opentf

mirror of https://github.com/opentffoundation/opentf.git synced 2025-12-19 17:59:05 -05:00

Author	SHA1	Message	Date
Divyanshu Singh	1e966f250a	chore(keyprovider/gcp_kms): add logs for encryption and decryption keys (#3518 ) Signed-off-by: divyanshu-vashu <vashusingh2004.jan@gmail.com> Signed-off-by: Divyanshu Singh <89933176+divyanshu-vashu@users.noreply.github.com> Co-authored-by: Diógenes Fernandes <diofeher@gmail.com>	2025-11-24 09:44:18 -03:00
ian	b7bcc13ea5	encryption/keyprovider/aws_kms: Use APNInfo instead of UserAgent	2025-10-17 12:08:51 -07:00
Larry Bordowitz	bcbfebce3d	Implement the Azure Key Provider This uses the same auth package as the newly-rewritten Azure State Backend, so many of the properties and environment variables are the same. I have put this through both the compliance test as well as built the binary and run some end-to-end tests, and found that it appropriately uses the Azure key as expected. Signed-off-by: Larry Bordowitz <laurence.bordowitz@gmail.com>	2025-09-29 06:19:02 -04:00
Andrei Ciobanu	013097b631	Ephemeral variables (#3108 ) Signed-off-by: Andrei Ciobanu <andrei.ciobanu@opentofu.org> Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2025-09-10 07:45:23 -04:00
Diógenes Fernandes	a88a1f004e	Normalize HCL config paths in `TestComplianceBinary/*` tests on Windows (#3222 ) Signed-off-by: Diogenes Fernandes <diofeher@gmail.com>	2025-09-04 13:59:50 -03:00
Diógenes Fernandes	044374f75a	convert `.json` files from using `CRLF` to `LF` (#3212 ) Signed-off-by: Diogenes Fernandes <diofeher@gmail.com>	2025-08-29 14:03:08 -03:00
James Humphries	329a6a6adb	fix: Improve validation for encryption method identifiers (#3048 ) Signed-off-by: James Humphries <james@james-humphries.co.uk>	2025-07-21 14:38:02 +01:00
Martin Atkins	a1ba3e24aa	tofu: EvalContext expression evaluation takes context.Context (#2937 ) Signed-off-by: Martin Atkins <mart@degeneration.co.uk>	2025-06-19 10:46:31 +01:00
Martin Atkins	952c7b255f	lang: hcl.EvalContext creation needs context.Context Because of the support for provider-contributed functions, expression evaluation can potentially cause provider gRPC requests to happen, and so we'll need to be able to plumb OpenTelemetry trace information through to those calls. This initial commit focuses mainly on just getting the functions in lang.Scope set up to take context.Context, along with their companions in configs.StaticEvaluator, while leaving most of the callers just passing context.TODO() for now so we can gradually deal with the rest of the plumbing in later commits. Signed-off-by: Martin Atkins <mart@degeneration.co.uk>	2025-06-17 07:56:33 -07:00
Christian Mesh	13c1ca768b	Fix lint issues in ./internal/encryption (#2782 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2025-05-09 14:06:42 -07:00
Klopklopi	08f71e93c5	Encryption improve error messages (#2595 ) Signed-off-by: Hugo JOUBERT <hugo.joubert@ippon.fr> Signed-off-by: Klopklopi <76015884+Klopklopi@users.noreply.github.com> Signed-off-by: Hugo JOUBERT <hugo.joubert4@gmail.com> Signed-off-by: Hugo JOUBERT <hugojklop52@gmail.com> Co-authored-by: Hugo JOUBERT <hugo.joubert@ippon.fr> Co-authored-by: Hugo JOUBERT <hugo.joubert4@gmail.com> Co-authored-by: Andrei Ciobanu <andreic9203@gmail.com>	2025-05-07 10:28:28 -04:00
Christian Mesh	b2bf39802a	Implement the first part of RFC 20250303-linter-policy (#2577 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2025-03-10 13:16:27 -04:00
Christian Mesh	ce7279c39f	Improve encryption internals and fix a few bugs therein (#2551 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com> Signed-off-by: yottta <andrei.ciobanu@opentofu.org> Co-authored-by: yottta <andrei.ciobanu@opentofu.org> Co-authored-by: Martin Atkins <mart@degeneration.co.uk>	2025-03-06 12:51:09 -05:00
Mikel Olasagasti Uranga	66765bdab3	Fix: Ensure constant format strings in fmt and printf calls Go 1.24 introduces stricter checks for format string validation. This commit fixes instances where non-constant format strings were used in calls to functions like `fmt.Errorf`, `fmt.Printf`, and similar. Changes include: - Replacing dynamically constructed strings passed as format strings with constant format strings. - Refactoring `fmt.Sprintf` calls to ensure the format string matches the number of arguments provided. - Simplifying redundant formatting and ensuring compliance with Go 1.24's stricter `vet` tool checks. This update ensures compatibility with Go 1.24 and prevents potential runtime errors caused by misinterpreted dynamic format strings. Resolves #2389 Signed-off-by: Mikel Olasagasti Uranga <mikel@olasagasti.info> Co-authored-by: Martin Atkins <mart@degeneration.co.uk> Signed-off-by: Martin Atkins <mart@degeneration.co.uk>	2025-02-26 11:33:43 -08:00
