assume role mod support env

hashicorp · Jul 30, 2019 · c8a61fb · c8a61fb
1 parent 687a1c6
commit c8a61fb
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 5 deletions.
diff --git a/backend/remote-state/oss/backend.go b/backend/remote-state/oss/backend.go
@@ -153,12 +153,13 @@ func assumeRoleSchema() *schema.Schema {
 					Type:        schema.TypeString,
 					Required:    true,
 					Description: "The ARN of a RAM role to assume prior to making API calls.",
+					DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_ASSUME_ROLE_ARN", ""),
 				},
 				"session_name": {
 					Type:        schema.TypeString,
 					Optional:    true,
-					Default:     "terraform",
 					Description: "The session name to use when assuming the role.",
+					DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_ASSUME_ROLE_SESSION_NAME", "terraform"),
 				},
 				"policy": {
 					Type:        schema.TypeString,
@@ -168,9 +169,9 @@ func assumeRoleSchema() *schema.Schema {
 				"session_expiration": {
 					Type:         schema.TypeInt,
 					Optional:     true,
-					Default:      3600,
 					Description:  "The time after which the established session for assuming role expires.",
 					ValidateFunc: validation.IntBetween(900, 3600),
+					DefaultFunc:  schema.EnvDefaultFunc("ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION", 3600),
 				},
 			},
 		},

diff --git a/website/docs/backends/types/oss.html.md b/website/docs/backends/types/oss.html.md
@@ -93,15 +93,15 @@ The following configuration options or environment variables are supported:
  * `assume_role` - (Optional) If provided with a role ARN, will attempt to assume this role using the supplied credentials.
 
 The nested `assume_role` block supports the following:
-* `role_arn` - (Required) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching.
+* `role_arn` - (Required) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports environment variable `ALICLOUD_ASSUME_ROLE_ARN`.
   Terraform executes configuration on account with provided credentials.
 
 * `policy` - (Optional) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary
   security credentials. You cannot use the passed policy to grant permissions that are in excess of those allowed by the access policy of the role that is being assumed.
 
-* `session_name` - (Optional) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name.
+* `session_name` - (Optional) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable `ALICLOUD_ASSUME_ROLE_SESSION_NAME`.
 
-* `session_expiration` - (Optional) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud use own default value).
+* `session_expiration` - (Optional) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud use own default value). It supports environment variable `ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION`.
 
 -> **Note:** If you want to store state in the custom OSS endpoint, you can specify a environment variable `OSS_ENDPOINT`, like "oss-cn-beijing-internal.aliyuncs.com"