-
Notifications
You must be signed in to change notification settings - Fork 37
/
Copy pathendpoints.go
68 lines (61 loc) · 2.1 KB
/
endpoints.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package awsbase
import (
"context"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/iam"
"github.com/aws/aws-sdk-go-v2/service/sso"
"github.com/aws/aws-sdk-go-v2/service/sts"
"github.com/hashicorp/aws-sdk-go-base/v2/logging"
)
// This endpoint resolver is needed when authenticating because the AWS SDK makes internal
// calls to STS. The resolver should not be attached to the aws.Config returned to the
// client, since it should configure its own overrides
func credentialsEndpointResolver(ctx context.Context, c *Config) aws.EndpointResolverWithOptions {
logger := logging.RetrieveLogger(ctx)
resolver := func(service, region string, options ...interface{}) (aws.Endpoint, error) {
switch service {
case iam.ServiceID:
if endpoint := c.IamEndpoint; endpoint != "" {
logger.Info(ctx, "Credentials resolution: setting custom IAM endpoint", map[string]any{
"tf_aws.iam_client.endpoint": endpoint,
})
return aws.Endpoint{
URL: endpoint,
Source: aws.EndpointSourceCustom,
SigningRegion: region,
}, nil
}
case sso.ServiceID:
if endpoint := c.SsoEndpoint; endpoint != "" {
logger.Info(ctx, "Credentials resolution: setting custom SSO endpoint", map[string]any{
"tf_aws.sso_client.endpoint": endpoint,
})
return aws.Endpoint{
URL: endpoint,
Source: aws.EndpointSourceCustom,
SigningRegion: region,
}, nil
}
case sts.ServiceID:
if endpoint := c.StsEndpoint; endpoint != "" {
fields := map[string]any{
"tf_aws.sts_client.endpoint": endpoint,
}
if c.StsRegion != "" {
fields["tf_aws.sts_client.signing_region"] = c.StsRegion
region = c.StsRegion
}
logger.Info(ctx, "Credentials resolution: setting custom STS endpoint", fields)
return aws.Endpoint{
URL: endpoint,
Source: aws.EndpointSourceCustom,
SigningRegion: region,
}, nil
}
}
return aws.Endpoint{}, &aws.EndpointNotFoundError{}
}
return aws.EndpointResolverWithOptionsFunc(resolver)
}