diff --git a/backend/remote-state/oss/backend.go b/backend/remote-state/oss/backend.go index 034879a95232..aa3f9601578f 100644 --- a/backend/remote-state/oss/backend.go +++ b/backend/remote-state/oss/backend.go @@ -153,12 +153,13 @@ func assumeRoleSchema() *schema.Schema { Type: schema.TypeString, Required: true, Description: "The ARN of a RAM role to assume prior to making API calls.", + DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_ASSUME_ROLE_ARN", ""), }, "session_name": { Type: schema.TypeString, Optional: true, - Default: "terraform", Description: "The session name to use when assuming the role.", + DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_ASSUME_ROLE_SESSION_NAME", "terraform"), }, "policy": { Type: schema.TypeString, @@ -168,9 +169,9 @@ func assumeRoleSchema() *schema.Schema { "session_expiration": { Type: schema.TypeInt, Optional: true, - Default: 3600, Description: "The time after which the established session for assuming role expires.", ValidateFunc: validation.IntBetween(900, 3600), + DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION", 3600), }, }, }, diff --git a/website/docs/backends/types/oss.html.md b/website/docs/backends/types/oss.html.md index 64a37a5628ec..8eb07edc6ba7 100644 --- a/website/docs/backends/types/oss.html.md +++ b/website/docs/backends/types/oss.html.md @@ -93,15 +93,15 @@ The following configuration options or environment variables are supported: * `assume_role` - (Optional) If provided with a role ARN, will attempt to assume this role using the supplied credentials. The nested `assume_role` block supports the following: -* `role_arn` - (Required) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. +* `role_arn` - (Required) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports environment variable `ALICLOUD_ASSUME_ROLE_ARN`. Terraform executes configuration on account with provided credentials. * `policy` - (Optional) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use the passed policy to grant permissions that are in excess of those allowed by the access policy of the role that is being assumed. -* `session_name` - (Optional) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. +* `session_name` - (Optional) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable `ALICLOUD_ASSUME_ROLE_SESSION_NAME`. -* `session_expiration` - (Optional) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud use own default value). +* `session_expiration` - (Optional) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud use own default value). It supports environment variable `ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION`. -> **Note:** If you want to store state in the custom OSS endpoint, you can specify a environment variable `OSS_ENDPOINT`, like "oss-cn-beijing-internal.aliyuncs.com"