main: Use the new cliconfig package credentials source

This should not cause any change in behavior yet, but using this new implementation will allow the "terraform login" and "terraform logout" commands to store and forget credentials when they are implemented in subsequent commits.
7 years ago · 22a2580e93
parent 8272d3b101
commit 22a2580e93
2 changed files with 13 additions and 42 deletions
--- a/commands.go
+++ b/commands.go
@ -1,7 +1,6 @@
 package main

 import (
-	"log"
 	"os"
 	"os/signal"

@ -371,44 +370,7 @@ func makeShutdownCh() <-chan struct{} {
 	return resultCh
 }

-func credentialsSource(config *Config) auth.CredentialsSource {
-	creds := auth.NoCredentials
-	if len(config.Credentials) > 0 {
-		staticTable := map[svchost.Hostname]map[string]interface{}{}
-		for userHost, creds := range config.Credentials {
-			host, err := svchost.ForComparison(userHost)
-			if err != nil {
-				// We expect the config was already validated by the time we get
-				// here, so we'll just ignore invalid hostnames.
-				continue
-			}
-			staticTable[host] = creds
-		}
-		creds = auth.StaticCredentialsSource(staticTable)
-	}
-
-	for helperType, helperConfig := range config.CredentialsHelpers {
-		log.Printf("[DEBUG] Searching for credentials helper named %q", helperType)
-		available := pluginDiscovery.FindPlugins("credentials", globalPluginDirs())
-		available = available.WithName(helperType)
-		if available.Count() == 0 {
-			log.Printf("[ERROR] Unable to find credentials helper %q; ignoring", helperType)
-			break
-		}
-
-		selected := available.Newest()
-
-		helperSource := auth.HelperProgramCredentialsSource(selected.Path, helperConfig.Args...)
-		creds = auth.Credentials{
-			creds,
-			auth.CachingCredentialsSource(helperSource), // cached because external operation may be slow/expensive
-		}
-
-		// There should only be zero or one "credentials_helper" blocks. We
-		// assume that the config was validated earlier and so we don't check
-		// for extras here.
-		break
-	}
-
-	return creds
+func credentialsSource(config *Config) (auth.CredentialsSource, error) {
+	helperPlugins := pluginDiscovery.FindPlugins("credentials", globalPluginDirs())
+	return config.CredentialsSource(helperPlugins)
 }
--- a/main.go
+++ b/main.go
@ -145,7 +145,16 @@ func wrappedMain() int {

 	// Get any configured credentials from the config and initialize
 	// a service discovery object.
-	credsSrc := credentialsSource(config)
+	credsSrc, err := credentialsSource(config)
+	if err != nil {
+		// Most commands don't actually need credentials, and most situations
+		// that would get us here would already have been reported by the config
+		// loading above, so we'll just log this one as an aid to debugging
+		// in the unlikely event that it _does_ arise.
+		log.Printf("[WARN] Cannot initialize remote host credentials manager: %s", err)
+		// credsSrc may be nil in this case, but that's okay because the disco
+		// object checks that and just acts as though no credentials are present.
+	}
 	services := disco.NewWithCredentialsSource(credsSrc)

 	// Initialize the backends.