mirror of
https://github.com/opentffoundation/opentf.git
synced 2026-05-16 16:01:49 -04:00
30db471ac0
The upstream libraries we use to implement this feature are in various states of unmaintained-ness where we've not been able to upgrade them beyond the old versions we're currently using without them no longer working well together. Therefore we previously made this connection type produce a deprecation warning in OpenTofu v1.12, and now we're making it produce an error instead and so we can remove all of our code that was calling in to those dependencies. Although this is a breaking change, we're justifying it under the "external dependencies" pragmatic exception in our compatibility promises: external software has changed in a way that makes it no longer viable to offer this feature. Modern Windows has built-in support for running an OpenSSH server, and so we expect that most folks who were previously relying on WinRM should be able to migrate to using SSH instead. Signed-off-by: Martin Atkins <mart@degeneration.co.uk>
166 lines
3.6 KiB
Go
166 lines
3.6 KiB
Go
// Copyright (c) The OpenTofu Authors
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
// Copyright (c) 2023 HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package shared
|
|
|
|
import (
|
|
"fmt"
|
|
"net"
|
|
|
|
"github.com/zclconf/go-cty/cty"
|
|
|
|
"github.com/opentofu/opentofu/internal/configs/configschema"
|
|
)
|
|
|
|
// ConnectionBlockSupersetSchema is a schema representing the superset of all
|
|
// possible arguments for "connection" blocks across all supported connection
|
|
// types.
|
|
//
|
|
// This currently lives here because we've not yet updated our communicator
|
|
// subsystem to be aware of schema itself. Once that is done, we can remove
|
|
// this and use a type-specific schema from the communicator to validate
|
|
// exactly what is expected for a given connection type.
|
|
var ConnectionBlockSupersetSchema = &configschema.Block{
|
|
Attributes: map[string]*configschema.Attribute{
|
|
// Common attributes for both connection types
|
|
"host": {
|
|
Type: cty.String,
|
|
Required: true,
|
|
},
|
|
"type": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"user": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"password": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"port": {
|
|
Type: cty.Number,
|
|
Optional: true,
|
|
},
|
|
"timeout": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"script_path": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
// For type=ssh only (enforced in ssh communicator)
|
|
"target_platform": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"private_key": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"certificate": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"host_key": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"agent": {
|
|
Type: cty.Bool,
|
|
Optional: true,
|
|
},
|
|
"agent_identity": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"proxy_scheme": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"proxy_host": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"proxy_port": {
|
|
Type: cty.Number,
|
|
Optional: true,
|
|
},
|
|
"proxy_user_name": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"proxy_user_password": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"bastion_host": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"bastion_host_key": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"bastion_port": {
|
|
Type: cty.Number,
|
|
Optional: true,
|
|
},
|
|
"bastion_user": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"bastion_password": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"bastion_private_key": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"bastion_certificate": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
|
|
// For type=winrm only
|
|
// This connection type is actually no longer supported in
|
|
// OpenTofu v1.13 and later, but we're keeping these attributes in the
|
|
// schema for now so that older modules that use this type can still
|
|
// pass validation enough to reach the error about this type being
|
|
// unsupported, which is implemented in [communicator.New].
|
|
"https": {
|
|
Type: cty.Bool,
|
|
Optional: true,
|
|
},
|
|
"insecure": {
|
|
Type: cty.Bool,
|
|
Optional: true,
|
|
},
|
|
"cacert": {
|
|
Type: cty.String,
|
|
Optional: true,
|
|
},
|
|
"use_ntlm": {
|
|
Type: cty.Bool,
|
|
Optional: true,
|
|
},
|
|
},
|
|
Ephemeral: true,
|
|
}
|
|
|
|
// IpFormat formats the IP correctly, so we don't provide IPv6 address in an IPv4 format during node communication. We return the ip parameter as is if it's an IPv4 address or a hostname.
|
|
func IpFormat(ip string) string {
|
|
ipObj := net.ParseIP(ip)
|
|
// Return the ip/host as is if it's either a hostname or an IPv4 address.
|
|
if ipObj == nil || ipObj.To4() != nil {
|
|
return ip
|
|
}
|
|
|
|
return fmt.Sprintf("[%s]", ip)
|
|
}
|