github.com/opentofu/opentofu@v1.7.1/internal/encryption/keyprovider/openbao/provider.go (about) 1 package openbao 2 3 import ( 4 "context" 5 6 "github.com/opentofu/opentofu/internal/encryption/keyprovider" 7 ) 8 9 type keyMeta struct { 10 Ciphertext []byte `json:"ciphertext"` 11 } 12 13 func (m keyMeta) isPresent() bool { 14 return len(m.Ciphertext) != 0 15 } 16 17 type keyProvider struct { 18 svc service 19 keyName string 20 keyLength DataKeyLength 21 } 22 23 func (p keyProvider) Provide(rawMeta keyprovider.KeyMeta) (keyprovider.Output, keyprovider.KeyMeta, error) { 24 if rawMeta == nil { 25 return keyprovider.Output{}, nil, &keyprovider.ErrInvalidMetadata{ 26 Message: "bug: no metadata struct provided", 27 } 28 } 29 30 inMeta, ok := rawMeta.(*keyMeta) 31 if !ok { 32 return keyprovider.Output{}, nil, &keyprovider.ErrInvalidMetadata{ 33 Message: "bug: invalid metadata struct type", 34 } 35 } 36 37 ctx := context.Background() 38 39 dataKey, err := p.svc.generateDataKey(ctx, p.keyName, p.keyLength.Bits()) 40 if err != nil { 41 return keyprovider.Output{}, nil, &keyprovider.ErrKeyProviderFailure{ 42 Message: "failed to generate OpenBao data key (check if the configuration valid and OpenBao server accessible)", 43 Cause: err, 44 } 45 } 46 47 outMeta := &keyMeta{ 48 Ciphertext: dataKey.Ciphertext, 49 } 50 51 out := keyprovider.Output{ 52 EncryptionKey: dataKey.Plaintext, 53 } 54 55 if inMeta.isPresent() { 56 out.DecryptionKey, err = p.svc.decryptData(ctx, p.keyName, inMeta.Ciphertext) 57 if err != nil { 58 return keyprovider.Output{}, nil, &keyprovider.ErrKeyProviderFailure{ 59 Message: "failed to decrypt ciphertext (check if the configuration valid and OpenBao server accessible)", 60 Cause: err, 61 } 62 } 63 } 64 65 return out, outMeta, nil 66 }