github.com/opentofu/opentofu@v1.7.1/internal/encryption/enctest/setup.go

github.com/opentofu/opentofu@v1.7.1/internal/encryption/enctest/setup.go (about)

     1  // Copyright (c) The OpenTofu Authors
     2  // SPDX-License-Identifier: MPL-2.0
     3  // Copyright (c) 2023 HashiCorp, Inc.
     4  // SPDX-License-Identifier: MPL-2.0
     5  
     6  package enctest
     7  
     8  // This package is used for supplying a fully configured encryption instance for use in unit and integration tests
     9  
    10  import (
    11  	"github.com/hashicorp/hcl/v2"
    12  	"github.com/opentofu/opentofu/internal/encryption"
    13  	"github.com/opentofu/opentofu/internal/encryption/config"
    14  	"github.com/opentofu/opentofu/internal/encryption/keyprovider/static"
    15  	"github.com/opentofu/opentofu/internal/encryption/method/aesgcm"
    16  	"github.com/opentofu/opentofu/internal/encryption/method/unencrypted"
    17  	"github.com/opentofu/opentofu/internal/encryption/registry/lockingencryptionregistry"
    18  )
    19  
    20  // TODO docstrings once this stabilizes
    21  
    22  func EncryptionDirect(configData string) encryption.Encryption {
    23  	reg := lockingencryptionregistry.New()
    24  	if err := reg.RegisterKeyProvider(static.New()); err != nil {
    25  		panic(err)
    26  	}
    27  	if err := reg.RegisterMethod(aesgcm.New()); err != nil {
    28  		panic(err)
    29  	}
    30  	if err := reg.RegisterMethod(unencrypted.New()); err != nil {
    31  		panic(err)
    32  	}
    33  
    34  	cfg, diags := config.LoadConfigFromString("Test Config Source", configData)
    35  
    36  	handleDiags(diags)
    37  
    38  	enc, diags := encryption.New(reg, cfg)
    39  	handleDiags(diags)
    40  
    41  	return enc
    42  }
    43  
    44  func EncryptionRequired() encryption.Encryption {
    45  	return EncryptionDirect(`
    46  		key_provider "static" "basic" {
    47  			key = "6f6f706830656f67686f6834616872756f3751756165686565796f6f72653169"
    48  		}
    49  		method "aes_gcm" "example" {
    50  			keys = key_provider.static.basic
    51  		}
    52  		state {
    53  			method = method.aes_gcm.example
    54  		}
    55  		plan {
    56  			method = method.aes_gcm.example
    57  		}
    58  		remote_state_data_sources {
    59  			default {
    60  				method = method.aes_gcm.example
    61  			}
    62  		}
    63  	`)
    64  }
    65  
    66  func EncryptionWithFallback() encryption.Encryption {
    67  	return EncryptionDirect(`
    68  		key_provider "static" "basic" {
    69  			key = "6f6f706830656f67686f6834616872756f3751756165686565796f6f72653169"
    70  		}
    71  		method "aes_gcm" "example" {
    72  			keys = key_provider.static.basic
    73  		}
    74  		method "unencrypted" "migration" {}
    75  		state {
    76  			method = method.aes_gcm.example
    77  			fallback {
    78  				method = method.unencrypted.migration
    79  			}
    80  		}
    81  		plan {
    82  			method = method.aes_gcm.example
    83  			fallback {
    84  				method = method.unencrypted.migration
    85  			}
    86  		}
    87  		remote_state_data_sources {
    88  			default {
    89  				method = method.aes_gcm.example
    90  				fallback {
    91  					method = method.unencrypted.migration
    92  				}
    93  			}
    94  		}
    95  	`)
    96  }
    97  
    98  func handleDiags(diags hcl.Diagnostics) {
    99  	for _, d := range diags {
   100  		println(d.Error())
   101  	}
   102  	if diags.HasErrors() {
   103  		panic(diags.Error())
   104  	}
   105  }