Paul Hinze
ba21769083
Merge pull request #2903 from kjmkznr/remote-s3-sse-kms
...
state/remote/s3: Allows KMS Key Encryption setting when using S3 backend with encrypt
2016-01-19 18:54:03 -06:00
Sander van Harmelen
9b27db6fea
Add the option to specify a custom (AWS compatible) S3 endpoint
...
Same fix/option as I added in Vault not too long ago:
https://github.com/hashicorp/vault/pull/750
2016-01-11 14:28:52 +01:00
James Nugent
ff9345287b
Merge branch 'artifactory-remote-state' of https://github.com/lusis/terraform into lusis-artifactory-remote-state
2015-12-19 13:36:55 -05:00
Paul Hinze
1100243536
state/remote/atlas: switch to retryablehttp
...
The retryablehttp package implements basic retries w/ exponential
backoff, which helps the remote state push recover in cases of
connectivity blips or transient errors.
2015-12-18 09:48:54 -06:00
Paul Hinze
1a19f43ee1
core: support HTTP basic auth in consul remote state
...
Closes #1663
2015-12-04 07:15:18 -06:00
Rafal Jeczalik
9e66e18334
provider/aws: fix for https://github.com/aws/aws-sdk-go/issues/452
2015-11-24 09:30:21 +01:00
Paul Hinze
cadbbbae08
aws: fix build after upstream breaking change
...
see
1a69d06935
2015-10-29 18:52:10 -05:00
John E. Vincent
c3f863f4c5
add artifactory remote state storage
2015-10-29 09:33:09 -04:00
Paul Hinze
6aa5fdc938
state/remote/atlas: handle conflicts on equivalent states
...
Atlas returns an HTTP 409 - Conflict if the pushed state reports the same
Serial number but the checksum of the raw content differs. This can
sometimes happen when Terraform changes state representation internally
between versions in a way that's semantically neutral but affects the JSON
output and therefore the checksum.
Here we detect and handle this situation by ticking the serial and retrying
iff for the previous state and the proposed state:
* the serials match
* the parsed states are Equal (semantically equivalent)
In other words, in this situation Terraform can override Atlas's detected
conflict by asserting that the state it is pushing is indeed correct.
2015-10-22 15:40:45 -05:00
Jeff Mitchell
1373a6086b
Use cleanhttp for new http clients
2015-10-22 14:23:59 -04:00
Paul Hinze
15a36d06cf
Merge pull request #3532 from hashicorp/remove-default-client
...
Remove usage of http.DefaultClient
2015-10-20 10:42:31 -05:00
Jeff Mitchell
b0ceffc322
Remove usage from dependencies as well. Other dependencies need upstream merging to completely solve this.
2015-10-19 12:06:34 -04:00
Jeff Mitchell
3c0ed11922
Remove usage of http.DefaultClient
2015-10-19 12:06:33 -04:00
Nathan Zadoks
bb51882f33
Etcd remote state backend
2015-10-18 23:24:55 +02:00
Kazunori Kojima
9186c29dd8
Fix typo
2015-10-07 23:39:08 +09:00
Kazunori Kojima
576b2d1109
Change KMS Key ID configuration name to used in other
2015-10-07 23:09:03 +09:00
Kazunori Kojima
ba8f1fa1f0
Add support S3 server side encryption with KMS.
...
* Example
```
terraform remote config \
-backend=s3
-backend-config="bucket=bucket-tfstate"
-backend-config="key=terraform.tfstate"
-backend-config="region=ap-northeast-1"
-backend-config="encrypt=1"
-backend-config="kmsKeyID=arn:aws:kms:ap-northeast-1:123456789:key/ac54dbd2-f301-42c1-bab9-88e6a84292a9"
```
2015-10-07 23:03:55 +09:00
Martin Atkins
ccc8f0d0fb
S3 remote state use application/json Content-Type.
...
The state is always JSON, in spite of the fact that this interface
presents it as an opaque byte array. It's more helpful to those interacting
with the state object outside of Terraform for it to have a more specific
content-type.
2015-10-03 18:02:36 -07:00
Martin Atkins
859c6c5e68
Merge #3233 : Allow canned ACLs on S3 remote state.
2015-10-03 17:40:17 -07:00
Radek Simko
3d77d158f7
remote/s3: Add support for ACL
2015-09-14 10:40:46 +01:00
Jack Pearkes
eba638d044
remote/atlas: if `ATLAS_RUN_ID` is set, send it with remote state save
...
This detects the presence of ATLAS_RUN_ID in the environment and sends
it if exists with remote state PUT requests with query params.
2015-08-20 13:54:26 -07:00
Jack Pearkes
d19ec9d57a
remote/atlas: remove old force param commented out
...
It appears this was left in through development, but as force
is not a parameter likely doesn't have any relevance anymore.
2015-08-20 13:21:47 -07:00
Paul Hinze
1a44b427a7
state/remote/s3: match with upstream changes
2015-08-10 15:46:22 -05:00
Clint Shryock
579ccbefea
provider/aws: Update source to comply with upstream breaking change
2015-07-28 15:29:46 -05:00
Mitchell Hashimoto
e135ff546a
state/remote: clean up the encryption flag stuff
...
/cc @hobbeswalsh
2015-06-25 09:23:12 -07:00
Mitchell Hashimoto
a5af429457
Merge pull request #2405 from hobbeswalsh/master
...
remote: allowing at-rest encryption when using S3
2015-06-25 09:20:13 -07:00
Mitchell Hashimoto
cddd54c3de
fmt
2015-06-23 22:31:24 -07:00
Robin Walsh
ad17cf55a0
Allowing at-rest encryption when using S3
...
This change allows the user to specify `-backend-config="encrypt=1"`
to tell S3 to encrypt the data that's in the bucket when using S3
for remote config storage.
The encryption uses "Amazon S3-managed encryption keys" so it should
not require any further user intervention.
A line was added to the unit test just for coverage.
The acceptance test was modified to:
a) Use encryption
b) Push some test data up to the bucket created to ensure
that Amazon accepts the header.
2015-06-19 11:33:03 -07:00
Mitchell Hashimoto
76d920f504
state/remote: more canonical Go for skip TLS verify
...
/cc @LeftyBC - Hope this helps! Some basic point:
* Idiomatic Go is to use thisCasingStyle and not this_casing_style
* Less repetitive to just create an http.Client once and re-use, also
more flexible for later.
* The empty `if ok {}` was kind of awkward, replace with proper check
2015-06-07 22:24:31 -07:00
Mitchell Hashimoto
6649658d62
Merge pull request #2220 from LeftyBC/master
...
state/remote: Add a boolean flag to http remote that disables cert validity checking (for e.g. self-signed certs)
2015-06-07 22:19:31 -07:00
George Hartzell
4fc6dd0141
Only run Swift tests when Swift is available
...
Only run the Swift remote tests when OpenStack seems
to have been set up and when the autho host is reachable.
2015-06-06 10:19:25 -07:00
George Hartzell
258b1a4263
Implement OpenStack/Swift remote
...
Rework devcamcar's OpenStack Swift remote [pull
request](https://github.com/hashicorp/terraform/pull/942 ) to work with
Terraform's new `state/remote` and Gophercloud's current implementation.
`Get()` changed up a bit from devcamcar's version (using different
Gopercloud functionality resulted in less fussing around to figure out
the error case).
Otherwise this is a transliteration/remix of his ideas.
2015-06-06 10:04:31 -07:00
Colin Moller
67e56671ec
Merge remote branch 'upstream/master'
2015-06-03 17:47:32 -07:00
Colin Moller
e7130e9c85
go fmt
2015-06-03 17:23:45 -07:00
Colin Moller
fc2f97ca89
Add a boolean flag to http remote that disables cert validity checking (for e.g. self-signed certs)
2015-06-03 17:09:02 -07:00
Paul Hinze
b71fa3d0ae
provider/aws: handle upstream aws-sdk-go repo move
...
`awslabs/aws-sdk-go => aws/aws-sdk-go`
Congrats to upstream on the promotion. :)
2015-06-03 13:36:57 -05:00
Clint Shryock
883e2848c6
update remote state s3 file to fix error
2015-05-20 15:20:30 -05:00
Paul Hinze
31258e06c6
provider/aws: fix breakages from awserr refactor
...
This landed in aws-sdk-go yesterday, breaking the AWS provider in many places:
3c259c9586
Here, with much sedding, grepping, and manual massaging, we attempt to
catch Terraform up to the new `awserr.Error` interface world.
2015-05-20 06:21:23 -05:00
Sander van Harmelen
897bf5e53d
Added `SharedCredentialsProvider` and `EC2RoleProvider` as well...
2015-05-05 20:38:35 +02:00
Sander van Harmelen
5435815524
Fixing PR #1804
2015-05-05 20:30:35 +02:00
Sander van Harmelen
7274de3c1d
Small fix needed to be inline with the updated AWS SDK again...
...
Executed a couple of AWS ACC test as well to make sure everything works
properly again after this fix…
2015-05-05 12:26:26 +02:00
Martin Atkins
53e93d6f63
S3 remote stage storage backend, against the new remote state API.
...
Stores state in a particular key in a given S3 bucket.
2015-04-30 09:21:49 -07:00
Mitchell Hashimoto
c58e09abaa
state/remote: make malformed name message clearer [GH-1332]
2015-04-22 08:59:30 +02:00
Mitchell Hashimoto
1fac7b6488
state: cache should use State.Equal to check equality
...
reflect.DeepEqual was returning false, sometimes.
2015-04-07 15:03:04 -07:00
Paul Hinze
0a24e72c3b
state/remote: allow https consul addresses
...
Sending state over a cleartext protocol is bad in untrusted networks.
Expose `-backend-config="scheme=https"` and wire it through to the
Consul client.
2015-03-17 17:11:35 -04:00
Mitchell Hashimoto
aee27314eb
state/remote: add undocumented file backend for remote state
2015-03-05 13:15:14 -08:00
Mitchell Hashimoto
cc8e6b6331
state: deep copies are required
2015-02-23 21:36:58 -08:00
Mitchell Hashimoto
ed6128aa6e
state/remote: increment serial properly
2015-02-23 21:30:59 -08:00
Mitchell Hashimoto
c2bf600603
state: only change serial if changed
2015-02-23 21:26:33 -08:00
Mitchell Hashimoto
bfe0edef51
state/remote: passing Atlas state test
2015-02-23 17:56:29 -08:00
Mitchell Hashimoto
aaf182a4a7
state/remote: nitpick some style
2015-02-23 15:34:09 -08:00
Mitchell Hashimoto
4d126998b5
state/remote: atlas
2015-02-23 15:13:56 -08:00
Mitchell Hashimoto
3bf59183b8
state: InmemState
2015-02-23 15:13:55 -08:00
Mitchell Hashimoto
5555059540
state/remote: real HTTP client tests
2015-02-23 15:13:55 -08:00
Mitchell Hashimoto
f2c6c12535
command/pull: remove remote package
2015-02-23 15:13:55 -08:00
Mitchell Hashimoto
b3aaf6feac
state/remote: add HTTP client
2015-02-23 15:13:54 -08:00
Mitchell Hashimoto
4ec63bc2ef
command: deal with plan states
2015-02-23 15:13:54 -08:00
Mitchell Hashimoto
89d3a10adf
state: backup state
2015-02-23 15:13:54 -08:00
Mitchell Hashimoto
5c356f35b9
state: LocalState supports alternate output path
2015-02-23 15:13:54 -08:00
Mitchell Hashimoto
34864a64a5
state: LocalState allows file to not exist
2015-02-23 15:13:54 -08:00
Mitchell Hashimoto
579f102f37
command: start migrating to new state package
2015-02-23 15:13:54 -08:00
Mitchell Hashimoto
1eec77378b
state/remote: can handle nil payloads
2015-02-23 15:13:53 -08:00
Mitchell Hashimoto
399319d31f
state/remote: comment
2015-02-23 15:13:53 -08:00
Mitchell Hashimoto
b8836ff279
state/remote: consul client
2015-02-23 15:13:53 -08:00
Mitchell Hashimoto
66bace35e5
state: add strings for cache refresh result
2015-02-23 15:13:53 -08:00
Mitchell Hashimoto
6ec1b2b455
state: cache state test
2015-02-23 15:13:53 -08:00
Mitchell Hashimoto
1f7ddc30fe
state: a bunch of state stuff
2015-02-23 15:13:53 -08:00