mirror of
https://github.com/opentffoundation/opentf.git
synced 2026-02-14 19:00:37 -05:00
66983273e5
Signed-off-by: Christian Mesh <christianmesh1@gmail.com> Signed-off-by: Andrei Ciobanu <andrei.ciobanu@opentofu.org> Co-authored-by: Christian Mesh <christianmesh1@gmail.com>
85 lines
2.5 KiB
Go
85 lines
2.5 KiB
Go
// Copyright (c) The OpenTofu Authors
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
// Copyright (c) 2023 HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package external
|
|
|
|
import (
|
|
"github.com/hashicorp/hcl/v2"
|
|
"github.com/hashicorp/hcl/v2/gohcl"
|
|
"github.com/hashicorp/hcl/v2/hclsyntax"
|
|
"github.com/opentofu/opentofu/internal/encryption/keyprovider"
|
|
"github.com/opentofu/opentofu/internal/encryption/method"
|
|
)
|
|
|
|
// New creates a new descriptor for the AES-GCM encryption method, which requires a 32-byte key.
|
|
func New() method.Descriptor {
|
|
return &descriptor{}
|
|
}
|
|
|
|
type descriptor struct {
|
|
}
|
|
|
|
func (d *descriptor) ID() method.ID {
|
|
return "external"
|
|
}
|
|
|
|
func (d *descriptor) DecodeConfig(methodCtx method.EvalContext, body hcl.Body) (method.Config, hcl.Diagnostics) {
|
|
var diags hcl.Diagnostics
|
|
methodCfg := &Config{}
|
|
|
|
content, contentDiags := body.Content(&hcl.BodySchema{
|
|
Attributes: []hcl.AttributeSchema{
|
|
{Name: "keys", Required: false},
|
|
{Name: "encrypt_command", Required: true},
|
|
{Name: "decrypt_command", Required: true},
|
|
},
|
|
})
|
|
diags = diags.Extend(contentDiags)
|
|
if diags.HasErrors() {
|
|
return nil, diags
|
|
}
|
|
|
|
if keyAttr, ok := content.Attributes["keys"]; ok {
|
|
keyExpr := keyAttr.Expr
|
|
// keyExpr can either be raw data/references to raw data or a string reference to a key provider (JSON support)
|
|
keyVal, keyDiags := methodCtx.ValueForExpression(keyExpr)
|
|
diags = diags.Extend(keyDiags)
|
|
if diags.HasErrors() {
|
|
return nil, diags
|
|
}
|
|
keys, decodeDiags := keyprovider.DecodeOutput(keyVal, keyExpr.Range())
|
|
diags = diags.Extend(decodeDiags)
|
|
if diags.HasErrors() {
|
|
return nil, diags
|
|
}
|
|
methodCfg.Keys = &keys
|
|
}
|
|
|
|
encryptAttr := content.Attributes["encrypt_command"]
|
|
encryptVal, valueDiags := methodCtx.ValueForExpression(encryptAttr.Expr)
|
|
diags = diags.Extend(valueDiags)
|
|
if diags.HasErrors() {
|
|
return nil, diags
|
|
}
|
|
|
|
decodeEncryptCmdDiags := gohcl.DecodeExpression(&hclsyntax.LiteralValueExpr{Val: encryptVal, SrcRange: encryptAttr.Expr.Range()}, nil, &methodCfg.EncryptCommand)
|
|
diags = diags.Extend(decodeEncryptCmdDiags)
|
|
if diags.HasErrors() {
|
|
return nil, diags
|
|
}
|
|
|
|
decryptAttr := content.Attributes["decrypt_command"]
|
|
decryptVal, valueDiags := methodCtx.ValueForExpression(decryptAttr.Expr)
|
|
diags = diags.Extend(valueDiags)
|
|
if diags.HasErrors() {
|
|
return nil, diags
|
|
}
|
|
|
|
decodeDecryptCmdDiags := gohcl.DecodeExpression(&hclsyntax.LiteralValueExpr{Val: decryptVal, SrcRange: decryptAttr.Expr.Range()}, nil, &methodCfg.DecryptCommand)
|
|
diags = diags.Extend(decodeDecryptCmdDiags)
|
|
|
|
return methodCfg, diags
|
|
}
|