Upgrade to Go 1.17
This includes the addition of the new "//go:build" comment form in addition
to the legacy "// +build" notation, as produced by gofmt to ensure
consistent behavior between Go versions. The new directives are all
equivalent to what was present before, so there's no change in behavior.
Go 1.17 continues to use the Unicode 13 tables as in Go 1.16, so this
upgrade does not require also upgrading our Unicode-related dependencies.
This upgrade includes the following breaking changes which will also
appear as breaking changes for Terraform users, but that are consistent
with the Terraform v1.0 compatibility promises.
- On MacOS, Terraform now requires macOS 10.13 High Sierra or later.
This upgrade also includes the following breaking changes which will
appear as breaking changes for Terraform users that are inconsistent with
our compatibility promises, but have justified exceptions as follows:
- cidrsubnet, cidrhost, and cidrnetmask will now reject IPv4 CIDR
addresses whose decimal components have leading zeros, where previously
they would just silently ignore those leading zeros.
This is a security-motivated exception to our compatibility promises,
because some external systems interpret zero-prefixed octets as octal
numbers rather than decimal, and thus the previous lenient parsing could
lead to a different interpretation of the address between systems, and
thus potentially allow bypassing policy when configuring firewall rules
etc.
This upgrade also includes the following breaking changes which could
_potentially_ appear as breaking changes for Terraform users, but that do
not in practice for the reasons given:
- The Go net/url package no longer allows query strings with pairs
separated by semicolons instead of ampersands. This primarily affects
HTTP servers written in Go, and Terraform includes a special temporary
HTTP server as part of its implementation of OAuth for "terraform login",
but that server only needs to accept URLs created by Terraform itself
and Terraform does not generate any URLs that would be rejected.
2021-08-17 02:19:17 +02:00
|
|
|
//go:build ignore
|
2019-08-22 00:05:13 +02:00
|
|
|
// +build ignore
|
|
|
|
|
|
|
|
// This file is a helper for those doing _manual_ testing of "terraform login"
|
|
|
|
// and/or "terraform logout" and want to start up a test OAuth server in a
|
|
|
|
// separate process for convenience:
|
|
|
|
//
|
|
|
|
// go run ./command/testdata/login-oauth-server/main.go :8080
|
|
|
|
//
|
|
|
|
// This is _not_ the main way to use this oauthserver package. For automated
|
|
|
|
// test code, import it as a normal Go package instead:
|
|
|
|
//
|
2021-05-17 21:07:38 +02:00
|
|
|
// import oauthserver "github.com/hashicorp/terraform/internal/command/testdata/login-oauth-server"
|
2019-08-22 00:05:13 +02:00
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"net"
|
|
|
|
"net/http"
|
|
|
|
"os"
|
|
|
|
|
2021-05-17 21:07:38 +02:00
|
|
|
oauthserver "github.com/hashicorp/terraform/internal/command/testdata/login-oauth-server"
|
2019-08-22 00:05:13 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
if len(os.Args) < 2 {
|
|
|
|
fmt.Fprintln(os.Stderr, "Usage: go run ./command/testdata/login-oauth-server/main.go <listen-address>")
|
|
|
|
os.Exit(1)
|
|
|
|
}
|
|
|
|
|
|
|
|
host, port, err := net.SplitHostPort(os.Args[1])
|
|
|
|
if err != nil {
|
|
|
|
fmt.Fprintln(os.Stderr, "Invalid address: %s", err)
|
|
|
|
os.Exit(1)
|
|
|
|
}
|
|
|
|
|
|
|
|
if host == "" {
|
|
|
|
host = "127.0.0.1"
|
|
|
|
}
|
|
|
|
addr := fmt.Sprintf("%s:%s", host, port)
|
|
|
|
|
|
|
|
fmt.Printf("Will listen on %s...\n", addr)
|
|
|
|
fmt.Printf(
|
|
|
|
configExampleFmt,
|
|
|
|
fmt.Sprintf("http://%s:%s/authz", host, port),
|
|
|
|
fmt.Sprintf("http://%s:%s/token", host, port),
|
|
|
|
fmt.Sprintf("http://%s:%s/revoke", host, port),
|
|
|
|
)
|
|
|
|
|
|
|
|
server := &http.Server{
|
|
|
|
Addr: addr,
|
|
|
|
Handler: oauthserver.Handler,
|
|
|
|
}
|
|
|
|
err = server.ListenAndServe()
|
|
|
|
fmt.Fprintln(os.Stderr, err.Error())
|
|
|
|
}
|
|
|
|
|
|
|
|
const configExampleFmt = `
|
|
|
|
host "login-test.example.com" {
|
|
|
|
services = {
|
|
|
|
"login.v1" = {
|
|
|
|
authz = %q
|
|
|
|
token = %q
|
|
|
|
client = "placeholder"
|
|
|
|
grant_types = ["code", "password"]
|
|
|
|
}
|
|
|
|
"logout.v1" = %q
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
`
|