
}
|
}
|
||||||
|
|
||||||
if v, ok := d.GetOk("allowed_account_ids"); ok {
|
if v, ok := d.GetOk("allowed_account_ids"); ok {
|
||||||
|
|
|
||||||
|
|
@ -137,5 +137,24 @@ The following arguments are supported in the `provider` block:
|
||||||
URL constructed from the `region`. It's typically used to connect to
|
URL constructed from the `region`. It's typically used to connect to
|
||||||
dynamodb-local.
|
dynamodb-local.
|
||||||
|
|
||||||
* `kinesis_endpoint` - (Optional) Use this to override the default endpoint URL
|
* `kinesis_endpoint` - (Optional) Use this to override the default endpoint
|
||||||
constructed from the `region`. It's typically used to connect to kinesalite.
|
URL constructed from the `region`. It's typically used to connect to
|
||||||
|
kinesalite.
|
||||||
|
|
||||||
|
* `iam_endpoint` - (Optional) Use this to override the default endpoint
|
||||||
|
URL constructed from the `region`. It's typically used to connect to
|
||||||
|
custom iam endpoints.
|
||||||
|
|
||||||
|
* `ec2_endpoint` - (Optional) Use this to override the default endpoint
|
||||||
|
URL constructed from the `region`. It's typically used to connect to
|
||||||
|
custom ec2 endpoints.
|
||||||
|
|
||||||
|
* `elb_endpoint` - (Optional) Use this to override the default endpoint
|
||||||
|
URL constructed from the `region`. It's typically used to connect to
|
||||||
|
custom elb endpoints.
|
||||||
|
|
||||||
|
* `token` - (Optional) Use this to set an MFA token. It can also be
|
||||||
|
sourced from the `AWS_SECURITY_TOKEN` environment variable.
|
||||||
|
|
||||||
|
* `insecure` - (Optional) Optional) Explicitly allow the provider to
|
||||||
|
perform "insecure" SSL requests. If omitted, default value is `false`
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue