@@ -198,7 +198,7 @@ func Provider() *schema.Provider {
198198 //internal version: replace enableBpass begin, please do not modify this annotation and refrain from inserting any code between the beginning and end lines of the annotation.
199199 //internal version: replace enableBpass end, please do not modify this annotation and refrain from inserting any code between the beginning and end lines of the annotation.
200200 "assume_role" : {
201- Type : schema .TypeSet ,
201+ Type : schema .TypeList ,
202202 Optional : true ,
203203 MaxItems : 1 ,
204204 Description : "The `assume_role` block. If provided, terraform will attempt to assume this role using the supplied credentials." ,
@@ -237,23 +237,23 @@ func Provider() *schema.Provider {
237237 Type : schema .TypeString ,
238238 Optional : true ,
239239 DefaultFunc : schema .EnvDefaultFunc (PROVIDER_ASSUME_ROLE_SAML_ASSERTION , nil ),
240- ConflictsWith : []string {"web_identity_token" },
241- RequiredWith : []string {"principal_arn" },
240+ ConflictsWith : []string {"assume_role.0. web_identity_token" },
241+ RequiredWith : []string {"assume_role.0. principal_arn" },
242242 Description : "SAML assertion information encoded in base64. And it can't be used with `web_identity_token` together." ,
243243 },
244244 "principal_arn" : {
245245 Type : schema .TypeString ,
246246 Optional : true ,
247247 DefaultFunc : schema .EnvDefaultFunc (PROVIDER_ASSUME_ROLE_PRINCIPAL_ARN , nil ),
248- ConflictsWith : []string {"web_identity_token" },
249- RequiredWith : []string {"saml_assertion" },
248+ ConflictsWith : []string {"assume_role.0. web_identity_token" },
249+ RequiredWith : []string {"assume_role.0. saml_assertion" },
250250 Description : "Player Access Description Name. And it can't be used with `web_identity_token` together." ,
251251 },
252252 "web_identity_token" : {
253253 Type : schema .TypeString ,
254254 Optional : true ,
255255 DefaultFunc : schema .EnvDefaultFunc (PROVIDER_ASSUME_ROLE_WEB_IDENTITY_TOKEN , nil ),
256- ConflictsWith : []string {"saml_assertion" , "principal_arn" },
256+ ConflictsWith : []string {"assume_role.0. saml_assertion" , "assume_role.0. principal_arn" },
257257 Description : "OIDC token issued by IdP. And it can't be used with `saml_assertion` or `principal_arn` together." ,
258258 },
259259 },
@@ -2128,12 +2128,27 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
21282128 assumeRoleSessionDuration = 7200
21292129 }
21302130
2131- _ = genClientWithSTS (& tcClient , envRoleArn , envSessionName , assumeRoleSessionDuration , "" )
2131+ envSamlAssertion := os .Getenv (PROVIDER_ASSUME_ROLE_SAML_ASSERTION )
2132+ envPrincipalArn := os .Getenv (PROVIDER_ASSUME_ROLE_PRINCIPAL_ARN )
2133+ envWebIdentityToken := os .Getenv (PROVIDER_ASSUME_ROLE_WEB_IDENTITY_TOKEN )
2134+
2135+ if envSamlAssertion == "" && envPrincipalArn == "" && envWebIdentityToken == "" {
2136+ // use assume role
2137+ _ = genClientWithSTS (& tcClient , envRoleArn , envSessionName , assumeRoleSessionDuration , "" )
2138+ } else if envSamlAssertion != "" && envPrincipalArn != "" {
2139+ // use assume role with saml
2140+ _ = genClientWithSamlSTS (& tcClient , envRoleArn , envSessionName , assumeRoleSessionDuration , envSamlAssertion , envPrincipalArn )
2141+ } else if envWebIdentityToken != "" {
2142+ // use assume role with oidc
2143+ _ = genClientWithOidcSTS (& tcClient , envRoleArn , envSessionName , assumeRoleSessionDuration , envWebIdentityToken )
2144+ } else {
2145+ return nil , fmt .Errorf ("get `assume_role` from env error.\n " )
2146+ }
21322147 }
21332148
21342149 // get assume role from tf
21352150 if v , ok := d .GetOk ("assume_role" ); ok {
2136- assumeRoleList := v .(* schema. Set ). List ( )
2151+ assumeRoleList := v .([] interface {} )
21372152 if len (assumeRoleList ) == 1 {
21382153 // assume role
21392154 assumeRole := assumeRoleList [0 ].(map [string ]interface {})
@@ -2157,13 +2172,13 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
21572172 // use assume role with oidc
21582173 _ = genClientWithOidcSTS (& tcClient , assumeRoleArn , assumeRoleSessionName , assumeRoleSessionDuration , assumeRoleWebIdentityToken )
21592174 } else {
2160- return nil , fmt .Errorf ("`assume_role` params error." )
2175+ return nil , fmt .Errorf ("get `assume_role` params error.\n " )
21612176 }
21622177 }
21632178 }
21642179
21652180 if secretId == "" || secretKey == "" {
2166- return nil , fmt .Errorf ("Please set your `secret_id` and `secret_key`." )
2181+ return nil , fmt .Errorf ("Please set your `secret_id` and `secret_key`.\n " )
21672182 }
21682183
21692184 return & tcClient , nil
0 commit comments