Merge pull request #15360 from hashicorp/jbardin/get-provider-err

make sure we error out on plugin checksum signature mismatch
This commit is contained in:
James Bardin 2017-06-21 16:30:18 -04:00 committed by GitHub
commit 2051b286e0
4 changed files with 41 additions and 1 deletions

View File

@ -127,7 +127,7 @@ func (i *ProviderInstaller) Get(provider string, req Constraints) (PluginMeta, e
if !i.SkipVerify { if !i.SkipVerify {
sha256, err := getProviderChecksum(provider, v.String()) sha256, err := getProviderChecksum(provider, v.String())
if err != nil { if err != nil {
return PluginMeta{}, nil return PluginMeta{}, err
} }
// add the checksum parameter for go-getter to verify the download for us. // add the checksum parameter for go-getter to verify the download for us.

View File

@ -33,6 +33,16 @@ func testChecksumHandler(w http.ResponseWriter, r *http.Request) {
return return
} }
// this this checksum file is corrupt and doesn't match the sig
if r.URL.Path == "/terraform-provider-badsig/0.1.0/terraform-provider-badsig_0.1.0_SHA256SUMS" {
http.ServeFile(w, r, "testdata/terraform-provider-badsig_0.1.0_SHA256SUMS")
return
}
if r.URL.Path == "/terraform-provider-badsig/0.1.0/terraform-provider-badsig_0.1.0_SHA256SUMS.sig" {
http.ServeFile(w, r, "testdata/terraform-provider-badsig_0.1.0_SHA256SUMS.sig")
return
}
http.Error(w, "signtaure files not found", http.StatusNotFound) http.Error(w, "signtaure files not found", http.StatusNotFound)
} }
@ -77,6 +87,7 @@ func testReleaseServer() *httptest.Server {
handler := http.NewServeMux() handler := http.NewServeMux()
handler.HandleFunc("/terraform-provider-test/", testHandler) handler.HandleFunc("/terraform-provider-test/", testHandler)
handler.HandleFunc("/terraform-provider-template/", testChecksumHandler) handler.HandleFunc("/terraform-provider-template/", testChecksumHandler)
handler.HandleFunc("/terraform-provider-badsig/", testChecksumHandler)
return httptest.NewServer(handler) return httptest.NewServer(handler)
} }
@ -273,6 +284,23 @@ func TestProviderChecksum(t *testing.T) {
} }
} }
// Test fetching a provider's checksum file witha bad signature
func TestProviderChecksumBadSignature(t *testing.T) {
// we only need the checksum, as getter is doing the actual file comparison.
sha256sum, err := getProviderChecksum("badsig", "0.1.0")
if err == nil {
t.Fatal("expcted error")
}
if !strings.Contains(err.Error(), "signature") {
t.Fatal("expected signature error, got:", err)
}
if sha256sum != "" {
t.Fatal("expected no checksum, got:", sha256sum)
}
}
const versionList = `<!DOCTYPE html> const versionList = `<!DOCTYPE html>
<html> <html>
<body> <body>

View File

@ -0,0 +1,12 @@
XX3X7df78b1f0161a3f941c271d55X1f7b5e5f2c53738e7a37145XX12f5d4726 terraform-provider-template_0.1.0_darwin_amd64.zip
XXXXfe878e2dXb2ed0a7da1d0eb6X6Xe4703d3df93ebf22bc12aXf5X1bb38b7c terraform-provider-template_0.1.0_freebsd_386.zip
XXXX9268ebfX8Xb63e53b2a476cX21aXf18c52e303673e2219eXc0dcXcc25622 terraform-provider-template_0.1.0_freebsd_amd64.zip
XXXX0c5ef0X43X47ecf93c313aXd58b3X8b8df8a10d2fb5dbeX3f7ac2X81cee7 terraform-provider-template_0.1.0_freebsd_arm.zip
XXXfXXa6dX5ddbX6903c8733cX4b69893X4f088ceb96560c7Xc876df49Xce2f4 terraform-provider-template_0.1.0_linux_386.zip
XXX8bXX1Xe2e077X88a68e4aX271c49e2dX22b149f440ff7X362581ec11Xe380 terraform-provider-template_0.1.0_linux_amd64.zip
XXX0969XXb34e8fcXXf7653Xd8bb42654cbX49c1d3902d8X729d3b1792daX9fe terraform-provider-template_0.1.0_linux_arm.zip
XXX8eca7X33808ec5eX027X83c42824ac9c0Xf5a458299Xc9ae86f4a04d76X4b terraform-provider-template_0.1.0_openbsd_386.zip
XXX18466c1590fc3cceXeXd619b29d6ea4ec1X3aab976X9dc64d1f5652d5c4Xf terraform-provider-template_0.1.0_openbsd_amd64.zip
XXXe603de6fd57310175X842002c0cc53472c4Xf1cf5X8d306884009fd80d22X terraform-provider-template_0.1.0_solaris_amd64.zip
XXX7a87ae47c383991f31774be8dfb70b7786cfXf22X497fe2d8b48dfcfe5ca1 terraform-provider-template_0.1.0_windows_386.zip
XXf12267bf26a5754f740e28f445cf015e66f59aXXX681564ac45888ebd83ff0 terraform-provider-template_0.1.0_windows_amd64.zip