Merge pull request #8114 from TimeIncOSS/f-aws-skip-options
aws: Change names of new skip_* fields + document those
This commit is contained in:
commit
e251d5c7bd
|
@ -117,10 +117,10 @@ func GetCredentials(c *Config) *awsCredentials.Credentials {
|
|||
}
|
||||
usedEndpoint := setOptionalEndpoint(cfg)
|
||||
|
||||
// Real AWS should reply to a simple metadata request.
|
||||
// We check it actually does to ensure something else didn't just
|
||||
// happen to be listening on the same IP:Port
|
||||
if c.SkipMetadataApiCheck == false {
|
||||
if !c.SkipMetadataApiCheck {
|
||||
// Real AWS should reply to a simple metadata request.
|
||||
// We check it actually does to ensure something else didn't just
|
||||
// happen to be listening on the same IP:Port
|
||||
metadataClient := ec2metadata.New(session.New(cfg))
|
||||
if metadataClient.Available() {
|
||||
providers = append(providers, &ec2rolecreds.EC2RoleProvider{
|
||||
|
|
|
@ -69,16 +69,17 @@ type Config struct {
|
|||
AllowedAccountIds []interface{}
|
||||
ForbiddenAccountIds []interface{}
|
||||
|
||||
DynamoDBEndpoint string
|
||||
KinesisEndpoint string
|
||||
Ec2Endpoint string
|
||||
IamEndpoint string
|
||||
ElbEndpoint string
|
||||
S3Endpoint string
|
||||
Insecure bool
|
||||
SkipIamCredsValidation bool
|
||||
SkipIamAccountId bool
|
||||
SkipMetadataApiCheck bool
|
||||
DynamoDBEndpoint string
|
||||
KinesisEndpoint string
|
||||
Ec2Endpoint string
|
||||
IamEndpoint string
|
||||
ElbEndpoint string
|
||||
S3Endpoint string
|
||||
Insecure bool
|
||||
|
||||
SkipCredsValidation bool
|
||||
SkipRequestingAccountId bool
|
||||
SkipMetadataApiCheck bool
|
||||
}
|
||||
|
||||
type AWSClient struct {
|
||||
|
@ -205,7 +206,7 @@ func (c *Config) Client() (interface{}, error) {
|
|||
client.iamconn = iam.New(awsIamSess)
|
||||
client.stsconn = sts.New(sess)
|
||||
|
||||
if c.SkipIamCredsValidation == false {
|
||||
if !c.SkipCredsValidation {
|
||||
err = c.ValidateCredentials(client.stsconn)
|
||||
if err != nil {
|
||||
errs = append(errs, err)
|
||||
|
@ -213,16 +214,16 @@ func (c *Config) Client() (interface{}, error) {
|
|||
}
|
||||
}
|
||||
|
||||
if c.SkipIamAccountId == false {
|
||||
if !c.SkipRequestingAccountId {
|
||||
accountId, err := GetAccountId(client.iamconn, client.stsconn, cp.ProviderName)
|
||||
if err == nil {
|
||||
client.accountid = accountId
|
||||
}
|
||||
}
|
||||
|
||||
authErr := c.ValidateAccountId(client.accountid)
|
||||
if authErr != nil {
|
||||
errs = append(errs, authErr)
|
||||
}
|
||||
authErr := c.ValidateAccountId(client.accountid)
|
||||
if authErr != nil {
|
||||
errs = append(errs, authErr)
|
||||
}
|
||||
|
||||
client.apigateway = apigateway.New(sess)
|
||||
|
|
|
@ -110,18 +110,18 @@ func Provider() terraform.ResourceProvider {
|
|||
Description: descriptions["insecure"],
|
||||
},
|
||||
|
||||
"skip_iam_creds_validation": &schema.Schema{
|
||||
"skip_credentials_validation": &schema.Schema{
|
||||
Type: schema.TypeBool,
|
||||
Optional: true,
|
||||
Default: false,
|
||||
Description: descriptions["skip_iam_creds_validation"],
|
||||
Description: descriptions["skip_credentials_validation"],
|
||||
},
|
||||
|
||||
"skip_iam_account_id": &schema.Schema{
|
||||
"skip_requesting_account_id": &schema.Schema{
|
||||
Type: schema.TypeBool,
|
||||
Optional: true,
|
||||
Default: false,
|
||||
Description: descriptions["skip_iam_account_id"],
|
||||
Description: descriptions["skip_requesting_account_id"],
|
||||
},
|
||||
|
||||
"skip_metadata_api_check": &schema.Schema{
|
||||
|
@ -356,11 +356,11 @@ func init() {
|
|||
"insecure": "Explicitly allow the provider to perform \"insecure\" SSL requests. If omitted," +
|
||||
"default value is `false`",
|
||||
|
||||
"skip_iam_creds_validation": "Skip the IAM/STS credentials validation. " +
|
||||
"Used for AWS API implementations that do not use IAM.",
|
||||
"skip_credentials_validation": "Skip the credentials validation via STS API. " +
|
||||
"Used for AWS API implementations that do not have STS available/implemented.",
|
||||
|
||||
"skip_iam_account_id": "Skip the request of account id to IAM/STS. " +
|
||||
"Used for AWS API implementations that do not use IAM.",
|
||||
"skip_requesting_account_id": "Skip requesting the account ID. " +
|
||||
"Used for AWS API implementations that do not have IAM/STS API and/or metadata API.",
|
||||
|
||||
"skip_medatadata_api_check": "Skip the AWS Metadata API check. " +
|
||||
"Used for AWS API implementations that do not have a metadata api endpoint.",
|
||||
|
@ -369,19 +369,19 @@ func init() {
|
|||
|
||||
func providerConfigure(d *schema.ResourceData) (interface{}, error) {
|
||||
config := Config{
|
||||
AccessKey: d.Get("access_key").(string),
|
||||
SecretKey: d.Get("secret_key").(string),
|
||||
Profile: d.Get("profile").(string),
|
||||
CredsFilename: d.Get("shared_credentials_file").(string),
|
||||
Token: d.Get("token").(string),
|
||||
Region: d.Get("region").(string),
|
||||
MaxRetries: d.Get("max_retries").(int),
|
||||
DynamoDBEndpoint: d.Get("dynamodb_endpoint").(string),
|
||||
KinesisEndpoint: d.Get("kinesis_endpoint").(string),
|
||||
Insecure: d.Get("insecure").(bool),
|
||||
SkipIamCredsValidation: d.Get("skip_iam_creds_validation").(bool),
|
||||
SkipIamAccountId: d.Get("skip_iam_account_id").(bool),
|
||||
SkipMetadataApiCheck: d.Get("skip_metadata_api_check").(bool),
|
||||
AccessKey: d.Get("access_key").(string),
|
||||
SecretKey: d.Get("secret_key").(string),
|
||||
Profile: d.Get("profile").(string),
|
||||
CredsFilename: d.Get("shared_credentials_file").(string),
|
||||
Token: d.Get("token").(string),
|
||||
Region: d.Get("region").(string),
|
||||
MaxRetries: d.Get("max_retries").(int),
|
||||
DynamoDBEndpoint: d.Get("dynamodb_endpoint").(string),
|
||||
KinesisEndpoint: d.Get("kinesis_endpoint").(string),
|
||||
Insecure: d.Get("insecure").(bool),
|
||||
SkipCredsValidation: d.Get("skip_credentials_validation").(bool),
|
||||
SkipRequestingAccountId: d.Get("skip_requesting_account_id").(bool),
|
||||
SkipMetadataApiCheck: d.Get("skip_metadata_api_check").(bool),
|
||||
}
|
||||
|
||||
endpointsSet := d.Get("endpoints").(*schema.Set)
|
||||
|
|
|
@ -159,6 +159,30 @@ The following arguments are supported in the `provider` block:
|
|||
URL constructed from the `region`. It's typically used to connect to
|
||||
kinesalite.
|
||||
|
||||
* `skip_credentials_validation` - (Optional) Skip the credentials validation via STS API.
|
||||
Useful for AWS API implementations that do not have STS available/implemented.
|
||||
|
||||
* `skip_requesting_account_id` - (Optional) Skip requesting the account ID.
|
||||
Useful for AWS API implementations that do not have IAM/STS API and/or metadata API.
|
||||
`true` (enabling this option) prevents you from managing any resource that requires Account ID to construct an ARN, e.g.
|
||||
- `aws_db_instance`
|
||||
- `aws_db_option_group`
|
||||
- `aws_db_parameter_group`
|
||||
- `aws_db_security_group`
|
||||
- `aws_db_subnet_group`
|
||||
- `aws_elasticache_cluster`
|
||||
- `aws_glacier_vault`
|
||||
- `aws_rds_cluster`
|
||||
- `aws_rds_cluster_instance`
|
||||
- `aws_rds_cluster_parameter_group`
|
||||
- `aws_redshift_cluster`
|
||||
|
||||
* `skip_metadata_api_check` - (Optional) Skip the AWS Metadata API check.
|
||||
Useful for AWS API implementations that do not have a metadata API endpoint.
|
||||
`true` prevents Terraform from authenticating via Metadata API - i.e. you may need to use other auth methods
|
||||
(static credentials set as ENV vars or config)
|
||||
|
||||
|
||||
Nested `endpoints` block supports the followings:
|
||||
|
||||
* `iam` - (Optional) Use this to override the default endpoint
|
||||
|
|
Loading…
Reference in New Issue