IntenseWebs/opentofu
3
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2025-02-25 18:45:20 -06:00
Code Issues Packages Projects Releases Wiki Activity
32,498 Commits 132 Branches 46 Tags 296 MiB
main
Commit Graph

38 Commits

Author SHA1 Message Date
Alexander Scheel
c66319a56b
Remove experimental marker from OpenBao transit (#2536) 
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
 2025-02-21 10:00:13 -05:00
Andrei Ciobanu
a3276028ad
Upgrade aws sdk to a version that will give us access to s3 conditional writes arguments (#2528) 
Signed-off-by: yottta <andrei.ciobanu@opentofu.org>
 2025-02-18 15:58:17 +02:00
AbstractionFactory
60fdd359d5
Fixes #2337: External encryption method (#2367) 
Signed-off-by: AbstractionFactory <179820029+abstractionfactory@users.noreply.github.com>
 2025-01-31 12:13:18 -05:00
AbstractionFactory
5a6d2d3e98
Fixes #2022: Running external commands as a key provider (#2023) 
Signed-off-by: AbstractionFactory <179820029+abstractionfactory@users.noreply.github.com>
Signed-off-by: ollevche <ollevche@gmail.com>
Co-authored-by: Oleksandr Levchenkov <ollevche@gmail.com>
 2025-01-08 12:08:30 -05:00
Martin Atkins
ad32bde2ae Temporarily disable the complexity-related lint rules 
We're intending to gradually improve all of the existing functions that
fail these checks as a separate project from other work, because fixing
for these particular lint rules tends to be too invasive to be safe or
sensible to combine with other work.

Therefore we'll temporarily disable these lints from the main lint run
and add a separate .golangci-complexity.yml that we can use to track our
progress towards eliminating those lint failures without continuing to
litter the code with nolint comments in the meantime.

This also removes all of the existing nolint comments for these linters so
that we can start fresh and review each one as part of our improvement
project.

We'll re-enable these linters (and remove .golangci-complexity.yml) once
each example has either been rewritten to pass the checks or we've
concluded that further decomposition would hurt readability and so added
"nolint" comments back in so we can review whether our lint rules are too
strict once we've got a bunch of examples to consider together.

