mirror of https://github.com/opentffoundation/opentf.git synced 2026-04-11 06:01:36 -04:00

Files

Mikel Olasagasti Uranga 66765bdab3 Fix: Ensure constant format strings in fmt and printf calls

Go 1.24 introduces stricter checks for format string validation.
This commit fixes instances where non-constant format strings were
used in calls to functions like `fmt.Errorf`, `fmt.Printf`, and similar.

Changes include:
- Replacing dynamically constructed strings passed as format strings
with constant format strings.
- Refactoring `fmt.Sprintf` calls to ensure the format string matches
the number of arguments provided.
- Simplifying redundant formatting and ensuring compliance with Go
1.24's stricter `vet` tool checks.

This update ensures compatibility with Go 1.24 and prevents potential
runtime errors caused by misinterpreted dynamic format strings.

Resolves #2389

Signed-off-by: Mikel Olasagasti Uranga <mikel@olasagasti.info>
Co-authored-by: Martin Atkins <mart@degeneration.co.uk>
Signed-off-by: Martin Atkins <mart@degeneration.co.uk>

2025-02-26 11:33:43 -08:00

compliance_test.go

Added aws_kms key provider compliance tests (#1395 )

2024-03-18 14:48:19 -04:00

config_assumerole.go

add automated copyright header check (#1696 )

2024-06-03 16:49:36 +03:00

config_endpoints.go

Fix typos (#1905 )

2024-08-29 13:20:33 -04:00

config_test.go

Upgrade aws sdk to a version that will give us access to s3 conditional writes arguments (#2528 )

2025-02-18 15:58:17 +02:00

config.go

Fix: Ensure constant format strings in fmt and printf calls

2025-02-26 11:33:43 -08:00

descriptor.go

add automated copyright header check (#1696 )

2024-06-03 16:49:36 +03:00

mock_test.go

Added aws_kms key provider compliance tests (#1395 )

2024-03-18 14:48:19 -04:00

provider_test.go

Fix typos (#1905 )

2024-08-29 13:20:33 -04:00

provider.go

add automated copyright header check (#1696 )

2024-06-03 16:49:36 +03:00

README.md

Initial implementation of aws_kms encryption.key_provider (#1349 )

2024-03-13 13:19:20 -04:00

README.md

AWS KMS Key Provider

Warning

This file is not an end-user documentation, it is intended for developers. Please follow the user documentation on the OpenTofu website unless you want to work on the encryption code.

This folder contains the code for the AWS KMS Key Provider. The user will be able to provide a reference to an AWS KMS key which can be used to encrypt and decrypt the data.

Configuration

You can configure this key provider by specifying the following options:

terraform {
    encryption {
        key_provider "aws_kms" "myprovider" {
           kms_key_id = "1234abcd-12ab-34cd-56ef-1234567890ab"
        }
    }
}

Key Provider Options - kms_key_id

The kms_key_id can refer to one of the following:

Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
Alias name: alias/ExampleAlias
Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

For more information see https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/kms#GenerateDataKeyInput

State Snapshotting and Key Usage

Overview

OpenTofu generates a new encryption key for every time we store encrypted data, ensuring high security by minimizing key reuse. This has some minor cost implications that should be communicated to the end users, There may be more keys generated than expected as OpenTofu uses a new key for each state snapshot. It is important to generate a new key for each state snapshot to ensure that the state snapshot is encrypted with a unique key instead of reusing the same key for all state snapshots and thus reducing the security of the system.