mirror of
https://github.com/opentofu/opentofu.git
synced 2026-05-21 17:47:24 -04:00
66983273e5
Some checks are pending
build / Build for freebsd_386 (push) Waiting to run
build / Build for linux_386 (push) Waiting to run
build / Build for openbsd_386 (push) Waiting to run
build / Build for windows_386 (push) Waiting to run
build / Build for freebsd_amd64 (push) Waiting to run
build / Build for linux_amd64 (push) Waiting to run
build / Build for openbsd_amd64 (push) Waiting to run
build / Build for solaris_amd64 (push) Waiting to run
build / Build for windows_amd64 (push) Waiting to run
build / Build for freebsd_arm (push) Waiting to run
build / Build for linux_arm (push) Waiting to run
build / Build for linux_arm64 (push) Waiting to run
build / Build for darwin_amd64 (push) Waiting to run
build / Build for darwin_arm64 (push) Waiting to run
build / End-to-end Tests for linux_386 (push) Waiting to run
build / End-to-end Tests for windows_386 (push) Waiting to run
build / End-to-end Tests for darwin_amd64 (push) Waiting to run
build / End-to-end Tests for linux_amd64 (push) Waiting to run
build / End-to-end Tests for windows_amd64 (push) Waiting to run
Quick Checks / List files changed for pull request (push) Waiting to run
Quick Checks / Unit tests for linux_386 (push) Blocked by required conditions
Quick Checks / Unit tests for linux_amd64 (push) Blocked by required conditions
Quick Checks / Unit tests for windows_amd64 (push) Blocked by required conditions
Quick Checks / Unit tests for linux_arm (push) Blocked by required conditions
Quick Checks / Unit tests for darwin_arm64 (push) Blocked by required conditions
Quick Checks / Unit tests for linux_arm64 (push) Blocked by required conditions
Quick Checks / Race Tests (push) Blocked by required conditions
Quick Checks / End-to-end Tests (push) Blocked by required conditions
Quick Checks / Code Consistency Checks (push) Blocked by required conditions
Quick Checks / License Checks (push) Waiting to run
Website checks / List files changed for pull request (push) Waiting to run
Website checks / Build (push) Blocked by required conditions
Website checks / Test Installation Instructions (push) Blocked by required conditions
Signed-off-by: Christian Mesh <christianmesh1@gmail.com> Signed-off-by: Andrei Ciobanu <andrei.ciobanu@opentofu.org> Co-authored-by: Christian Mesh <christianmesh1@gmail.com>
84 lines
2.5 KiB
Go
84 lines
2.5 KiB
Go
// Copyright (c) The OpenTofu Authors
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
// Copyright (c) 2023 HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package external
|
|
|
|
import (
|
|
"github.com/hashicorp/hcl/v2"
|
|
"github.com/hashicorp/hcl/v2/gohcl"
|
|
"github.com/hashicorp/hcl/v2/hclsyntax"
|
|
"github.com/opentofu/opentofu/internal/encryption/keyprovider"
|
|
"github.com/opentofu/opentofu/internal/encryption/method"
|
|
)
|
|
|
|
// New creates a new descriptor for the AES-GCM encryption method, which requires a 32-byte key.
|
|
func New() method.Descriptor {
|
|
return &descriptor{}
|
|
}
|
|
|
|
type descriptor struct {
|
|
}
|
|
|
|
func (d *descriptor) ID() method.ID {
|
|
return "external"
|
|
}
|
|
|
|
func (d *descriptor) DecodeConfig(methodCtx method.EvalContext, body hcl.Body) (method.Config, hcl.Diagnostics) {
|
|
var diags hcl.Diagnostics
|
|
methodCfg := &Config{}
|
|
|
|
content, contentDiags := body.Content(&hcl.BodySchema{
|
|
Attributes: []hcl.AttributeSchema{
|
|
{Name: "keys", Required: false},
|
|
{Name: "encrypt_command", Required: true},
|
|
{Name: "decrypt_command", Required: true},
|
|
},
|
|
})
|
|
diags = diags.Extend(contentDiags)
|
|
if diags.HasErrors() {
|
|
return nil, diags
|
|
}
|
|
|
|
if keyAttr, ok := content.Attributes["keys"]; ok {
|
|
keyExpr := keyAttr.Expr
|
|
// keyExpr can either be raw data/references to raw data or a string reference to a key provider (JSON support)
|
|
keyVal, keyDiags := methodCtx.ValueForExpression(keyExpr)
|
|
diags = diags.Extend(keyDiags)
|
|
if diags.HasErrors() {
|
|
return nil, diags
|
|
}
|
|
keys, decodeDiags := keyprovider.DecodeOutput(keyVal, keyExpr.Range())
|
|
diags = diags.Extend(decodeDiags)
|
|
if diags.HasErrors() {
|
|
return nil, diags
|
|
}
|
|
methodCfg.Keys = &keys
|
|
}
|
|
|
|
encryptAttr := content.Attributes["encrypt_command"]
|
|
encryptVal, valueDiags := methodCtx.ValueForExpression(encryptAttr.Expr)
|
|
diags = diags.Extend(valueDiags)
|
|
if diags.HasErrors() {
|
|
return nil, diags
|
|
}
|
|
|
|
decodeEncryptCmdDiags := gohcl.DecodeExpression(&hclsyntax.LiteralValueExpr{Val: encryptVal, SrcRange: encryptAttr.Expr.Range()}, nil, &methodCfg.EncryptCommand)
|
|
diags = diags.Extend(decodeEncryptCmdDiags)
|
|
if diags.HasErrors() {
|
|
return nil, diags
|
|
}
|
|
|
|
decryptAttr := content.Attributes["decrypt_command"]
|
|
decryptVal, valueDiags := methodCtx.ValueForExpression(decryptAttr.Expr)
|
|
diags = diags.Extend(valueDiags)
|
|
if diags.HasErrors() {
|
|
return nil, diags
|
|
}
|
|
|
|
decodeDecryptCmdDiags := gohcl.DecodeExpression(&hclsyntax.LiteralValueExpr{Val: decryptVal, SrcRange: decryptAttr.Expr.Range()}, nil, &methodCfg.DecryptCommand)
|
|
diags = diags.Extend(decodeDecryptCmdDiags)
|
|
|
|
return methodCfg, diags
|
|
}
|