diff --git a/postgresql/config.go b/postgresql/config.go index d19ca762..89d47010 100644 --- a/postgresql/config.go +++ b/postgresql/config.go @@ -169,6 +169,7 @@ type ClientCertificateConfig struct { type Config struct { Scheme string Host string + AWSIAMDBAuthTokenHost string Port int Username string Password string diff --git a/postgresql/provider.go b/postgresql/provider.go index 778778be..717b115a 100644 --- a/postgresql/provider.go +++ b/postgresql/provider.go @@ -3,9 +3,10 @@ package postgresql import ( "context" "fmt" + "os" + "github.com/aws/aws-sdk-go-v2/credentials" "github.com/aws/aws-sdk-go-v2/service/sts" - "os" "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" @@ -99,6 +100,13 @@ func Provider() *schema.Provider { Description: "AWS IAM role to assume for IAM auth", }, + "aws_rds_iam_token_host": { + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("PGHOST", nil), + Description: "Name of PostgreSQL server address for AWS RDS IAM to get token", + }, + "azure_identity_auth": { Type: schema.TypeBool, Optional: true, @@ -349,11 +357,16 @@ func providerConfigure(d *schema.ResourceData) (any, error) { var password string if d.Get("aws_rds_iam_auth").(bool) { + awsIAMTokenHost := d.Get("aws_rds_iam_token_host").(string) + if awsIAMTokenHost == "" { + awsIAMTokenHost = host + } + profile := d.Get("aws_rds_iam_profile").(string) region := d.Get("aws_rds_iam_region").(string) role := d.Get("aws_rds_iam_provider_role_arn").(string) var err error - password, err = getRDSAuthToken(region, profile, role, username, host, port) + password, err = getRDSAuthToken(region, profile, role, username, awsIAMTokenHost, port) if err != nil { return nil, err } @@ -374,6 +387,7 @@ func providerConfigure(d *schema.ResourceData) (any, error) { config := Config{ Scheme: d.Get("scheme").(string), Host: host, + AWSIAMDBAuthTokenHost: awsIAMTokenHost, Port: port, Username: username, Password: password,