ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backend/oss: Supports the new attribute sts_endpoint

This commit is contained in:
xiaozhu36 2021-11-01 20:26:54 +08:00
parent 3cd6c0be7a
commit 5d19a34f88
2 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
internal/backend/remote-state/oss/backend.go
View File

@ -4,6 +4,7 @@ import (
"context" "context"
"encoding/json" "encoding/json"
"fmt" "fmt"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/endpoints"
"io/ioutil" "io/ioutil"
"log" "log"
"net/http" "net/http"
@ -121,6 +122,12 @@ func New() backend.Backend {
Description: "The region of the OSS bucket.", Description: "The region of the OSS bucket.",
DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_REGION", os.Getenv("ALICLOUD_DEFAULT_REGION")), DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_REGION", os.Getenv("ALICLOUD_DEFAULT_REGION")),
}, },
"sts_endpoint": {
Type: schema.TypeString,
Optional: true,
Description: "A custom endpoint for the STS API",
DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_STS_ENDPOINT", ""),
},
"tablestore_endpoint": { "tablestore_endpoint": {
Type: schema.TypeString, Type: schema.TypeString,
Optional: true, Optional: true,
@ -304,6 +311,7 @@ func (b *Backend) configure(ctx context.Context) error {
securityToken := getBackendConfig(d.Get("security_token").(string), "sts_token") securityToken := getBackendConfig(d.Get("security_token").(string), "sts_token")
region := getBackendConfig(d.Get("region").(string), "region_id") region := getBackendConfig(d.Get("region").(string), "region_id")
stsEndpoint := d.Get("sts_endpoint").(string)
endpoint := d.Get("endpoint").(string) endpoint := d.Get("endpoint").(string)
schma := "https" schma := "https"
@ -360,7 +368,7 @@ func (b *Backend) configure(ctx context.Context) error {
} }
if roleArn != "" { if roleArn != "" {
subAccessKeyId, subAccessKeySecret, subSecurityToken, err := getAssumeRoleAK(accessKey, secretKey, securityToken, region, roleArn, sessionName, policy, sessionExpiration) subAccessKeyId, subAccessKeySecret, subSecurityToken, err := getAssumeRoleAK(accessKey, secretKey, securityToken, region, roleArn, sessionName, policy, stsEndpoint, sessionExpiration)
if err != nil { if err != nil {
return err return err
} }
@ -432,7 +440,7 @@ func (b *Backend) getOSSEndpointByRegion(access_key, secret_key, security_token,
return endpointsResponse, nil return endpointsResponse, nil
} }
func getAssumeRoleAK(accessKey, secretKey, stsToken, region, roleArn, sessionName, policy string, sessionExpiration int) (string, string, string, error) { func getAssumeRoleAK(accessKey, secretKey, stsToken, region, roleArn, sessionName, policy, stsEndpoint string, sessionExpiration int) (string, string, string, error) {
request := sts.CreateAssumeRoleRequest() request := sts.CreateAssumeRoleRequest()
request.RoleArn = roleArn request.RoleArn = roleArn
request.RoleSessionName = sessionName request.RoleSessionName = sessionName
@ -450,6 +458,9 @@ func getAssumeRoleAK(accessKey, secretKey, stsToken, region, roleArn, sessionNam
if err != nil { if err != nil {
return "", "", "", err return "", "", "", err
} }
if stsEndpoint != "" {
endpoints.AddEndpointMapping(region, "STS", stsEndpoint)
}
response, err := client.AssumeRole(request) response, err := client.AssumeRole(request)
if err != nil { if err != nil {
return "", "", "", err return "", "", "", err

1
website/docs/language/settings/backends/oss.html.md
View File

@ -88,6 +88,7 @@ The following configuration options or environment variables are supported:
* `key` - (Optional) The name of the state file. Defaults to `terraform.tfstate`. * `key` - (Optional) The name of the state file. Defaults to `terraform.tfstate`.
* `tablestore_endpoint` / `ALICLOUD_TABLESTORE_ENDPOINT` - (Optional) A custom endpoint for the TableStore API. * `tablestore_endpoint` / `ALICLOUD_TABLESTORE_ENDPOINT` - (Optional) A custom endpoint for the TableStore API.
* `tablestore_table` - (Optional) A TableStore table for state locking and consistency. The table must have a primary key named `LockID` of type `String`. * `tablestore_table` - (Optional) A TableStore table for state locking and consistency. The table must have a primary key named `LockID` of type `String`.
* `sts_endpoint` - (Optional, Available in 1.0.11+) Custom endpoint for the AliCloud Security Token Service (STS) API. It supports environment variable `ALICLOUD_STS_ENDPOINT`.
* `encrypt` - (Optional) Whether to enable server side * `encrypt` - (Optional) Whether to enable server side
encryption of the state file. If it is true, OSS will use 'AES256' encryption algorithm to encrypt state file. encryption of the state file. If it is true, OSS will use 'AES256' encryption algorithm to encrypt state file.
* `acl` - (Optional) [Object * `acl` - (Optional) [Object