Merge pull request #5114 from hashicorp/pr-4263
provider/aws: support custom endpoints for AWS EC2 ELB and IAM [GH-4263]
This commit is contained in:
commit
a1df07c919
|
@ -11,6 +11,8 @@ import (
|
|||
"github.com/hashicorp/go-cleanhttp"
|
||||
"github.com/hashicorp/go-multierror"
|
||||
|
||||
"crypto/tls"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
awsCredentials "github.com/aws/aws-sdk-go/aws/credentials"
|
||||
|
@ -61,6 +63,10 @@ type Config struct {
|
|||
|
||||
DynamoDBEndpoint string
|
||||
KinesisEndpoint string
|
||||
Ec2Endpoint string
|
||||
IamEndpoint string
|
||||
ElbEndpoint string
|
||||
Insecure bool
|
||||
}
|
||||
|
||||
type AWSClient struct {
|
||||
|
@ -136,9 +142,21 @@ func (c *Config) Client() (interface{}, error) {
|
|||
HTTPClient: cleanhttp.DefaultClient(),
|
||||
}
|
||||
|
||||
if c.Insecure {
|
||||
transport := awsConfig.HTTPClient.Transport.(*http.Transport)
|
||||
transport.TLSClientConfig = &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
}
|
||||
}
|
||||
|
||||
log.Println("[INFO] Initializing IAM Connection")
|
||||
sess := session.New(awsConfig)
|
||||
client.iamconn = iam.New(sess)
|
||||
|
||||
awsIamConfig := *awsConfig
|
||||
awsIamConfig.Endpoint = aws.String(c.IamEndpoint)
|
||||
|
||||
awsIamSess := session.New(&awsIamConfig)
|
||||
client.iamconn = iam.New(awsIamSess)
|
||||
|
||||
err = c.ValidateCredentials(client.iamconn)
|
||||
if err != nil {
|
||||
|
@ -166,7 +184,12 @@ func (c *Config) Client() (interface{}, error) {
|
|||
client.dynamodbconn = dynamodb.New(dynamoSess)
|
||||
|
||||
log.Println("[INFO] Initializing ELB connection")
|
||||
client.elbconn = elb.New(sess)
|
||||
awsElbConfig := *awsConfig
|
||||
awsElbConfig.Endpoint = aws.String(c.ElbEndpoint)
|
||||
|
||||
awsElbSess := session.New(&awsElbConfig)
|
||||
|
||||
client.elbconn = elb.New(awsElbSess)
|
||||
|
||||
log.Println("[INFO] Initializing S3 connection")
|
||||
client.s3conn = s3.New(sess)
|
||||
|
@ -199,7 +222,12 @@ func (c *Config) Client() (interface{}, error) {
|
|||
client.autoscalingconn = autoscaling.New(sess)
|
||||
|
||||
log.Println("[INFO] Initializing EC2 Connection")
|
||||
client.ec2conn = ec2.New(sess)
|
||||
|
||||
awsEc2Config := *awsConfig
|
||||
awsEc2Config.Endpoint = aws.String(c.Ec2Endpoint)
|
||||
|
||||
awsEc2Sess := session.New(&awsEc2Config)
|
||||
client.ec2conn = ec2.New(awsEc2Sess)
|
||||
|
||||
log.Println("[INFO] Initializing ECR Connection")
|
||||
client.ecrconn = ecr.New(sess)
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/hashcode"
|
||||
"github.com/hashicorp/terraform/helper/mutexkv"
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
"github.com/hashicorp/terraform/terraform"
|
||||
|
@ -96,6 +100,14 @@ func Provider() terraform.ResourceProvider {
|
|||
Default: "",
|
||||
Description: descriptions["kinesis_endpoint"],
|
||||
},
|
||||
"endpoints": endpointsSchema(),
|
||||
|
||||
"insecure": &schema.Schema{
|
||||
Type: schema.TypeBool,
|
||||
Optional: true,
|
||||
Default: false,
|
||||
Description: descriptions["insecure"],
|
||||
},
|
||||
},
|
||||
|
||||
ResourcesMap: map[string]*schema.Resource{
|
||||
|
@ -249,6 +261,15 @@ func init() {
|
|||
|
||||
"kinesis_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n" +
|
||||
"It's typically used to connect to kinesalite.",
|
||||
|
||||
"iam_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n",
|
||||
|
||||
"ec2_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n",
|
||||
|
||||
"elb_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n",
|
||||
|
||||
"insecure": "Explicitly allow the provider to perform \"insecure\" SSL requests. If omitted," +
|
||||
"default value is `false`",
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -263,6 +284,16 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
|
|||
MaxRetries: d.Get("max_retries").(int),
|
||||
DynamoDBEndpoint: d.Get("dynamodb_endpoint").(string),
|
||||
KinesisEndpoint: d.Get("kinesis_endpoint").(string),
|
||||
Insecure: d.Get("insecure").(bool),
|
||||
}
|
||||
|
||||
endpointsSet := d.Get("endpoints").(*schema.Set)
|
||||
|
||||
for _, endpointsSetI := range endpointsSet.List() {
|
||||
endpoints := endpointsSetI.(map[string]interface{})
|
||||
config.IamEndpoint = endpoints["iam"].(string)
|
||||
config.Ec2Endpoint = endpoints["ec2"].(string)
|
||||
config.ElbEndpoint = endpoints["elb"].(string)
|
||||
}
|
||||
|
||||
if v, ok := d.GetOk("allowed_account_ids"); ok {
|
||||
|
@ -278,3 +309,45 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
|
|||
|
||||
// This is a global MutexKV for use within this plugin.
|
||||
var awsMutexKV = mutexkv.NewMutexKV()
|
||||
|
||||
func endpointsSchema() *schema.Schema {
|
||||
return &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"iam": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Default: "",
|
||||
Description: descriptions["iam_endpoint"],
|
||||
},
|
||||
|
||||
"ec2": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Default: "",
|
||||
Description: descriptions["ec2_endpoint"],
|
||||
},
|
||||
|
||||
"elb": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Default: "",
|
||||
Description: descriptions["elb_endpoint"],
|
||||
},
|
||||
},
|
||||
},
|
||||
Set: endpointsToHash,
|
||||
}
|
||||
}
|
||||
|
||||
func endpointsToHash(v interface{}) int {
|
||||
var buf bytes.Buffer
|
||||
m := v.(map[string]interface{})
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["iam"].(string)))
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["ec2"].(string)))
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["elb"].(string)))
|
||||
|
||||
return hashcode.String(buf.String())
|
||||
}
|
||||
|
|
|
@ -133,9 +133,27 @@ The following arguments are supported in the `provider` block:
|
|||
to prevent you mistakenly using a wrong one (and end up destroying live environment).
|
||||
Conflicts with `allowed_account_ids`.
|
||||
|
||||
* `insecure` - (Optional) Optional) Explicitly allow the provider to
|
||||
perform "insecure" SSL requests. If omitted, default value is `false`
|
||||
|
||||
* `dynamodb_endpoint` - (Optional) Use this to override the default endpoint
|
||||
URL constructed from the `region`. It's typically used to connect to
|
||||
dynamodb-local.
|
||||
|
||||
* `kinesis_endpoint` - (Optional) Use this to override the default endpoint URL
|
||||
constructed from the `region`. It's typically used to connect to kinesalite.
|
||||
* `kinesis_endpoint` - (Optional) Use this to override the default endpoint
|
||||
URL constructed from the `region`. It's typically used to connect to
|
||||
kinesalite.
|
||||
|
||||
Nested `endpoints` block supports the followings:
|
||||
|
||||
* `iam` - (Optional) Use this to override the default endpoint
|
||||
URL constructed from the `region`. It's typically used to connect to
|
||||
custom iam endpoints.
|
||||
|
||||
* `ec2` - (Optional) Use this to override the default endpoint
|
||||
URL constructed from the `region`. It's typically used to connect to
|
||||
custom ec2 endpoints.
|
||||
|
||||
* `elb` - (Optional) Use this to override the default endpoint
|
||||
URL constructed from the `region`. It's typically used to connect to
|
||||
custom elb endpoints.
|
Loading…
Reference in New Issue