Skip to content

Commit 3d6facc

Browse files
lyu571lyu571
authored
support env for SESSION_DURATION (#1303)
* support env for SESSION_DURATION * adjust providerConfigure logic Co-authored-by: nickyinluo <nickyinluo@tencent.com>
1 parent e2bbe26 commit 3d6facc

File tree

1 file changed

+54
-35
lines changed

1 file changed

+54
-35
lines changed

tencentcloud/provider.go

Lines changed: 54 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -789,9 +789,14 @@ func Provider() terraform.ResourceProvider {
789789
Description: "The session name to use when making the AssumeRole call. It can be sourced from the `TENCENTCLOUD_ASSUME_ROLE_SESSION_NAME`.",
790790
},
791791
"session_duration": {
792-
Type: schema.TypeInt,
793-
Required: true,
794-
InputDefault: "7200",
792+
Type: schema.TypeInt,
793+
Required: true,
794+
DefaultFunc: func() (interface{}, error) {
795+
if v := os.Getenv(PROVIDER_ASSUME_ROLE_SESSION_DURATION); v != "" {
796+
return strconv.Atoi(v)
797+
}
798+
return 7200, nil
799+
},
795800
ValidateFunc: validateIntegerInRange(0, 43200),
796801
Description: "The duration of the session when making the AssumeRole call. Its value ranges from 0 to 43200(seconds), and default is 7200 seconds. It can be sourced from the `TENCENTCLOUD_ASSUME_ROLE_SESSION_DURATION`.",
797802
},
@@ -1273,45 +1278,59 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
12731278
Domain: domain,
12741279
}
12751280

1276-
// assume role client
1281+
envRoleArn := os.Getenv(PROVIDER_ASSUME_ROLE_ARN)
1282+
envSessionName := os.Getenv(PROVIDER_ASSUME_ROLE_SESSION_NAME)
1283+
1284+
// get assume role from env
1285+
if envRoleArn != "" && envSessionName != "" {
1286+
var assumeRoleSessionDuration int
1287+
if envSessionDuration := os.Getenv(PROVIDER_ASSUME_ROLE_SESSION_DURATION); envSessionDuration != "" {
1288+
var err error
1289+
assumeRoleSessionDuration, err = strconv.Atoi(envSessionDuration)
1290+
if err != nil {
1291+
return nil, err
1292+
}
1293+
}
1294+
if assumeRoleSessionDuration == 0 {
1295+
assumeRoleSessionDuration = 7200
1296+
}
1297+
1298+
genClientWithSTS(&tcClient, envRoleArn, envSessionName, assumeRoleSessionDuration, "")
1299+
}
1300+
1301+
// get assume role from tf config
12771302
assumeRoleList := d.Get("assume_role").(*schema.Set).List()
12781303
if len(assumeRoleList) == 1 {
12791304
assumeRole := assumeRoleList[0].(map[string]interface{})
12801305
assumeRoleArn := assumeRole["role_arn"].(string)
12811306
assumeRoleSessionName := assumeRole["session_name"].(string)
12821307
assumeRoleSessionDuration := assumeRole["session_duration"].(int)
12831308
assumeRolePolicy := assumeRole["policy"].(string)
1284-
if assumeRoleSessionDuration == 0 {
1285-
var err error
1286-
if duration := os.Getenv(PROVIDER_ASSUME_ROLE_SESSION_DURATION); duration != "" {
1287-
assumeRoleSessionDuration, err = strconv.Atoi(duration)
1288-
if err != nil {
1289-
return nil, err
1290-
}
1291-
if assumeRoleSessionDuration == 0 {
1292-
assumeRoleSessionDuration = 7200
1293-
}
1294-
}
1295-
}
1296-
// applying STS credentials
1297-
request := sts.NewAssumeRoleRequest()
1298-
request.RoleArn = helper.String(assumeRoleArn)
1299-
request.RoleSessionName = helper.String(assumeRoleSessionName)
1300-
request.DurationSeconds = helper.IntUint64(assumeRoleSessionDuration)
1301-
if assumeRolePolicy != "" {
1302-
request.Policy = helper.String(url.QueryEscape(assumeRolePolicy))
1303-
}
1304-
ratelimit.Check(request.GetAction())
1305-
response, err := tcClient.apiV3Conn.UseStsClient().AssumeRole(request)
1306-
if err != nil {
1307-
return nil, err
1308-
}
1309-
// using STS credentials
1310-
tcClient.apiV3Conn.Credential = common.NewTokenCredential(
1311-
*response.Response.Credentials.TmpSecretId,
1312-
*response.Response.Credentials.TmpSecretKey,
1313-
*response.Response.Credentials.Token,
1314-
)
1309+
1310+
genClientWithSTS(&tcClient, assumeRoleArn, assumeRoleSessionName, assumeRoleSessionDuration, assumeRolePolicy)
13151311
}
13161312
return &tcClient, nil
13171313
}
1314+
1315+
func genClientWithSTS(tcClient *TencentCloudClient, assumeRoleArn, assumeRoleSessionName string, assumeRoleSessionDuration int, assumeRolePolicy string) error {
1316+
// applying STS credentials
1317+
request := sts.NewAssumeRoleRequest()
1318+
request.RoleArn = helper.String(assumeRoleArn)
1319+
request.RoleSessionName = helper.String(assumeRoleSessionName)
1320+
request.DurationSeconds = helper.IntUint64(assumeRoleSessionDuration)
1321+
if assumeRolePolicy != "" {
1322+
request.Policy = helper.String(url.QueryEscape(assumeRolePolicy))
1323+
}
1324+
ratelimit.Check(request.GetAction())
1325+
response, err := tcClient.apiV3Conn.UseStsClient().AssumeRole(request)
1326+
if err != nil {
1327+
return err
1328+
}
1329+
// using STS credentials
1330+
tcClient.apiV3Conn.Credential = common.NewTokenCredential(
1331+
*response.Response.Credentials.TmpSecretId,
1332+
*response.Response.Credentials.TmpSecretKey,
1333+
*response.Response.Credentials.Token,
1334+
)
1335+
return nil
1336+
}

0 commit comments

Comments
 (0)