diff --git a/go.mod b/go.mod index 677e69d1f7db..20cf748621c5 100644 --- a/go.mod +++ b/go.mod @@ -80,7 +80,7 @@ require ( golang.org/x/tools v0.25.0 golang.org/x/tools/cmd/cover v0.1.0-deprecated google.golang.org/grpc v1.59.0 - google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0 + google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.2.0 google.golang.org/protobuf v1.34.2 honnef.co/go/tools v0.5.1 ) @@ -91,14 +91,10 @@ require ( cloud.google.com/go/iam v1.1.1 // indirect cloud.google.com/go/storage v1.30.1 // indirect github.com/AlecAivazis/survey/v2 v2.3.7 // indirect - github.com/Azure/azure-sdk-for-go v59.2.0+incompatible // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest v0.11.27 // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect - github.com/Azure/go-autorest/autorest/azure/cli v0.4.4 // indirect + github.com/Azure/go-autorest/autorest v0.11.29 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect - github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect - github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c // indirect @@ -154,7 +150,6 @@ require ( github.com/cli/shurcooL-graphql v0.0.4 // indirect github.com/cloudflare/circl v1.4.0 // indirect github.com/creack/pty v1.1.17 // indirect - github.com/dimchansky/utfbom v1.1.1 // indirect github.com/dylanmei/iso8601 v0.1.0 // indirect github.com/emicklei/go-restful/v3 v3.8.0 // indirect github.com/fatih/color v1.17.0 // indirect @@ -183,19 +178,26 @@ require ( github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.58 // indirect github.com/hashicorp/consul/api v1.13.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect - github.com/hashicorp/go-azure-helpers v0.43.0 // indirect + github.com/hashicorp/go-azure-helpers v0.71.0 // indirect + github.com/hashicorp/go-azure-sdk/resource-manager v0.20241212.1154051 // indirect + github.com/hashicorp/go-azure-sdk/sdk v0.20241212.1154051 // indirect + github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect github.com/hashicorp/go-immutable-radix v1.0.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-safetemp v1.0.0 // indirect github.com/hashicorp/golang-lru v0.5.1 // indirect + github.com/hashicorp/logutils v1.0.0 // indirect github.com/hashicorp/serf v0.9.6 // indirect + github.com/hashicorp/terraform-plugin-go v0.14.3 // indirect github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect + github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1 // indirect github.com/hashicorp/yamux v0.1.1 // indirect github.com/henvic/httpretty v0.1.3 // indirect github.com/huandu/xstrings v1.3.3 // indirect github.com/imdario/mergo v0.3.13 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/jackofallops/giovanni v0.28.0 // indirect github.com/jedib0t/go-pretty v4.3.0+incompatible // indirect github.com/jedib0t/go-pretty/v6 v6.5.9 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect @@ -208,8 +210,6 @@ require ( github.com/lib/pq v1.10.3 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/mailru/easyjson v0.7.6 // indirect - github.com/manicminer/hamilton v0.44.0 // indirect - github.com/manicminer/hamilton-autorest v0.2.0 // indirect github.com/masterzen/simplexml v0.0.0-20190410153822-31eea3082786 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect @@ -240,9 +240,11 @@ require ( github.com/tencentyun/cos-go-sdk-v5 v0.7.42 // indirect github.com/thanhpk/randstr v1.0.6 // indirect github.com/thlib/go-timezone-local v0.0.3 // indirect - github.com/tombuildsstuff/giovanni v0.15.1 // indirect github.com/ulikunitz/xz v0.5.10 // indirect + github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect + github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect + github.com/vmihailenco/tagparser v0.1.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect go.mongodb.org/mongo-driver v1.16.1 // indirect go.opencensus.io v0.24.0 // indirect @@ -274,6 +276,7 @@ require ( sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.2.0 // indirect + software.sslmate.com/src/go-pkcs12 v0.4.0 // indirect ) // Some of the packages in this codebase are split into separate Go modules diff --git a/go.sum b/go.sum index e5e20f797de3..40af65c08fa0 100644 --- a/go.sum +++ b/go.sum @@ -607,39 +607,18 @@ gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zum git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= github.com/AlecAivazis/survey/v2 v2.3.7 h1:6I/u8FvytdGsgonrYsVn2t8t4QiRnh6QSTqkkhIiSjQ= github.com/AlecAivazis/survey/v2 v2.3.7/go.mod h1:xUTIdE4KCOIjsBAE1JYsUPoCqYdZ1reCfTwbto0Fduo= -github.com/Azure/azure-sdk-for-go v45.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v47.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v59.2.0+incompatible h1:mbxiZy1K820hQ+dI+YIO/+a0wQDYqOu18BAGe4lXjVk= -github.com/Azure/azure-sdk-for-go v59.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.3/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= -github.com/Azure/go-autorest/autorest v0.11.10/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= -github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= -github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= -github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= -github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= -github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= -github.com/Azure/go-autorest/autorest/adal v0.9.14/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= -github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg= -github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.0/go.mod h1:JljT387FplPzBA31vUcvsetLKF3pec5bdAxjVU4kI2s= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.4 h1:iuooz5cZL6VRcO7DVSFYxRcouqn6bFVE/e77Wts50Zk= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.4/go.mod h1:yAQ2b6eP/CmLPnmLvxtT1ALIY3OR1oFcCqVBi8vHiTc= +github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= +github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs= +github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= +github.com/Azure/go-autorest/autorest/adal v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8= +github.com/Azure/go-autorest/autorest/adal v0.9.23/go.mod h1:5pcMqFkdPhviJdlEy3kC/v1ZLnQl0MH6XA5YCcMhy4c= github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw= github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= -github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk= -github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= -github.com/Azure/go-autorest/autorest/validation v0.3.0/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= -github.com/Azure/go-autorest/autorest/validation v0.3.1 h1:AgyqjAd94fwNAoTjl/WQXg4VvFeRFpO+UhNyRXqF1ac= -github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= -github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= @@ -705,6 +684,7 @@ github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4t github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc= github.com/apparentlymart/go-shquot v0.0.1 h1:MGV8lwxF4zw75lN7e0MGs7o6AFYn7L6AZaExUpLh0Mo= github.com/apparentlymart/go-shquot v0.0.1/go.mod h1:lw58XsE5IgUXZ9h0cxnypdx31p9mPFIVEQ9P3c7MlrU= +github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= github.com/apparentlymart/go-userdirs v0.0.0-20200915174352-b0c018a67c13 h1:JtuelWqyixKApmXm3qghhZ7O96P6NKpyrlSIe8Rwnhw= @@ -851,10 +831,6 @@ github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= -github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= -github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dylanmei/iso8601 v0.1.0 h1:812NGQDBcqquTfH5Yeo7lwR0nzx/cKdsmf3qMjPURUI= @@ -888,7 +864,6 @@ github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLg github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= @@ -948,7 +923,6 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= @@ -972,6 +946,7 @@ github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= +github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -1101,20 +1076,24 @@ github.com/hashicorp/copywrite v0.19.0/go.mod h1:6wvQH+ICDoD2bpjO1RJ6fi+h3aY5NeL github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-azure-helpers v0.12.0/go.mod h1:Zc3v4DNeX6PDdy7NljlYpnrdac1++qNW0I4U+ofGwpg= -github.com/hashicorp/go-azure-helpers v0.43.0 h1:larj4ZgwO3hKzA9xIOTXRW4NBpI6F3K8wpig8eikNOw= -github.com/hashicorp/go-azure-helpers v0.43.0/go.mod h1:ofh+59GPB8g/lWI08711STfrIPSPOlXQkuMc8rovpBk= +github.com/hashicorp/go-azure-helpers v0.71.0 h1:ra3aIRzg01g6MLKQ+yABcb6WJtrqRUDDgyuPLmyZ9lY= +github.com/hashicorp/go-azure-helpers v0.71.0/go.mod h1:BmbF4JDYXK5sEmFeU5hcn8Br21uElcqLfdQxjatwQKw= +github.com/hashicorp/go-azure-sdk/resource-manager v0.20241212.1154051 h1:jFgd3bzeRViGTzicIn9gDw2O/Gk6WjVJCTTefPNOGPY= +github.com/hashicorp/go-azure-sdk/resource-manager v0.20241212.1154051/go.mod h1:XapOZ9HiCtXz3qb5yNFiCuWbOBj2I3WU1K2jwqgK2zA= +github.com/hashicorp/go-azure-sdk/sdk v0.20241212.1154051 h1:4fCKJPSeLVvwl7ZCqU7MOUKyx/M7kl/J6wlw2O3xn40= +github.com/hashicorp/go-azure-sdk/sdk v0.20241212.1154051/go.mod h1:oI5R0fTbBx3K/sJBK5R/OlEy8ozdQjvctxVU9v3EDkc= github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU= github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= +github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI= +github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs= github.com/hashicorp/go-getter v1.7.8 h1:mshVHx1Fto0/MydBekWan5zUipGq7jO0novchgMmSiY= github.com/hashicorp/go-getter v1.7.8/go.mod h1:2c6CboOEb9jG6YvmC9xdD+tyAFsrUaJPedwXDGr0TM4= github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= github.com/hashicorp/go-hclog v0.8.0/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= @@ -1131,7 +1110,6 @@ github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn github.com/hashicorp/go-plugin v1.6.0 h1:wgd4KxHJTVGGqWBq4QPB1i5BZNEx9BR8+OFmHDmTk8A= github.com/hashicorp/go-plugin v1.6.0/go.mod h1:lBS5MtSSBZk0SHc66KACcjjlU6WzEVP/8pwz68aMkCI= github.com/hashicorp/go-retryablehttp v0.5.4/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-retryablehttp v0.7.0/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.1/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= @@ -1149,12 +1127,10 @@ github.com/hashicorp/go-tfe v1.70.0 h1:R5a9Z+jdVz6eRWtSLsl1nw+5Qe/swunZcJgeKK5NQ github.com/hashicorp/go-tfe v1.70.0/go.mod h1:2rOcdTxXwbWm0W7dCKjC3Ec8KQ+HhW165GiurXNshc4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.0.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.3.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= @@ -1167,14 +1143,19 @@ github.com/hashicorp/hcl/v2 v2.23.0 h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3q github.com/hashicorp/hcl/v2 v2.23.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= github.com/hashicorp/jsonapi v1.3.1 h1:GtPvnmcWgYwCuDGvYT5VZBHcUyFdq9lSyCzDjn1DdPo= github.com/hashicorp/jsonapi v1.3.1/go.mod h1:kWfdn49yCjQvbpnvY1dxxAuAFzISwrrMDQOcu6NsFoM= +github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= github.com/hashicorp/memberlist v0.3.0 h1:8+567mCcFDnS5ADl7lrpxPMWiFCElyUEeW0gtj34fMA= github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/serf v0.9.6 h1:uuEX1kLR6aoda1TBttmJQKDLZE1Ob7KN0NPdE7EtCDc= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= +github.com/hashicorp/terraform-plugin-go v0.14.3 h1:nlnJ1GXKdMwsC8g1Nh05tK2wsC3+3BL/DBBxFEki+j0= +github.com/hashicorp/terraform-plugin-go v0.14.3/go.mod h1:7ees7DMZ263q8wQ6E4RdIdR6nHHJtrdt4ogX5lPkX1A= github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0= github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1 h1:G9WAfb8LHeCxu7Ae8nc1agZlQOSCUWsb610iAogBhCs= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1/go.mod h1:xcOSYlRVdPLmDUoqPhO9fiO/YCN/l6MGYeTzGt5jgkQ= github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI= github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= @@ -1201,6 +1182,8 @@ github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/jackofallops/giovanni v0.28.0 h1:fxn55SnxL2Rj3hgkkgQS9UKlIRXkkTZ5WcnE04JCBRE= +github.com/jackofallops/giovanni v0.28.0/go.mod h1:CyzRgZyts4YSI/1iZF8poqdn9I6J8xpmg1iMpvhthTs= github.com/jedib0t/go-pretty v4.3.0+incompatible h1:CGs8AVhEKg/n9YbUenWmNStRW2PHJzaeDodcfvRAbIo= github.com/jedib0t/go-pretty v4.3.0+incompatible/go.mod h1:XemHduiw8R651AF9Pt4FwCTKeG3oo7hrHJAoznj9nag= github.com/jedib0t/go-pretty/v6 v6.5.9 h1:ACteMBRrrmm1gMsXe9PSTOClQ63IXDUt03H5U+UV8OU= @@ -1257,8 +1240,9 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/lib/pq v1.10.3 h1:v9QZf2Sn6AmjXtQeFpdoq/eaNtYP6IN+7lcrygsIAtg= github.com/lib/pq v1.10.3/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= @@ -1270,11 +1254,6 @@ github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/manicminer/hamilton v0.43.0/go.mod h1:lbVyngC+/nCWuDp8UhC6Bw+bh7jcP/E+YwqzHTmzemk= -github.com/manicminer/hamilton v0.44.0 h1:mLb4Vxbt2dsAvOpaB7xd/5D8LaTTX6ACwVP4TmW8qwE= -github.com/manicminer/hamilton v0.44.0/go.mod h1:lbVyngC+/nCWuDp8UhC6Bw+bh7jcP/E+YwqzHTmzemk= -github.com/manicminer/hamilton-autorest v0.2.0 h1:dDL+t2DrQza0EfNYINYCvXISeNwVqzgVAQh+CH/19ZU= -github.com/manicminer/hamilton-autorest v0.2.0/go.mod h1:NselDpNTImEmOc/fa41kPg6YhDt/6S95ejWbTGZ6tlg= github.com/masterzen/simplexml v0.0.0-20160608183007-4572e39b1ab9/go.mod h1:kCEbxUJlNDEBNbdQMkPSp6yaKcRXVI6f4ddk8Riv4bc= github.com/masterzen/simplexml v0.0.0-20190410153822-31eea3082786 h1:2ZKn+w/BJeL43sCxI2jhPLRv73oVVOjEKZjKkflyqxg= github.com/masterzen/simplexml v0.0.0-20190410153822-31eea3082786/go.mod h1:kCEbxUJlNDEBNbdQMkPSp6yaKcRXVI6f4ddk8Riv4bc= @@ -1479,6 +1458,7 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= @@ -1496,12 +1476,17 @@ github.com/thanhpk/randstr v1.0.6 h1:psAOktJFD4vV9NEVb3qkhRSMvYh4ORRaj1+w/hn4B+o github.com/thanhpk/randstr v1.0.6/go.mod h1:M/H2P1eNLZzlDwAzpkkkUvoyNNMbzRGhESZuEQk3r0U= github.com/thlib/go-timezone-local v0.0.3 h1:ie5XtZWG5lQ4+1MtC5KZ/FeWlOKzW2nPoUnXYUbV/1s= github.com/thlib/go-timezone-local v0.0.3/go.mod h1:/Tnicc6m/lsJE0irFMA0LfIwTBo4QP7A8IfyIv4zZKI= -github.com/tombuildsstuff/giovanni v0.15.1 h1:CVRaLOJ7C/eercCrKIsarfJ4SZoGMdBL9Q2deFDUXco= -github.com/tombuildsstuff/giovanni v0.15.1/go.mod h1:0TZugJPEtqzPlMpuJHYfXY6Dq2uLPrXf98D2XQSxNbA= github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= +github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= +github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= +github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvCazn8G65U= +github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU= github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc= +github.com/vmihailenco/tagparser v0.1.1 h1:quXMXlA39OCbd2wAdTsGDlK9RkOk6Wuw+x37wVyIuWY= +github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= @@ -1580,17 +1565,15 @@ golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= @@ -2276,8 +2259,9 @@ google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3 google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0 h1:M1YKkFIboKNieVO5DLUEVzQfGwJD30Nv2jfUgzb5UcE= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.2.0 h1:TLkBREm4nIsEcexnCjgQd5GQWaHcqMzwQV0TX9pq8S0= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.2.0/go.mod h1:DNq5QpG7LJqD2AamLZ7zvKE0DEpVl2BSEVjFycAAjRY= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -2397,3 +2381,5 @@ sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kF sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= +software.sslmate.com/src/go-pkcs12 v0.4.0 h1:H2g08FrTvSFKUj+D309j1DPfk5APnIdAQAB8aEykJ5k= +software.sslmate.com/src/go-pkcs12 v0.4.