Merge pull request #29868 from xiaozhu36/xiaozhu
backend/oss: Removes the ConflictWith tag which on the attributes assume_role* to fix the incompatible error
This commit is contained in:
commit
5a8021f03d
|
@ -38,7 +38,6 @@ func deprecatedAssumeRoleSchema() *schema.Schema {
|
|||
return &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
ConflictsWith: []string{"assume_role_role_arn", "assume_role_session_name", "assume_role_policy", "assume_role_session_expiration"},
|
||||
MaxItems: 1,
|
||||
Deprecated: "use assume_role_* options instead",
|
||||
Elem: &schema.Resource{
|
||||
|
@ -221,27 +220,23 @@ func New() backend.Backend {
|
|||
"assume_role_role_arn": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
ConflictsWith: []string{"assume_role"},
|
||||
Description: "The ARN of a RAM role to assume prior to making API calls.",
|
||||
DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_ASSUME_ROLE_ARN", ""),
|
||||
},
|
||||
"assume_role_session_name": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
ConflictsWith: []string{"assume_role"},
|
||||
Description: "The session name to use when assuming the role.",
|
||||
DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_ASSUME_ROLE_SESSION_NAME", ""),
|
||||
},
|
||||
"assume_role_policy": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
ConflictsWith: []string{"assume_role"},
|
||||
Description: "The permissions applied when assuming a role. You cannot use this policy to grant permissions which exceed those of the role that is being assumed.",
|
||||
},
|
||||
"assume_role_session_expiration": {
|
||||
Type: schema.TypeInt,
|
||||
Optional: true,
|
||||
ConflictsWith: []string{"assume_role"},
|
||||
Description: "The time after which the established session for assuming role expires.",
|
||||
ValidateFunc: func(v interface{}, k string) ([]string, []error) {
|
||||
min := 900
|
||||
|
@ -324,7 +319,18 @@ func (b *Backend) configure(ctx context.Context) error {
|
|||
sessionExpiration = (int)(expiredSeconds.(float64))
|
||||
}
|
||||
|
||||
if v, ok := d.GetOk("assume_role"); ok {
|
||||
if v, ok := d.GetOk("assume_role_role_arn"); ok && v.(string) != "" {
|
||||
roleArn = v.(string)
|
||||
if v, ok := d.GetOk("assume_role_session_name"); ok {
|
||||
sessionName = v.(string)
|
||||
}
|
||||
if v, ok := d.GetOk("assume_role_policy"); ok {
|
||||
policy = v.(string)
|
||||
}
|
||||
if v, ok := d.GetOk("assume_role_session_expiration"); ok {
|
||||
sessionExpiration = v.(int)
|
||||
}
|
||||
} else if v, ok := d.GetOk("assume_role"); ok {
|
||||
// deprecated assume_role block
|
||||
for _, v := range v.(*schema.Set).List() {
|
||||
assumeRole := v.(map[string]interface{})
|
||||
|
@ -337,11 +343,6 @@ func (b *Backend) configure(ctx context.Context) error {
|
|||
policy = assumeRole["policy"].(string)
|
||||
sessionExpiration = assumeRole["session_expiration"].(int)
|
||||
}
|
||||
} else {
|
||||
roleArn = d.Get("assume_role_role_arn").(string)
|
||||
sessionName = d.Get("assume_role_session_name").(string)
|
||||
policy = d.Get("assume_role_policy").(string)
|
||||
sessionExpiration = d.Get("assume_role_session_expiration").(int)
|
||||
}
|
||||
|
||||
if sessionName == "" {
|
||||
|
|
|
@ -98,11 +98,11 @@ The following configuration options or environment variables are supported:
|
|||
* `profile` - (Optional, Available in 0.12.8+) This is the Alibaba Cloud profile name as set in the shared credentials file. It can also be sourced from the `ALICLOUD_PROFILE` environment variable.
|
||||
* `assume_role_role_arn` - (Optional, Available in 1.1.0+) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports the environment variable `ALICLOUD_ASSUME_ROLE_ARN`.
|
||||
Terraform executes configuration on account with provided credentials.
|
||||
* `assume_role_policy` - (Optional, Available in 1.1.0+ A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions that exceed those of the role that is being assumed.
|
||||
* `assume_role_policy` - (Optional, Available in 1.1.0+) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use this policy to grant permissions that exceed those of the role that is being assumed.
|
||||
* `assume_role_session_name` - (Optional, Available in 1.1.0+) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable `ALICLOUD_ASSUME_ROLE_SESSION_NAME`.
|
||||
* `assume_role_session_expiration` - (Optional, Available in 1.1.0+ The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud uses its own default value). It supports environment variable `ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION`.
|
||||
* `assume_role_session_expiration` - (Optional, Available in 1.1.0+) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud uses its own default value). It supports environment variable `ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION`.
|
||||
|
||||
* `assume_role` - (**Deprecated as of 1.1.0+**, Available in 0.12.6+) If provided with a role ARN, will attempt to assume this role using the supplied credentials.
|
||||
* `assume_role` - (**Deprecated as of 1.1.0+**, Available in 0.12.6+) If provided with a role ARN, will attempt to assume this role using the supplied credentials. It will be ignored when `assume_role_role_arn` is specified.
|
||||
|
||||
**Deprecated in favor of flattening assume_role_\* options**
|
||||
|
||||
|
|
Loading…
Reference in New Issue