Add credentials.tfrc.json support for TFE authentication (#228)#265
Add credentials.tfrc.json support for TFE authentication (#228)#265vravind1 wants to merge 5 commits intohashicorp:mainfrom
Conversation
|
|
jrhouston
left a comment
jrhouston
left a comment
There was a problem hiding this comment.
Hey Vishnu 😄
Looks good, just a couple of test/error handling comments.
|
|
||
| // ReadCredentialsFile reads the Terraform CLI credentials file and returns | ||
| // the token for the specified hostname. Returns empty string if not found. | ||
| func ReadCredentialsFile(hostname string) string { |
There was a problem hiding this comment.
This works but the function fails silently, and there's a few real failure modes we'd probably want to at least warn the user about in the logs:
- The path / file simply doesn't exist
- We tried to read the file but don't have permissions to do so.
- We read the file successfully but couldn't parse it.
- We read and parse the file successfully but the hostname we've configured doesn't exist in the file.
Right now if I try to use the credentials file but misconfigure it in some way, the server boots up OK but now I have a task of trying to figure out why it doesn't like my credentials file.
There was a problem hiding this comment.
@jrhouston, can you review again after additional updates were made to see if your concerns have been addressed?
Read TFE token from ~/.terraform.d/credentials.tfrc.json as fallback when TFE_TOKEN environment variable is not set. This allows users who have run `terraform login` to use the MCP server without additional configuration. Priority chain: HTTP Header → Environment Variable → credentials.tfrc.json Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
vravind1
force-pushed
the
feature/credentials-file-support
branch
from
039dccd to
080443b
Compare
|
I'd suggest using something like the config_dir helpers from terraform-cli to pick the correct file path for the credentials. The code as-is looks like it would work fine on Linux and MacOS but fail on Windows. |
|
Taking over - #333 |
5 participants
Fixes #228
~/.terraform.d/credentials.tfrc.jsonterraform logincan now use the MCP server without settingTFE_TOKENenvironmentvariable
New credential resolution chain:
HTTP Header → Environment Variable → credentials.tfrc.json → Error
Changes
pkg/client/credentials.gopkg/client/credentials_test.gopkg/client/tfe_client.goTest plan
go test ./pkg/client/...)go test ./...)credentials file