use the aws provider client initialization

Use the aws provider code to create the clients for the s3 backend, so
that all the behavior matches that of the provider.

Remove the fake creds from the test, as the aws provider will attempt to
validate them.
This commit is contained in:
James Bardin 2017-04-05 12:37:42 -04:00
parent 0ec2a5cfd3
commit 6e136c848a
2 changed files with 18 additions and 49 deletions

View File

@ -2,15 +2,9 @@ package s3
import ( import (
"context" "context"
"fmt"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/dynamodb" "github.com/aws/aws-sdk-go/service/dynamodb"
"github.com/aws/aws-sdk-go/service/s3" "github.com/aws/aws-sdk-go/service/s3"
cleanhttp "github.com/hashicorp/go-cleanhttp"
multierror "github.com/hashicorp/go-multierror"
"github.com/hashicorp/terraform/backend" "github.com/hashicorp/terraform/backend"
"github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/helper/schema"
@ -175,48 +169,27 @@ func (b *Backend) configure(ctx context.Context) error {
b.kmsKeyID = data.Get("kms_key_id").(string) b.kmsKeyID = data.Get("kms_key_id").(string)
b.lockTable = data.Get("lock_table").(string) b.lockTable = data.Get("lock_table").(string)
var errs []error cfg := &terraformAWS.Config{
creds, err := terraformAWS.GetCredentials(&terraformAWS.Config{
AccessKey: data.Get("access_key").(string), AccessKey: data.Get("access_key").(string),
SecretKey: data.Get("secret_key").(string),
Token: data.Get("token").(string),
Profile: data.Get("profile").(string),
CredsFilename: data.Get("shared_credentials_file").(string),
AssumeRoleARN: data.Get("role_arn").(string), AssumeRoleARN: data.Get("role_arn").(string),
AssumeRoleSessionName: data.Get("session_name").(string),
AssumeRoleExternalID: data.Get("external_id").(string), AssumeRoleExternalID: data.Get("external_id").(string),
AssumeRolePolicy: data.Get("assume_role_policy").(string), AssumeRolePolicy: data.Get("assume_role_policy").(string),
}) AssumeRoleSessionName: data.Get("session_name").(string),
CredsFilename: data.Get("shared_credentials_file").(string),
Profile: data.Get("profile").(string),
Region: data.Get("region").(string),
S3Endpoint: data.Get("endpoint").(string),
SecretKey: data.Get("secret_key").(string),
Token: data.Get("token").(string),
}
client, err := cfg.Client()
if err != nil { if err != nil {
return err return err
} }
// Call Get to check for credential provider. If nothing found, we'll get an b.s3Client = client.(*terraformAWS.AWSClient).S3()
// error, and we can present it nicely to the user b.dynClient = client.(*terraformAWS.AWSClient).DynamoDB()
_, err = creds.Get()
if err != nil {
if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "NoCredentialProviders" {
errs = append(errs, fmt.Errorf(`No valid credential sources found for AWS S3 remote.
Please see https://www.terraform.io/docs/state/remote/s3.html for more information on
providing credentials for the AWS S3 remote`))
} else {
errs = append(errs, fmt.Errorf("Error loading credentials for AWS S3 remote: %s", err))
}
return &multierror.Error{Errors: errs}
}
endpoint := data.Get("endpoint").(string)
region := data.Get("region").(string)
awsConfig := &aws.Config{
Credentials: creds,
Endpoint: aws.String(endpoint),
Region: aws.String(region),
HTTPClient: cleanhttp.DefaultClient(),
}
sess := session.New(awsConfig)
b.s3Client = s3.New(sess)
b.dynClient = dynamodb.New(sess)
return nil return nil
} }

View File

@ -29,16 +29,12 @@ func TestBackend_impl(t *testing.T) {
} }
func TestBackendConfig(t *testing.T) { func TestBackendConfig(t *testing.T) {
// This test just instantiates the client. Shouldn't make any actual testACC(t)
// requests nor incur any costs.
config := map[string]interface{}{ config := map[string]interface{}{
"region": "us-west-1", "region": "us-west-1",
"bucket": "tf-test", "bucket": "tf-test",
"key": "state", "key": "state",
"encrypt": true, "encrypt": true,
"access_key": "ACCESS_KEY",
"secret_key": "SECRET_KEY",
"lock_table": "dynamoTable", "lock_table": "dynamoTable",
} }
@ -58,11 +54,11 @@ func TestBackendConfig(t *testing.T) {
if err != nil { if err != nil {
t.Fatalf("Error when requesting credentials") t.Fatalf("Error when requesting credentials")
} }
if credentials.AccessKeyID != "ACCESS_KEY" { if credentials.AccessKeyID == "" {
t.Fatalf("Incorrect Access Key Id was populated") t.Fatalf("No Access Key Id was populated")
} }
if credentials.SecretAccessKey != "SECRET_KEY" { if credentials.SecretAccessKey == "" {
t.Fatalf("Incorrect Secret Access Key was populated") t.Fatalf("No Secret Access Key was populated")
} }
} }