GO-2024-3182: OpenTofu potential leaking of secret variable values when using static evaluation in v1.8 in github.com/opentofu/opentofu

compliancetest

package

v1.8.0 Latest Latest Go to latest Published: Jul 29, 2024 License: MPL-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/opentofu/opentofu

Documentation ¶

Index ¶

func ComplianceTest[TDescriptor keyprovider.Descriptor, TConfig keyprovider.Config, ...](t *testing.T, ...)
type ConfigStructTestCase
type HCLParseTestCase
type MetadataStructTestCase
type ProvideTestCase
type TestConfiguration

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ComplianceTest ¶

func ComplianceTest[TDescriptor keyprovider.Descriptor, TConfig keyprovider.Config, TMeta keyprovider.KeyMeta, TKeyProvider keyprovider.KeyProvider](
	t *testing.T,
	config TestConfiguration[TDescriptor, TConfig, TMeta, TKeyProvider],
)

Types ¶

type ConfigStructTestCase ¶

type ConfigStructTestCase[TConfig keyprovider.Config, TKeyProvider keyprovider.KeyProvider] struct {
	Config     TConfig
	ValidBuild bool
	Validate   func(keyProvider TKeyProvider) error
}

ConfigStructTestCase validates that the config struct is behaving correctly when Build() is called.

type HCLParseTestCase ¶

type HCLParseTestCase[TConfig keyprovider.Config, TKeyProvider keyprovider.KeyProvider] struct {
	// HCL contains the code that should be parsed into the configuration structure.
	HCL string
	// ValidHCL indicates that the HCL block should be parsable into the configuration structure, but not necessarily
	// result in a valid Build() call.
	ValidHCL bool
	// ValidBuild indicates that calling the Build() function should not result in an error.
	ValidBuild bool
	// Validate is an extra optional validation function that can check if the configuration contains the correct
	// values parsed from HCL. If ValidBuild is true, the key provider will be passed as well.
	Validate func(config TConfig, keyProvider TKeyProvider) error
}

HCLParseTestCase contains a test case that parses HCL into a configuration.

type MetadataStructTestCase ¶

type MetadataStructTestCase[TConfig keyprovider.Config, TMeta any] struct {
	// Config contains a valid configuration that should be used to construct the key provider.
	ValidConfig TConfig
	// Meta contains the metadata for this test case.
	Meta TMeta
	// IsPresent indicates that the supplied metadata in Meta should be treated as present and the Provide() function
	// should either return an error or a decryption key. If IsPresent is false, the Provide() function must not
	// return an error or a decryption key.
	IsPresent bool
	// IsValid indicates that, if IsPresent is true, the metadata should be valid and the Provide() function should not
	// exit with a *keyprovider.ErrInvalidMetadata error.
	IsValid bool
}

MetadataStructTestCase is a test case for metadata.

type ProvideTestCase ¶

type ProvideTestCase[TConfig keyprovider.Config, TMeta any] struct {
	// ValidConfig is a valid configuration that the integration test can use to generate keys.
	ValidConfig TConfig
	// ExpectedOutput indicates what keys are expected as an output when the integration test is ran with full metadata.
	ExpectedOutput *keyprovider.Output
	// ValidateKeys is a function that compares an encryption and a decryption key. The function should return an error
	// if the two keys don't belong together. If you do not provide this function, bytes.Equal will be used.
	ValidateKeys func(decryptionKey []byte, encryptionKey []byte) error
	// ValidateMetadata is a function that validates that the resulting metadata is correct.
	ValidateMetadata func(meta TMeta) error
}

ProvideTestCase provides a test configuration Provide() test where a key is requested and then subsequently compared.

type TestConfiguration ¶

type TestConfiguration[TDescriptor keyprovider.Descriptor, TConfig keyprovider.Config, TMeta any, TKeyProvider keyprovider.KeyProvider] struct {
	// Descriptor is the descriptor for the key provider.
	Descriptor TDescriptor

	// HCLParseTestCases contains the test cases of parsing HCL configuration and then validating it using the Build()
	// function.
	HCLParseTestCases map[string]HCLParseTestCase[TConfig, TKeyProvider]

	// ConfigStructT validates that a certain config results or does not result in a valid Build() call.
	ConfigStructTestCases map[string]ConfigStructTestCase[TConfig, TKeyProvider]

	// MetadataStructTestCases test various metadata values for correct handling.
	MetadataStructTestCases map[string]MetadataStructTestCase[TConfig, TMeta]

	// ProvideTestCase exercises the entire chain and generates two keys.
	ProvideTestCase ProvideTestCase[TConfig, TMeta]
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL