IntenseWebs/opentofu
3
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2025-02-25 18:45:20 -06:00
Code Issues Packages Projects Releases Wiki Activity
05b45ab4f3
opentofu/backend/remote-state/azure/backend.go

229 lines
6.7 KiB
Go
Raw Normal View History

backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
package azure
import (
"context"
"fmt"
"github.com/hashicorp/terraform/backend"
update remote state to use legacy types
2020-11-18 09:07:30 -06:00
"github.com/hashicorp/terraform/internal/legacy/helper/schema"
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
)
backend/azurerm: upgrading the SDK / support for proxies (#19414) * vendor updates - updating to v21.3.0 of github.com/Azure/azure-sdk-for-go - updating to v10.15.4 of github.com/Azure/go-autorest - vendoring github.com/hashicorp/go-azure-helpers @ 0.1.1 * backend/azurerm: refactoring to use the new auth package - refactoring the backend to use a shared client via the new auth package - adding tests covering both Service Principal and Access Key auth - support for authenticating using a proxy - rewriting the backend documentation to include examples of both authentication types * switching to use the build-in logging function * documenting it's also possible to retrieve the access key from an env var
2018-11-21 15:06:03 -06:00
// New creates a new backend for Azure remote state.
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
func New() backend.Backend {
s := &schema.Backend{
Schema: map[string]*schema.Schema{
Removing dead code
2017-09-04 06:04:11 -05:00
"storage_account_name": {
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
Type: schema.TypeString,
Required: true,
Description: "The name of the storage account.",
},
Removing dead code
2017-09-04 06:04:11 -05:00
"container_name": {
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
Type: schema.TypeString,
Required: true,
Description: "The container name.",
},
Removing dead code
2017-09-04 06:04:11 -05:00
"key": {
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
Type: schema.TypeString,
Required: true,
Description: "The blob key.",
},
azurerm backend: support loading metadata from a given host
2020-08-12 17:04:40 -05:00
"metadata_host": {
Type: schema.TypeString,
Required: true,
DefaultFunc: schema.EnvDefaultFunc("ARM_METADATA_HOST", ""),
Description: "The Metadata URL which will be used to obtain the Cloud Environment.",
},
Removing dead code
2017-09-04 06:04:11 -05:00
"environment": {
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
Type: schema.TypeString,
Optional: true,
Description: "The Azure cloud environment.",
backend/azurerm: upgrading the SDK / support for proxies (#19414) * vendor updates - updating to v21.3.0 of github.com/Azure/azure-sdk-for-go - updating to v10.15.4 of github.com/Azure/go-autorest - vendoring github.com/hashicorp/go-azure-helpers @ 0.1.1 * backend/azurerm: refactoring to use the new auth package - refactoring the backend to use a shared client via the new auth package - adding tests covering both Service Principal and Access Key auth - support for authenticating using a proxy - rewriting the backend documentation to include examples of both authentication types * switching to use the build-in logging function * documenting it's also possible to retrieve the access key from an env var
2018-11-21 15:06:03 -06:00
DefaultFunc: schema.EnvDefaultFunc("ARM_ENVIRONMENT", "public"),
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
},
Removing dead code
2017-09-04 06:04:11 -05:00
"access_key": {
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
Type: schema.TypeString,
Optional: true,
Description: "The access key.",
DefaultFunc: schema.EnvDefaultFunc("ARM_ACCESS_KEY", ""),
},
backend/azurerm: support for authenticating via SAS Tokens (#19440) * adding acceptance tests for msi auth * including the resource group name in the tests * backend/azurerm: support for authenticating using a SAS Token * resolving merge conflicts * moving the defer to prior to the error
2018-11-22 11:02:33 -06:00
"sas_token": {
Type: schema.TypeString,
Optional: true,
Description: "A SAS Token used to interact with the Blob Storage Account.",
DefaultFunc: schema.EnvDefaultFunc("ARM_SAS_TOKEN", ""),
},
Azure backend: support snapshots/versioning (#24069) * Azure backend: support snapshots/versioning Co-authored-by: Reda Ahdjoudj <reda.ahdjoudj@gmail.com> Co-authored-by: Patrick F. Marques <patrickfmarques@gmail.com> * Azure backend: Versioning -> Snapshot Co-authored-by: Reda Ahdjoudj <reda.ahdjoudj@gmail.com> Co-authored-by: Patrick F. Marques <patrickfmarques@gmail.com>
2020-06-25 04:50:16 -05:00
"snapshot": {
Type: schema.TypeBool,
Optional: true,
Description: "Enable/Disable automatic blob snapshotting",
DefaultFunc: schema.EnvDefaultFunc("ARM_SNAPSHOT", false),
},
Removing dead code
2017-09-04 06:04:11 -05:00
"resource_group_name": {
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
Type: schema.TypeString,
Optional: true,
Description: "The resource group name.",
},
backend/azurerm: removing the `arm_` prefix from keys (#19448) * backend/azurerm: removing the `arm_` prefix from keys * removing the deprecated fields test because the deprecation makes it fail
2018-11-26 04:19:43 -06:00
"client_id": {
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
Type: schema.TypeString,
Optional: true,
Description: "The Client ID.",
DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_ID", ""),
},
backend/azurerm: support for authenticating using a Client Certificate fixes #24179 supersedes #19606 dependent on #25769
2020-08-07 04:58:33 -05:00
"endpoint": {
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
Type: schema.TypeString,
Optional: true,
backend/azurerm: support for authenticating using a Client Certificate fixes #24179 supersedes #19606 dependent on #25769
2020-08-07 04:58:33 -05:00
Description: "A custom Endpoint used to access the Azure Resource Manager API's.",
DefaultFunc: schema.EnvDefaultFunc("ARM_ENDPOINT", ""),
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
},
backend/azurerm: removing the `arm_` prefix from keys (#19448) * backend/azurerm: removing the `arm_` prefix from keys * removing the deprecated fields test because the deprecation makes it fail
2018-11-26 04:19:43 -06:00
"subscription_id": {
Type: schema.TypeString,
Optional: true,
Description: "The Subscription ID.",
DefaultFunc: schema.EnvDefaultFunc("ARM_SUBSCRIPTION_ID", ""),
},
"tenant_id": {
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
Type: schema.TypeString,
Optional: true,
Description: "The Tenant ID.",
DefaultFunc: schema.EnvDefaultFunc("ARM_TENANT_ID", ""),
},
backend/azurerm: upgrading the SDK / support for proxies (#19414) * vendor updates - updating to v21.3.0 of github.com/Azure/azure-sdk-for-go - updating to v10.15.4 of github.com/Azure/go-autorest - vendoring github.com/hashicorp/go-azure-helpers @ 0.1.1 * backend/azurerm: refactoring to use the new auth package - refactoring the backend to use a shared client via the new auth package - adding tests covering both Service Principal and Access Key auth - support for authenticating using a proxy - rewriting the backend documentation to include examples of both authentication types * switching to use the build-in logging function * documenting it's also possible to retrieve the access key from an env var
2018-11-21 15:06:03 -06:00
backend/azurerm: support for authenticating using a Client Certificate fixes #24179 supersedes #19606 dependent on #25769
2020-08-07 04:58:33 -05:00
// Service Principal (Client Certificate) specific
"client_certificate_password": {
Type: schema.TypeString,
Optional: true,
Description: "The password associated with the Client Certificate specified in `client_certificate_path`",
DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_CERTIFICATE_PASSWORD", ""),
},
"client_certificate_path": {
Type: schema.TypeString,
Optional: true,
Description: "The path to the PFX file used as the Client Certificate when authenticating as a Service Principal",
DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_CERTIFICATE_PATH", ""),
},
// Service Principal (Client Secret) specific
"client_secret": {
Type: schema.TypeString,
Optional: true,
Description: "The Client Secret.",
DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_SECRET", ""),
},
// Managed Service Identity specific
backend/azurerm: support for authenticating via msi (#19433) * backend/azurerm: support for authenticating via msi * adding acceptance tests for msi auth * including the resource group name in the tests * support for using the test client via msi
2018-11-22 09:52:27 -06:00
"use_msi": {
Type: schema.TypeBool,
Optional: true,
Description: "Should Managed Service Identity be used?.",
DefaultFunc: schema.EnvDefaultFunc("ARM_USE_MSI", false),
},
"msi_endpoint": {
Type: schema.TypeString,
Optional: true,
Description: "The Managed Service Identity Endpoint.",
DefaultFunc: schema.EnvDefaultFunc("ARM_MSI_ENDPOINT", ""),
},
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
},
}
result := &Backend{Backend: s}
result.Backend.ConfigureFunc = result.configure
return result
}
type Backend struct {
*schema.Backend
// The fields below are set from configure
backend/azurerm: upgrading the SDK / support for proxies (#19414) * vendor updates - updating to v21.3.0 of github.com/Azure/azure-sdk-for-go - updating to v10.15.4 of github.com/Azure/go-autorest - vendoring github.com/hashicorp/go-azure-helpers @ 0.1.1 * backend/azurerm: refactoring to use the new auth package - refactoring the backend to use a shared client via the new auth package - adding tests covering both Service Principal and Access Key auth - support for authenticating using a proxy - rewriting the backend documentation to include examples of both authentication types * switching to use the build-in logging function * documenting it's also possible to retrieve the access key from an env var
2018-11-21 15:06:03 -06:00
armClient *ArmClient
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
containerName string
keyName string
Update azure backend storage sdk (#24669) * update vendored azure sdk * vendor giovanni storage sdk * Add giovanni clients * go mod vendor * Swap to new storage sdk * workable tests * update .go-version to 1.14.2 * Tests working minus SAS * Add SAS Token support * Update vendor * Passing tests * Add date randomizer * Captalize RG * Remove random bits * Update client var name Co-authored-by: kt <kt@katbyte.me>
2020-05-20 10:29:02 -05:00
accountName string
Azure backend: support snapshots/versioning (#24069) * Azure backend: support snapshots/versioning Co-authored-by: Reda Ahdjoudj <reda.ahdjoudj@gmail.com> Co-authored-by: Patrick F. Marques <patrickfmarques@gmail.com> * Azure backend: Versioning -> Snapshot Co-authored-by: Reda Ahdjoudj <reda.ahdjoudj@gmail.com> Co-authored-by: Patrick F. Marques <patrickfmarques@gmail.com>
2020-06-25 04:50:16 -05:00
snapshot bool
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
}
Obtaining the current metadata before setting it
2017-09-04 06:04:43 -05:00
type BackendConfig struct {
backend/azurerm: upgrading the SDK / support for proxies (#19414) * vendor updates - updating to v21.3.0 of github.com/Azure/azure-sdk-for-go - updating to v10.15.4 of github.com/Azure/go-autorest - vendoring github.com/hashicorp/go-azure-helpers @ 0.1.1 * backend/azurerm: refactoring to use the new auth package - refactoring the backend to use a shared client via the new auth package - adding tests covering both Service Principal and Access Key auth - support for authenticating using a proxy - rewriting the backend documentation to include examples of both authentication types * switching to use the build-in logging function * documenting it's also possible to retrieve the access key from an env var
2018-11-21 15:06:03 -06:00
// Required
Obtaining the current metadata before setting it
2017-09-04 06:04:43 -05:00
StorageAccountName string
backend/azurerm: upgrading the SDK / support for proxies (#19414) * vendor updates - updating to v21.3.0 of github.com/Azure/azure-sdk-for-go - updating to v10.15.4 of github.com/Azure/go-autorest - vendoring github.com/hashicorp/go-azure-helpers @ 0.1.1 * backend/azurerm: refactoring to use the new auth package - refactoring the backend to use a shared client via the new auth package - adding tests covering both Service Principal and Access Key auth - support for authenticating using a proxy - rewriting the backend documentation to include examples of both authentication types * switching to use the build-in logging function * documenting it's also possible to retrieve the access key from an env var
