IntenseWebs/opentofu
3
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2025-02-25 18:45:20 -06:00
Code Issues Packages Projects Releases Wiki Activity

Backend/S3: Add support for custom CA bundle (#762)

Browse Source 
Signed-off-by: Marcin Białoń <mbialon@spacelift.io>
This commit is contained in:
Marcin Białoń 2023-10-24 13:36:32 +02:00 committed by GitHub
parent 10f7aeff66
commit d12ccd12bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -54,6 +54,7 @@ S3 BACKEND:
* Arguments associated with assuming an IAM role were moved into a nested block - `assume_role`.
This deprecates the arguments `role_arn`, `session_name`, `external_id`, `assume_role_duration_seconds`, `assume_role_policy`, `assume_role_policy_arns`, `assume_role_tags`, and `assume_role_transitive_tag_keys`. ([#747](https://github.com/opentofu/opentofu/issues/747))
* Adds support for account whitelisting using the `forbidden_account_ids` and `allowed_account_ids` arguments. ([#699](https://github.com/opentofu/opentofu/issues/699))
* Adds the `custom_ca_bundle` argument. ([#689](https://github.com/opentofu/opentofu/issues/689))
## Previous Releases

6
internal/backend/remote-state/s3/backend.go
View File

@ -238,6 +238,11 @@ func (b *Backend) ConfigSchema(context.Context) *configschema.Block {
Optional: true,
Description: "Use the legacy authentication workflow, preferring environment variables over backend configuration.",
},
"custom_ca_bundle": {
Type: cty.String,
Optional: true,
Description: "File containing custom root and intermediate certificates. Can also be configured using the `AWS_CA_BUNDLE` environment variable.",
},
"assume_role": {
NestedType: &configschema.Object{
Nesting: configschema.NestingSingle,
@ -543,6 +548,7 @@ func (b *Backend) Configure(obj cty.Value) tfdiags.Diagnostics {
{Name: "APN", Version: "1.0"},
{Name: httpclient.DefaultApplicationName, Version: version.String()},
},
CustomCABundle: stringAttrDefaultEnvVar(obj, "custom_ca_bundle", "AWS_CA_BUNDLE"),
}
if val, ok := boolAttrOk(obj, "use_legacy_workflow"); ok {

1
website/docs/language/settings/backends/s3.mdx
View File

@ -173,6 +173,7 @@ The following configuration is optional:
* `allowed_account_ids` (Optional): A list of permitted AWS account IDs to safeguard against accidental disruption of a live environment. This option conflicts with `forbidden_account_ids`.
* `forbidden_account_ids` (Optional): A list of prohibited AWS account IDs to prevent unintentional disruption of a live environment. This option conflicts with `allowed_account_ids`.
* `use_legacy_workflow` - (Optional) Prefer environment variables for legacy authentication; default is 'true.' This method doesn't match AWS CLI or SDK authentication and will be removed in the future.
* `custom_ca_bundle` - File containing custom root and intermediate certificates. Can also be configured using the `AWS_CA_BUNDLE` environment variable.
#### Assume Role Configuration