From f6c90c1d96016f3e2f04a1396aa1dd192d70ab29 Mon Sep 17 00:00:00 2001 From: Luis Silva Date: Tue, 18 Jun 2019 13:47:13 +0100 Subject: [PATCH 1/4] Add OAuth2 token support for GCS backend --- backend/remote-state/gcs/backend.go | 27 ++++++++++++++++++++++--- website/docs/backends/types/gcs.html.md | 3 +++ 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/backend/remote-state/gcs/backend.go b/backend/remote-state/gcs/backend.go index f1e6b372a..f9a79c6d8 100644 --- a/backend/remote-state/gcs/backend.go +++ b/backend/remote-state/gcs/backend.go @@ -14,6 +14,7 @@ import ( "github.com/hashicorp/terraform/helper/pathorcontents" "github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/httpclient" + "golang.org/x/oauth2" "golang.org/x/oauth2/jwt" "google.golang.org/api/option" ) @@ -65,6 +66,15 @@ func New() backend.Backend { Default: "", }, + "access_token": { + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.MultiEnvDefaultFunc([]string{ + "GOOGLE_OAUTH_ACCESS_TOKEN", + }, nil), + Description: "An OAuth2 token used for GCP authentication", + }, + "encryption_key": { Type: schema.TypeString, Optional: true, @@ -116,12 +126,23 @@ func (b *Backend) configure(ctx context.Context) error { var opts []option.ClientOption - creds := data.Get("credentials").(string) - if creds == "" { + // Add credential source + var creds string + var tokenSource oauth2.TokenSource + + if v, ok := data.GetOk("access_token"); ok { + tokenSource = oauth2.StaticTokenSource(&oauth2.Token{ + AccessToken: v.(string), + }) + } else if v, ok := data.GetOk("credentials"); ok { + creds = v.(string) + } else { creds = os.Getenv("GOOGLE_CREDENTIALS") } - if creds != "" { + if tokenSource != nil { + opts = append(opts, option.WithTokenSource(tokenSource)) + } else if creds != "" { var account accountFile // to mirror how the provider works, we accept the file path or the contents diff --git a/website/docs/backends/types/gcs.html.md b/website/docs/backends/types/gcs.html.md index 25d5b34c9..72226b6d3 100644 --- a/website/docs/backends/types/gcs.html.md +++ b/website/docs/backends/types/gcs.html.md @@ -58,6 +58,9 @@ The following configuration options are supported: * `credentials` / `GOOGLE_CREDENTIALS` - (Optional) Local path to Google Cloud Platform account credentials in JSON format. If unset, [Google Application Default Credentials](https://developers.google.com/identity/protocols/application-default-credentials) are used. The provided credentials need to have the `devstorage.read_write` scope and `WRITER` permissions on the bucket. + * `access_token` - (Optional) A temporary [OAuth 2.0 access token] obtained from + the Google Authorization server, i.e. the `Authorization: Bearer` token used to + authenticate HTTP requests to GCP APIs. This is an alternative to `credentials`. If both are specified, `access_token` will be used over the `credentials` field. * `prefix` - (Optional) GCS prefix inside the bucket. Named states for workspaces are stored in an object called `/.tfstate`. * `path` - (Deprecated) GCS path to the state file of the default state. For backwards compatibility only, use `prefix` instead. * `encryption_key` / `GOOGLE_ENCRYPTION_KEY` - (Optional) A 32 byte base64 encoded 'customer supplied encryption key' used to encrypt all state. For more information see [Customer Supplied Encryption Keys](https://cloud.google.com/storage/docs/encryption#customer-supplied). From 0aae6283f964106a9f3fdca52856115d9fc32c64 Mon Sep 17 00:00:00 2001 From: Luis Silva Date: Fri, 5 Jul 2019 16:34:21 +0100 Subject: [PATCH 2/4] update version --- version/version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version/version.go b/version/version.go index 1c07e272b..518916aad 100644 --- a/version/version.go +++ b/version/version.go @@ -11,7 +11,7 @@ import ( ) // The main version number that is being run at the moment. -var Version = "0.12.4" +var Version = "0.12.3.1" // A pre-release marker for the version. If this is "" (empty string) // then it means that it is a final release. Otherwise, this is a pre-release From f22c9231ffb916e818e0c1f546a499636c25a0f8 Mon Sep 17 00:00:00 2001 From: Luis Silva Date: Fri, 5 Jul 2019 16:35:14 +0100 Subject: [PATCH 3/4] Revert "update version" This reverts commit 0aae6283f964106a9f3fdca52856115d9fc32c64. --- version/version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version/version.go b/version/version.go index 518916aad..1c07e272b 100644 --- a/version/version.go +++ b/version/version.go @@ -11,7 +11,7 @@ import ( ) // The main version number that is being run at the moment. -var Version = "0.12.3.1" +var Version = "0.12.4" // A pre-release marker for the version. If this is "" (empty string) // then it means that it is a final release. Otherwise, this is a pre-release From 3f56a7f71f9eb73b4f26d303dab32e3903062242 Mon Sep 17 00:00:00 2001 From: Kostas Theodorakopoulos Date: Tue, 13 Aug 2019 20:22:54 +0200 Subject: [PATCH 4/4] bump version --- version/version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version/version.go b/version/version.go index 1c07e272b..f10fc3724 100644 --- a/version/version.go +++ b/version/version.go @@ -11,7 +11,7 @@ import ( ) // The main version number that is being run at the moment. -var Version = "0.12.4" +var Version = "0.12.6" // A pre-release marker for the version. If this is "" (empty string) // then it means that it is a final release. Otherwise, this is a pre-release