Commit Graph

32 Commits

Author SHA1 Message Date
Martin Atkins 821d0401bc svchost/auth: New API for storing and forgetting credentials
This new functionality will be used as part of implementing the
"terraform login" and "terraform logout" commands.

As of this commit, the storage codepaths are all just stubs. Subsequent
commits will implement these new methods for each of the different
physical credentials sources.
2019-08-23 11:57:11 -07:00
Martin Atkins 31a9790080 svchost/disco: Allow oauth client services to specify grant types
Previously we just assumed support for the authorization code grant type,
but now we'll allow the host to declare which grant types it supports
to allow for more flexibility in host login implementations. We may extend
the set of supported grant types in future.
2019-08-22 14:01:44 -07:00
Martin Atkins 5590efcd33 svchost/disco: Allow services that act as OAuth clients
The OAuth specification requires several distinct arguments to be provided
to configure a client, rather than just a URL. To accommodate this, we'll
add a new method to the service discovery API to retrieve OAuth client
information in a Terraform-specific form. (The OAuth specification itself
considers this out of scope, because most OAuth clients are configured
by just hard-coding these settings into them for a particular remote
service.)
2019-08-22 14:01:44 -07:00
Pam Selle 9631e4c73d
Merge pull request #20571 from sergkondr/fix_misspelling
fix misspelling
2019-08-13 17:13:13 -04:00
Radek Simko 5b9f2fafc8 Standardise directory name for test data 2019-06-30 10:16:15 +02:00
Sergey Kondrashov 43e7a7b552 fix misspelling 2019-03-05 16:12:52 +03:00
Sander van Harmelen 47a00ea34b backend/remote: cleanup test connections
Cleanup test connection to prevent file descriptor issues when running the tests on a Mac.
2019-02-07 09:55:19 +01:00
Radek Simko bd37eda076
disco: Set transport early (during initialization) 2019-01-28 11:04:56 +00:00
Sander van Harmelen 1e4c20686e backend/remote: make sure we show the correct error
Previously we would show two errors when there was a version constraint
error. But of course one is enough.
2019-01-23 15:09:42 +01:00
Sander van Harmelen 8f04e93739 backend/remote: return detailed incompatibility info 2018-12-14 21:11:41 +01:00
Sander van Harmelen 268c0f85ce Add a method to retrieve version contraints 2018-12-14 12:17:31 +01:00
Sander van Harmelen a5a2156584 core: enhance service discovery
This PR improves the error handling so we can provide better feedback about any service discovery errors that occured.

Additionally it adds logic to test for specific versions when discovering a service using `service.vN`. This will enable more informational errors which can indicate any version incompatibilities.
2018-12-10 20:52:05 +01:00
Outsider a2cb579d1b
svchost: test for hostname started with numeric
Signed-off-by: Outsider <outsideris@gmail.com>
2018-10-25 09:02:28 -07:00
Sander van Harmelen 179b32d426 Add a `CredentialsForHost` method to disco.Disco
By adding this method you now only have to pass a `*disco.Disco` object around in order to do discovery and use any configured credentials for the discovered hosts.

Of course you can also still pass around both a `*disco.Disco` and a `auth.CredentialsSource` object if there is a need or a reason for that!
2018-08-03 11:29:11 +02:00
Sander van Harmelen 2c0c3771a9 Make sure to close the response body
And fix a few linter warnings while we're at it…
2018-06-29 16:14:54 +02:00
Paul Tyng c868092d2d
Standardize http.Client creation with User-Agent 2018-02-28 12:09:50 -05:00
Paul Tyng 344e8fca05
Relax typing to allow for http.RoundTripper 2018-02-28 11:40:17 -05:00
James Bardin 37ad172d0d extend disco timeout
Extend the discovery timeout from 4 seconds to 11 seconds. This gives a
little more time for a slow host to response. The duration of 11s
keeps the delay reasonable, and puts it just after the default TLS
handshake timeout of 10s for easier differentiation of the error cases.
2018-01-25 17:16:28 -05:00
Masayuki Morita f440dba137 Standardize on log level "WARN" rather than "WARNING" 2018-01-16 18:05:26 -08:00
Martin Atkins 74180229d0 svchost/disco: allow overriding discovery for a particular hostname
The default network-based discovery is not desirable for all situations,
so this mechanism allows callers to provide a services map for a given
hostname that was obtained some other way (caller-defined) which will then
cause network-based discovery to be skipped and the given map to be
returned verbatim.
2017-10-26 08:58:52 -07:00
James Bardin e7ecec6860 add Transport field to Disco
For the same reason the disco tests need to override the http.Transport,
other test fixtures will need to as well. Provide a field to override
the default httpTransport.
2017-10-25 10:49:36 -04:00
James Bardin 36b8be43e8 use the new version package
Update all references to the version values to use the new package.
The VersionString function was left in the terraform package
specifically for the aws provider, which is vendored. We can remove that
last call once the provider is updated.
2017-10-19 21:48:08 -04:00
Martin Atkins d5b0beac01 svchost/auth: static credentials source
This uses an in-memory table of credentials keyed on hostname. This is
the simplest possible credentials source that can actually return
credentials, and is suitable for representing statically-configured
credentials from configuration.
2017-10-19 11:18:43 -07:00
Martin Atkins 0db521a281 svchost/auth: expose a "NoCredentials" credentials source
For situations where no credentials are needed but where a working
CredentialsSource is still required, this variable provides a convenient
way to get a fully-functional-but-empty credentials source.
2017-10-19 11:18:43 -07:00
Martin Atkins 83b098344b svchost/disco: add credentials, if available, to disco requests
Although service discovery metadata is usually not sensitive, a service
host may wish to produce different results depending on the requesting
user, such as if users are migrating between two different implementations
that are both running concurrently for some period.
2017-10-19 11:18:43 -07:00
Martin Atkins fcff4cbc95 svchost/auth: caching credentials source
This credentials source wraps another and caches its results in memory
in a map that is keyed on the request hostname.

This should ease the common case of many services operating on the same
hostname by allowing an initial set of credentials to be re-used for
subsequent requests.
2017-10-19 11:18:43 -07:00
Martin Atkins 981c95f699 svchost/auth: CredentialsSource that runs an external program
This CredentialsSource can serve as an extension point to pass credentials
from an arbitrary external system to Terraform. For example, an external
helper program could fetch limited-time credentials from HashiCorp Vault
and return them, thus avoiding the need for any static configuration to
be maintained locally (except a Vault token!).

So far there are no real programs implementing this protocol, though this
commit includes a basic implementation that we use for unit tests.
2017-10-19 11:18:43 -07:00
Martin Atkins 1b60e8fdb6 svchost/auth: HostCredentialsFromMap function
This function deals with turning a map derived from some user input
(e.g. in a config file) into a HostCredentials object, if possible. This
will be used as a standard way to specify credentials so we have a place
to add new credentials types in future and have support for those across
all of our map-based CredentialsSources.
2017-10-19 11:18:43 -07:00
Martin Atkins 43a3357473 svchost/auth: token-based HostCredentials
This is the only credentials type we support right now, which just sends
an opaque token via the "Bearer" HTTP auth scheme.
2017-10-19 11:18:43 -07:00
Martin Atkins 3c65b5dd61 svchost/auth: package for looking up credentials for service hosts
This commit establishes the primary types involved here. Subsequent
commits will add specific implementations of these interfaces.
2017-10-19 11:18:43 -07:00
Martin Atkins 6cd9a8f9c2 svchost/disco: lookup of service URLs within a discovered map
This package implements our Terraform-native Service discovery protocol,
which allows us to find the base URL for a particular service given a
hostname that was already validated and normalized by the svchost package.
2017-10-19 11:18:43 -07:00
Martin Atkins db08ee4ac5 svchost: new package for wrangling service hostnames
We're starting to expose a number of so-called "Terraform-native services"
that can be offered under a friendly hostname. The first of these will
be module registry services, as they expand from the public
Terraform Registry to private registry services within Terraform
Enterprise and elsewhere.

This package is for wrangling these "friendly hostnames", which start
their lives as user-specified unicode strings, can be converted to
Punycode for storage and comparison, and can in turn be converted back
into normalized unicode for display to the user.
2017-10-19 11:18:43 -07:00