Upo
4ccc63d79d
backend: Add service account impersonation to GCS Backend and update the docs ( #26700 )
2020-11-06 09:06:07 -05:00
Kristin Laemmert
6f4f6fbc72
helper: deprecate pathorcontents
...
pathorcontents was solely used by the gcs backend. I moved the function
into the backend package so it could still be used by other backends for
good measure.
2020-10-08 08:42:16 -04:00
Paddy Carver
b8752c7610
Add a backend-specific env var for the GCS backend.
...
Right now, the only environment variable available is the same
environment variable that will be picked up by the GCP provider. Users
would like to be able to store state in separate projects or accounts or
otherwise authenticate to the provider with a service account that
doesn't have access to the state. This seems like a reasonable enough
practice to me, and the solution seems straightforward--offer an
environment variable that doesn't mean anything to the provider to
configure the backend credentials. I've added GOOGLE_BACKEND_CREDENTIALS
to manage just the backend credentials, and documented it appropriately.
2019-12-12 03:35:39 -08:00
Luis Silva
9ae8eca55d
Merge branch 'master' into 21680/GCS_OAUTH
2019-08-27 16:56:27 +01:00
Roberto Jung Drebes
b459a92575
backend/gcs: Use new endpoints for Google OAuth
...
This is a consequence of googleapis/google-cloud-common#260 .
2019-08-13 15:24:34 -07:00
Luis Silva
f6c90c1d96
Add OAuth2 token support for GCS backend
2019-07-05 10:06:44 +01:00
Stefan Schmidt
3ca1253796
backend/gcs: Mark the unused attributes project and region as removed.
...
These two attributes are not used since aec45e6967
.
2019-03-19 17:29:04 -07:00
Sander van Harmelen
495d1ea350
Use New() instead of `once.Do(b.init)`
2018-08-03 11:29:11 +02:00
Paul Tyng
c868092d2d
Standardize http.Client creation with User-Agent
2018-02-28 12:09:50 -05:00
Nic Cope
011841124b
Support 'customer supplied encryption keys' in the GCS backend
...
https://cloud.google.com/storage/docs/encryption#customer-supplied
GCS state created using customer supplied encryption keys can only be read or
modified using the same key.
2017-12-17 19:27:52 -08:00
James Bardin
52eced589f
accept a path or contents for credentials
...
Match the operation of the google provider, by accepting either a file
path or contents for both `credentials` and `GOOGLE_CREDENTIALS`
2017-12-06 18:33:59 -05:00
James Bardin
aec45e6967
backends should never create unmanaged resources
...
The backend was creating bucket named in the configuration if it didn't
exist. We don't allow other backends to do this, because these are not
managed resources that terraform can control.
2017-12-06 18:32:41 -05:00
Nic Cope
27ba7de77d
backend/gcs: automatically add trailing slash to prefix
...
The backend doesn't function correctly if a trailing slash is not present, due to how workspaces are enumerated.
2017-11-08 11:24:36 -08:00
Florian Forster
afa13a3d8e
backend/remote-state/gcs: Move toBucketName to the tests.
2017-10-27 16:52:21 -04:00
Florian Forster
dcb84ee2c2
backend/remote-state/gcs: Sanitize bucket names.
2017-10-27 16:52:21 -04:00
Florian Forster
a6669c9e99
backend/remote-state/gcs: Don't enable versioning on new buckets.
...
Enabling versioning without setting up lifecycle management leads to
every lock file being archived, slowly accruing useless data.
2017-10-27 16:52:21 -04:00
Florian Forster
927085289d
backend/remote-state/gcs: Implement the "region" config option.
...
This allows to select the region in which a bucket is created.
This copies behavior from the Google Cloud provider.
2017-10-27 16:52:21 -04:00
Florian Forster
9583d0945c
backend/remote-state/gcs: Add support for the GOOGLE_PROJECT environment variable.
...
This copies behavior from the Google Cloud provider.
2017-10-27 16:52:21 -04:00
Florian Forster
37dc95158d
backend/remote-state/gcs: Enable versioning on automatically created buckets.
2017-10-27 16:52:21 -04:00
Florian Forster
df386d3133
backend/remote-state/gcs: Automatically create the bucket if needed.
...
This resurrects the previously documented but unused "project" option.
This option is required to create buckets (so they are associated with the
right cloud project) but not to access the buckets later on (because their
names are globally unique).
2017-10-27 16:52:21 -04:00
Florian Forster
14263223e7
backend/remote-state/gcs: Simplify initialization of the GCS client.
...
This also implements the (already documented) behavior of checking the
GOOGLE_CREDENTIALS environment variable.
2017-10-27 16:52:21 -04:00
Florian Forster
816c98f387
backend/remote-state/gcs: Read credentials with ioutil.ReadFile().
...
We never expect the raw JSON to appear in the config, so pathorcontents is
not the right package here.
2017-10-27 16:52:21 -04:00
Florian Forster
c00e929ee5
backend/remote-state/gcs: Mark the "path" option as deprecated.
2017-10-27 16:52:21 -04:00
Florian Forster
14bfbf0617
backend/remote-state/gcs: Document the "prefix" option.
...
"state_dir" has been renamed to "prefix" to better fix the GCS
terminology.
2017-10-27 16:51:21 -04:00
Florian Forster
c054bd0939
backend/remote-state/gcs: Rename "gcloud" to "gcs" for backwards compatibility.
2017-10-27 16:51:21 -04:00