backend/s3: Reinstate region validation and update copy for skip_requesting_account_id deprecation message
This commit is contained in:
Brian Flad
parent
43f12bbfe0
commit
a41e545198
|
|
@ -163,7 +163,6 @@ func New() backend.Backend {
|
|||
Optional: true,
|
||||
Description: "Skip static validation of region name.",
|
||||
Default: false,
|
||||
Deprecated: "This attribute is no longer used.",
|
||||
},
|
||||
|
||||
"skip_requesting_account_id": {
|
||||
|
|
@ -171,7 +170,7 @@ func New() backend.Backend {
|
|||
Optional: true,
|
||||
Description: "Skip requesting the account ID.",
|
||||
Default: false,
|
||||
Deprecated: "The S3 Backend no longer automatically uses IAM or STS functionality to lookup the AWS Account ID and this attribute is no longer used.",
|
||||
Deprecated: "The S3 Backend no longer automatically looks up the AWS Account ID and this attribute is no longer used.",
|
||||
},
|
||||
|
||||
"skip_metadata_api_check": {
|
||||
|
|
@ -261,6 +260,12 @@ func (b *Backend) configure(ctx context.Context) error {
|
|||
// Grab the resource data
|
||||
data := schema.FromContextBackendConfig(ctx)
|
||||
|
||||
if !data.Get("skip_region_validation").(bool) {
|
||||
if err := awsbase.ValidateRegion(data.Get("region").(string)); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
b.bucketName = data.Get("bucket").(string)
|
||||
b.keyName = data.Get("key").(string)
|
||||
b.serverSideEncryption = data.Get("encrypt").(bool)
|
||||
|
|
|
|||
2
go.mod
2
go.mod
|
|
@ -51,7 +51,7 @@ require (
|
|||
github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 // indirect
|
||||
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
|
||||
github.com/grpc-ecosystem/grpc-gateway v1.5.1 // indirect
|
||||
github.com/hashicorp/aws-sdk-go-base v0.1.0
|
||||
github.com/hashicorp/aws-sdk-go-base v0.2.0
|
||||
github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089
|
||||
github.com/hashicorp/errwrap v1.0.0
|
||||
github.com/hashicorp/go-azure-helpers v0.0.0-20190129193224-166dfd221bb2
|
||||
|
|
|
|||
4
go.sum
4
go.sum
|
|
@ -115,8 +115,8 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92Bcuy
|
|||
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
|
||||
github.com/grpc-ecosystem/grpc-gateway v1.5.1 h1:3scN4iuXkNOyP98jF55Lv8a9j1o/IwvnDIZ0LHJK1nk=
|
||||
github.com/grpc-ecosystem/grpc-gateway v1.5.1/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
|
||||
github.com/hashicorp/aws-sdk-go-base v0.1.0 h1:f3eUqzUWiAVavKns7ot/IbrRz4uXdSTeU5diOTlNxAk=
|
||||
github.com/hashicorp/aws-sdk-go-base v0.1.0/go.mod h1:ZIWACGGi0N7a4DZbf15yuE1JQORmWLtBcVM6F5SXNFU=
|
||||
github.com/hashicorp/aws-sdk-go-base v0.2.0 h1:5bjZnWCvQg9Im5CHZr9t90IaFC4uvVlMl2fTh23IoCk=
|
||||
github.com/hashicorp/aws-sdk-go-base v0.2.0/go.mod h1:ZIWACGGi0N7a4DZbf15yuE1JQORmWLtBcVM6F5SXNFU=
|
||||
github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089 h1:1eDpXAxTh0iPv+1kc9/gfSI2pxRERDsTk/lNGolwHn8=
|
||||
github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089/go.mod h1:mFrjN1mfidgJfYP1xrJCF+AfRhr6Eaqhb2+sfyn/OOI=
|
||||
github.com/hashicorp/errwrap v0.0.0-20180715044906-d6c0cd880357/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
|
||||
|
|
|
|||
|
|
@ -1,3 +1,9 @@
|
|||
# v0.2.0 (February 20, 2019)
|
||||
|
||||
ENHANCEMENTS
|
||||
|
||||
* validation: Add `ValidateAccountID` and `ValidateRegion` functions [GH-1]
|
||||
|
||||
# v0.1.0 (February 18, 2019)
|
||||
|
||||
* Initial release after split from github.com/terraform-providers/terraform-provider-aws
|
||||
|
|
|
|||
|
|
@ -0,0 +1,44 @@
|
|||
package awsbase
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws/endpoints"
|
||||
)
|
||||
|
||||
// ValidateAccountID checks if the given AWS account ID is specifically allowed or forbidden.
|
||||
// The allowedAccountIDs can be used as a whitelist and forbiddenAccountIDs can be used as a blacklist.
|
||||
func ValidateAccountID(accountID string, allowedAccountIDs, forbiddenAccountIDs []string) error {
|
||||
if len(forbiddenAccountIDs) > 0 {
|
||||
for _, forbiddenAccountID := range forbiddenAccountIDs {
|
||||
if accountID == forbiddenAccountID {
|
||||
return fmt.Errorf("Forbidden AWS Account ID: %s", accountID)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if len(allowedAccountIDs) > 0 {
|
||||
for _, allowedAccountID := range allowedAccountIDs {
|
||||
if accountID == allowedAccountID {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
return fmt.Errorf("AWS Account ID not allowed: %s)", accountID)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// ValidateRegion checks if the given region is a valid AWS region.
|
||||
func ValidateRegion(region string) error {
|
||||
for _, partition := range endpoints.DefaultPartitions() {
|
||||
for _, partitionRegion := range partition.Regions() {
|
||||
if region == partitionRegion.ID() {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return fmt.Errorf("Invalid AWS Region: %s", region)
|
||||
}
|
||||
|
|
@ -253,7 +253,7 @@ github.com/gophercloud/gophercloud/openstack/db/v1/datastores
|
|||
github.com/gophercloud/gophercloud/internal
|
||||
# github.com/gophercloud/utils v0.0.0-20190128072930-fbb6ab446f01
|
||||
github.com/gophercloud/utils/openstack/clientconfig
|
||||
# github.com/hashicorp/aws-sdk-go-base v0.1.0
|
||||
# github.com/hashicorp/aws-sdk-go-base v0.2.0
|
||||
github.com/hashicorp/aws-sdk-go-base
|
||||
# github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089
|
||||
github.com/hashicorp/consul/api
|
||||
|
|
|
|||
Loading…
Reference in New Issue