2018-11-21 15:06:03 -06:00
// Optional
backend/azurerm: support for custom resource manager endpoints (#19460) * backend/azurerm: removing the `arm_` prefix from keys * removing the deprecated fields test because the deprecation makes it fail * authentication: support for custom resource manager endpoints * Adding debug prefixes to the log statements
2018-11-26 07:42:16 -06:00
AccessKey string
ClientID string
backend/azurerm: support for authenticating using a Client Certificate fixes #24179 supersedes #19606 dependent on #25769
2020-08-07 04:58:33 -05:00
ClientCertificatePassword string
ClientCertificatePath string
backend/azurerm: support for custom resource manager endpoints (#19460) * backend/azurerm: removing the `arm_` prefix from keys * removing the deprecated fields test because the deprecation makes it fail * authentication: support for custom resource manager endpoints * Adding debug prefixes to the log statements
2018-11-26 07:42:16 -06:00
ClientSecret string
CustomResourceManagerEndpoint string
azurerm backend: support loading metadata from a given host
2020-08-12 17:04:40 -05:00
MetadataHost string
backend/azurerm: support for custom resource manager endpoints (#19460) * backend/azurerm: removing the `arm_` prefix from keys * removing the deprecated fields test because the deprecation makes it fail * authentication: support for custom resource manager endpoints * Adding debug prefixes to the log statements
2018-11-26 07:42:16 -06:00
Environment string
MsiEndpoint string
ResourceGroupName string
SasToken string
SubscriptionID string
TenantID string
UseMsi bool
Obtaining the current metadata before setting it
2017-09-04 06:04:43 -05:00
}
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
func (b *Backend) configure(ctx context.Context) error {
if b.containerName != "" {
return nil
}
// Grab the resource data
data := schema.FromContextBackendConfig(ctx)
b.containerName = data.Get("container_name").(string)
Update azure backend storage sdk (#24669) * update vendored azure sdk * vendor giovanni storage sdk * Add giovanni clients * go mod vendor * Swap to new storage sdk * workable tests * update .go-version to 1.14.2 * Tests working minus SAS * Add SAS Token support * Update vendor * Passing tests * Add date randomizer * Captalize RG * Remove random bits * Update client var name Co-authored-by: kt <kt@katbyte.me>
2020-05-20 10:29:02 -05:00
b.accountName = data.Get("storage_account_name").(string)
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
b.keyName = data.Get("key").(string)
Azure backend: support snapshots/versioning (#24069) * Azure backend: support snapshots/versioning Co-authored-by: Reda Ahdjoudj <reda.ahdjoudj@gmail.com> Co-authored-by: Patrick F. Marques <patrickfmarques@gmail.com> * Azure backend: Versioning -> Snapshot Co-authored-by: Reda Ahdjoudj <reda.ahdjoudj@gmail.com> Co-authored-by: Patrick F. Marques <patrickfmarques@gmail.com>
2020-06-25 04:50:16 -05:00
b.snapshot = data.Get("snapshot").(bool)
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
Obtaining the current metadata before setting it
2017-09-04 06:04:43 -05:00
config := BackendConfig{
backend/azurerm: support for custom resource manager endpoints (#19460) * backend/azurerm: removing the `arm_` prefix from keys * removing the deprecated fields test because the deprecation makes it fail * authentication: support for custom resource manager endpoints * Adding debug prefixes to the log statements
2018-11-26 07:42:16 -06:00
AccessKey: data.Get("access_key").(string),
backend/azurerm: removing support for the deprecated fields
2021-03-22 11:26:06 -05:00
ClientID: data.Get("client_id").(string),
backend/azurerm: support for authenticating using a Client Certificate fixes #24179 supersedes #19606 dependent on #25769
2020-08-07 04:58:33 -05:00
ClientCertificatePassword: data.Get("client_certificate_password").(string),
ClientCertificatePath: data.Get("client_certificate_path").(string),
backend/azurerm: removing support for the deprecated fields
2021-03-22 11:26:06 -05:00
ClientSecret: data.Get("client_secret").(string),
backend/azurerm: support for custom resource manager endpoints (#19460) * backend/azurerm: removing the `arm_` prefix from keys * removing the deprecated fields test because the deprecation makes it fail * authentication: support for custom resource manager endpoints * Adding debug prefixes to the log statements
2018-11-26 07:42:16 -06:00
CustomResourceManagerEndpoint: data.Get("endpoint").(string),
azurerm backend: support loading metadata from a given host
2020-08-12 17:04:40 -05:00
MetadataHost: data.Get("metadata_host").(string),
backend/azurerm: support for custom resource manager endpoints (#19460) * backend/azurerm: removing the `arm_` prefix from keys * removing the deprecated fields test because the deprecation makes it fail * authentication: support for custom resource manager endpoints * Adding debug prefixes to the log statements
2018-11-26 07:42:16 -06:00
Environment: data.Get("environment").(string),
MsiEndpoint: data.Get("msi_endpoint").(string),
ResourceGroupName: data.Get("resource_group_name").(string),
SasToken: data.Get("sas_token").(string),
StorageAccountName: data.Get("storage_account_name").(string),
backend/azurerm: removing support for the deprecated fields
2021-03-22 11:26:06 -05:00
SubscriptionID: data.Get("subscription_id").(string),
TenantID: data.Get("tenant_id").(string),
backend/azurerm: support for custom resource manager endpoints (#19460) * backend/azurerm: removing the `arm_` prefix from keys * removing the deprecated fields test because the deprecation makes it fail * authentication: support for custom resource manager endpoints * Adding debug prefixes to the log statements
2018-11-26 07:42:16 -06:00
UseMsi: data.Get("use_msi").(bool),
Obtaining the current metadata before setting it
2017-09-04 06:04:43 -05:00
}
add missing Context argument
2020-10-05 13:43:46 -05:00
armClient, err := buildArmClient(context.TODO(), config)
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
if err != nil {
return err
}
backend/azurerm: support for authenticating via SAS Tokens (#19440) * adding acceptance tests for msi auth * including the resource group name in the tests * backend/azurerm: support for authenticating using a SAS Token * resolving merge conflicts * moving the defer to prior to the error
2018-11-22 11:02:33 -06:00
if config.AccessKey == "" && config.SasToken == "" && config.ResourceGroupName == "" {
return fmt.Errorf("Either an Access Key / SAS Token or the Resource Group for the Storage Account must be specified")
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
}
backend/azurerm: upgrading the SDK / support for proxies (#19414) * vendor updates - updating to v21.3.0 of github.com/Azure/azure-sdk-for-go - updating to v10.15.4 of github.com/Azure/go-autorest - vendoring github.com/hashicorp/go-azure-helpers @ 0.1.1 * backend/azurerm: refactoring to use the new auth package - refactoring the backend to use a shared client via the new auth package - adding tests covering both Service Principal and Access Key auth - support for authenticating using a proxy - rewriting the backend documentation to include examples of both authentication types * switching to use the build-in logging function * documenting it's also possible to retrieve the access key from an env var
2018-11-21 15:06:03 -06:00
b.armClient = armClient
return nil
backend: convert Azure remote state to a backend Added locking support via blob leasing (requires that an empty state is created before any lock can be acquired. Added support for "environments" in much the same way as the S3 backend.
2017-03-30 09:33:54 -05:00
}
backend/azurerm: removing the `arm_` prefix from keys (#19448) * backend/azurerm: removing the `arm_` prefix from keys * removing the deprecated fields test because the deprecation makes it fail
2018-11-26 04:19:43 -06:00
func valueFromDeprecatedField(d *schema.ResourceData, key, deprecatedFieldKey string) string {
v := d.Get(key).(string)
if v == "" {
v = d.Get(deprecatedFieldKey).(string)
}
return v
}
Reference in New Issue Copy Permalink