IntenseWebs/opentofu
3
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2025-02-25 18:45:20 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #29841 from xiaozhu36/xiaozhu

Browse Source 
backend/oss: Supports the new attribute sts_endpoint
This commit is contained in:
James Bardin 2021-11-01 15:31:51 -04:00 committed by GitHub
commit 834f61cd54
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
internal/backend/remote-state/oss/backend.go
View File

@ -4,6 +4,7 @@ import (
"context" "context"
"encoding/json" "encoding/json"
"fmt" "fmt"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/endpoints"
"io/ioutil" "io/ioutil"
"log" "log"
"net/http" "net/http"
@ -121,6 +122,12 @@ func New() backend.Backend {
Description: "The region of the OSS bucket.", Description: "The region of the OSS bucket.",
DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_REGION", os.Getenv("ALICLOUD_DEFAULT_REGION")), DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_REGION", os.Getenv("ALICLOUD_DEFAULT_REGION")),
}, },
"sts_endpoint": {
Type: schema.TypeString,
Optional: true,
Description: "A custom endpoint for the STS API",
DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_STS_ENDPOINT", ""),
},
"tablestore_endpoint": { "tablestore_endpoint": {
Type: schema.TypeString, Type: schema.TypeString,
Optional: true, Optional: true,
@ -304,6 +311,7 @@ func (b *Backend) configure(ctx context.Context) error {
securityToken := getBackendConfig(d.Get("security_token").(string), "sts_token") securityToken := getBackendConfig(d.Get("security_token").(string), "sts_token")
region := getBackendConfig(d.Get("region").(string), "region_id") region := getBackendConfig(d.Get("region").(string), "region_id")
stsEndpoint := d.Get("sts_endpoint").(string)
endpoint := d.Get("endpoint").(string) endpoint := d.Get("endpoint").(string)
schma := "https" schma := "https"
@ -360,7 +368,7 @@ func (b *Backend) configure(ctx context.Context) error {
} }
if roleArn != "" { if roleArn != "" {
subAccessKeyId, subAccessKeySecret, subSecurityToken, err := getAssumeRoleAK(accessKey, secretKey, securityToken, region, roleArn, sessionName, policy, sessionExpiration) subAccessKeyId, subAccessKeySecret, subSecurityToken, err := getAssumeRoleAK(accessKey, secretKey, securityToken, region, roleArn, sessionName, policy, stsEndpoint, sessionExpiration)
if err != nil { if err != nil {
return err return err
} }
@ -432,7 +440,7 @@ func (b *Backend) getOSSEndpointByRegion(access_key, secret_key, security_token,
return endpointsResponse, nil return endpointsResponse, nil
} }
func getAssumeRoleAK(accessKey, secretKey, stsToken, region, roleArn, sessionName, policy string, sessionExpiration int) (string, string, string, error) { func getAssumeRoleAK(accessKey, secretKey, stsToken, region, roleArn, sessionName, policy, stsEndpoint string, sessionExpiration int) (string, string, string, error) {
request := sts.CreateAssumeRoleRequest() request := sts.CreateAssumeRoleRequest()
request.RoleArn = roleArn request.RoleArn = roleArn
request.RoleSessionName = sessionName request.RoleSessionName = sessionName
@ -450,6 +458,9 @@ func getAssumeRoleAK(accessKey, secretKey, stsToken, region, roleArn, sessionNam
if err != nil { if err != nil {
return "", "", "", err return "", "", "", err
} }
if stsEndpoint != "" {
endpoints.AddEndpointMapping(region, "STS", stsEndpoint)
}
response, err := client.AssumeRole(request) response, err := client.AssumeRole(request)
if err != nil { if err != nil {
return "", "", "", err return "", "", "", err

1
website/docs/language/settings/backends/oss.html.md
View File

@ -88,6 +88,7 @@ The following configuration options or environment variables are supported:
* `key` - (Optional) The name of the state file. Defaults to `terraform.tfstate`. * `key` - (Optional) The name of the state file. Defaults to `terraform.tfstate`.
* `tablestore_endpoint` / `ALICLOUD_TABLESTORE_ENDPOINT` - (Optional) A custom endpoint for the TableStore API. * `tablestore_endpoint` / `ALICLOUD_TABLESTORE_ENDPOINT` - (Optional) A custom endpoint for the TableStore API.
* `tablestore_table` - (Optional) A TableStore table for state locking and consistency. The table must have a primary key named `LockID` of type `String`. * `tablestore_table` - (Optional) A TableStore table for state locking and consistency. The table must have a primary key named `LockID` of type `String`.
* `sts_endpoint` - (Optional, Available in 1.0.11+) Custom endpoint for the AliCloud Security Token Service (STS) API. It supports environment variable `ALICLOUD_STS_ENDPOINT`.
* `encrypt` - (Optional) Whether to enable server side * `encrypt` - (Optional) Whether to enable server side
encryption of the state file. If it is true, OSS will use 'AES256' encryption algorithm to encrypt state file. encryption of the state file. If it is true, OSS will use 'AES256' encryption algorithm to encrypt state file.
* `acl` - (Optional) [Object * `acl` - (Optional) [Object