static

package

v1.8.0-rc1 Latest Latest Go to latest Published: Jul 23, 2024 License: MPL-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

Example static key provider

[!WARNING] This file is not an end-user documentation, it is intended for developers. Please follow the user documentation on the OpenTofu website unless you want to work on the encryption code.

[!WARNING] This provider is not intended for production use and merely serves as a simple example!

This folder contains a key provider that accepts a static, hex-encoded key. Its only purpose is to serve as a provider for tests and as a demonstration on implementing a key provider.

Documentation ¶

Overview ¶

Package static contains a key provider that emits a static key.

Example ¶

Example is a full end-to-end example of encrypting and decrypting a plan file.

package main

import (
	"fmt"
	"strings"

	"github.com/opentofu/opentofu/internal/configs"
	"github.com/opentofu/opentofu/internal/encryption"
	"github.com/opentofu/opentofu/internal/encryption/config"
	"github.com/opentofu/opentofu/internal/encryption/keyprovider/static"
	"github.com/opentofu/opentofu/internal/encryption/method/aesgcm"
	"github.com/opentofu/opentofu/internal/encryption/registry/lockingencryptionregistry"
)

var hclConfig = `key_provider "static" "foo" {
  key = "6f6f706830656f67686f6834616872756f3751756165686565796f6f72653169"
}

method "aes_gcm" "bar" {
  keys = key_provider.static.foo
}

plan {
  method = method.aes_gcm.bar
}
`

// Example is a full end-to-end example of encrypting and decrypting a plan file.
func main() {
	registry := lockingencryptionregistry.New()
	if err := registry.RegisterKeyProvider(static.New()); err != nil {
		panic(err)
	}
	if err := registry.RegisterMethod(aesgcm.New()); err != nil {
		panic(err)
	}

	cfg, diags := config.LoadConfigFromString("test.hcl", hclConfig)
	if diags.HasErrors() {
		panic(diags)
	}

	staticEvaluator := configs.NewStaticEvaluator(nil, configs.RootModuleCallForTesting())

	enc, diags := encryption.New(registry, cfg, staticEvaluator)
	if diags.HasErrors() {
		panic(diags)
	}

	encryptor := enc.Plan()

	encryptedPlan, err := encryptor.EncryptPlan([]byte("Hello world!"))
	if err != nil {
		panic(err)
	}
	if strings.Contains(string(encryptedPlan), "Hello world!") {
		panic("The plan was not encrypted!")
	}
	decryptedPlan, err := encryptor.DecryptPlan(encryptedPlan)
	if err != nil {
		panic(err)
	}
	fmt.Printf("%s", decryptedPlan)
}

Output:

Hello world!

Index ¶

type Config
- func (c Config) Build() (keyprovider.KeyProvider, keyprovider.KeyMeta, error)
type Descriptor
- func New() Descriptor
type Metadata

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	Key string `hcl:"key"`
}

Config contains the configuration for this key provider supplied by the user. This struct must have hcl tags in order to function.

Example ¶

This example is a bare-bones configuration for a static key provider. It is mainly intended to demonstrate how you can use parse configuration and construct a static key provider from in. And is not intended to be used as a real-world example.

package main

import (
	"fmt"

	"github.com/hashicorp/hcl/v2/gohcl"

	config2 "github.com/opentofu/opentofu/internal/encryption/config"
	"github.com/opentofu/opentofu/internal/encryption/keyprovider/static"
)

var exampleConfig = `key_provider "static" "foo" {
  key = "6f6f706830656f67686f6834616872756f3751756165686565796f6f72653169"
}
`

// This example is a bare-bones configuration for a static key provider.
// It is mainly intended to demonstrate how you can use parse configuration
// and construct a static key provider from in.
// And is not intended to be used as a real-world example.
func main() {
	staticConfig := static.New().ConfigStruct()

	// Parse the config:
	parsedConfig, diags := config2.LoadConfigFromString("config.hcl", exampleConfig)
	if diags.HasErrors() {
		panic(diags)
	}

	if len(parsedConfig.KeyProviderConfigs) != 1 {
		panic("Expected 1 key provider")
	}
	// Grab the KeyProvider from the parsed config:
	keyProvider := parsedConfig.KeyProviderConfigs[0]

	// assert the Type is "static" and the Name is "foo"
	if keyProvider.Type != "static" {
		panic("Expected key provider type to be 'static'")
	}
	if keyProvider.Name != "foo" {
		panic("Expected key provider name to be 'foo'")
	}

	// Use gohcl to parse the hcl block from parsedConfig into the static configuration struct
	// This is not the intended path, and it should be handled by the implementation of the Encryption
	// interface.
	//
	// This is just an example of how to use the static configuration struct, and this is how testing
	// may be carried out.
	if err := gohcl.DecodeBody(parsedConfig.KeyProviderConfigs[0].Body, nil, staticConfig); err != nil {
		panic(err)
	}

	// Cast the static configuration struct to a static.Config so that we can assert against the key
	// value
	s := staticConfig.(*static.Config)

	fmt.Printf("%s\n", s.Key)
}

Output:

6f6f706830656f67686f6834616872756f3751756165686565796f6f72653169

func (Config) Build ¶

func (c Config) Build() (keyprovider.KeyProvider, keyprovider.KeyMeta, error)

Build will create the usable key provider.

type Descriptor ¶

type Descriptor interface {
	keyprovider.Descriptor
}

Descriptor is an additional interface to allow for providing custom methods.

func New ¶

func New() Descriptor

type Metadata ¶

type Metadata struct {
	Magic string `json:"magic"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL