jprdonnelly/opentf
1
0
Fork 0
mirror of https://github.com/opentffoundation/opentf.git synced 2025-12-19 17:59:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

Better handling of key_provider references (#1921)

Browse Source 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
This commit is contained in:
Christian Mesh
2024-08-29 10:32:01 -04:00
committed by GitHub
parent 2e4f76452b
commit ffeded20a4
2 changed files with 50 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
internal/encryption/keyprovider.go
View File

@@ -127,15 +127,27 @@ func (e *targetBuilder) setupKeyProvider(cfg config.KeyProviderConfig, stack []c
continue continue
} }
// TODO this should be more defensive // This will always be a TraverseRoot, panic is OK if that's not the case
depRoot := (dep[0].(hcl.TraverseRoot)).Name depRoot := (dep[0].(hcl.TraverseRoot)).Name
depType := (dep[1].(hcl.TraverseAttr)).Name
depName := (dep[2].(hcl.TraverseAttr)).Name
if depRoot != "key_provider" { if depRoot != "key_provider" {
nonKeyProviderDeps = append(nonKeyProviderDeps, dep) nonKeyProviderDeps = append(nonKeyProviderDeps, dep)
continue continue
} }
depTypeAttr, typeOk := dep[1].(hcl.TraverseAttr)
depNameAttr, nameOk := dep[2].(hcl.TraverseAttr)
if !typeOk || !nameOk {
diags = append(diags, &hcl.Diagnostic{
Severity: hcl.DiagError,
Summary: "Invalid Key Provider expression format",
Detail: "Expected key_provider.<type>.<name>",
Subject: dep.SourceRange().Ptr(),
})
continue
}
depType := depTypeAttr.Name
depName := depNameAttr.Name
kpc, ok := e.cfg.GetKeyProvider(depType, depName) kpc, ok := e.cfg.GetKeyProvider(depType, depName)
if !ok { if !ok {

34
internal/encryption/targets_test.go
View File

@@ -131,6 +131,22 @@ func TestBaseEncryption_buildTargetMethods(t *testing.T) {
aesgcm.Is, aesgcm.Is,
}, },
}, },
"key-from-complex-vars": {
rawConfig: `
key_provider "static" "basic" {
key = var.obj[0].key
}
method "aes_gcm" "example" {
keys = key_provider.static.basic
}
state {
method = method.aes_gcm.example
}
`,
wantMethods: []func(method.Method) bool{
aesgcm.Is,
},
},
"undefined-key-from-vars": { "undefined-key-from-vars": {
rawConfig: ` rawConfig: `
key_provider "static" "basic" { key_provider "static" "basic" {
@@ -145,6 +161,20 @@ func TestBaseEncryption_buildTargetMethods(t *testing.T) {
`, `,
wantErr: "Test Config Source:3,12-28: Undefined variable; Undefined variable var.undefinedkey", wantErr: "Test Config Source:3,12-28: Undefined variable; Undefined variable var.undefinedkey",
}, },
"bad-keyprovider-format": {
rawConfig: `
key_provider "static" "basic" {
key = key_provider.static[0]
}
method "aes_gcm" "example" {
keys = key_provider.static.basic
}
state {
method = method.aes_gcm.example
}
`,
wantErr: "Test Config Source:3,12-34: Invalid Key Provider expression format; Expected key_provider.<type>.<name>",
},
} }
reg := lockingencryptionregistry.New() reg := lockingencryptionregistry.New()
@@ -165,6 +195,10 @@ func TestBaseEncryption_buildTargetMethods(t *testing.T) {
Default: cty.StringVal("6f6f706830656f67686f6834616872756f3751756165686565796f6f72653169"), Default: cty.StringVal("6f6f706830656f67686f6834616872756f3751756165686565796f6f72653169"),
Type: cty.String, Type: cty.String,
}, },
"obj": {
Name: "obj",
Default: cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"key": cty.StringVal("6f6f706830656f67686f6834616872756f3751756165686565796f6f72653169")})}),
},
}, },
} }