mirror of
https://github.com/opentffoundation/opentf.git
synced 2025-12-21 10:47:34 -05:00
60fdd359d5
Signed-off-by: AbstractionFactory <179820029+abstractionfactory@users.noreply.github.com>
85 lines
1.9 KiB
Go
85 lines
1.9 KiB
Go
package main
|
|
|
|
import (
|
|
"encoding/json"
|
|
"io"
|
|
"log"
|
|
"os"
|
|
)
|
|
|
|
// Header is the initial line that needs to be written as JSON when the program starts.
|
|
type Header struct {
|
|
Magic string `json:"magic"`
|
|
Version int `json:"version"`
|
|
}
|
|
|
|
// Input is the input data received from OpenTofu in response to the header as JSON.
|
|
type Input struct {
|
|
// Key is the encryption or decryption key, if present.
|
|
Key []byte `json:"key,omitempty"`
|
|
// Payload is the data to encrypt/decrypt.
|
|
Payload []byte `json:"payload"`
|
|
}
|
|
|
|
// Output is the data structure that should be written to the output.
|
|
type Output struct {
|
|
// Payload is the payload that has been encrypted/decrypted by the external method.
|
|
Payload []byte `json:"payload"`
|
|
}
|
|
|
|
func main() {
|
|
// Write logs to stderr
|
|
log.Default().SetOutput(os.Stderr)
|
|
|
|
// Write header:
|
|
header := Header{
|
|
"OpenTofu-External-Encryption-Method",
|
|
1,
|
|
}
|
|
marshalledHeader, err := json.Marshal(header)
|
|
if err != nil {
|
|
log.Fatalf("%v", err)
|
|
}
|
|
_, err = os.Stdout.Write(append(marshalledHeader, []byte("\n")...))
|
|
if err != nil {
|
|
log.Fatalf("Failed to write output: %v", err)
|
|
}
|
|
|
|
// Read input:
|
|
input, err := io.ReadAll(os.Stdin)
|
|
if err != nil {
|
|
log.Fatalf("Failed to read stdin: %v", err)
|
|
}
|
|
var inputData Input
|
|
if err = json.Unmarshal(input, &inputData); err != nil {
|
|
log.Fatalf("Failed to parse stdin: %v", err)
|
|
}
|
|
|
|
// Encrypt/decrypt the input and produce the output here.
|
|
var outputPayload []byte
|
|
if len(os.Args) != 2 {
|
|
log.Fatalf("Expected --encrypt or --decrypt")
|
|
}
|
|
switch os.Args[1] {
|
|
case "--encrypt":
|
|
// Encrypt the payload
|
|
case "--decrypt":
|
|
// Decrypt the payload
|
|
default:
|
|
log.Fatalf("Expected --encrypt or --decrypt")
|
|
}
|
|
|
|
// Write output
|
|
output := Output{
|
|
Payload: outputPayload,
|
|
}
|
|
outputData, err := json.Marshal(output)
|
|
if err != nil {
|
|
log.Fatalf("Failed to stringify output: %v", err)
|
|
}
|
|
_, err = os.Stdout.Write(outputData)
|
|
if err != nil {
|
|
log.Fatalf("Failed to write output: %v", err)
|
|
}
|
|
}
|