mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-16 11:42:58 -06:00
8d193ad268
Historically the responsibility for making sure that all of the available providers are of suitable versions and match the appropriate checksums has been split rather inexplicably over multiple different layers, with some of the checks happening as late as creating a terraform.Context. We're gradually iterating towards making that all be handled in one place, but in this step we're just cleaning up some old remnants from the main "terraform" package, which is now no longer responsible for any version or checksum verification and instead just assumes it's been provided with suitable factory functions by its caller. We do still have a pre-check here to make sure that we at least have a factory function for each plugin the configuration seems to depend on, because if we don't do that up front then it ends up getting caught instead deep inside the Terraform runtime, often inside a concurrent graph walk and thus it's not deterministic which codepath will happen to catch it on a particular run. As of this commit, this actually does leave some holes in our checks: the command package is using the dependency lock file to make sure we have exactly the provider packages we expect (exact versions and checksums), which is the most crucial part, but we don't yet have any spot where we make sure that the lock file is consistent with the current configuration, and we are no longer preserving the provider checksums as part of a saved plan. Both of those will come in subsequent commits. While it's unusual to have a series of commits that briefly subtracts functionality and then adds back in equivalent functionality later, the lock file checking is the only part that's crucial for security reasons, with everything else mainly just being to give better feedback when folks seem to be using Terraform incorrectly. The other bits are therefore mostly cosmetic and okay to be absent briefly as we work towards a better design that is clearer about where that responsibility belongs.
57 lines
1.7 KiB
Go
57 lines
1.7 KiB
Go
package command
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"log"
|
|
)
|
|
|
|
type pluginSHA256LockFile struct {
|
|
Filename string
|
|
}
|
|
|
|
// Read loads the lock information from the file and returns it. If the file
|
|
// cannot be read, an empty map is returned to indicate that _no_ providers
|
|
// are acceptable, since the user must run "terraform init" to lock some
|
|
// providers before a context can be created.
|
|
func (pf *pluginSHA256LockFile) Read() map[string][]byte {
|
|
// Returning an empty map is different than nil because it causes
|
|
// us to reject all plugins as uninitialized, rather than applying no
|
|
// constraints at all.
|
|
//
|
|
// We don't surface any specific errors here because we want it to all
|
|
// roll up into our more-user-friendly error that appears when plugin
|
|
// constraint verification fails during context creation.
|
|
digests := make(map[string][]byte)
|
|
|
|
buf, err := ioutil.ReadFile(pf.Filename)
|
|
if err != nil {
|
|
// This is expected if the user runs any context-using command before
|
|
// running "terraform init".
|
|
log.Printf("[INFO] Failed to read plugin lock file %s: %s", pf.Filename, err)
|
|
return digests
|
|
}
|
|
|
|
var strDigests map[string]string
|
|
err = json.Unmarshal(buf, &strDigests)
|
|
if err != nil {
|
|
// This should never happen unless the user directly edits the file.
|
|
log.Printf("[WARN] Plugin lock file %s failed to parse as JSON: %s", pf.Filename, err)
|
|
return digests
|
|
}
|
|
|
|
for name, strDigest := range strDigests {
|
|
var digest []byte
|
|
_, err := fmt.Sscanf(strDigest, "%x", &digest)
|
|
if err == nil {
|
|
digests[name] = digest
|
|
} else {
|
|
// This should never happen unless the user directly edits the file.
|
|
log.Printf("[WARN] Plugin lock file %s has invalid digest for %q", pf.Filename, name)
|
|
}
|
|
}
|
|
|
|
return digests
|
|
}
|