2020-03-31 23:01:33 +02:00
|
|
|
package getproviders
|
|
|
|
|
|
|
|
import (
|
|
|
|
"archive/zip"
|
internal: Verify provider signatures on install
Providers installed from the registry are accompanied by a list of
checksums (the "SHA256SUMS" file), which is cryptographically signed to
allow package authentication. The process of verifying this has multiple
steps:
- First we must verify that the SHA256 hash of the package archive
matches the expected hash. This could be done for local installations
too, in the future.
- Next we ensure that the expected hash returned as part of the registry
API response matches an entry in the checksum list.
- Finally we verify the cryptographic signature of the checksum list,
using the public keys provided by the registry.
Each of these steps is implemented as a separate PackageAuthentication
type. The local archive installation mechanism uses only the archive
checksum authenticator, and the HTTP installation uses all three in the
order given.
The package authentication system now also returns a result value, which
is used by command/init to display the result of the authentication
process.
There are three tiers of signature, each of which is presented
differently to the user:
- Signatures from the embedded HashiCorp public key indicate that the
provider is officially supported by HashiCorp;
- If the signing key is not from HashiCorp, it may have an associated
trust signature, which indicates that the provider is from one of
HashiCorp's trusted partners;
- Otherwise, if the signature is valid, this is a community provider.
2020-04-08 22:22:07 +02:00
|
|
|
"crypto/sha256"
|
2020-03-31 23:01:33 +02:00
|
|
|
"fmt"
|
internal: Verify provider signatures on install
Providers installed from the registry are accompanied by a list of
checksums (the "SHA256SUMS" file), which is cryptographically signed to
allow package authentication. The process of verifying this has multiple
steps:
- First we must verify that the SHA256 hash of the package archive
matches the expected hash. This could be done for local installations
too, in the future.
- Next we ensure that the expected hash returned as part of the registry
API response matches an entry in the checksum list.
- Finally we verify the cryptographic signature of the checksum list,
using the public keys provided by the registry.
Each of these steps is implemented as a separate PackageAuthentication
type. The local archive installation mechanism uses only the archive
checksum authenticator, and the HTTP installation uses all three in the
order given.
The package authentication system now also returns a result value, which
is used by command/init to display the result of the authentication
process.
There are three tiers of signature, each of which is presented
differently to the user:
- Signatures from the embedded HashiCorp public key indicate that the
provider is officially supported by HashiCorp;
- If the signing key is not from HashiCorp, it may have an associated
trust signature, which indicates that the provider is from one of
HashiCorp's trusted partners;
- Otherwise, if the signature is valid, this is a community provider.
2020-04-08 22:22:07 +02:00
|
|
|
"io"
|
2020-03-31 23:01:33 +02:00
|
|
|
"io/ioutil"
|
|
|
|
"os"
|
|
|
|
|
|
|
|
"github.com/hashicorp/terraform/addrs"
|
|
|
|
)
|
|
|
|
|
|
|
|
// MockSource is an in-memory-only, statically-configured source intended for
|
|
|
|
// use only in unit tests of other subsystems that consume provider sources.
|
|
|
|
//
|
|
|
|
// The MockSource also tracks calls to it in case a calling test wishes to
|
|
|
|
// assert that particular calls were made.
|
|
|
|
//
|
|
|
|
// This should not be used outside of unit test code.
|
|
|
|
type MockSource struct {
|
|
|
|
packages []PackageMeta
|
|
|
|
calls [][]interface{}
|
|
|
|
}
|
|
|
|
|
|
|
|
var _ Source = (*MockSource)(nil)
|
|
|
|
|
|
|
|
// NewMockSource creates and returns a MockSource with the given packages.
|
|
|
|
//
|
|
|
|
// The given packages don't necessarily need to refer to objects that actually
|
|
|
|
// exist on disk or over the network, unless the calling test is planning to
|
|
|
|
// use (directly or indirectly) the results for further provider installation
|
|
|
|
// actions.
|
|
|
|
func NewMockSource(packages []PackageMeta) *MockSource {
|
|
|
|
return &MockSource{
|
|
|
|
packages: packages,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// AvailableVersions returns all of the versions of the given provider that
|
|
|
|
// are available in the fixed set of packages that were passed to
|
|
|
|
// NewMockSource when creating the receiving source.
|
|
|
|
func (s *MockSource) AvailableVersions(provider addrs.Provider) (VersionList, error) {
|
|
|
|
s.calls = append(s.calls, []interface{}{"AvailableVersions", provider})
|
|
|
|
var ret VersionList
|
|
|
|
for _, pkg := range s.packages {
|
|
|
|
if pkg.Provider == provider {
|
|
|
|
ret = append(ret, pkg.Version)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if len(ret) == 0 {
|
|
|
|
// In this case, we'll behave like a registry that doesn't know about
|
|
|
|
// this provider at all, rather than just returning an empty result.
|
|
|
|
return nil, ErrProviderNotKnown{provider}
|
|
|
|
}
|
|
|
|
ret.Sort()
|
|
|
|
return ret, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// PackageMeta returns the first package from the list given to NewMockSource
|
|
|
|
// when creating the receiver that has the given provider, version, and
|
|
|
|
// target platform.
|
|
|
|
//
|
|
|
|
// If none of the packages match, it returns ErrPlatformNotSupported to
|
|
|
|
// simulate the situation where a provider release isn't available for a
|
|
|
|
// particular platform.
|
|
|
|
//
|
|
|
|
// Note that if the list of packages passed to NewMockSource contains more
|
|
|
|
// than one with the same provider, version, and target this function will
|
|
|
|
// always return the first one in the list, which may not match the behavior
|
|
|
|
// of other sources in an equivalent situation because it's a degenerate case
|
|
|
|
// with undefined results.
|
|
|
|
func (s *MockSource) PackageMeta(provider addrs.Provider, version Version, target Platform) (PackageMeta, error) {
|
|
|
|
s.calls = append(s.calls, []interface{}{"PackageMeta", provider, version, target})
|
|
|
|
|
|
|
|
for _, pkg := range s.packages {
|
|
|
|
if pkg.Provider != provider {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
if pkg.Version != version {
|
|
|
|
// (We're using strict equality rather than precedence here,
|
|
|
|
// because this is an exact version specification. The caller
|
|
|
|
// should consider precedence when selecting a version in the
|
|
|
|
// AvailableVersions response, and pass the exact selected
|
|
|
|
// version here.)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
if pkg.TargetPlatform != target {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
return pkg, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// If we fall out here then nothing matched at all, so we'll treat that
|
|
|
|
// as "platform not supported" for consistency with RegistrySource.
|
|
|
|
return PackageMeta{}, ErrPlatformNotSupported{
|
|
|
|
Provider: provider,
|
|
|
|
Version: version,
|
|
|
|
Platform: target,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// CallLog returns a list of calls to other methods of the receiever that have
|
|
|
|
// been called since it was created, in case a calling test wishes to verify
|
|
|
|
// a particular sequence of operations.
|
|
|
|
//
|
|
|
|
// The result is a slice of slices where the first element of each inner slice
|
|
|
|
// is the name of the method that was called, and then any subsequent elements
|
|
|
|
// are positional arguments passed to that method.
|
|
|
|
//
|
|
|
|
// Callers are forbidden from modifying any objects accessible via the returned
|
|
|
|
// value.
|
|
|
|
func (s *MockSource) CallLog() [][]interface{} {
|
|
|
|
return s.calls
|
|
|
|
}
|
|
|
|
|
|
|
|
// FakePackageMeta constructs and returns a PackageMeta that carries the given
|
|
|
|
// metadata but has fake location information that is likely to fail if
|
|
|
|
// attempting to install from it.
|
2020-04-23 14:21:56 +02:00
|
|
|
func FakePackageMeta(provider addrs.Provider, version Version, protocols VersionList, target Platform) PackageMeta {
|
2020-03-31 23:01:33 +02:00
|
|
|
return PackageMeta{
|
2020-04-23 14:21:56 +02:00
|
|
|
Provider: provider,
|
|
|
|
Version: version,
|
|
|
|
ProtocolVersions: protocols,
|
|
|
|
TargetPlatform: target,
|
2020-03-31 23:01:33 +02:00
|
|
|
|
|
|
|
// Some fake but somewhat-realistic-looking other metadata. This
|
|
|
|
// points nowhere, so will fail if attempting to actually use it.
|
|
|
|
Filename: fmt.Sprintf("terraform-provider-%s_%s_%s.zip", provider.Type, version.String(), target.String()),
|
|
|
|
Location: PackageHTTPURL(fmt.Sprintf("https://fake.invalid/terraform-provider-%s_%s.zip", provider.Type, version.String())),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// FakeInstallablePackageMeta constructs and returns a PackageMeta that points
|
|
|
|
// to a temporary archive file that could actually be installed in principle.
|
|
|
|
//
|
|
|
|
// Installing it will not produce a working provider though: just a fake file
|
|
|
|
// posing as an executable.
|
|
|
|
//
|
|
|
|
// It's the caller's responsibility to call the close callback returned
|
|
|
|
// alongside the result in order to clean up the temporary file. The caller
|
|
|
|
// should call the callback even if this function returns an error, because
|
|
|
|
// some error conditions leave a partially-created file on disk.
|
2020-04-23 14:21:56 +02:00
|
|
|
func FakeInstallablePackageMeta(provider addrs.Provider, version Version, protocols VersionList, target Platform) (PackageMeta, func(), error) {
|
2020-03-31 23:01:33 +02:00
|
|
|
f, err := ioutil.TempFile("", "terraform-getproviders-fake-package-")
|
|
|
|
if err != nil {
|
|
|
|
return PackageMeta{}, func() {}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// After this point, all of our return paths should include this as the
|
|
|
|
// close callback.
|
|
|
|
close := func() {
|
|
|
|
f.Close()
|
|
|
|
os.Remove(f.Name())
|
|
|
|
}
|
|
|
|
|
|
|
|
execFilename := fmt.Sprintf("terraform-provider-%s_%s", provider.Type, version.String())
|
|
|
|
if target.OS == "windows" {
|
|
|
|
// For a little more (technically unnecessary) realism...
|
|
|
|
execFilename += ".exe"
|
|
|
|
}
|
|
|
|
|
|
|
|
zw := zip.NewWriter(f)
|
|
|
|
fw, err := zw.Create(execFilename)
|
|
|
|
if err != nil {
|
|
|
|
return PackageMeta{}, close, fmt.Errorf("failed to add %s to mock zip file: %s", execFilename, err)
|
|
|
|
}
|
2020-04-03 19:50:08 +02:00
|
|
|
fmt.Fprintf(fw, "This is a fake provider package for %s %s, not a real provider.\n", provider, version)
|
2020-03-31 23:01:33 +02:00
|
|
|
err = zw.Close()
|
|
|
|
if err != nil {
|
|
|
|
return PackageMeta{}, close, fmt.Errorf("failed to close the mock zip file: %s", err)
|
|
|
|
}
|
|
|
|
|
internal: Verify provider signatures on install
Providers installed from the registry are accompanied by a list of
checksums (the "SHA256SUMS" file), which is cryptographically signed to
allow package authentication. The process of verifying this has multiple
steps:
- First we must verify that the SHA256 hash of the package archive
matches the expected hash. This could be done for local installations
too, in the future.
- Next we ensure that the expected hash returned as part of the registry
API response matches an entry in the checksum list.
- Finally we verify the cryptographic signature of the checksum list,
using the public keys provided by the registry.
Each of these steps is implemented as a separate PackageAuthentication
type. The local archive installation mechanism uses only the archive
checksum authenticator, and the HTTP installation uses all three in the
order given.
The package authentication system now also returns a result value, which
is used by command/init to display the result of the authentication
process.
There are three tiers of signature, each of which is presented
differently to the user:
- Signatures from the embedded HashiCorp public key indicate that the
provider is officially supported by HashiCorp;
- If the signing key is not from HashiCorp, it may have an associated
trust signature, which indicates that the provider is from one of
HashiCorp's trusted partners;
- Otherwise, if the signature is valid, this is a community provider.
2020-04-08 22:22:07 +02:00
|
|
|
// Compute the SHA256 checksum of the generated file, to allow package
|
|
|
|
// authentication code to be exercised.
|
|
|
|
f.Seek(0, io.SeekStart)
|
|
|
|
h := sha256.New()
|
|
|
|
io.Copy(h, f)
|
|
|
|
checksum := [32]byte{}
|
|
|
|
h.Sum(checksum[:0])
|
|
|
|
|
2020-03-31 23:01:33 +02:00
|
|
|
meta := PackageMeta{
|
2020-04-23 14:21:56 +02:00
|
|
|
Provider: provider,
|
|
|
|
Version: version,
|
|
|
|
ProtocolVersions: protocols,
|
|
|
|
TargetPlatform: target,
|
2020-03-31 23:01:33 +02:00
|
|
|
|
|
|
|
Location: PackageLocalArchive(f.Name()),
|
|
|
|
|
|
|
|
// This is a fake filename that mimics what a real registry might
|
|
|
|
// indicate as a good filename for this package, in case some caller
|
|
|
|
// intends to use it to name a local copy of the temporary file.
|
|
|
|
// (At the time of writing, no caller actually does that, but who
|
|
|
|
// knows what the future holds?)
|
|
|
|
Filename: fmt.Sprintf("terraform-provider-%s_%s_%s.zip", provider.Type, version.String(), target.String()),
|
internal: Verify provider signatures on install
Providers installed from the registry are accompanied by a list of
checksums (the "SHA256SUMS" file), which is cryptographically signed to
allow package authentication. The process of verifying this has multiple
steps:
- First we must verify that the SHA256 hash of the package archive
matches the expected hash. This could be done for local installations
too, in the future.
- Next we ensure that the expected hash returned as part of the registry
API response matches an entry in the checksum list.
- Finally we verify the cryptographic signature of the checksum list,
using the public keys provided by the registry.
Each of these steps is implemented as a separate PackageAuthentication
type. The local archive installation mechanism uses only the archive
checksum authenticator, and the HTTP installation uses all three in the
order given.
The package authentication system now also returns a result value, which
is used by command/init to display the result of the authentication
process.
There are three tiers of signature, each of which is presented
differently to the user:
- Signatures from the embedded HashiCorp public key indicate that the
provider is officially supported by HashiCorp;
- If the signing key is not from HashiCorp, it may have an associated
trust signature, which indicates that the provider is from one of
HashiCorp's trusted partners;
- Otherwise, if the signature is valid, this is a community provider.
2020-04-08 22:22:07 +02:00
|
|
|
|
|
|
|
Authentication: NewArchiveChecksumAuthentication(checksum),
|
2020-03-31 23:01:33 +02:00
|
|
|
}
|
|
|
|
return meta, close, nil
|
|
|
|
}
|