mirror of
https://github.com/opentofu/opentofu.git
synced 2024-12-28 18:01:01 -06:00
b4eb63d710
- add remote state provider backed by Joyent's Manta - add documentation of Manta remote state provider - explicitly check for passphrase-protected SSH keys, which are currently unsupported, and generate a more helpful error (borrowed from Packer's solution to the same problem): https://github.com/mitchellh/packer/blob/master/common/ssh/key.go#L27
125 lines
2.8 KiB
Go
125 lines
2.8 KiB
Go
package remote
|
|
|
|
import (
|
|
"crypto/md5"
|
|
"encoding/pem"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"log"
|
|
"os"
|
|
|
|
joyentclient "github.com/joyent/gocommon/client"
|
|
joyenterrors "github.com/joyent/gocommon/errors"
|
|
"github.com/joyent/gomanta/manta"
|
|
joyentauth "github.com/joyent/gosign/auth"
|
|
)
|
|
|
|
const DEFAULT_OBJECT_NAME = "terraform.tfstate"
|
|
|
|
func mantaFactory(conf map[string]string) (Client, error) {
|
|
path, ok := conf["path"]
|
|
if !ok {
|
|
return nil, fmt.Errorf("missing 'path' configuration")
|
|
}
|
|
|
|
objectName, ok := conf["objectName"]
|
|
if !ok {
|
|
objectName = DEFAULT_OBJECT_NAME
|
|
}
|
|
|
|
creds, err := getCredentialsFromEnvironment()
|
|
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error getting Manta credentials: %s", err.Error())
|
|
}
|
|
|
|
client := manta.New(joyentclient.NewClient(
|
|
creds.MantaEndpoint.URL,
|
|
"",
|
|
creds,
|
|
log.New(os.Stderr, "", log.LstdFlags),
|
|
))
|
|
|
|
return &MantaClient{
|
|
Client: client,
|
|
Path: path,
|
|
ObjectName: objectName,
|
|
}, nil
|
|
}
|
|
|
|
type MantaClient struct {
|
|
Client *manta.Client
|
|
Path string
|
|
ObjectName string
|
|
}
|
|
|
|
func (c *MantaClient) Get() (*Payload, error) {
|
|
bytes, err := c.Client.GetObject(c.Path, c.ObjectName)
|
|
if err != nil {
|
|
if joyenterrors.IsResourceNotFound(err.(joyenterrors.Error).Cause()) {
|
|
return nil, nil
|
|
}
|
|
|
|
return nil, err
|
|
}
|
|
|
|
md5 := md5.Sum(bytes)
|
|
|
|
return &Payload{
|
|
Data: bytes,
|
|
MD5: md5[:],
|
|
}, nil
|
|
}
|
|
|
|
func (c *MantaClient) Put(data []byte) error {
|
|
return c.Client.PutObject(c.Path, c.ObjectName, data)
|
|
}
|
|
|
|
func (c *MantaClient) Delete() error {
|
|
return c.Client.DeleteObject(c.Path, c.ObjectName)
|
|
}
|
|
|
|
func getCredentialsFromEnvironment() (cred *joyentauth.Credentials, err error) {
|
|
|
|
user := os.Getenv("MANTA_USER")
|
|
keyId := os.Getenv("MANTA_KEY_ID")
|
|
url := os.Getenv("MANTA_URL")
|
|
keyMaterial := os.Getenv("MANTA_KEY_MATERIAL")
|
|
|
|
if _, err := os.Stat(keyMaterial); err == nil {
|
|
// key material is a file path; try to read it
|
|
keyBytes, err := ioutil.ReadFile(keyMaterial)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error reading key material from %s: %s",
|
|
keyMaterial, err)
|
|
} else {
|
|
block, _ := pem.Decode(keyBytes)
|
|
if block == nil {
|
|
return nil, fmt.Errorf(
|
|
"Failed to read key material '%s': no key found", keyMaterial)
|
|
}
|
|
|
|
if block.Headers["Proc-Type"] == "4,ENCRYPTED" {
|
|
return nil, fmt.Errorf(
|
|
"Failed to read key '%s': password protected keys are\n"+
|
|
"not currently supported. Please decrypt the key prior to use.", keyMaterial)
|
|
}
|
|
|
|
keyMaterial = string(keyBytes)
|
|
}
|
|
}
|
|
|
|
authentication, err := joyentauth.NewAuth(user, keyMaterial, "rsa-sha256")
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error constructing authentication for %s: %s", user, err)
|
|
}
|
|
|
|
return &joyentauth.Credentials{
|
|
UserAuthentication: authentication,
|
|
SdcKeyId: "",
|
|
SdcEndpoint: joyentauth.Endpoint{},
|
|
MantaKeyId: keyId,
|
|
MantaEndpoint: joyentauth.Endpoint{URL: url},
|
|
}, nil
|
|
}
|