use the aws provider client initialization
Use the aws provider code to create the clients for the s3 backend, so that all the behavior matches that of the provider. Remove the fake creds from the test, as the aws provider will attempt to validate them.
This commit is contained in:
James Bardin
parent
0ec2a5cfd3
commit
6e136c848a
|
|
@ -2,15 +2,9 @@ package s3
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
|
||||||
|
|
||||||
"github.com/aws/aws-sdk-go/aws"
|
|
||||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
|
||||||
"github.com/aws/aws-sdk-go/aws/session"
|
|
||||||
"github.com/aws/aws-sdk-go/service/dynamodb"
|
"github.com/aws/aws-sdk-go/service/dynamodb"
|
||||||
"github.com/aws/aws-sdk-go/service/s3"
|
"github.com/aws/aws-sdk-go/service/s3"
|
||||||
cleanhttp "github.com/hashicorp/go-cleanhttp"
|
|
||||||
multierror "github.com/hashicorp/go-multierror"
|
|
||||||
"github.com/hashicorp/terraform/backend"
|
"github.com/hashicorp/terraform/backend"
|
||||||
"github.com/hashicorp/terraform/helper/schema"
|
"github.com/hashicorp/terraform/helper/schema"
|
||||||
|
|
||||||
|
|
@ -175,48 +169,27 @@ func (b *Backend) configure(ctx context.Context) error {
|
||||||
b.kmsKeyID = data.Get("kms_key_id").(string)
|
b.kmsKeyID = data.Get("kms_key_id").(string)
|
||||||
b.lockTable = data.Get("lock_table").(string)
|
b.lockTable = data.Get("lock_table").(string)
|
||||||
|
|
||||||
var errs []error
|
cfg := &terraformAWS.Config{
|
||||||
creds, err := terraformAWS.GetCredentials(&terraformAWS.Config{
|
|
||||||
AccessKey: data.Get("access_key").(string),
|
AccessKey: data.Get("access_key").(string),
|
||||||
SecretKey: data.Get("secret_key").(string),
|
|
||||||
Token: data.Get("token").(string),
|
|
||||||
Profile: data.Get("profile").(string),
|
|
||||||
CredsFilename: data.Get("shared_credentials_file").(string),
|
|
||||||
AssumeRoleARN: data.Get("role_arn").(string),
|
AssumeRoleARN: data.Get("role_arn").(string),
|
||||||
AssumeRoleSessionName: data.Get("session_name").(string),
|
|
||||||
AssumeRoleExternalID: data.Get("external_id").(string),
|
AssumeRoleExternalID: data.Get("external_id").(string),
|
||||||
AssumeRolePolicy: data.Get("assume_role_policy").(string),
|
AssumeRolePolicy: data.Get("assume_role_policy").(string),
|
||||||
})
|
AssumeRoleSessionName: data.Get("session_name").(string),
|
||||||
|
CredsFilename: data.Get("shared_credentials_file").(string),
|
||||||
|
Profile: data.Get("profile").(string),
|
||||||
|
Region: data.Get("region").(string),
|
||||||
|
S3Endpoint: data.Get("endpoint").(string),
|
||||||
|
SecretKey: data.Get("secret_key").(string),
|
||||||
|
Token: data.Get("token").(string),
|
||||||
|
}
|
||||||
|
|
||||||
|
client, err := cfg.Client()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// Call Get to check for credential provider. If nothing found, we'll get an
|
b.s3Client = client.(*terraformAWS.AWSClient).S3()
|
||||||
// error, and we can present it nicely to the user
|
b.dynClient = client.(*terraformAWS.AWSClient).DynamoDB()
|
||||||
_, err = creds.Get()
|
|
||||||
if err != nil {
|
|
||||||
if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "NoCredentialProviders" {
|
|
||||||
errs = append(errs, fmt.Errorf(`No valid credential sources found for AWS S3 remote.
|
|
||||||
Please see https://www.terraform.io/docs/state/remote/s3.html for more information on
|
|
||||||
providing credentials for the AWS S3 remote`))
|
|
||||||
} else {
|
|
||||||
errs = append(errs, fmt.Errorf("Error loading credentials for AWS S3 remote: %s", err))
|
|
||||||
}
|
|
||||||
return &multierror.Error{Errors: errs}
|
|
||||||
}
|
|
||||||
|
|
||||||
endpoint := data.Get("endpoint").(string)
|
|
||||||
region := data.Get("region").(string)
|
|
||||||
|
|
||||||
awsConfig := &aws.Config{
|
|
||||||
Credentials: creds,
|
|
||||||
Endpoint: aws.String(endpoint),
|
|
||||||
Region: aws.String(region),
|
|
||||||
HTTPClient: cleanhttp.DefaultClient(),
|
|
||||||
}
|
|
||||||
sess := session.New(awsConfig)
|
|
||||||
b.s3Client = s3.New(sess)
|
|
||||||
b.dynClient = dynamodb.New(sess)
|
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -29,16 +29,12 @@ func TestBackend_impl(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestBackendConfig(t *testing.T) {
|
func TestBackendConfig(t *testing.T) {
|
||||||
// This test just instantiates the client. Shouldn't make any actual
|
testACC(t)
|
||||||
// requests nor incur any costs.
|
|
||||||
|
|
||||||
config := map[string]interface{}{
|
config := map[string]interface{}{
|
||||||
"region": "us-west-1",
|
"region": "us-west-1",
|
||||||
"bucket": "tf-test",
|
"bucket": "tf-test",
|
||||||
"key": "state",
|
"key": "state",
|
||||||
"encrypt": true,
|
"encrypt": true,
|
||||||
"access_key": "ACCESS_KEY",
|
|
||||||
"secret_key": "SECRET_KEY",
|
|
||||||
"lock_table": "dynamoTable",
|
"lock_table": "dynamoTable",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -58,11 +54,11 @@ func TestBackendConfig(t *testing.T) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Error when requesting credentials")
|
t.Fatalf("Error when requesting credentials")
|
||||||
}
|
}
|
||||||
if credentials.AccessKeyID != "ACCESS_KEY" {
|
if credentials.AccessKeyID == "" {
|
||||||
t.Fatalf("Incorrect Access Key Id was populated")
|
t.Fatalf("No Access Key Id was populated")
|
||||||
}
|
}
|
||||||
if credentials.SecretAccessKey != "SECRET_KEY" {
|
if credentials.SecretAccessKey == "" {
|
||||||
t.Fatalf("Incorrect Secret Access Key was populated")
|
t.Fatalf("No Secret Access Key was populated")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue