github.com/opentofu/opentofu@v1.7.1/internal/encryption/config/config.go (about) 1 // Copyright (c) The OpenTofu Authors 2 // SPDX-License-Identifier: MPL-2.0 3 // Copyright (c) 2023 HashiCorp, Inc. 4 // SPDX-License-Identifier: MPL-2.0 5 6 package config 7 8 import ( 9 "github.com/hashicorp/hcl/v2" 10 "github.com/opentofu/opentofu/internal/encryption/keyprovider" 11 "github.com/opentofu/opentofu/internal/encryption/method" 12 ) 13 14 // EncryptionConfig describes the terraform.encryption HCL block you can use to configure the state and plan encryption. 15 // The individual fields of this struct match the HCL structure directly. 16 type EncryptionConfig struct { 17 KeyProviderConfigs []KeyProviderConfig `hcl:"key_provider,block"` 18 MethodConfigs []MethodConfig `hcl:"method,block"` 19 20 State *EnforcableTargetConfig `hcl:"state,block"` 21 Plan *EnforcableTargetConfig `hcl:"plan,block"` 22 Remote *RemoteConfig `hcl:"remote_state_data_sources,block"` 23 24 // Not preserved through merge operations 25 DeclRange hcl.Range 26 } 27 28 // Merge returns a merged configuration with the current config and the specified override combined, the override 29 // taking precedence. 30 func (c *EncryptionConfig) Merge(override *EncryptionConfig) *EncryptionConfig { 31 return MergeConfigs(c, override) 32 } 33 34 // KeyProviderConfig describes the terraform.encryption.key_provider.* block you can use to declare a key provider for 35 // encryption. The Body field will contain the remaining undeclared fields the key provider can consume. 36 type KeyProviderConfig struct { 37 Type string `hcl:"type,label"` 38 Name string `hcl:"name,label"` 39 Body hcl.Body `hcl:",remain"` 40 } 41 42 // Addr returns a keyprovider.Addr from the current configuration. 43 func (k KeyProviderConfig) Addr() (keyprovider.Addr, hcl.Diagnostics) { 44 return keyprovider.NewAddr(k.Type, k.Name) 45 } 46 47 // MethodConfig describes the terraform.encryption.method.* block you can use to declare the encryption method. The Body 48 // field will contain the remaining undeclared fields the method can consume. 49 type MethodConfig struct { 50 Type string `hcl:"type,label"` 51 Name string `hcl:"name,label"` 52 Body hcl.Body `hcl:",remain"` 53 } 54 55 func (m MethodConfig) Addr() (method.Addr, hcl.Diagnostics) { 56 return method.NewAddr(m.Type, m.Name) 57 } 58 59 // RemoteConfig describes the terraform.encryption.remote block you can use to declare encryption for remote state data 60 // sources. 61 type RemoteConfig struct { 62 Default *TargetConfig `hcl:"default,block"` 63 Targets []NamedTargetConfig `hcl:"remote_state_data_source,block"` 64 } 65 66 // TargetConfig describes the target.encryption.state, target.encryption.plan, etc blocks. 67 type TargetConfig struct { 68 Method hcl.Expression `hcl:"method,optional"` 69 Fallback *TargetConfig `hcl:"fallback,block"` 70 } 71 72 // EnforcableTargetConfig is an extension of the TargetConfig that supports the enforced form. 73 // 74 // Note: This struct is copied because gohcl does not support embedding. 75 type EnforcableTargetConfig struct { 76 Enforced bool `hcl:"enforced,optional"` 77 Method hcl.Expression `hcl:"method,optional"` 78 Fallback *TargetConfig `hcl:"fallback,block"` 79 } 80 81 // AsTargetConfig converts the struct into its parent TargetConfig. 82 func (e EnforcableTargetConfig) AsTargetConfig() *TargetConfig { 83 return &TargetConfig{ 84 Method: e.Method, 85 Fallback: e.Fallback, 86 } 87 } 88 89 // NamedTargetConfig is an extension of the TargetConfig that describes a 90 // terraform.encryption.remote.remote_state_data.* block. 91 // 92 // Note: This struct is copied because gohcl does not support embedding. 93 type NamedTargetConfig struct { 94 Name string `hcl:"name,label"` 95 Method hcl.Expression `hcl:"method,optional"` 96 Fallback *TargetConfig `hcl:"fallback,block"` 97 } 98 99 // AsTargetConfig converts the struct into its parent TargetConfig. 100 func (n NamedTargetConfig) AsTargetConfig() *TargetConfig { 101 return &TargetConfig{ 102 Method: n.Method, 103 Fallback: n.Fallback, 104 } 105 }