Commit Graph

11 Commits

Author SHA1 Message Date
James Bardin 36b8be43e8 use the new version package
Update all references to the version values to use the new package.
The VersionString function was left in the terraform package
specifically for the aws provider, which is vendored. We can remove that
last call once the provider is updated.
2017-10-19 21:48:08 -04:00
Martin Atkins d5b0beac01 svchost/auth: static credentials source
This uses an in-memory table of credentials keyed on hostname. This is
the simplest possible credentials source that can actually return
credentials, and is suitable for representing statically-configured
credentials from configuration.
2017-10-19 11:18:43 -07:00
Martin Atkins 0db521a281 svchost/auth: expose a "NoCredentials" credentials source
For situations where no credentials are needed but where a working
CredentialsSource is still required, this variable provides a convenient
way to get a fully-functional-but-empty credentials source.
2017-10-19 11:18:43 -07:00
Martin Atkins 83b098344b svchost/disco: add credentials, if available, to disco requests
Although service discovery metadata is usually not sensitive, a service
host may wish to produce different results depending on the requesting
user, such as if users are migrating between two different implementations
that are both running concurrently for some period.
2017-10-19 11:18:43 -07:00
Martin Atkins fcff4cbc95 svchost/auth: caching credentials source
This credentials source wraps another and caches its results in memory
in a map that is keyed on the request hostname.

This should ease the common case of many services operating on the same
hostname by allowing an initial set of credentials to be re-used for
subsequent requests.
2017-10-19 11:18:43 -07:00
Martin Atkins 981c95f699 svchost/auth: CredentialsSource that runs an external program
This CredentialsSource can serve as an extension point to pass credentials
from an arbitrary external system to Terraform. For example, an external
helper program could fetch limited-time credentials from HashiCorp Vault
and return them, thus avoiding the need for any static configuration to
be maintained locally (except a Vault token!).

So far there are no real programs implementing this protocol, though this
commit includes a basic implementation that we use for unit tests.
2017-10-19 11:18:43 -07:00
Martin Atkins 1b60e8fdb6 svchost/auth: HostCredentialsFromMap function
This function deals with turning a map derived from some user input
(e.g. in a config file) into a HostCredentials object, if possible. This
will be used as a standard way to specify credentials so we have a place
to add new credentials types in future and have support for those across
all of our map-based CredentialsSources.
2017-10-19 11:18:43 -07:00
Martin Atkins 43a3357473 svchost/auth: token-based HostCredentials
This is the only credentials type we support right now, which just sends
an opaque token via the "Bearer" HTTP auth scheme.
2017-10-19 11:18:43 -07:00
Martin Atkins 3c65b5dd61 svchost/auth: package for looking up credentials for service hosts
This commit establishes the primary types involved here. Subsequent
commits will add specific implementations of these interfaces.
2017-10-19 11:18:43 -07:00
Martin Atkins 6cd9a8f9c2 svchost/disco: lookup of service URLs within a discovered map
This package implements our Terraform-native Service discovery protocol,
which allows us to find the base URL for a particular service given a
hostname that was already validated and normalized by the svchost package.
2017-10-19 11:18:43 -07:00
Martin Atkins db08ee4ac5 svchost: new package for wrangling service hostnames
We're starting to expose a number of so-called "Terraform-native services"
that can be offered under a friendly hostname. The first of these will
be module registry services, as they expand from the public
Terraform Registry to private registry services within Terraform
Enterprise and elsewhere.

This package is for wrangling these "friendly hostnames", which start
their lives as user-specified unicode strings, can be converted to
Punycode for storage and comparison, and can in turn be converted back
into normalized unicode for display to the user.
2017-10-19 11:18:43 -07:00