github.com/ojiry/terraform@v0.8.2-0.20161218223921-e50cec712c4a/builtin/providers/aws/provider.go (about) 1 package aws 2 3 import ( 4 "bytes" 5 "fmt" 6 "log" 7 8 "github.com/hashicorp/terraform/helper/hashcode" 9 "github.com/hashicorp/terraform/helper/mutexkv" 10 "github.com/hashicorp/terraform/helper/schema" 11 "github.com/hashicorp/terraform/terraform" 12 ) 13 14 // Provider returns a terraform.ResourceProvider. 15 func Provider() terraform.ResourceProvider { 16 // TODO: Move the validation to this, requires conditional schemas 17 // TODO: Move the configuration to this, requires validation 18 19 // The actual provider 20 return &schema.Provider{ 21 Schema: map[string]*schema.Schema{ 22 "access_key": { 23 Type: schema.TypeString, 24 Optional: true, 25 Default: "", 26 Description: descriptions["access_key"], 27 }, 28 29 "secret_key": { 30 Type: schema.TypeString, 31 Optional: true, 32 Default: "", 33 Description: descriptions["secret_key"], 34 }, 35 36 "profile": { 37 Type: schema.TypeString, 38 Optional: true, 39 Default: "", 40 Description: descriptions["profile"], 41 }, 42 43 "assume_role": assumeRoleSchema(), 44 45 "shared_credentials_file": { 46 Type: schema.TypeString, 47 Optional: true, 48 Default: "", 49 Description: descriptions["shared_credentials_file"], 50 }, 51 52 "token": { 53 Type: schema.TypeString, 54 Optional: true, 55 Default: "", 56 Description: descriptions["token"], 57 }, 58 59 "region": { 60 Type: schema.TypeString, 61 Required: true, 62 DefaultFunc: schema.MultiEnvDefaultFunc([]string{ 63 "AWS_REGION", 64 "AWS_DEFAULT_REGION", 65 }, nil), 66 Description: descriptions["region"], 67 InputDefault: "us-east-1", 68 }, 69 70 "max_retries": { 71 Type: schema.TypeInt, 72 Optional: true, 73 Default: 11, 74 Description: descriptions["max_retries"], 75 }, 76 77 "allowed_account_ids": { 78 Type: schema.TypeSet, 79 Elem: &schema.Schema{Type: schema.TypeString}, 80 Optional: true, 81 ConflictsWith: []string{"forbidden_account_ids"}, 82 Set: schema.HashString, 83 }, 84 85 "forbidden_account_ids": { 86 Type: schema.TypeSet, 87 Elem: &schema.Schema{Type: schema.TypeString}, 88 Optional: true, 89 ConflictsWith: []string{"allowed_account_ids"}, 90 Set: schema.HashString, 91 }, 92 93 "dynamodb_endpoint": { 94 Type: schema.TypeString, 95 Optional: true, 96 Default: "", 97 Description: descriptions["dynamodb_endpoint"], 98 }, 99 100 "kinesis_endpoint": { 101 Type: schema.TypeString, 102 Optional: true, 103 Default: "", 104 Description: descriptions["kinesis_endpoint"], 105 }, 106 107 "endpoints": endpointsSchema(), 108 109 "insecure": { 110 Type: schema.TypeBool, 111 Optional: true, 112 Default: false, 113 Description: descriptions["insecure"], 114 }, 115 116 "skip_credentials_validation": { 117 Type: schema.TypeBool, 118 Optional: true, 119 Default: false, 120 Description: descriptions["skip_credentials_validation"], 121 }, 122 123 "skip_requesting_account_id": { 124 Type: schema.TypeBool, 125 Optional: true, 126 Default: false, 127 Description: descriptions["skip_requesting_account_id"], 128 }, 129 130 "skip_metadata_api_check": { 131 Type: schema.TypeBool, 132 Optional: true, 133 Default: false, 134 Description: descriptions["skip_metadata_api_check"], 135 }, 136 137 "s3_force_path_style": { 138 Type: schema.TypeBool, 139 Optional: true, 140 Default: false, 141 Description: descriptions["s3_force_path_style"], 142 }, 143 }, 144 145 DataSourcesMap: map[string]*schema.Resource{ 146 "aws_acm_certificate": dataSourceAwsAcmCertificate(), 147 "aws_alb": dataSourceAwsAlb(), 148 "aws_alb_listener": dataSourceAwsAlbListener(), 149 "aws_ami": dataSourceAwsAmi(), 150 "aws_availability_zone": dataSourceAwsAvailabilityZone(), 151 "aws_availability_zones": dataSourceAwsAvailabilityZones(), 152 "aws_billing_service_account": dataSourceAwsBillingServiceAccount(), 153 "aws_caller_identity": dataSourceAwsCallerIdentity(), 154 "aws_cloudformation_stack": dataSourceAwsCloudFormationStack(), 155 "aws_ebs_snapshot": dataSourceAwsEbsSnapshot(), 156 "aws_ebs_volume": dataSourceAwsEbsVolume(), 157 "aws_ecs_container_definition": dataSourceAwsEcsContainerDefinition(), 158 "aws_eip": dataSourceAwsEip(), 159 "aws_elb_service_account": dataSourceAwsElbServiceAccount(), 160 "aws_iam_account_alias": dataSourceAwsIamAccountAlias(), 161 "aws_iam_policy_document": dataSourceAwsIamPolicyDocument(), 162 "aws_iam_server_certificate": dataSourceAwsIAMServerCertificate(), 163 "aws_ip_ranges": dataSourceAwsIPRanges(), 164 "aws_prefix_list": dataSourceAwsPrefixList(), 165 "aws_redshift_service_account": dataSourceAwsRedshiftServiceAccount(), 166 "aws_region": dataSourceAwsRegion(), 167 "aws_route_table": dataSourceAwsRouteTable(), 168 "aws_route53_zone": dataSourceAwsRoute53Zone(), 169 "aws_s3_bucket_object": dataSourceAwsS3BucketObject(), 170 "aws_subnet": dataSourceAwsSubnet(), 171 "aws_security_group": dataSourceAwsSecurityGroup(), 172 "aws_vpc": dataSourceAwsVpc(), 173 "aws_vpc_endpoint_service": dataSourceAwsVpcEndpointService(), 174 }, 175 176 ResourcesMap: map[string]*schema.Resource{ 177 "aws_alb": resourceAwsAlb(), 178 "aws_alb_listener": resourceAwsAlbListener(), 179 "aws_alb_listener_rule": resourceAwsAlbListenerRule(), 180 "aws_alb_target_group": resourceAwsAlbTargetGroup(), 181 "aws_alb_target_group_attachment": resourceAwsAlbTargetGroupAttachment(), 182 "aws_ami": resourceAwsAmi(), 183 "aws_ami_copy": resourceAwsAmiCopy(), 184 "aws_ami_from_instance": resourceAwsAmiFromInstance(), 185 "aws_ami_launch_permission": resourceAwsAmiLaunchPermission(), 186 "aws_api_gateway_account": resourceAwsApiGatewayAccount(), 187 "aws_api_gateway_api_key": resourceAwsApiGatewayApiKey(), 188 "aws_api_gateway_authorizer": resourceAwsApiGatewayAuthorizer(), 189 "aws_api_gateway_base_path_mapping": resourceAwsApiGatewayBasePathMapping(), 190 "aws_api_gateway_client_certificate": resourceAwsApiGatewayClientCertificate(), 191 "aws_api_gateway_deployment": resourceAwsApiGatewayDeployment(), 192 "aws_api_gateway_domain_name": resourceAwsApiGatewayDomainName(), 193 "aws_api_gateway_integration": resourceAwsApiGatewayIntegration(), 194 "aws_api_gateway_integration_response": resourceAwsApiGatewayIntegrationResponse(), 195 "aws_api_gateway_method": resourceAwsApiGatewayMethod(), 196 "aws_api_gateway_method_response": resourceAwsApiGatewayMethodResponse(), 197 "aws_api_gateway_model": resourceAwsApiGatewayModel(), 198 "aws_api_gateway_resource": resourceAwsApiGatewayResource(), 199 "aws_api_gateway_rest_api": resourceAwsApiGatewayRestApi(), 200 "aws_app_cookie_stickiness_policy": resourceAwsAppCookieStickinessPolicy(), 201 "aws_appautoscaling_target": resourceAwsAppautoscalingTarget(), 202 "aws_appautoscaling_policy": resourceAwsAppautoscalingPolicy(), 203 "aws_autoscaling_attachment": resourceAwsAutoscalingAttachment(), 204 "aws_autoscaling_group": resourceAwsAutoscalingGroup(), 205 "aws_autoscaling_notification": resourceAwsAutoscalingNotification(), 206 "aws_autoscaling_policy": resourceAwsAutoscalingPolicy(), 207 "aws_autoscaling_schedule": resourceAwsAutoscalingSchedule(), 208 "aws_cloudformation_stack": resourceAwsCloudFormationStack(), 209 "aws_cloudfront_distribution": resourceAwsCloudFrontDistribution(), 210 "aws_cloudfront_origin_access_identity": resourceAwsCloudFrontOriginAccessIdentity(), 211 "aws_cloudtrail": resourceAwsCloudTrail(), 212 "aws_cloudwatch_event_rule": resourceAwsCloudWatchEventRule(), 213 "aws_cloudwatch_event_target": resourceAwsCloudWatchEventTarget(), 214 "aws_cloudwatch_log_group": resourceAwsCloudWatchLogGroup(), 215 "aws_cloudwatch_log_metric_filter": resourceAwsCloudWatchLogMetricFilter(), 216 "aws_cloudwatch_log_stream": resourceAwsCloudWatchLogStream(), 217 "aws_cloudwatch_log_subscription_filter": resourceAwsCloudwatchLogSubscriptionFilter(), 218 "aws_autoscaling_lifecycle_hook": resourceAwsAutoscalingLifecycleHook(), 219 "aws_cloudwatch_metric_alarm": resourceAwsCloudWatchMetricAlarm(), 220 "aws_codedeploy_app": resourceAwsCodeDeployApp(), 221 "aws_codedeploy_deployment_group": resourceAwsCodeDeployDeploymentGroup(), 222 "aws_codecommit_repository": resourceAwsCodeCommitRepository(), 223 "aws_codecommit_trigger": resourceAwsCodeCommitTrigger(), 224 "aws_customer_gateway": resourceAwsCustomerGateway(), 225 "aws_db_event_subscription": resourceAwsDbEventSubscription(), 226 "aws_db_instance": resourceAwsDbInstance(), 227 "aws_db_option_group": resourceAwsDbOptionGroup(), 228 "aws_db_parameter_group": resourceAwsDbParameterGroup(), 229 "aws_db_security_group": resourceAwsDbSecurityGroup(), 230 "aws_db_subnet_group": resourceAwsDbSubnetGroup(), 231 "aws_directory_service_directory": resourceAwsDirectoryServiceDirectory(), 232 "aws_dynamodb_table": resourceAwsDynamoDbTable(), 233 "aws_ebs_snapshot": resourceAwsEbsSnapshot(), 234 "aws_ebs_volume": resourceAwsEbsVolume(), 235 "aws_ecr_repository": resourceAwsEcrRepository(), 236 "aws_ecr_repository_policy": resourceAwsEcrRepositoryPolicy(), 237 "aws_ecs_cluster": resourceAwsEcsCluster(), 238 "aws_ecs_service": resourceAwsEcsService(), 239 "aws_ecs_task_definition": resourceAwsEcsTaskDefinition(), 240 "aws_efs_file_system": resourceAwsEfsFileSystem(), 241 "aws_efs_mount_target": resourceAwsEfsMountTarget(), 242 "aws_eip": resourceAwsEip(), 243 "aws_eip_association": resourceAwsEipAssociation(), 244 "aws_elasticache_cluster": resourceAwsElasticacheCluster(), 245 "aws_elasticache_parameter_group": resourceAwsElasticacheParameterGroup(), 246 "aws_elasticache_replication_group": resourceAwsElasticacheReplicationGroup(), 247 "aws_elasticache_security_group": resourceAwsElasticacheSecurityGroup(), 248 "aws_elasticache_subnet_group": resourceAwsElasticacheSubnetGroup(), 249 "aws_elastic_beanstalk_application": resourceAwsElasticBeanstalkApplication(), 250 "aws_elastic_beanstalk_configuration_template": resourceAwsElasticBeanstalkConfigurationTemplate(), 251 "aws_elastic_beanstalk_environment": resourceAwsElasticBeanstalkEnvironment(), 252 "aws_elasticsearch_domain": resourceAwsElasticSearchDomain(), 253 "aws_elastictranscoder_pipeline": resourceAwsElasticTranscoderPipeline(), 254 "aws_elastictranscoder_preset": resourceAwsElasticTranscoderPreset(), 255 "aws_elb": resourceAwsElb(), 256 "aws_elb_attachment": resourceAwsElbAttachment(), 257 "aws_emr_cluster": resourceAwsEMRCluster(), 258 "aws_emr_instance_group": resourceAwsEMRInstanceGroup(), 259 "aws_flow_log": resourceAwsFlowLog(), 260 "aws_glacier_vault": resourceAwsGlacierVault(), 261 "aws_iam_access_key": resourceAwsIamAccessKey(), 262 "aws_iam_account_password_policy": resourceAwsIamAccountPasswordPolicy(), 263 "aws_iam_group_policy": resourceAwsIamGroupPolicy(), 264 "aws_iam_group": resourceAwsIamGroup(), 265 "aws_iam_group_membership": resourceAwsIamGroupMembership(), 266 "aws_iam_group_policy_attachment": resourceAwsIamGroupPolicyAttachment(), 267 "aws_iam_instance_profile": resourceAwsIamInstanceProfile(), 268 "aws_iam_policy": resourceAwsIamPolicy(), 269 "aws_iam_policy_attachment": resourceAwsIamPolicyAttachment(), 270 "aws_iam_role_policy_attachment": resourceAwsIamRolePolicyAttachment(), 271 "aws_iam_role_policy": resourceAwsIamRolePolicy(), 272 "aws_iam_role": resourceAwsIamRole(), 273 "aws_iam_saml_provider": resourceAwsIamSamlProvider(), 274 "aws_iam_server_certificate": resourceAwsIAMServerCertificate(), 275 "aws_iam_user_policy_attachment": resourceAwsIamUserPolicyAttachment(), 276 "aws_iam_user_policy": resourceAwsIamUserPolicy(), 277 "aws_iam_user_ssh_key": resourceAwsIamUserSshKey(), 278 "aws_iam_user": resourceAwsIamUser(), 279 "aws_iam_user_login_profile": resourceAwsIamUserLoginProfile(), 280 "aws_instance": resourceAwsInstance(), 281 "aws_internet_gateway": resourceAwsInternetGateway(), 282 "aws_key_pair": resourceAwsKeyPair(), 283 "aws_kinesis_firehose_delivery_stream": resourceAwsKinesisFirehoseDeliveryStream(), 284 "aws_kinesis_stream": resourceAwsKinesisStream(), 285 "aws_kms_alias": resourceAwsKmsAlias(), 286 "aws_kms_key": resourceAwsKmsKey(), 287 "aws_lambda_function": resourceAwsLambdaFunction(), 288 "aws_lambda_event_source_mapping": resourceAwsLambdaEventSourceMapping(), 289 "aws_lambda_alias": resourceAwsLambdaAlias(), 290 "aws_lambda_permission": resourceAwsLambdaPermission(), 291 "aws_launch_configuration": resourceAwsLaunchConfiguration(), 292 "aws_lightsail_domain": resourceAwsLightsailDomain(), 293 "aws_lightsail_instance": resourceAwsLightsailInstance(), 294 "aws_lightsail_key_pair": resourceAwsLightsailKeyPair(), 295 "aws_lb_cookie_stickiness_policy": resourceAwsLBCookieStickinessPolicy(), 296 "aws_load_balancer_policy": resourceAwsLoadBalancerPolicy(), 297 "aws_load_balancer_backend_server_policy": resourceAwsLoadBalancerBackendServerPolicies(), 298 "aws_load_balancer_listener_policy": resourceAwsLoadBalancerListenerPolicies(), 299 "aws_lb_ssl_negotiation_policy": resourceAwsLBSSLNegotiationPolicy(), 300 "aws_main_route_table_association": resourceAwsMainRouteTableAssociation(), 301 "aws_nat_gateway": resourceAwsNatGateway(), 302 "aws_network_acl": resourceAwsNetworkAcl(), 303 "aws_default_network_acl": resourceAwsDefaultNetworkAcl(), 304 "aws_default_route_table": resourceAwsDefaultRouteTable(), 305 "aws_network_acl_rule": resourceAwsNetworkAclRule(), 306 "aws_network_interface": resourceAwsNetworkInterface(), 307 "aws_opsworks_application": resourceAwsOpsworksApplication(), 308 "aws_opsworks_stack": resourceAwsOpsworksStack(), 309 "aws_opsworks_java_app_layer": resourceAwsOpsworksJavaAppLayer(), 310 "aws_opsworks_haproxy_layer": resourceAwsOpsworksHaproxyLayer(), 311 "aws_opsworks_static_web_layer": resourceAwsOpsworksStaticWebLayer(), 312 "aws_opsworks_php_app_layer": resourceAwsOpsworksPhpAppLayer(), 313 "aws_opsworks_rails_app_layer": resourceAwsOpsworksRailsAppLayer(), 314 "aws_opsworks_nodejs_app_layer": resourceAwsOpsworksNodejsAppLayer(), 315 "aws_opsworks_memcached_layer": resourceAwsOpsworksMemcachedLayer(), 316 "aws_opsworks_mysql_layer": resourceAwsOpsworksMysqlLayer(), 317 "aws_opsworks_ganglia_layer": resourceAwsOpsworksGangliaLayer(), 318 "aws_opsworks_custom_layer": resourceAwsOpsworksCustomLayer(), 319 "aws_opsworks_instance": resourceAwsOpsworksInstance(), 320 "aws_opsworks_user_profile": resourceAwsOpsworksUserProfile(), 321 "aws_opsworks_permission": resourceAwsOpsworksPermission(), 322 "aws_opsworks_rds_db_instance": resourceAwsOpsworksRdsDbInstance(), 323 "aws_placement_group": resourceAwsPlacementGroup(), 324 "aws_proxy_protocol_policy": resourceAwsProxyProtocolPolicy(), 325 "aws_rds_cluster": resourceAwsRDSCluster(), 326 "aws_rds_cluster_instance": resourceAwsRDSClusterInstance(), 327 "aws_rds_cluster_parameter_group": resourceAwsRDSClusterParameterGroup(), 328 "aws_redshift_cluster": resourceAwsRedshiftCluster(), 329 "aws_redshift_security_group": resourceAwsRedshiftSecurityGroup(), 330 "aws_redshift_parameter_group": resourceAwsRedshiftParameterGroup(), 331 "aws_redshift_subnet_group": resourceAwsRedshiftSubnetGroup(), 332 "aws_route53_delegation_set": resourceAwsRoute53DelegationSet(), 333 "aws_route53_record": resourceAwsRoute53Record(), 334 "aws_route53_zone_association": resourceAwsRoute53ZoneAssociation(), 335 "aws_route53_zone": resourceAwsRoute53Zone(), 336 "aws_route53_health_check": resourceAwsRoute53HealthCheck(), 337 "aws_route": resourceAwsRoute(), 338 "aws_route_table": resourceAwsRouteTable(), 339 "aws_route_table_association": resourceAwsRouteTableAssociation(), 340 "aws_ses_active_receipt_rule_set": resourceAwsSesActiveReceiptRuleSet(), 341 "aws_ses_receipt_filter": resourceAwsSesReceiptFilter(), 342 "aws_ses_receipt_rule": resourceAwsSesReceiptRule(), 343 "aws_ses_receipt_rule_set": resourceAwsSesReceiptRuleSet(), 344 "aws_ses_configuration_set": resourceAwsSesConfigurationSet(), 345 "aws_ses_event_destination": resourceAwsSesEventDestination(), 346 "aws_s3_bucket": resourceAwsS3Bucket(), 347 "aws_s3_bucket_policy": resourceAwsS3BucketPolicy(), 348 "aws_s3_bucket_object": resourceAwsS3BucketObject(), 349 "aws_s3_bucket_notification": resourceAwsS3BucketNotification(), 350 "aws_default_security_group": resourceAwsDefaultSecurityGroup(), 351 "aws_security_group": resourceAwsSecurityGroup(), 352 "aws_security_group_rule": resourceAwsSecurityGroupRule(), 353 "aws_simpledb_domain": resourceAwsSimpleDBDomain(), 354 "aws_ssm_activation": resourceAwsSsmActivation(), 355 "aws_ssm_association": resourceAwsSsmAssociation(), 356 "aws_ssm_document": resourceAwsSsmDocument(), 357 "aws_spot_datafeed_subscription": resourceAwsSpotDataFeedSubscription(), 358 "aws_spot_instance_request": resourceAwsSpotInstanceRequest(), 359 "aws_spot_fleet_request": resourceAwsSpotFleetRequest(), 360 "aws_sqs_queue": resourceAwsSqsQueue(), 361 "aws_sqs_queue_policy": resourceAwsSqsQueuePolicy(), 362 "aws_snapshot_create_volume_permission": resourceAwsSnapshotCreateVolumePermission(), 363 "aws_sns_topic": resourceAwsSnsTopic(), 364 "aws_sns_topic_policy": resourceAwsSnsTopicPolicy(), 365 "aws_sns_topic_subscription": resourceAwsSnsTopicSubscription(), 366 "aws_subnet": resourceAwsSubnet(), 367 "aws_volume_attachment": resourceAwsVolumeAttachment(), 368 "aws_vpc_dhcp_options_association": resourceAwsVpcDhcpOptionsAssociation(), 369 "aws_vpc_dhcp_options": resourceAwsVpcDhcpOptions(), 370 "aws_vpc_peering_connection": resourceAwsVpcPeeringConnection(), 371 "aws_vpc": resourceAwsVpc(), 372 "aws_vpc_endpoint": resourceAwsVpcEndpoint(), 373 "aws_vpc_endpoint_route_table_association": resourceAwsVpcEndpointRouteTableAssociation(), 374 "aws_vpn_connection": resourceAwsVpnConnection(), 375 "aws_vpn_connection_route": resourceAwsVpnConnectionRoute(), 376 "aws_vpn_gateway": resourceAwsVpnGateway(), 377 "aws_vpn_gateway_attachment": resourceAwsVpnGatewayAttachment(), 378 "aws_waf_byte_match_set": resourceAwsWafByteMatchSet(), 379 "aws_waf_ipset": resourceAwsWafIPSet(), 380 "aws_waf_rule": resourceAwsWafRule(), 381 "aws_waf_size_constraint_set": resourceAwsWafSizeConstraintSet(), 382 "aws_waf_web_acl": resourceAwsWafWebAcl(), 383 "aws_waf_xss_match_set": resourceAwsWafXssMatchSet(), 384 "aws_waf_sql_injection_match_set": resourceAwsWafSqlInjectionMatchSet(), 385 }, 386 ConfigureFunc: providerConfigure, 387 } 388 } 389 390 var descriptions map[string]string 391 392 func init() { 393 descriptions = map[string]string{ 394 "region": "The region where AWS operations will take place. Examples\n" + 395 "are us-east-1, us-west-2, etc.", 396 397 "access_key": "The access key for API operations. You can retrieve this\n" + 398 "from the 'Security & Credentials' section of the AWS console.", 399 400 "secret_key": "The secret key for API operations. You can retrieve this\n" + 401 "from the 'Security & Credentials' section of the AWS console.", 402 403 "profile": "The profile for API operations. If not set, the default profile\n" + 404 "created with `aws configure` will be used.", 405 406 "shared_credentials_file": "The path to the shared credentials file. If not set\n" + 407 "this defaults to ~/.aws/credentials.", 408 409 "token": "session token. A session token is only required if you are\n" + 410 "using temporary security credentials.", 411 412 "max_retries": "The maximum number of times an AWS API request is\n" + 413 "being executed. If the API request still fails, an error is\n" + 414 "thrown.", 415 416 "dynamodb_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n" + 417 "It's typically used to connect to dynamodb-local.", 418 419 "kinesis_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n" + 420 "It's typically used to connect to kinesalite.", 421 422 "iam_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 423 424 "ec2_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 425 426 "elb_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 427 428 "s3_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 429 430 "insecure": "Explicitly allow the provider to perform \"insecure\" SSL requests. If omitted," + 431 "default value is `false`", 432 433 "skip_credentials_validation": "Skip the credentials validation via STS API. " + 434 "Used for AWS API implementations that do not have STS available/implemented.", 435 436 "skip_requesting_account_id": "Skip requesting the account ID. " + 437 "Used for AWS API implementations that do not have IAM/STS API and/or metadata API.", 438 439 "skip_medatadata_api_check": "Skip the AWS Metadata API check. " + 440 "Used for AWS API implementations that do not have a metadata api endpoint.", 441 442 "s3_force_path_style": "Set this to true to force the request to use path-style addressing,\n" + 443 "i.e., http://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will\n" + 444 "use virtual hosted bucket addressing when possible\n" + 445 "(http://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.", 446 447 "assume_role_role_arn": "The ARN of an IAM role to assume prior to making API calls.", 448 449 "assume_role_session_name": "The session name to use when assuming the role. If omitted," + 450 " no session name is passed to the AssumeRole call.", 451 452 "assume_role_external_id": "The external ID to use when assuming the role. If omitted," + 453 " no external ID is passed to the AssumeRole call.", 454 } 455 } 456 457 func providerConfigure(d *schema.ResourceData) (interface{}, error) { 458 config := Config{ 459 AccessKey: d.Get("access_key").(string), 460 SecretKey: d.Get("secret_key").(string), 461 Profile: d.Get("profile").(string), 462 CredsFilename: d.Get("shared_credentials_file").(string), 463 Token: d.Get("token").(string), 464 Region: d.Get("region").(string), 465 MaxRetries: d.Get("max_retries").(int), 466 DynamoDBEndpoint: d.Get("dynamodb_endpoint").(string), 467 KinesisEndpoint: d.Get("kinesis_endpoint").(string), 468 Insecure: d.Get("insecure").(bool), 469 SkipCredsValidation: d.Get("skip_credentials_validation").(bool), 470 SkipRequestingAccountId: d.Get("skip_requesting_account_id").(bool), 471 SkipMetadataApiCheck: d.Get("skip_metadata_api_check").(bool), 472 S3ForcePathStyle: d.Get("s3_force_path_style").(bool), 473 } 474 475 assumeRoleList := d.Get("assume_role").(*schema.Set).List() 476 if len(assumeRoleList) == 1 { 477 assumeRole := assumeRoleList[0].(map[string]interface{}) 478 config.AssumeRoleARN = assumeRole["role_arn"].(string) 479 config.AssumeRoleSessionName = assumeRole["session_name"].(string) 480 config.AssumeRoleExternalID = assumeRole["external_id"].(string) 481 log.Printf("[INFO] assume_role configuration set: (ARN: %q, SessionID: %q, ExternalID: %q)", 482 config.AssumeRoleARN, config.AssumeRoleSessionName, config.AssumeRoleExternalID) 483 } else { 484 log.Printf("[INFO] No assume_role block read from configuration") 485 } 486 487 endpointsSet := d.Get("endpoints").(*schema.Set) 488 489 for _, endpointsSetI := range endpointsSet.List() { 490 endpoints := endpointsSetI.(map[string]interface{}) 491 config.IamEndpoint = endpoints["iam"].(string) 492 config.Ec2Endpoint = endpoints["ec2"].(string) 493 config.ElbEndpoint = endpoints["elb"].(string) 494 config.S3Endpoint = endpoints["s3"].(string) 495 } 496 497 if v, ok := d.GetOk("allowed_account_ids"); ok { 498 config.AllowedAccountIds = v.(*schema.Set).List() 499 } 500 501 if v, ok := d.GetOk("forbidden_account_ids"); ok { 502 config.ForbiddenAccountIds = v.(*schema.Set).List() 503 } 504 505 return config.Client() 506 } 507 508 // This is a global MutexKV for use within this plugin. 509 var awsMutexKV = mutexkv.NewMutexKV() 510 511 func assumeRoleSchema() *schema.Schema { 512 return &schema.Schema{ 513 Type: schema.TypeSet, 514 Optional: true, 515 MaxItems: 1, 516 Elem: &schema.Resource{ 517 Schema: map[string]*schema.Schema{ 518 "role_arn": { 519 Type: schema.TypeString, 520 Optional: true, 521 Description: descriptions["assume_role_role_arn"], 522 }, 523 524 "session_name": { 525 Type: schema.TypeString, 526 Optional: true, 527 Description: descriptions["assume_role_session_name"], 528 }, 529 530 "external_id": { 531 Type: schema.TypeString, 532 Optional: true, 533 Description: descriptions["assume_role_external_id"], 534 }, 535 }, 536 }, 537 Set: assumeRoleToHash, 538 } 539 } 540 541 func assumeRoleToHash(v interface{}) int { 542 var buf bytes.Buffer 543 m := v.(map[string]interface{}) 544 buf.WriteString(fmt.Sprintf("%s-", m["role_arn"].(string))) 545 buf.WriteString(fmt.Sprintf("%s-", m["session_name"].(string))) 546 buf.WriteString(fmt.Sprintf("%s-", m["external_id"].(string))) 547 return hashcode.String(buf.String()) 548 } 549 550 func endpointsSchema() *schema.Schema { 551 return &schema.Schema{ 552 Type: schema.TypeSet, 553 Optional: true, 554 Elem: &schema.Resource{ 555 Schema: map[string]*schema.Schema{ 556 "iam": { 557 Type: schema.TypeString, 558 Optional: true, 559 Default: "", 560 Description: descriptions["iam_endpoint"], 561 }, 562 563 "ec2": { 564 Type: schema.TypeString, 565 Optional: true, 566 Default: "", 567 Description: descriptions["ec2_endpoint"], 568 }, 569 570 "elb": { 571 Type: schema.TypeString, 572 Optional: true, 573 Default: "", 574 Description: descriptions["elb_endpoint"], 575 }, 576 "s3": { 577 Type: schema.TypeString, 578 Optional: true, 579 Default: "", 580 Description: descriptions["s3_endpoint"], 581 }, 582 }, 583 }, 584 Set: endpointsToHash, 585 } 586 } 587 588 func endpointsToHash(v interface{}) int { 589 var buf bytes.Buffer 590 m := v.(map[string]interface{}) 591 buf.WriteString(fmt.Sprintf("%s-", m["iam"].(string))) 592 buf.WriteString(fmt.Sprintf("%s-", m["ec2"].(string))) 593 buf.WriteString(fmt.Sprintf("%s-", m["elb"].(string))) 594 buf.WriteString(fmt.Sprintf("%s-", m["s3"].(string))) 595 596 return hashcode.String(buf.String()) 597 }