From 22a2580e93170eac46621ab97decaec989d52edb Mon Sep 17 00:00:00 2001 From: Martin Atkins Date: Thu, 8 Aug 2019 17:08:49 -0700 Subject: [PATCH] main: Use the new cliconfig package credentials source This should not cause any change in behavior yet, but using this new implementation will allow the "terraform login" and "terraform logout" commands to store and forget credentials when they are implemented in subsequent commits. --- commands.go | 44 +++----------------------------------------- main.go | 11 ++++++++++- 2 files changed, 13 insertions(+), 42 deletions(-) diff --git a/commands.go b/commands.go index 3f0785183..0a363124f 100644 --- a/commands.go +++ b/commands.go @@ -1,7 +1,6 @@ package main import ( - "log" "os" "os/signal" @@ -371,44 +370,7 @@ func makeShutdownCh() <-chan struct{} { return resultCh } -func credentialsSource(config *Config) auth.CredentialsSource { - creds := auth.NoCredentials - if len(config.Credentials) > 0 { - staticTable := map[svchost.Hostname]map[string]interface{}{} - for userHost, creds := range config.Credentials { - host, err := svchost.ForComparison(userHost) - if err != nil { - // We expect the config was already validated by the time we get - // here, so we'll just ignore invalid hostnames. - continue - } - staticTable[host] = creds - } - creds = auth.StaticCredentialsSource(staticTable) - } - - for helperType, helperConfig := range config.CredentialsHelpers { - log.Printf("[DEBUG] Searching for credentials helper named %q", helperType) - available := pluginDiscovery.FindPlugins("credentials", globalPluginDirs()) - available = available.WithName(helperType) - if available.Count() == 0 { - log.Printf("[ERROR] Unable to find credentials helper %q; ignoring", helperType) - break - } - - selected := available.Newest() - - helperSource := auth.HelperProgramCredentialsSource(selected.Path, helperConfig.Args...) - creds = auth.Credentials{ - creds, - auth.CachingCredentialsSource(helperSource), // cached because external operation may be slow/expensive - } - - // There should only be zero or one "credentials_helper" blocks. We - // assume that the config was validated earlier and so we don't check - // for extras here. - break - } - - return creds +func credentialsSource(config *Config) (auth.CredentialsSource, error) { + helperPlugins := pluginDiscovery.FindPlugins("credentials", globalPluginDirs()) + return config.CredentialsSource(helperPlugins) } diff --git a/main.go b/main.go index e75b0e460..5412a5b72 100644 --- a/main.go +++ b/main.go @@ -145,7 +145,16 @@ func wrappedMain() int { // Get any configured credentials from the config and initialize // a service discovery object. - credsSrc := credentialsSource(config) + credsSrc, err := credentialsSource(config) + if err != nil { + // Most commands don't actually need credentials, and most situations + // that would get us here would already have been reported by the config + // loading above, so we'll just log this one as an aid to debugging + // in the unlikely event that it _does_ arise. + log.Printf("[WARN] Cannot initialize remote host credentials manager: %s", err) + // credsSrc may be nil in this case, but that's okay because the disco + // object checks that and just acts as though no credentials are present. + } services := disco.NewWithCredentialsSource(credsSrc) // Initialize the backends.