COS Backend Support `security_token` argument

Kagashino · January 18, 2022, 3:35am

The Tencentcloud Credential support temporary access by passing SessionToken. Here is the struct.

type AuthorizationTransport struct {
	SecretID     string
	SecretKey    string
	SessionToken string
	rwLocker     sync.RWMutex
	Expire    time.Duration
	Transport http.RoundTripper
}

The SessionToken is an optional field which generated by invoking Tencentcloud API AssumeRole, but right now this argument was not defined in internal/backend/remote-state/cos/backend.go, means user can only configure permanently credential.

terraform {

  backend "cos" {
    region = "ap-guangzhou"
    bucket = "tf-state-1234567890"
    prefix = "terraform/state"
    secret_id  = "xx" # Indicates `SecretID` - Secret id of Tencent Cloud.
    secret_key = "xxx" # Indicates `SecretKey` - Secret key of Tencent Cloud.
    security_token = "xxx" # (not support) Indicates `SessionToken` - Security Token of Tencent Cloud for temporary access credentials.
  }
}

Here is the example pull request: