Merge pull request #8114 from TimeIncOSS/f-aws-skip-options

aws: Change names of new skip_* fields + document those
This commit is contained in:
Radek Simko 2016-08-12 07:00:14 +01:00 committed by GitHub
commit e251d5c7bd
4 changed files with 66 additions and 41 deletions

View File

@ -117,10 +117,10 @@ func GetCredentials(c *Config) *awsCredentials.Credentials {
}
usedEndpoint := setOptionalEndpoint(cfg)
// Real AWS should reply to a simple metadata request.
// We check it actually does to ensure something else didn't just
// happen to be listening on the same IP:Port
if c.SkipMetadataApiCheck == false {
if !c.SkipMetadataApiCheck {
// Real AWS should reply to a simple metadata request.
// We check it actually does to ensure something else didn't just
// happen to be listening on the same IP:Port
metadataClient := ec2metadata.New(session.New(cfg))
if metadataClient.Available() {
providers = append(providers, &ec2rolecreds.EC2RoleProvider{

View File

@ -69,16 +69,17 @@ type Config struct {
AllowedAccountIds []interface{}
ForbiddenAccountIds []interface{}
DynamoDBEndpoint string
KinesisEndpoint string
Ec2Endpoint string
IamEndpoint string
ElbEndpoint string
S3Endpoint string
Insecure bool
SkipIamCredsValidation bool
SkipIamAccountId bool
SkipMetadataApiCheck bool
DynamoDBEndpoint string
KinesisEndpoint string
Ec2Endpoint string
IamEndpoint string
ElbEndpoint string
S3Endpoint string
Insecure bool
SkipCredsValidation bool
SkipRequestingAccountId bool
SkipMetadataApiCheck bool
}
type AWSClient struct {
@ -205,7 +206,7 @@ func (c *Config) Client() (interface{}, error) {
client.iamconn = iam.New(awsIamSess)
client.stsconn = sts.New(sess)
if c.SkipIamCredsValidation == false {
if !c.SkipCredsValidation {
err = c.ValidateCredentials(client.stsconn)
if err != nil {
errs = append(errs, err)
@ -213,16 +214,16 @@ func (c *Config) Client() (interface{}, error) {
}
}
if c.SkipIamAccountId == false {
if !c.SkipRequestingAccountId {
accountId, err := GetAccountId(client.iamconn, client.stsconn, cp.ProviderName)
if err == nil {
client.accountid = accountId
}
}
authErr := c.ValidateAccountId(client.accountid)
if authErr != nil {
errs = append(errs, authErr)
}
authErr := c.ValidateAccountId(client.accountid)
if authErr != nil {
errs = append(errs, authErr)
}
client.apigateway = apigateway.New(sess)

View File

@ -110,18 +110,18 @@ func Provider() terraform.ResourceProvider {
Description: descriptions["insecure"],
},
"skip_iam_creds_validation": &schema.Schema{
"skip_credentials_validation": &schema.Schema{
Type: schema.TypeBool,
Optional: true,
Default: false,
Description: descriptions["skip_iam_creds_validation"],
Description: descriptions["skip_credentials_validation"],
},
"skip_iam_account_id": &schema.Schema{
"skip_requesting_account_id": &schema.Schema{
Type: schema.TypeBool,
Optional: true,
Default: false,
Description: descriptions["skip_iam_account_id"],
Description: descriptions["skip_requesting_account_id"],
},
"skip_metadata_api_check": &schema.Schema{
@ -356,11 +356,11 @@ func init() {
"insecure": "Explicitly allow the provider to perform \"insecure\" SSL requests. If omitted," +
"default value is `false`",
"skip_iam_creds_validation": "Skip the IAM/STS credentials validation. " +
"Used for AWS API implementations that do not use IAM.",
"skip_credentials_validation": "Skip the credentials validation via STS API. " +
"Used for AWS API implementations that do not have STS available/implemented.",
"skip_iam_account_id": "Skip the request of account id to IAM/STS. " +
"Used for AWS API implementations that do not use IAM.",
"skip_requesting_account_id": "Skip requesting the account ID. " +
"Used for AWS API implementations that do not have IAM/STS API and/or metadata API.",
"skip_medatadata_api_check": "Skip the AWS Metadata API check. " +
"Used for AWS API implementations that do not have a metadata api endpoint.",
@ -369,19 +369,19 @@ func init() {
func providerConfigure(d *schema.ResourceData) (interface{}, error) {
config := Config{
AccessKey: d.Get("access_key").(string),
SecretKey: d.Get("secret_key").(string),
Profile: d.Get("profile").(string),
CredsFilename: d.Get("shared_credentials_file").(string),
Token: d.Get("token").(string),
Region: d.Get("region").(string),
MaxRetries: d.Get("max_retries").(int),
DynamoDBEndpoint: d.Get("dynamodb_endpoint").(string),
KinesisEndpoint: d.Get("kinesis_endpoint").(string),
Insecure: d.Get("insecure").(bool),
SkipIamCredsValidation: d.Get("skip_iam_creds_validation").(bool),
SkipIamAccountId: d.Get("skip_iam_account_id").(bool),
SkipMetadataApiCheck: d.Get("skip_metadata_api_check").(bool),
AccessKey: d.Get("access_key").(string),
SecretKey: d.Get("secret_key").(string),
Profile: d.Get("profile").(string),
CredsFilename: d.Get("shared_credentials_file").(string),
Token: d.Get("token").(string),
Region: d.Get("region").(string),
MaxRetries: d.Get("max_retries").(int),
DynamoDBEndpoint: d.Get("dynamodb_endpoint").(string),
KinesisEndpoint: d.Get("kinesis_endpoint").(string),
Insecure: d.Get("insecure").(bool),
SkipCredsValidation: d.Get("skip_credentials_validation").(bool),
SkipRequestingAccountId: d.Get("skip_requesting_account_id").(bool),
SkipMetadataApiCheck: d.Get("skip_metadata_api_check").(bool),
}
endpointsSet := d.Get("endpoints").(*schema.Set)

View File

@ -159,6 +159,30 @@ The following arguments are supported in the `provider` block:
URL constructed from the `region`. It's typically used to connect to
kinesalite.
* `skip_credentials_validation` - (Optional) Skip the credentials validation via STS API.
Useful for AWS API implementations that do not have STS available/implemented.
* `skip_requesting_account_id` - (Optional) Skip requesting the account ID.
Useful for AWS API implementations that do not have IAM/STS API and/or metadata API.
`true` (enabling this option) prevents you from managing any resource that requires Account ID to construct an ARN, e.g.
- `aws_db_instance`
- `aws_db_option_group`
- `aws_db_parameter_group`
- `aws_db_security_group`
- `aws_db_subnet_group`
- `aws_elasticache_cluster`
- `aws_glacier_vault`
- `aws_rds_cluster`
- `aws_rds_cluster_instance`
- `aws_rds_cluster_parameter_group`
- `aws_redshift_cluster`
* `skip_metadata_api_check` - (Optional) Skip the AWS Metadata API check.
Useful for AWS API implementations that do not have a metadata API endpoint.
`true` prevents Terraform from authenticating via Metadata API - i.e. you may need to use other auth methods
(static credentials set as ENV vars or config)
Nested `endpoints` block supports the followings:
* `iam` - (Optional) Use this to override the default endpoint