Documentation ¶
Overview ¶
Package getproviders provides an interface for getting providers.
Index ¶
- Constants
- func UpdateLockfile(ctx context.Context, workingDir string, providers []Provider) error
- type Hash
- type HashScheme
- type PackageAuthentication
- func NewArchiveChecksumAuthentication(wantSHA256Sum [sha256.Size]byte) PackageAuthentication
- func NewMatchingChecksumAuthentication(document []byte, filename string, wantSHA256Sum [sha256.Size]byte) PackageAuthentication
- func NewSignatureAuthentication(document, signature []byte, keys map[string]string) PackageAuthentication
- func PackageAuthenticationAll(checks ...PackageAuthentication) PackageAuthentication
- type PackageAuthenticationHashes
- type PackageAuthenticationResult
- type Provider
Constants ¶
const HashicorpPartnersKey = `` /* 3194-byte string literal not displayed */
HashicorpPartnersKey is a key created by HashiCorp, used to generate and verify trust signatures for Partner tier providers.
const HashicorpPublicKey = `` /* 7716-byte string literal not displayed */
HashicorpPublicKey is the HashiCorp public key, also available at https://www.hashicorp.com/security
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Hash ¶
type Hash string
Hash is a specially-formatted string representing a checksum of a package or the contents of the package.
func DocumentHashes ¶
func HashLegacyZipSHAFromSHA ¶
HashLegacyZipSHAFromSHA is a convenience method to produce the schemed-string hash format from an already-calculated hash of a provider .zip archive.
func PackageHashLegacyZipSHA ¶
PackageHashLegacyZipSHA implements the old provider package hashing scheme of taking a SHA256 hash of the containing .zip archive itself, rather than of the contents of the archive.
func PackageHashV1 ¶
PackageHashV1 computes a hash of the contents of the package at the given location using hash algorithm 1. The resulting Hash is guaranteed to have the scheme HashScheme1.
type HashScheme ¶
type HashScheme string
HashScheme is an enumeration of schemes.
const ( // HashScheme1 is the scheme identifier for the first hash scheme. HashScheme1 HashScheme = HashScheme("h1:") // HashSchemeZip is the scheme identifier for the legacy hash scheme that applies to distribution archives (.zip files) rather than package contents. HashSchemeZip HashScheme = HashScheme("zh:") )
func (HashScheme) New ¶
func (scheme HashScheme) New(value string) Hash
New creates a new Hash value with the receiver as its scheme and the given raw string as its value.
type PackageAuthentication ¶
type PackageAuthentication interface { // Authenticate takes the path of a package and returns a PackageAuthenticationResult, or an error if the authentication checks fail. Authenticate(path string) (*PackageAuthenticationResult, error) }
PackageAuthentication implementation is responsible for authenticating that a package is what its distributor intended to distribute and that it has not been tampered with.
func NewArchiveChecksumAuthentication ¶
func NewArchiveChecksumAuthentication(wantSHA256Sum [sha256.Size]byte) PackageAuthentication
NewArchiveChecksumAuthentication returns a PackageAuthentication implementation that checks that the original distribution archive matches the given hash.
func NewMatchingChecksumAuthentication ¶
func NewMatchingChecksumAuthentication(document []byte, filename string, wantSHA256Sum [sha256.Size]byte) PackageAuthentication
NewMatchingChecksumAuthentication returns a PackageAuthentication implementation that scans a registry-provided SHA256SUMS document for a specified filename, and compares the SHA256 hash against the expected hash
func NewSignatureAuthentication ¶
func NewSignatureAuthentication(document, signature []byte, keys map[string]string) PackageAuthentication
NewSignatureAuthentication returns a PackageAuthentication implementation that verifies the cryptographic signature for a package against any of the provided keys.
func PackageAuthenticationAll ¶
func PackageAuthenticationAll(checks ...PackageAuthentication) PackageAuthentication
PackageAuthenticationAll combines several authentications together into a single check value, which passes only if all of the given ones pass.
type PackageAuthenticationHashes ¶
type PackageAuthenticationHashes interface { PackageAuthentication // AcceptableHashes returns a set of hashes that this authenticator considers to be valid for the current package or, where possible, equivalent packages on other platforms. AcceptableHashes() []Hash }
PackageAuthenticationHashes is an optional interface implemented by PackageAuthentication implementations that are able to return a set of hashes they would consider valid if a given path referred to a package that matched that hash string.
type PackageAuthenticationResult ¶
type PackageAuthenticationResult int
PackageAuthenticationResult is returned from a PackageAuthentication implementation which implements Stringer.
const ( VerifiedChecksum PackageAuthenticationResult = iota OfficialProvider PartnerProvider CommunityProvider )
func NewPackageAuthenticationResult ¶
func NewPackageAuthenticationResult(res PackageAuthenticationResult) *PackageAuthenticationResult
func (PackageAuthenticationResult) SignedByAnyParty ¶
func (result PackageAuthenticationResult) SignedByAnyParty() bool
SignedByAnyParty returns whether the package was authenticated as signed by either HashiCorp or by a third-party.
func (PackageAuthenticationResult) SignedByHashiCorp ¶
func (result PackageAuthenticationResult) SignedByHashiCorp() bool
SignedByHashiCorp returns whether the package was authenticated as signed by HashiCorp.
func (*PackageAuthenticationResult) String ¶
func (result *PackageAuthenticationResult) String() string
func (PackageAuthenticationResult) ThirdPartySigned ¶
func (result PackageAuthenticationResult) ThirdPartySigned() bool
ThirdPartySigned returns whether the package was authenticated as signed by a party other than HashiCorp.
type Provider ¶
type Provider interface { // Address returns a source address of the provider. e.g.: registry.terraform.io/hashicorp/aws Address() string // Version returns a version of the provider. e.g.: 5.36.0 Version() string // DocumentSHA256Sums returns a document with providers hashes for different platforms. DocumentSHA256Sums(ctx context.Context) ([]byte, error) // PackageDir returns a directory with the unpacked provider. PackageDir() string // Logger returns logger Logger() log.Logger }