mirror of
https://github.com/opentffoundation/opentf.git
synced 2025-12-21 18:56:57 -05:00
55855fca70
As discussed in opentofu/opentofu#2656, this consolidates the two concerns of the PackageAuthentication interface into a single function that deals both with package authentication _and_ with reporting all of the package hashes that were used to make the authentication decision. This means that any .zip archive that OpenTofu directly verifies during installation can now have its hash recorded in the dependency lock file even if that package didn't come from the provider's origin registry, which is beneficial when the first installation of a provider comes from a secondary ("mirror") source because it creates an additional hook by which that dependency lock file entry can be "upgraded" to be complete in a future "tofu init" run against the origin registry, or by the "tofu providers lock" command. Signed-off-by: Martin Atkins <mart@degeneration.co.uk>
3.3 KiB
3.3 KiB