Merge #3233: Allow canned ACLs on S3 remote state.

This commit is contained in:
Martin Atkins 2015-10-03 17:40:17 -07:00
commit 859c6c5e68
2 changed files with 21 additions and 0 deletions

View File

@ -4,6 +4,7 @@ import (
"bytes"
"fmt"
"io"
"log"
"os"
"strconv"
@ -45,6 +46,11 @@ func s3Factory(conf map[string]string) (Client, error) {
serverSideEncryption = v
}
acl := ""
if raw, ok := conf["acl"]; ok {
acl = raw
}
accessKeyId := conf["access_key"]
secretAccessKey := conf["secret_key"]
@ -77,6 +83,7 @@ func s3Factory(conf map[string]string) (Client, error) {
bucketName: bucketName,
keyName: keyName,
serverSideEncryption: serverSideEncryption,
acl: acl,
}, nil
}
@ -85,6 +92,7 @@ type S3Client struct {
bucketName string
keyName string
serverSideEncryption bool
acl string
}
func (c *S3Client) Get() (*Payload, error) {
@ -140,6 +148,12 @@ func (c *S3Client) Put(data []byte) error {
i.ServerSideEncryption = aws.String("AES256")
}
if c.acl != "" {
i.ACL = aws.String(c.acl)
}
log.Printf("[DEBUG] Uploading remote state to S3: %#v", i)
if _, err := c.nativeClient.PutObject(i); err == nil {
return nil
} else {

View File

@ -57,6 +57,13 @@ The following backends are supported:
in the `access_key`, `secret_key` and `region` variables
respectively, but passing credentials this way is not recommended since they
will be included in cleartext inside the persisted state.
Other supported parameters include:
* `bucket` - the name of the S3 bucket
* `key` - path where to place/look for state file inside the bucket
* `encrypt` - whether to enable [server side encryption](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
of the state file
* `acl` - [Canned ACL](http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl)
to be applied to the state file.
* HTTP - Stores the state using a simple REST client. State will be fetched
via GET, updated via POST, and purged with DELETE. Requires the `address` variable.