mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-12 09:01:58 -06:00
Encryption should require an explicit fallback (#1364)
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
This commit is contained in:
parent
a18e643a8d
commit
b052880246
@ -126,9 +126,16 @@ func (s *baseEncryption) decrypt(data []byte, validator func([]byte) error) ([]b
|
||||
// Must have been invalid json payload
|
||||
return nil, fmt.Errorf("unable to determine data structure during decryption: %w", verr)
|
||||
}
|
||||
|
||||
methods, diags := s.buildTargetMethods(make(map[keyprovider.Addr][]byte))
|
||||
if diags.HasErrors() {
|
||||
// This cast to error here is safe as we know that at least one error exists
|
||||
// This is also quite unlikely to happen as the constructor already has checked this code path
|
||||
return nil, diags
|
||||
}
|
||||
// Yep, it's already decrypted
|
||||
for target := s.target; target != nil; target = target.Fallback {
|
||||
if target.Fallback == nil {
|
||||
for _, method := range methods {
|
||||
if method == nil {
|
||||
// fallback allowed
|
||||
return data, nil
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user