support custom endpoints for AWS EC2 ELB and IAM

This commit is contained in:
Hasan Türken 2015-12-11 17:27:49 +02:00 committed by clint shryock
parent a6d3c4e181
commit 231604e8b7
3 changed files with 90 additions and 5 deletions

View File

@ -45,6 +45,8 @@ import (
"github.com/aws/aws-sdk-go/service/s3" "github.com/aws/aws-sdk-go/service/s3"
"github.com/aws/aws-sdk-go/service/sns" "github.com/aws/aws-sdk-go/service/sns"
"github.com/aws/aws-sdk-go/service/sqs" "github.com/aws/aws-sdk-go/service/sqs"
"net/http"
"crypto/tls"
) )
type Config struct { type Config struct {
@ -61,6 +63,10 @@ type Config struct {
DynamoDBEndpoint string DynamoDBEndpoint string
KinesisEndpoint string KinesisEndpoint string
Ec2Endpoint string
IamEndpoint string
ElbEndpoint string
Insecure bool
} }
type AWSClient struct { type AWSClient struct {
@ -136,9 +142,21 @@ func (c *Config) Client() (interface{}, error) {
HTTPClient: cleanhttp.DefaultClient(), HTTPClient: cleanhttp.DefaultClient(),
} }
if c.Insecure {
transport := awsConfig.HTTPClient.Transport.(*http.Transport)
transport.TLSClientConfig = &tls.Config{
InsecureSkipVerify:true,
}
}
log.Println("[INFO] Initializing IAM Connection") log.Println("[INFO] Initializing IAM Connection")
sess := session.New(awsConfig) sess := session.New(awsConfig)
client.iamconn = iam.New(sess)
awsIamConfig := *awsConfig
awsIamConfig.Endpoint = aws.String(c.IamEndpoint)
awsIamSess := session.New(&awsIamConfig)
client.iamconn = iam.New(awsIamSess)
err = c.ValidateCredentials(client.iamconn) err = c.ValidateCredentials(client.iamconn)
if err != nil { if err != nil {
@ -166,7 +184,12 @@ func (c *Config) Client() (interface{}, error) {
client.dynamodbconn = dynamodb.New(dynamoSess) client.dynamodbconn = dynamodb.New(dynamoSess)
log.Println("[INFO] Initializing ELB connection") log.Println("[INFO] Initializing ELB connection")
client.elbconn = elb.New(sess) awsElbConfig := *awsConfig
awsElbConfig.Endpoint = aws.String(c.ElbEndpoint)
awsElbSess := session.New(&awsElbConfig)
client.elbconn = elb.New(awsElbSess)
log.Println("[INFO] Initializing S3 connection") log.Println("[INFO] Initializing S3 connection")
client.s3conn = s3.New(sess) client.s3conn = s3.New(sess)
@ -199,7 +222,12 @@ func (c *Config) Client() (interface{}, error) {
client.autoscalingconn = autoscaling.New(sess) client.autoscalingconn = autoscaling.New(sess)
log.Println("[INFO] Initializing EC2 Connection") log.Println("[INFO] Initializing EC2 Connection")
client.ec2conn = ec2.New(sess)
awsEc2Config := *awsConfig
awsEc2Config.Endpoint = aws.String(c.Ec2Endpoint)
awsEc2Sess := session.New(&awsEc2Config)
client.ec2conn = ec2.New(awsEc2Sess)
log.Println("[INFO] Initializing ECR Connection") log.Println("[INFO] Initializing ECR Connection")
client.ecrconn = ecr.New(sess) client.ecrconn = ecr.New(sess)

View File

@ -96,6 +96,31 @@ func Provider() terraform.ResourceProvider {
Default: "", Default: "",
Description: descriptions["kinesis_endpoint"], Description: descriptions["kinesis_endpoint"],
}, },
"iam_endpoint": &schema.Schema{
Type: schema.TypeString,
Optional: true,
Default: "",
Description: descriptions["iam_endpoint"],
},
"ec2_endpoint": &schema.Schema{
Type: schema.TypeString,
Optional: true,
Default: "",
Description: descriptions["ec2_endpoint"],
},
"elb_endpoint": &schema.Schema{
Type: schema.TypeString,
Optional: true,
Default: "",
Description: descriptions["elb_endpoint"],
},
"insecure": &schema.Schema{
Type: schema.TypeBool,
Optional: true,
Default: false,
Description: descriptions["insecure"],
},
}, },
ResourcesMap: map[string]*schema.Resource{ ResourcesMap: map[string]*schema.Resource{
@ -249,6 +274,15 @@ func init() {
"kinesis_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n" + "kinesis_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n" +
"It's typically used to connect to kinesalite.", "It's typically used to connect to kinesalite.",
"iam_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n",
"ec2_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n",
"elb_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n",
"insecure" : "Explicitly allow the provider to perform \"insecure\" SSL requests. If omitted," +
"default value is `false`",
} }
} }
@ -263,6 +297,10 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
MaxRetries: d.Get("max_retries").(int), MaxRetries: d.Get("max_retries").(int),
DynamoDBEndpoint: d.Get("dynamodb_endpoint").(string), DynamoDBEndpoint: d.Get("dynamodb_endpoint").(string),
KinesisEndpoint: d.Get("kinesis_endpoint").(string), KinesisEndpoint: d.Get("kinesis_endpoint").(string),
IamEndpoint: d.Get("iam_endpoint").(string),
Ec2Endpoint: d.Get("ec2_endpoint").(string),
ElbEndpoint: d.Get("elb_endpoint").(string),
Insecure: d.Get("insecure").(bool),
} }
if v, ok := d.GetOk("allowed_account_ids"); ok { if v, ok := d.GetOk("allowed_account_ids"); ok {

View File

@ -137,5 +137,24 @@ The following arguments are supported in the `provider` block:
URL constructed from the `region`. It's typically used to connect to URL constructed from the `region`. It's typically used to connect to
dynamodb-local. dynamodb-local.
* `kinesis_endpoint` - (Optional) Use this to override the default endpoint URL * `kinesis_endpoint` - (Optional) Use this to override the default endpoint
constructed from the `region`. It's typically used to connect to kinesalite. URL constructed from the `region`. It's typically used to connect to
kinesalite.
* `iam_endpoint` - (Optional) Use this to override the default endpoint
URL constructed from the `region`. It's typically used to connect to
custom iam endpoints.
* `ec2_endpoint` - (Optional) Use this to override the default endpoint
URL constructed from the `region`. It's typically used to connect to
custom ec2 endpoints.
* `elb_endpoint` - (Optional) Use this to override the default endpoint
URL constructed from the `region`. It's typically used to connect to
custom elb endpoints.
* `token` - (Optional) Use this to set an MFA token. It can also be
sourced from the `AWS_SECURITY_TOKEN` environment variable.
* `insecure` - (Optional) Optional) Explicitly allow the provider to
perform "insecure" SSL requests. If omitted, default value is `false`