Alexander Scheel	c66319a56b	Remove experimental marker from OpenBao transit (#2536 ) Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>	2025-02-21 10:00:13 -05:00
Andrei Ciobanu	a3276028ad	Upgrade aws sdk to a version that will give us access to s3 conditional writes arguments (#2528 ) Signed-off-by: yottta <andrei.ciobanu@opentofu.org>	2025-02-18 15:58:17 +02:00
AbstractionFactory	60fdd359d5	Fixes #2337 : External encryption method (#2367 ) Signed-off-by: AbstractionFactory <179820029+abstractionfactory@users.noreply.github.com>	2025-01-31 12:13:18 -05:00
AbstractionFactory	5a6d2d3e98	Fixes #2022 : Running external commands as a key provider (#2023 ) Signed-off-by: AbstractionFactory <179820029+abstractionfactory@users.noreply.github.com> Signed-off-by: ollevche <ollevche@gmail.com> Co-authored-by: Oleksandr Levchenkov <ollevche@gmail.com>	2025-01-08 12:08:30 -05:00
Martin Atkins	ad32bde2ae	Temporarily disable the complexity-related lint rules We're intending to gradually improve all of the existing functions that fail these checks as a separate project from other work, because fixing for these particular lint rules tends to be too invasive to be safe or sensible to combine with other work. Therefore we'll temporarily disable these lints from the main lint run and add a separate .golangci-complexity.yml that we can use to track our progress towards eliminating those lint failures without continuing to litter the code with nolint comments in the meantime. This also removes all of the existing nolint comments for these linters so that we can start fresh and review each one as part of our improvement project. We'll re-enable these linters (and remove .golangci-complexity.yml) once each example has either been rewritten to pass the checks or we've concluded that further decomposition would hurt readability and so added "nolint" comments back in so we can review whether our lint rules are too strict once we've got a bunch of examples to consider together. Signed-off-by: Martin Atkins <mart@degeneration.co.uk>	2025-01-03 10:41:05 -05:00
Christian Mesh	c7aaa5ed50	Force state change if encryption used fallback (#2232 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2024-12-03 17:44:30 -05:00
Oleksandr Levchenkov	52cc91c87a	upgrade golangci-lint to v1.62 (#2174 ) Signed-off-by: ollevche <ollevche@gmail.com>	2024-11-18 19:56:29 +02:00
AbstractionFactory	9d842aa920	Fixes #1605 : Customizable metadata key on encryption key providers (#2080 ) Signed-off-by: AbstractionFactory <179820029+abstractionfactory@users.noreply.github.com>	2024-10-30 19:52:23 +01:00
Christian Mesh	0d1e6cd5f0	Handle static variable secret flag (#2045 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2024-10-03 10:46:58 -04:00
Nathan Baulch	ea558d9d4b	Fix typos (#1905 ) Signed-off-by: Nathan Baulch <nathan.baulch@gmail.com> Signed-off-by: Christian Mesh <christianmesh1@gmail.com> Co-authored-by: Christian Mesh <christianmesh1@gmail.com>	2024-08-29 13:20:33 -04:00
Christian Mesh	ffeded20a4	Better handling of key_provider references (#1921 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2024-08-29 10:32:01 -04:00
Christian Mesh	3c45c30249	Move varhcl (body variable inspection) into hcl fork (#1919 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2024-08-23 10:01:07 -04:00
Oleksandr Levchenkov	19b5287b8f	allow static evaluations in encryption configuration (#1728 ) Signed-off-by: ollevche <ollevche@gmail.com> Signed-off-by: Christian Mesh <christianmesh1@gmail.com> Signed-off-by: Oleksandr Levchenkov <ollevche@gmail.com> Co-authored-by: Christian Mesh <christianmesh1@gmail.com>	2024-06-24 10:18:16 -04:00
Oleksandr Levchenkov	568ff66bef	add early validation for enforced encryption methods (#1711 ) Signed-off-by: ollevche <ollevche@gmail.com>	2024-06-12 21:06:06 +03:00
Oleksandr Levchenkov	5a161c8bcc	add automated copyright header check (#1696 ) Signed-off-by: ollevche <ollevche@gmail.com> Signed-off-by: Oleksandr Levchenkov <ollevche@gmail.com>	2024-06-03 16:49:36 +03:00