Signed-off-by: Martin Atkins <mart@degeneration.co.uk>
 2025-01-03 10:41:05 -05:00
Christian Mesh
c7aaa5ed50
Force state change if encryption used fallback (#2232) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
 2024-12-03 17:44:30 -05:00
Oleksandr Levchenkov
52cc91c87a
upgrade golangci-lint to v1.62 (#2174) 
Signed-off-by: ollevche <ollevche@gmail.com>
 2024-11-18 19:56:29 +02:00
AbstractionFactory
9d842aa920
Fixes #1605: Customizable metadata key on encryption key providers (#2080) 
Signed-off-by: AbstractionFactory <179820029+abstractionfactory@users.noreply.github.com>
 2024-10-30 19:52:23 +01:00
Christian Mesh
0d1e6cd5f0
Handle static variable secret flag (#2045) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
 2024-10-03 10:46:58 -04:00
Nathan Baulch
ea558d9d4b
Fix typos (#1905) 
Signed-off-by: Nathan Baulch <nathan.baulch@gmail.com>
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
Co-authored-by: Christian Mesh <christianmesh1@gmail.com>
 2024-08-29 13:20:33 -04:00
Christian Mesh
ffeded20a4
Better handling of key_provider references (#1921) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
 2024-08-29 10:32:01 -04:00
Christian Mesh
3c45c30249
Move varhcl (body variable inspection) into hcl fork (#1919) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
 2024-08-23 10:01:07 -04:00
Oleksandr Levchenkov
19b5287b8f
allow static evaluations in encryption configuration (#1728) 
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
Signed-off-by: Oleksandr Levchenkov <ollevche@gmail.com>
Co-authored-by: Christian Mesh <christianmesh1@gmail.com>
 2024-06-24 10:18:16 -04:00
Oleksandr Levchenkov
568ff66bef
add early validation for enforced encryption methods (#1711) 
Signed-off-by: ollevche <ollevche@gmail.com>
 2024-06-12 21:06:06 +03:00
Oleksandr Levchenkov
5a161c8bcc
add automated copyright header check (#1696) 
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: Oleksandr Levchenkov <ollevche@gmail.com>
 2024-06-03 16:49:36 +03:00
Christian Mesh
d7e96665f6
Add unencrypted Method for migrations (#1458) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
 2024-04-12 09:38:21 -04:00
Oleksandr Levchenkov
e1e182987b
add OpenBao as key provider for state encryption (#1436) 
Signed-off-by: ollevche <ollevche@gmail.com>
 2024-04-08 13:38:17 +01:00
Ashwin Annamalai
046beee664
Change numbers to make tests work in i386 (#1454) 
Signed-off-by: Ashwin Annamalai <4549937+IgnorantSapient@users.noreply.github.com>
 2024-04-01 15:13:26 -04:00
Christian Mesh
979bf5ce3f
Fix #1407: Pass through metadata fields in state encryption (#1417) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
 2024-03-28 11:14:08 -04:00
Oleksandr Levchenkov
641751f163
remove GCP KMS key reading from env (#1440) 
Signed-off-by: ollevche <ollevche@gmail.com>
 2024-03-28 07:43:54 -04:00
Christian Mesh
f02bb11812
Generate all encryption keys during encryption setup (#1421) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
Co-authored-by: James Humphries <jamesh@spacelift.io>
 2024-03-26 07:43:34 -04:00
Christian Mesh
230fc89a28
GCP KMS for Key Provider for Encryption (#1392) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
 2024-03-18 15:54:20 -04:00
James Humphries
73f5fbf4bc
Added aws_kms key provider compliance tests (#1395) 
Signed-off-by: James Humphries <james@james-humphries.co.uk>
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
Co-authored-by: Christian Mesh <christianmesh1@gmail.com>
 2024-03-18 14:48:19 -04:00
Janos
8c99c75229
[State Encryption] Compliance tests (#1377) 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
 2024-03-14 15:53:40 +01:00
Janos
19a994ee7f
Documentation updates for 1.7.0-alpha1 (state encryption) (#1396) 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
 2024-03-14 15:05:05 +01:00
Christian Mesh
07a9185767
Initial implementation of aws_kms encryption.key_provider (#1349) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
Signed-off-by: James Humphries <james@james-humphries.co.uk>
Co-authored-by: James Humphries <james@james-humphries.co.uk>
 2024-03-13 13:19:20 -04:00
Christian Mesh
586c45fe5a
Refactor encryption configuration (#1387) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
 2024-03-13 10:58:52 -04:00
Janos
4c4d9bca67
Fixed crash on encryption use (#1384) 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
 2024-03-13 12:00:31 +01:00
Christian Mesh
b052880246
Encryption should require an explicit fallback (#1364) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
 2024-03-11 09:24:59 -04:00
Janos
a18e643a8d
PBKDF2 passphrase key provider (#1310) 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
Co-authored-by: Christian Mesh <christianmesh1@gmail.com>
Co-authored-by: James Humphries <jamesh@spacelift.io>
 2024-03-11 14:24:31 +01:00
Christian Mesh
cef62ea738
Update to encryption key provider interface (#1351) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
 2024-03-08 07:55:08 -05:00
Christian Mesh
5ab6167bbf
Initial wiring of encryption through the command package (#1316) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
 2024-03-07 08:55:57 -05:00
Janos
fa638907f1
Fixes #1169: AES-GCM implementation (#1291) 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
Signed-off-by: Mikel Olasagasti Uranga <mikel@olasagasti.info>
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
Signed-off-by: James Humphries <James@james-humphries.co.uk>
Co-authored-by: James Humphries <jamesh@spacelift.io>
Co-authored-by: Serdar Dalgıç <serdardalgic@users.noreply.github.com>
Co-authored-by: Mikel Olasagasti Uranga <mikel@olasagasti.info>
Co-authored-by: Christian Mesh <christianmesh1@gmail.com>
 2024-03-07 10:24:37 +00:00
Christian Mesh
36eb93f958
Integrate encryption config into configs package (#1295) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
 2024-03-04 11:04:45 -05:00
Christian Mesh
2f5dcd5c0a
Integrate Encryption into State Backends (#1288) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
 2024-03-04 09:25:14 -05:00
Christian Mesh
ac3ed86617
Integrate encryption into plan serialization (#1292) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
 2024-03-04 09:00:29 -05:00
Christian Mesh
997e5fa46e
State Encryption Error Handling / Diagnostics (#1294) 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
 2024-03-04 08:30:30 -05:00
James Humphries
cbab4bee83
State Encryption Documentation and Partial Implementation (#1227) 
Signed-off-by: StephanHCB <sbs_github_u43a@packetloss.de>
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
Signed-off-by: James Humphries <james@james-humphries.co.uk>
Co-authored-by: StephanHCB <sbs_github_u43a@packetloss.de>
Co-authored-by: Janos <86970079+janosdebugs@users.noreply.github.com>
Co-authored-by: Christian Mesh <christianmesh1@gmail.com>
 2024-02-16 14:59:19 +00:00