Support for creds detection added

hashicorp · Mar 16, 2015 · 1654242 · 1654242
1 parent dc4abb4
commit 1654242
Show file tree

Hide file tree

Showing 2 changed files with 108 additions and 31 deletions.
diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
@@ -3,8 +3,7 @@ package aws
 import (
 	"fmt"
 	"log"
-
-	"github.com/hashicorp/terraform/helper/multierror"
+	"time"
 
 	"github.com/hashicorp/aws-sdk-go/aws"
 	"github.com/hashicorp/aws-sdk-go/gen/autoscaling"
@@ -13,13 +12,17 @@ import (
 	"github.com/hashicorp/aws-sdk-go/gen/rds"
 	"github.com/hashicorp/aws-sdk-go/gen/route53"
 	"github.com/hashicorp/aws-sdk-go/gen/s3"
+	"github.com/hashicorp/terraform/helper/multierror"
 )
 
 type Config struct {
-	AccessKey string
-	SecretKey string
-	Token     string
-	Region    string
+	AccessKey              string
+	SecretKey              string
+	Token                  string
+	CredentialsFilePath    string
+	CredentialsFileProfile string
+	Region                 string
+	Provider               aws.CredentialsProvider
 }
 
 type AWSClient struct {
@@ -32,6 +35,43 @@ type AWSClient struct {
 	rdsconn         *rds.RDS
 }
 
+func (c *Config) loadAndValidate(providerCode string) (interface{}, error) {
+	var credsProvider aws.CredentialsProvider
+	var err error
+	var errs []error
+
+	if providerCode == "static" {
+		credsProvider = aws.Creds(c.AccessKey, c.SecretKey, c.Token)
+	} else if providerCode == "iam" {
+		credsProvider = aws.IAMCreds()
+	} else if providerCode == "env" {
+		credsProvider, err = aws.EnvCreds()
+		if err != nil {
+			errs = append(errs, err)
+		}
+	} else if providerCode == "file" {
+		credsProvider, err = aws.ProfileCreds(
+			c.CredentialsFilePath, c.CredentialsFileProfile, 10*time.Minute)
+		if err != nil {
+			errs = append(errs, err)
+		}
+	} else {
+		credsProvider = aws.DetectCreds(c.AccessKey, c.SecretKey, c.Token)
+	}
+
+	if _, err := credsProvider.Credentials(); err != nil {
+		errs = append(errs, err)
+	}
+
+	if len(errs) > 0 {
+		return nil, &multierror.Error{Errors: errs}
+	}
+
+	c.Provider = credsProvider
+
+	return c.Client()
+}
+
 // Client configures and returns a fully initailized AWSClient
 func (c *Config) Client() (interface{}, error) {
 	var client AWSClient
@@ -50,9 +90,7 @@ func (c *Config) Client() (interface{}, error) {
 		// store AWS region in client struct, for region specific operations such as
 		// bucket storage in S3
 		client.region = c.Region
-
-		log.Println("[INFO] Building AWS auth structure")
-		creds := aws.Creds(c.AccessKey, c.SecretKey, c.Token)
+		creds := c.Provider
 
 		log.Println("[INFO] Initializing ELB connection")
 		client.elbconn = elb.New(creds, c.Region, nil)

diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
@@ -1,6 +1,8 @@
 package aws
 
 import (
+	"log"
+
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/terraform"
 )
@@ -13,32 +15,47 @@ func Provider() terraform.ResourceProvider {
 	return &schema.Provider{
 		Schema: map[string]*schema.Schema{
 			"access_key": &schema.Schema{
-				Type:     schema.TypeString,
-				Required: true,
-				DefaultFunc: schema.MultiEnvDefaultFunc([]string{
-					"AWS_ACCESS_KEY",
-					"AWS_ACCESS_KEY_ID",
-				}, nil),
+				Type:        schema.TypeString,
+				Optional:    true,
 				Description: descriptions["access_key"],
 			},
 
 			"secret_key": &schema.Schema{
-				Type:     schema.TypeString,
-				Required: true,
-				DefaultFunc: schema.MultiEnvDefaultFunc([]string{
-					"AWS_SECRET_KEY",
-					"AWS_SECRET_ACCESS_KEY",
-				}, nil),
+				Type:        schema.TypeString,
+				Optional:    true,
 				Description: descriptions["secret_key"],
 			},
 
+			"security_token": &schema.Schema{
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: descriptions["security_token"],
+			},
+
+			"credentials_provider": &schema.Schema{
+				Type:         schema.TypeString,
+				Optional:     true,
+				InputDefault: "detect",
+				Description:  descriptions["credentials_provider"],
+			},
+
+			"credentials_file_path": &schema.Schema{
+				Type:         schema.TypeString,
+				Optional:     true,
+				InputDefault: "",
+				Description:  descriptions["credentials_file_path"],
+			},
+
+			"credentials_file_profile": &schema.Schema{
+				Type:         schema.TypeString,
+				Optional:     true,
+				InputDefault: "",
+				Description:  descriptions["credentials_file_profile"],
+			},
+
 			"region": &schema.Schema{
-				Type:     schema.TypeString,
-				Required: true,
-				DefaultFunc: schema.MultiEnvDefaultFunc([]string{
-					"AWS_REGION",
-					"AWS_DEFAULT_REGION",
-				}, nil),
+				Type:         schema.TypeString,
+				Optional:     true,
 				Description:  descriptions["region"],
 				InputDefault: "us-east-1",
 			},
@@ -85,15 +102,37 @@ func init() {
 
 		"secret_key": "The secret key for API operations. You can retrieve this\n" +
 			"from the 'Security & Credentials' section of the AWS console.",
+
+		"security_token": "Bla blah",
+
+		"credentials_provider": "Which provider to use (static | iam | env | file)\n" +
+			"Defaults to detect",
+
+		"credentials_file_path": "Path to file with credentials. Default\n" +
+			"is ~/.aws/credentials. Implies credentials_provider=file",
+
+		"credentials_file_profile": "Profile name in credentials file." +
+			"Default is 'default'. Implies credentials_provider=file",
 	}
 }
 
 func providerConfigure(d *schema.ResourceData) (interface{}, error) {
+	log.Printf("Provided %s: %#v", "access_key", d.Get("access_key"))
+	log.Printf("Provided %s: %#v", "secret_key", d.Get("secret_key"))
+	log.Printf("Provided %s: %#v", "security_token", d.Get("security_token"))
+	log.Printf("Provided %s: %#v", "credentials_file_path", d.Get("credentials_file_path"))
+	log.Printf("Provided %s: %#v", "credentials_file_profile", d.Get("credentials_file_profile"))
+	log.Printf("Provided %s: %#v", "region", d.Get("region"))
+	log.Printf("Provided %s: %#v", "credentials_provider", d.Get("credentials_provider"))
+
 	config := Config{
-		AccessKey: d.Get("access_key").(string),
-		SecretKey: d.Get("secret_key").(string),
-		Region:    d.Get("region").(string),
+		AccessKey:              d.Get("access_key").(string),
+		SecretKey:              d.Get("secret_key").(string),
+		Token:                  d.Get("security_token").(string),
+		CredentialsFilePath:    d.Get("credentials_file_path").(string),
+		CredentialsFileProfile: d.Get("credentials_file_profile").(string),
+		Region:                 d.Get("region").(string),
 	}
 
-	return config.Client()
+	return config.loadAndValidate(d.Get("credentials_provider").(string))
 }