Merge #3233: Allow canned ACLs on S3 remote state.
This commit is contained in:
Martin Atkins
commit
859c6c5e68
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
|
"log"
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
|
|
@ -45,6 +46,11 @@ func s3Factory(conf map[string]string) (Client, error) {
|
||||||
serverSideEncryption = v
|
serverSideEncryption = v
|
||||||
}
|
}
|
||||||
|
|
||||||
|
acl := ""
|
||||||
|
if raw, ok := conf["acl"]; ok {
|
||||||
|
acl = raw
|
||||||
|
}
|
||||||
|
|
||||||
accessKeyId := conf["access_key"]
|
accessKeyId := conf["access_key"]
|
||||||
secretAccessKey := conf["secret_key"]
|
secretAccessKey := conf["secret_key"]
|
||||||
|
|
||||||
|
|
@ -77,6 +83,7 @@ func s3Factory(conf map[string]string) (Client, error) {
|
||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
keyName: keyName,
|
keyName: keyName,
|
||||||
serverSideEncryption: serverSideEncryption,
|
serverSideEncryption: serverSideEncryption,
|
||||||
|
acl: acl,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -85,6 +92,7 @@ type S3Client struct {
|
||||||
bucketName string
|
bucketName string
|
||||||
keyName string
|
keyName string
|
||||||
serverSideEncryption bool
|
serverSideEncryption bool
|
||||||
|
acl string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *S3Client) Get() (*Payload, error) {
|
func (c *S3Client) Get() (*Payload, error) {
|
||||||
|
|
@ -140,6 +148,12 @@ func (c *S3Client) Put(data []byte) error {
|
||||||
i.ServerSideEncryption = aws.String("AES256")
|
i.ServerSideEncryption = aws.String("AES256")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if c.acl != "" {
|
||||||
|
i.ACL = aws.String(c.acl)
|
||||||
|
}
|
||||||
|
|
||||||
|
log.Printf("[DEBUG] Uploading remote state to S3: %#v", i)
|
||||||
|
|
||||||
if _, err := c.nativeClient.PutObject(i); err == nil {
|
if _, err := c.nativeClient.PutObject(i); err == nil {
|
||||||
return nil
|
return nil
|
||||||
} else {
|
} else {
|
||||||
|
|
|
||||||
|
|
@ -57,6 +57,13 @@ The following backends are supported:
|
||||||
in the `access_key`, `secret_key` and `region` variables
|
in the `access_key`, `secret_key` and `region` variables
|
||||||
respectively, but passing credentials this way is not recommended since they
|
respectively, but passing credentials this way is not recommended since they
|
||||||
will be included in cleartext inside the persisted state.
|
will be included in cleartext inside the persisted state.
|
||||||
|
Other supported parameters include:
|
||||||
|
* `bucket` - the name of the S3 bucket
|
||||||
|
* `key` - path where to place/look for state file inside the bucket
|
||||||
|
* `encrypt` - whether to enable [server side encryption](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
|
||||||
|
of the state file
|
||||||
|
* `acl` - [Canned ACL](http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl)
|
||||||
|
to be applied to the state file.
|
||||||
|
|
||||||
* HTTP - Stores the state using a simple REST client. State will be fetched
|
* HTTP - Stores the state using a simple REST client. State will be fetched
|
||||||
via GET, updated via POST, and purged with DELETE. Requires the `address` variable.
|
via GET, updated via POST, and purged with DELETE. Requires the `address` variable.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue