Commit Graph

141 Commits

Author SHA1 Message Date
Kazunori Kojima
ba8f1fa1f0 Add support S3 server side encryption with KMS.
* Example

```
terraform remote config \
  -backend=s3
  -backend-config="bucket=bucket-tfstate"
  -backend-config="key=terraform.tfstate"
  -backend-config="region=ap-northeast-1"
  -backend-config="encrypt=1"
  -backend-config="kmsKeyID=arn:aws:kms:ap-northeast-1:123456789:key/ac54dbd2-f301-42c1-bab9-88e6a84292a9"
```
2015-10-07 23:03:55 +09:00
Martin Atkins
ccc8f0d0fb S3 remote state use application/json Content-Type.
The state is always JSON, in spite of the fact that this interface
presents it as an opaque byte array. It's more helpful to those interacting
with the state object outside of Terraform for it to have a more specific
content-type.
2015-10-03 18:02:36 -07:00
Martin Atkins
859c6c5e68 Merge #3233: Allow canned ACLs on S3 remote state. 2015-10-03 17:40:17 -07:00
Radek Simko
3d77d158f7 remote/s3: Add support for ACL 2015-09-14 10:40:46 +01:00
Jack Pearkes
eba638d044 remote/atlas: if ATLAS_RUN_ID is set, send it with remote state save
This detects the presence of ATLAS_RUN_ID in the environment and sends
it if exists with remote state PUT requests with query params.
2015-08-20 13:54:26 -07:00
Jack Pearkes
d19ec9d57a remote/atlas: remove old force param commented out
It appears this was left in through development, but as force
is not a parameter likely doesn't have any relevance anymore.
2015-08-20 13:21:47 -07:00
Paul Hinze
1a44b427a7 state/remote/s3: match with upstream changes 2015-08-10 15:46:22 -05:00
Clint Shryock
579ccbefea provider/aws: Update source to comply with upstream breaking change 2015-07-28 15:29:46 -05:00
Mitchell Hashimoto
e135ff546a state/remote: clean up the encryption flag stuff
/cc @hobbeswalsh
2015-06-25 09:23:12 -07:00
Mitchell Hashimoto
a5af429457 Merge pull request #2405 from hobbeswalsh/master
remote: allowing at-rest encryption when using S3
2015-06-25 09:20:13 -07:00
Mitchell Hashimoto
cddd54c3de fmt 2015-06-23 22:31:24 -07:00
Robin Walsh
ad17cf55a0 Allowing at-rest encryption when using S3
This change allows the user to specify `-backend-config="encrypt=1"`
to tell S3 to encrypt the data that's in the bucket when using S3
for remote config storage.

The encryption uses "Amazon S3-managed encryption keys" so it should
not require any further user intervention.

A line was added to the unit test just for coverage.
The acceptance test was modified to:
  a) Use encryption
  b) Push some test data up to the bucket created to ensure
     that Amazon accepts the header.
2015-06-19 11:33:03 -07:00
Mitchell Hashimoto
76d920f504 state/remote: more canonical Go for skip TLS verify
/cc @LeftyBC - Hope this helps! Some basic point:

* Idiomatic Go is to use thisCasingStyle and not this_casing_style
* Less repetitive to just create an http.Client once and re-use, also
  more flexible for later.
* The empty `if ok {}` was kind of awkward, replace with proper check
2015-06-07 22:24:31 -07:00
Mitchell Hashimoto
6649658d62 Merge pull request #2220 from LeftyBC/master
state/remote: Add a boolean flag to http remote that disables cert validity checking (for e.g. self-signed certs)
2015-06-07 22:19:31 -07:00
George Hartzell
4fc6dd0141 Only run Swift tests when Swift is available
Only run the Swift remote tests when OpenStack seems
to have been set up and when the autho host is reachable.
2015-06-06 10:19:25 -07:00
George Hartzell
258b1a4263 Implement OpenStack/Swift remote
Rework devcamcar's OpenStack Swift remote [pull
request](https://github.com/hashicorp/terraform/pull/942) to work with
Terraform's new `state/remote` and Gophercloud's current implementation.

`Get()` changed up a bit from devcamcar's version (using different
Gopercloud functionality resulted in less fussing around to figure out
the error case).

Otherwise this is a transliteration/remix of his ideas.
2015-06-06 10:04:31 -07:00
Colin Moller
67e56671ec Merge remote branch 'upstream/master' 2015-06-03 17:47:32 -07:00
Colin Moller
e7130e9c85 go fmt 2015-06-03 17:23:45 -07:00
Colin Moller
fc2f97ca89 Add a boolean flag to http remote that disables cert validity checking (for e.g. self-signed certs) 2015-06-03 17:09:02 -07:00
Paul Hinze
b71fa3d0ae provider/aws: handle upstream aws-sdk-go repo move
`awslabs/aws-sdk-go => aws/aws-sdk-go`

Congrats to upstream on the promotion. :)
2015-06-03 13:36:57 -05:00
Clint Shryock
883e2848c6 update remote state s3 file to fix error 2015-05-20 15:20:30 -05:00
Paul Hinze
31258e06c6 provider/aws: fix breakages from awserr refactor
This landed in aws-sdk-go yesterday, breaking the AWS provider in many places:

3c259c9586

Here, with much sedding, grepping, and manual massaging, we attempt to
catch Terraform up to the new `awserr.Error` interface world.
2015-05-20 06:21:23 -05:00
Sander van Harmelen
897bf5e53d Added SharedCredentialsProvider and EC2RoleProvider as well... 2015-05-05 20:38:35 +02:00
Sander van Harmelen
5435815524 Fixing PR #1804 2015-05-05 20:30:35 +02:00
Sander van Harmelen
7274de3c1d Small fix needed to be inline with the updated AWS SDK again...
Executed a couple of AWS ACC test as well to make sure everything works
properly again after this fix…
2015-05-05 12:26:26 +02:00
Martin Atkins
53e93d6f63 S3 remote stage storage backend, against the new remote state API.
Stores state in a particular key in a given S3 bucket.
2015-04-30 09:21:49 -07:00
Mitchell Hashimoto
c58e09abaa state/remote: make malformed name message clearer [GH-1332] 2015-04-22 08:59:30 +02:00
Paul Hinze
0a24e72c3b state/remote: allow https consul addresses
Sending state over a cleartext protocol is bad in untrusted networks.
Expose `-backend-config="scheme=https"` and wire it through to the
Consul client.
2015-03-17 17:11:35 -04:00
Mitchell Hashimoto
aee27314eb state/remote: add undocumented file backend for remote state 2015-03-05 13:15:14 -08:00
Mitchell Hashimoto
cc8e6b6331 state: deep copies are required 2015-02-23 21:36:58 -08:00
Mitchell Hashimoto
ed6128aa6e state/remote: increment serial properly 2015-02-23 21:30:59 -08:00
Mitchell Hashimoto
bfe0edef51 state/remote: passing Atlas state test 2015-02-23 17:56:29 -08:00
Mitchell Hashimoto
aaf182a4a7 state/remote: nitpick some style 2015-02-23 15:34:09 -08:00
Mitchell Hashimoto
4d126998b5 state/remote: atlas 2015-02-23 15:13:56 -08:00
Mitchell Hashimoto
5555059540 state/remote: real HTTP client tests 2015-02-23 15:13:55 -08:00
Mitchell Hashimoto
b3aaf6feac state/remote: add HTTP client 2015-02-23 15:13:54 -08:00
Mitchell Hashimoto
1eec77378b state/remote: can handle nil payloads 2015-02-23 15:13:53 -08:00
Mitchell Hashimoto
399319d31f state/remote: comment 2015-02-23 15:13:53 -08:00
Mitchell Hashimoto
b8836ff279 state/remote: consul client 2015-02-23 15:13:53 -08:00
Mitchell Hashimoto
6ec1b2b455 state: cache state test 2015-02-23 15:13:53 -08:00
Mitchell Hashimoto
1f7ddc30fe state: a bunch of state stuff 2015-02-23 15:13:53 -08:00