v0.0.10 - Strongly-typed auth

* Use "{authType}_auth" blocks for configuring authentication (current support for AWS only)
* Change names of inputs to "services_url" and "services_auth_type" for clarity
* Default services_auth_type to the auth type for the only auth block, if only one is present
* Update provider documentation

docs/index.md

@@ -13,34 +13,49 @@ description: |-
 ## Example Usage
 
 ```terraform
+# No auth
 provider "mcma" {
-  url = "https://service-registry-example.mcma.io/services"
-  auth {
-    type = "AWS4"
-    data = {
-      accessKey = var.access_key
-      secretKey = var.secret_key
-    }
+  services_url = "https://service-registry-example.mcma.io/api/services"
+}
+
+# AWS auth with profile
+provider "mcma" {
+  services_url = "https://service-registry-example.mcma.io/api/services"
+  aws4_auth {
+    region  = "us-east-1"
+    profile = "myprofile"
+  }
+}
+
+# AWS auth with keys
+provider "mcma" {
+  services_url = "https://service-registry-example.mcma.io/api/services"
+  aws4_auth {
+    region     = "us-east-1"
+    access_key = "accesskey"
+    secret_key = "secretkey"
   }
 }
 ```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
-### Optional
+### Required
 
-- **auth** (Block Set) (see [below for nested schema](#nestedblock--auth))
-- **url** (String) The url to the services endpoint of the MCMA Service Registry
+- `services_url` (String) The url to the services endpoint of the MCMA Service Registry
 
-<a id="nestedblock--auth"></a>
-### Nested Schema for `auth`
+### Optional
 
-Required:
+- `aws4_auth` (Block Set) (see [below for nested schema](#nestedblock--aws4_auth))
+- `services_auth_type` (String) The auth type to use for the services endpoint of the MCMA Service Registry
 
-- **type** (String) The type of authentication to use
+<a id="nestedblock--aws4_auth"></a>
+### Nested Schema for `aws4_auth`
 
 Optional:
 
-- **data** (Map of String) Data used by this authentication type, e.g. keys, profile names, etc
-- **use_for_initialization** (Boolean) Indicates if this auth type should be used to initialize the provider with service data
+- `access_key` (String) The AWS access key to use for authentication. Requires that secret_key also be specified
+- `profile` (String) The AWS profile to use for authentication
+- `region` (String) The AWS region to use for authentication
+- `secret_key` (Boolean) The AWS secret key to use for authentication. Requires that access_key also be specified

docs/resources/job_profile.md

@@ -47,40 +47,40 @@ resource "mcma_job_profile" "example" {
 
 ### Required
 
-- **name** (String) The name of the job profile.
+- `name` (String) The name of the job profile.
 
 ### Optional
 
-- **custom_properties** (Map of String) A collection of key-value pairs specifying additional properties for the job profile.
-- **input_parameter** (Block Set) A list of input parameters (name and type) that must be provided when running a job for this profile. (see [below for nested schema](#nestedblock--input_parameter))
-- **output_parameter** (Block Set) A list of output parameters (name and type) that will be set on the job when the service has finished. (see [below for nested schema](#nestedblock--output_parameter))
+- `custom_properties` (Map of String) A collection of key-value pairs specifying additional properties for the job profile.
+- `input_parameter` (Block Set) A list of input parameters (name and type) that must be provided when running a job for this profile. (see [below for nested schema](#nestedblock--input_parameter))
+- `output_parameter` (Block Set) A list of output parameters (name and type) that will be set on the job when the service has finished. (see [below for nested schema](#nestedblock--output_parameter))
 
 ### Read-Only
 
-- **date_created** (String) The date and time at which the job profile data was created.
-- **date_modified** (String) The date and time at which the job profile data was last modified.
-- **id** (String) The ID of the job profile. MCMA IDs are always absolute urls.
-- **type** (String) The MCMA type of resource. This value will always be 'JobProfile'.
+- `date_created` (String) The date and time at which the job profile data was created.
+- `date_modified` (String) The date and time at which the job profile data was last modified.
+- `id` (String) The ID of the job profile. MCMA IDs are always absolute urls.
+- `type` (String) The MCMA type of resource. This value will always be 'JobProfile'.
 
 <a id="nestedblock--input_parameter"></a>
 ### Nested Schema for `input_parameter`
 
 Required:
 
-- **name** (String) The name of the input parameter.
-- **type** (String) The type of the input parameter. Should specify an MCMA resource or primitive type.
+- `name` (String) The name of the input parameter.
+- `type` (String) The type of the input parameter. Should specify an MCMA resource or primitive type.
 
 Optional:
 
-- **optional** (Boolean) Flag indicating if this input parameter must be provided or not
+- `optional` (Boolean) Flag indicating if this input parameter must be provided or not
 
 
 <a id="nestedblock--output_parameter"></a>
 ### Nested Schema for `output_parameter`
 
 Required:
 
-- **name** (String) The name of the output parameter.
-- **type** (String) The type of the output parameter. Should specify an MCMA resource or primitive type.
+- `name` (String) The name of the output parameter.
+- `type` (String) The type of the output parameter. Should specify an MCMA resource or primitive type.
 
 

docs/resources/resource.md

@@ -29,11 +29,11 @@ resource "mcma_resource" "bm_content" {
 
 ### Required
 
-- **resource_json** (String) The JSON of the object to be created
-- **type** (String) The MCMA type of resource.
+- `resource_json` (String) The JSON of the object to be created
+- `type` (String) The MCMA type of resource.
 
 ### Read-Only
 
-- **id** (String) The ID of the service. MCMA IDs are always absolute urls.
+- `id` (String) The ID of the service. MCMA IDs are always absolute urls.
 
 

docs/resources/service.md

@@ -40,39 +40,39 @@ resource "mcma_service" "example" {
 
 ### Required
 
-- **name** (String) The name of the service
-- **resource** (Block Set, Min: 1) (see [below for nested schema](#nestedblock--resource))
+- `name` (String) The name of the service
+- `resource` (Block Set, Min: 1) (see [below for nested schema](#nestedblock--resource))
 
 ### Optional
 
-- **auth_type** (String) The type of authentication the service uses, e.g. AWS4
-- **job_profile_ids** (List of String) The list of IDs for job profiles that can be processed by this service. If the service does not process jobs, this should be empty.
-- **job_type** (String) The type of job the service processes, if any. Most MCMA services will handle some kind of job, but not all of them have to.
+- `auth_type` (String) The type of authentication the service uses, e.g. AWS4
+- `job_profile_ids` (List of String) The list of IDs for job profiles that can be processed by this service. If the service does not process jobs, this should be empty.
+- `job_type` (String) The type of job the service processes, if any. Most MCMA services will handle some kind of job, but not all of them have to.
 
 ### Read-Only
 
-- **date_created** (String) The date and time at which the service data was created.
-- **date_modified** (String) The date and time at which the service data was last modified.
-- **id** (String) The ID of the service. MCMA IDs are always absolute urls.
-- **type** (String) The MCMA type of resource. This value will always be 'Service'.
+- `date_created` (String) The date and time at which the service data was created.
+- `date_modified` (String) The date and time at which the service data was last modified.
+- `id` (String) The ID of the service. MCMA IDs are always absolute urls.
+- `type` (String) The MCMA type of resource. This value will always be 'Service'.
 
 <a id="nestedblock--resource"></a>
 ### Nested Schema for `resource`
 
 Required:
 
-- **http_endpoint** (String) The url for the endpoint.
-- **resource_type** (String) The type of MCMA resource this endpoint handles.
+- `http_endpoint` (String) The url for the endpoint.
+- `resource_type` (String) The type of MCMA resource this endpoint handles.
 
 Optional:
 
-- **auth_type** (String) The type of authentication expected for this endpoint. This should only be specified if it is different than the auth type specified on the service.
+- `auth_type` (String) The type of authentication expected for this endpoint. This should only be specified if it is different than the auth type specified on the service.
 
 Read-Only:
 
-- **date_created** (String) The date and time at which the resource endpoint data was created.
-- **date_modified** (String) The date and time at which the resource endpoint data was last modified.
-- **id** (String) The ID of the resource endpoint. MCMA IDs are always absolute urls.
-- **type** (String) The MCMA type of resource. This value will always be 'ResourceEndpoint'.
+- `date_created` (String) The date and time at which the resource endpoint data was created.
+- `date_modified` (String) The date and time at which the resource endpoint data was last modified.
+- `id` (String) The ID of the resource endpoint. MCMA IDs are always absolute urls.
+- `type` (String) The MCMA type of resource. This value will always be 'ResourceEndpoint'.
 
 

examples/provider/provider.tf

@@ -1,10 +1,23 @@
+# No auth
 provider "mcma" {
-  url = "https://service-registry-example.mcma.io/services"
-  auth {
-    type = "AWS4"
-    data = {
-      accessKey = var.access_key
-      secretKey = var.secret_key
-    }
+  services_url = "https://service-registry-example.mcma.io/api/services"
+}
+
+# AWS auth with profile
+provider "mcma" {
+  services_url = "https://service-registry-example.mcma.io/api/services"
+  aws4_auth {
+    region  = "us-east-1"
+    profile = "myprofile"
+  }
+}
+
+# AWS auth with keys
+provider "mcma" {
+  services_url = "https://service-registry-example.mcma.io/api/services"
+  aws4_auth {
+    region     = "us-east-1"
+    access_key = "accesskey"
+    secret_key = "secretkey"
   }
 }

mcma/auth_helper.go

@@ -4,31 +4,8 @@ import (
 	"fmt"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"reflect"
-	"strings"
-
-	mcma "github.com/ebu/mcma-libraries-go/client"
 )
 
-func GetAuthenticator(authType string, auth map[string]interface{}) (mcma.Authenticator, diag.Diagnostics) {
-	var authData map[string]interface{}
-	if ad, found := auth["data"]; found {
-		authData = ad.(map[string]interface{})
-	}
-
-	switch strings.ToLower(authType) {
-	case "aws4":
-		return GetAWS4Authenticator(authData)
-	default:
-		return nil, diag.Diagnostics{
-			diag.Diagnostic{
-				Severity: diag.Error,
-				Summary:  "Unsupported auth type",
-				Detail:   fmt.Sprintf("The provider contains an 'auth' block that specifies unsupported auth type '%s'", authType),
-			},
-		}
-	}
-}
-
 func GetAuthDataString(authData map[string]interface{}, key string, required bool) (string, diag.Diagnostics) {
 	var value string
 	if v, valFound := authData[key]; !valFound {

mcma/aws_auth.go

@@ -2,6 +2,7 @@ package mcma
 
 import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"os"
 
 	mcma "github.com/ebu/mcma-libraries-go/client"
 )
@@ -12,6 +13,13 @@ func GetAWS4Authenticator(authData map[string]interface{}) (mcma.Authenticator,
 		return nil, d
 	}
 
+	if region == "" {
+		region = os.Getenv("AWS_REGION")
+		if region == "" {
+			return nil, diag.Errorf("region not specified and AWS_REGION environment variable not set")
+		}
+	}
+
 	accessKey, d := GetAuthDataString(authData, "access_key", false)
 	if d != nil {
 		return nil, d