Christian Mesh	d7e96665f6	Add unencrypted Method for migrations (#1458 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2024-04-12 09:38:21 -04:00
Oleksandr Levchenkov	e1e182987b	add OpenBao as key provider for state encryption (#1436 ) Signed-off-by: ollevche <ollevche@gmail.com>	2024-04-08 13:38:17 +01:00
Ashwin Annamalai	046beee664	Change numbers to make tests work in i386 (#1454 ) Signed-off-by: Ashwin Annamalai <4549937+IgnorantSapient@users.noreply.github.com>	2024-04-01 15:13:26 -04:00
Christian Mesh	979bf5ce3f	Fix #1407 : Pass through metadata fields in state encryption (#1417 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2024-03-28 11:14:08 -04:00
Oleksandr Levchenkov	641751f163	remove GCP KMS key reading from env (#1440 ) Signed-off-by: ollevche <ollevche@gmail.com>	2024-03-28 07:43:54 -04:00
Christian Mesh	f02bb11812	Generate all encryption keys during encryption setup (#1421 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com> Co-authored-by: James Humphries <jamesh@spacelift.io>	2024-03-26 07:43:34 -04:00
Christian Mesh	230fc89a28	GCP KMS for Key Provider for Encryption (#1392 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2024-03-18 15:54:20 -04:00
James Humphries	73f5fbf4bc	Added aws_kms key provider compliance tests (#1395 ) Signed-off-by: James Humphries <james@james-humphries.co.uk> Signed-off-by: Christian Mesh <christianmesh1@gmail.com> Co-authored-by: Christian Mesh <christianmesh1@gmail.com>	2024-03-18 14:48:19 -04:00
Janos	8c99c75229	[State Encryption] Compliance tests (#1377 ) Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>	2024-03-14 15:53:40 +01:00
Janos	19a994ee7f	Documentation updates for 1.7.0-alpha1 (state encryption) (#1396 ) Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>	2024-03-14 15:05:05 +01:00
Christian Mesh	07a9185767	Initial implementation of aws_kms encryption.key_provider (#1349 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com> Signed-off-by: James Humphries <james@james-humphries.co.uk> Co-authored-by: James Humphries <james@james-humphries.co.uk>	2024-03-13 13:19:20 -04:00
Christian Mesh	586c45fe5a	Refactor encryption configuration (#1387 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2024-03-13 10:58:52 -04:00
Janos	4c4d9bca67	Fixed crash on encryption use (#1384 ) Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>	2024-03-13 12:00:31 +01:00
Christian Mesh	b052880246	Encryption should require an explicit fallback (#1364 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2024-03-11 09:24:59 -04:00
Janos	a18e643a8d	PBKDF2 passphrase key provider (#1310 ) Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com> Signed-off-by: Christian Mesh <christianmesh1@gmail.com> Co-authored-by: Christian Mesh <christianmesh1@gmail.com> Co-authored-by: James Humphries <jamesh@spacelift.io>	2024-03-11 14:24:31 +01:00
Christian Mesh	cef62ea738	Update to encryption key provider interface (#1351 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2024-03-08 07:55:08 -05:00
Christian Mesh	5ab6167bbf	Initial wiring of encryption through the command package (#1316 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2024-03-07 08:55:57 -05:00
Janos	fa638907f1	Fixes #1169 : AES-GCM implementation (#1291 ) Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com> Signed-off-by: Mikel Olasagasti Uranga <mikel@olasagasti.info> Signed-off-by: Christian Mesh <christianmesh1@gmail.com> Signed-off-by: James Humphries <James@james-humphries.co.uk> Co-authored-by: James Humphries <jamesh@spacelift.io> Co-authored-by: Serdar Dalgıç <serdardalgic@users.noreply.github.com> Co-authored-by: Mikel Olasagasti Uranga <mikel@olasagasti.info> Co-authored-by: Christian Mesh <christianmesh1@gmail.com>	2024-03-07 10:24:37 +00:00
Christian Mesh	36eb93f958	Integrate encryption config into configs package (#1295 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2024-03-04 11:04:45 -05:00
Christian Mesh	2f5dcd5c0a	Integrate Encryption into State Backends (#1288 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2024-03-04 09:25:14 -05:00
Christian Mesh	ac3ed86617	Integrate encryption into plan serialization (#1292 ) Signed-off-by: Christian Mesh <christianmesh1@gmail.com>	2024-03-04 09:00:29 -05:00

1 2

52 Commits