improve oss backend and support secutiry_token

backend/remote-state/oss/backend.go

@@ -19,13 +19,13 @@ import (
 func New() backend.Backend {
 	s := &schema.Backend{
 		Schema: map[string]*schema.Schema{
-			"bucket": {
+			"bucket": &schema.Schema{
 				Type:        schema.TypeString,
 				Required:    true,
 				Description: "The name of the OSS bucket",
 			},
 
-			"key": {
+			"key": &schema.Schema{
 				Type:        schema.TypeString,
 				Required:    true,
 				Description: "The path to the state file inside the bucket",
@@ -38,56 +38,56 @@ func New() backend.Backend {
 					return nil, nil
 				},
 			},
-			"access_key": {
+			"access_key": &schema.Schema{
 				Type:        schema.TypeString,
 				Optional:    true,
 				Description: "Alibaba Cloud Access Key ID",
-				DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_ACCESS_KEY", ""),
+				DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_ACCESS_KEY", os.Getenv("ALICLOUD_ACCESS_KEY_ID")),
 			},
 
-			"secret_key": {
+			"secret_key": &schema.Schema{
 				Type:        schema.TypeString,
 				Optional:    true,
 				Description: "Alibaba Cloud Access Secret Key",
-				DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_SECRET_KEY", ""),
+				DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_SECRET_KEY", os.Getenv("ALICLOUD_ACCESS_KEY_SECRET")),
 			},
 
-			"security_token": {
+			"security_token": &schema.Schema{
 				Type:        schema.TypeString,
 				Optional:    true,
 				Description: "Alibaba Cloud Security Token",
 				DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_SECURITY_TOKEN", os.Getenv("SECURITY_TOKEN")),
 			},
 
-			"region": {
+			"region": &schema.Schema{
 				Type:        schema.TypeString,
 				Required:    true,
 				Description: "The region of the OSS bucket. It will be ignored when 'endpoint' is specified.",
-				DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_REGION", "cn-beijing"),
+				DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_REGION", os.Getenv("ALICLOUD_DEFAULT_REGION")),
 			},
 
-			"endpoint": {
+			"endpoint": &schema.Schema{
 				Type:        schema.TypeString,
 				Optional:    true,
 				Description: "A custom endpoint for the OSS API",
 				DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_OSS_ENDPOINT", ""),
 			},
 
-			"encrypt": {
+			"encrypt": &schema.Schema{
 				Type:        schema.TypeBool,
 				Optional:    true,
 				Description: "Whether to enable server side encryption of the state file",
 				Default:     false,
 			},
 
-			"acl": {
+			"acl": &schema.Schema{
 				Type:        schema.TypeString,
 				Optional:    true,
 				Description: "Object ACL to be applied to the state file",
 				Default:     "",
 			},
 
-			"workspace_key_prefix": {
+			"workspace_key_prefix": &schema.Schema{
 				Type:        schema.TypeString,
 				Optional:    true,
 				Description: "The prefix applied to the non-default state path inside the bucket",
@@ -135,7 +135,7 @@ func (b *Backend) configure(ctx context.Context) error {
 	endpoint := data.Get("endpoint").(string)
 	if endpoint == "" {
 		region := common.Region(data.Get("region").(string))
-		if end, err := b.getOSSEndpointByRegion(access_key, secret_key, region); err != nil {
+		if end, err := b.getOSSEndpointByRegion(access_key, secret_key, security_token, region); err != nil {
 			return err
 		} else {
 			endpoint = end
@@ -158,9 +158,11 @@ func (b *Backend) configure(ctx context.Context) error {
 	return nil
 }
 
-func (b *Backend) getOSSEndpointByRegion(access_key, secret_key string, region common.Region) (string, error) {
+func (b *Backend) getOSSEndpointByRegion(access_key, secret_key, security_token string, region common.Region) (string, error) {
 
-	endpoints, err := location.NewClient(access_key, secret_key).DescribeEndpoints(&location.DescribeEndpointsArgs{
+	endpointClient := location.NewClient(access_key, secret_key)
+	endpointClient.SetSecurityToken(security_token)
+	endpoints, err := endpointClient.DescribeEndpoints(&location.DescribeEndpointsArgs{
 		Id:          region,
 		ServiceCode: "oss",
 		Type:        "openAPI",