Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

provider/aws: support custom endpoints for AWS EC2 ELB and IAM [GH-4263] #5114

Merged
merged 3 commits into from
Feb 12, 2016
Merged

provider/aws: support custom endpoints for AWS EC2 ELB and IAM [GH-4263] #5114

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
231604e
support custom endpoints for AWS EC2 ELB and IAM
turkenh Dec 11, 2015
e41266e
Move endpoint options into endpoints block
Feb 7, 2016
766dac4
update documentation
Feb 8, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 31 additions & 3 deletions builtin/providers/aws/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ import (
"github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/go-multierror"

"crypto/tls"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
awsCredentials "github.com/aws/aws-sdk-go/aws/credentials"
Expand Down Expand Up @@ -61,6 +63,10 @@ type Config struct {

DynamoDBEndpoint string
KinesisEndpoint string
Ec2Endpoint string
IamEndpoint string
ElbEndpoint string
Insecure bool
}

type AWSClient struct {
Expand Down Expand Up @@ -136,9 +142,21 @@ func (c *Config) Client() (interface{}, error) {
HTTPClient: cleanhttp.DefaultClient(),
}

if c.Insecure {
transport := awsConfig.HTTPClient.Transport.(*http.Transport)
transport.TLSClientConfig = &tls.Config{
InsecureSkipVerify: true,
}
}

log.Println("[INFO] Initializing IAM Connection")
sess := session.New(awsConfig)
client.iamconn = iam.New(sess)

awsIamConfig := *awsConfig
awsIamConfig.Endpoint = aws.String(c.IamEndpoint)

awsIamSess := session.New(&awsIamConfig)
client.iamconn = iam.New(awsIamSess)

err = c.ValidateCredentials(client.iamconn)
if err != nil {
Expand Down Expand Up @@ -166,7 +184,12 @@ func (c *Config) Client() (interface{}, error) {
client.dynamodbconn = dynamodb.New(dynamoSess)

log.Println("[INFO] Initializing ELB connection")
client.elbconn = elb.New(sess)
awsElbConfig := *awsConfig
awsElbConfig.Endpoint = aws.String(c.ElbEndpoint)

awsElbSess := session.New(&awsElbConfig)

client.elbconn = elb.New(awsElbSess)

log.Println("[INFO] Initializing S3 connection")
client.s3conn = s3.New(sess)
Expand Down Expand Up @@ -199,7 +222,12 @@ func (c *Config) Client() (interface{}, error) {
client.autoscalingconn = autoscaling.New(sess)

log.Println("[INFO] Initializing EC2 Connection")
client.ec2conn = ec2.New(sess)

awsEc2Config := *awsConfig
awsEc2Config.Endpoint = aws.String(c.Ec2Endpoint)

awsEc2Sess := session.New(&awsEc2Config)
client.ec2conn = ec2.New(awsEc2Sess)

log.Println("[INFO] Initializing ECR Connection")
client.ecrconn = ecr.New(sess)
Expand Down
73 changes: 73 additions & 0 deletions builtin/providers/aws/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
package aws

import (
"bytes"
"fmt"

"github.com/hashicorp/terraform/helper/hashcode"
"github.com/hashicorp/terraform/helper/mutexkv"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/terraform"
Expand Down Expand Up @@ -96,6 +100,14 @@ func Provider() terraform.ResourceProvider {
Default: "",
Description: descriptions["kinesis_endpoint"],
},
"endpoints": endpointsSchema(),

"insecure": &schema.Schema{
Type: schema.TypeBool,
Optional: true,
Default: false,
Description: descriptions["insecure"],
},
},

ResourcesMap: map[string]*schema.Resource{
Expand Down Expand Up @@ -249,6 +261,15 @@ func init() {

"kinesis_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n" +
"It's typically used to connect to kinesalite.",

"iam_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n",

"ec2_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n",

"elb_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n",

"insecure": "Explicitly allow the provider to perform \"insecure\" SSL requests. If omitted," +
"default value is `false`",
}
}

Expand All @@ -263,6 +284,16 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
MaxRetries: d.Get("max_retries").(int),
DynamoDBEndpoint: d.Get("dynamodb_endpoint").(string),
KinesisEndpoint: d.Get("kinesis_endpoint").(string),
Insecure: d.Get("insecure").(bool),
}

endpointsSet := d.Get("endpoints").(*schema.Set)

for _, endpointsSetI := range endpointsSet.List() {
endpoints := endpointsSetI.(map[string]interface{})
config.IamEndpoint = endpoints["iam"].(string)
config.Ec2Endpoint = endpoints["ec2"].(string)
config.ElbEndpoint = endpoints["elb"].(string)
}

if v, ok := d.GetOk("allowed_account_ids"); ok {
Expand All @@ -278,3 +309,45 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {

// This is a global MutexKV for use within this plugin.
var awsMutexKV = mutexkv.NewMutexKV()

func endpointsSchema() *schema.Schema {
return &schema.Schema{
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"iam": &schema.Schema{
Type: schema.TypeString,
Optional: true,
Default: "",
Description: descriptions["iam_endpoint"],
},

"ec2": &schema.Schema{
Type: schema.TypeString,
Optional: true,
Default: "",
Description: descriptions["ec2_endpoint"],
},

"elb": &schema.Schema{
Type: schema.TypeString,
Optional: true,
Default: "",
Description: descriptions["elb_endpoint"],
},
},
},
Set: endpointsToHash,
}
}

func endpointsToHash(v interface{}) int {
var buf bytes.Buffer
m := v.(map[string]interface{})
buf.WriteString(fmt.Sprintf("%s-", m["iam"].(string)))
buf.WriteString(fmt.Sprintf("%s-", m["ec2"].(string)))
buf.WriteString(fmt.Sprintf("%s-", m["elb"].(string)))

return hashcode.String(buf.String())
}
22 changes: 20 additions & 2 deletions website/source/docs/providers/aws/index.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,9 +133,27 @@ The following arguments are supported in the `provider` block:
to prevent you mistakenly using a wrong one (and end up destroying live environment).
Conflicts with `allowed_account_ids`.

* `insecure` - (Optional) Optional) Explicitly allow the provider to
perform "insecure" SSL requests. If omitted, default value is `false`

* `dynamodb_endpoint` - (Optional) Use this to override the default endpoint
URL constructed from the `region`. It's typically used to connect to
dynamodb-local.

* `kinesis_endpoint` - (Optional) Use this to override the default endpoint URL
constructed from the `region`. It's typically used to connect to kinesalite.
* `kinesis_endpoint` - (Optional) Use this to override the default endpoint
URL constructed from the `region`. It's typically used to connect to
kinesalite.

Nested `endpoints` block supports the followings:

* `iam` - (Optional) Use this to override the default endpoint
URL constructed from the `region`. It's typically used to connect to
custom iam endpoints.

* `ec2` - (Optional) Use this to override the default endpoint
URL constructed from the `region`. It's typically used to connect to
custom ec2 endpoints.

* `elb` - (Optional) Use this to override the default endpoint
URL constructed from the `region`. It's typically used to connect to
custom elb endpoints.