Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S3 Remote State Backend #1723

Merged
merged 5 commits into from
Apr 30, 2015
Merged

S3 Remote State Backend #1723

merged 5 commits into from
Apr 30, 2015

Conversation

apparentlymart
Copy link
Contributor

This is a rewrite of @kubek2k's earlier work in terms of both the new remote state API and the new AWS client.

Pushing this now for early review to see if I'm on the right track, though I know I still have some unit and acceptance tests to write, which will follow in a subsequent commit.

mitchellh
mitchellh reviewed Apr 29, 2015
View reviewed changes
state/remote/s3.go
accessKeyId := conf["access_key"]
secretAccessKey := conf["secret_key"]

credentials := aws.DetectCreds(accessKeyId, secretAccessKey, "")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a way we can check if the credentials didn't load here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One of the possible return values here is a provider that will, on request, try to hit the IAM role key provisioning endpoint to obtain a temporary key if Terraform is being run on a machine in EC2. Thus as far as I could tell it isn't possible to determine if the credentials object will work until the first request is made and it attempts to reach out to the provisioning endpoint.

I allowed for this case because I thought instance IAM keys would be pretty useful for granting only a specific set of build/deploy worker machines read/write access to the S3 bucket, without having to distribute user-level credentials.

However, I'd agree that the resulting user experience is a little odd if you happen to run without credentials on a non-EC2 machine. (It fails with a big error that talks about being unable to reach a URL on 169.254.169.254, which would be quite opaque to someone who doesn't know how EC2 meta-data/user-data work behind the scenes.)

@mitchellh
Copy link
Contributor

Looks good! Add a test (its really easy, its almost a one-liner, look at the other tests) to verify this thing works and it looks good.

@apparentlymart
S3 remote stage storage backend, against the new remote state API.
53e93d6 
Stores state in a particular key in a given S3 bucket.
@apparentlymart
Copy link
Contributor Author

@mitchellh I have updated the commit with basic a basic unit test, an acceptance test, and docs.

I also figured out how to test the credentials within the factory, so it will now fail early if no credentials are provided.

This was referenced Apr 30, 2015
Closed
Closed
@mitchellh
Copy link
Contributor

Perfect. And the test looks good. Thanks!

mitchellh added a commit that referenced this pull request Apr 30, 2015
@mitchellh
Merge pull request #1723 from apparentlymart/s3remotestate
af5ac59 
S3 Remote State Backend
@mitchellh mitchellh merged commit af5ac59 into hashicorp:master Apr 30, 2015
@ghost
Copy link

ghost commented May 3, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators May 3, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@apparentlymart @mitchellh @kubek2k