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI= diff --git a/internal/backend/remote-state/azure/api_client.go b/internal/backend/remote-state/azure/api_client.go new file mode 100644 index 000000000000..0cb2237da2e7 --- /dev/null +++ b/internal/backend/remote-state/azure/api_client.go @@ -0,0 +1,291 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package azure + +import ( + "context" + "fmt" + "log" + "net/http" + "os" + "strings" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/commonids" + "github.com/hashicorp/go-azure-sdk/resource-manager/storage/2023-01-01/storageaccounts" + "github.com/hashicorp/go-azure-sdk/sdk/auth" + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/environments" + "github.com/hashicorp/terraform/internal/httpclient" + "github.com/hashicorp/terraform/version" + "github.com/jackofallops/giovanni/storage/2023-11-03/blob/blobs" + "github.com/jackofallops/giovanni/storage/2023-11-03/blob/containers" +) + +type Client struct { + // These Clients are only initialized if an Access Key isn't provided + storageAccountsClient *storageaccounts.StorageAccountsClient + + // Caching + containersClient *containers.Client + blobsClient *blobs.Client + + environment environments.Environment + storageAccountName string + + accountDetail *AccountDetails + + accessKey string + sasToken string + // azureAdStorageAuth is only here if we're using AzureAD Authentication but is an Authorizer for Storage + azureAdStorageAuth auth.Authorizer +} + +func buildClient(ctx context.Context, config BackendConfig) (*Client, error) { + client := Client{ + environment: config.AuthConfig.Environment, + storageAccountName: config.StorageAccountName, + } + + // if we have an Access Key - we don't need the other clients + if config.AccessKey != "" { + client.accessKey = config.AccessKey + return &client, nil + } + + // likewise with a SAS token + if config.SasToken != "" { + sasToken := config.SasToken + if strings.TrimSpace(sasToken) == "" { + return nil, fmt.Errorf("sasToken cannot be empty") + } + client.sasToken = strings.TrimPrefix(sasToken, "?") + + return &client, nil + } + + if config.UseAzureADAuthentication { + var err error + client.azureAdStorageAuth, err = auth.NewAuthorizerFromCredentials(ctx, *config.AuthConfig, config.AuthConfig.Environment.Storage) + if err != nil { + return nil, fmt.Errorf("unable to build authorizer for Storage API: %+v", err) + } + } + + resourceManagerAuth, err := auth.NewAuthorizerFromCredentials(ctx, *config.AuthConfig, config.AuthConfig.Environment.ResourceManager) + if err != nil { + return nil, fmt.Errorf("unable to build authorizer for Resource Manager API: %+v", err) + } + + client.storageAccountsClient, err = storageaccounts.NewStorageAccountsClientWithBaseURI(config.AuthConfig.Environment.ResourceManager) + if err != nil { + return nil, fmt.Errorf("building Storage Accounts client: %+v", err) + } + client.configureClient(client.storageAccountsClient.Client, resourceManagerAuth) + + // Populating the storage account detail + said := commonids.NewStorageAccountID(config.SubscriptionID, config.ResourceGroupName, client.storageAccountName) + resp, err := client.storageAccountsClient.GetProperties(ctx, said, storageaccounts.DefaultGetPropertiesOperationOptions()) + if err != nil { + return nil, fmt.Errorf("getting %s: %+v", said, err) + } + if resp.Model == nil { + return nil, fmt.Errorf("unexpected null model of %s", said) + } + client.accountDetail, err = populateAccountDetails(said, *resp.Model) + if err != nil { + return nil, fmt.Errorf("populating details for %s: %+v", said, err) + } + + return &client, nil +} + +func (c *Client) getBlobClient(ctx context.Context) (bc *blobs.Client, err error) { + if c.blobsClient != nil { + return c.blobsClient, nil + } + + defer func() { + if err == nil { + c.blobsClient = bc + } + }() + + if c.sasToken != "" { + log.Printf("[DEBUG] Building the Blob Client from a SAS Token") + baseURL, err := naiveStorageAccountBlobBaseURL(c.environment, c.storageAccountName) + if err != nil { + return nil, fmt.Errorf("build storage account blob base URL: %v", err) + } + blobsClient, err := blobs.NewWithBaseUri(baseURL) + if err != nil { + return nil, fmt.Errorf("new blob client: %v", err) + } + c.configureClient(blobsClient.Client, nil) + blobsClient.Client.AppendRequestMiddleware(func(r *http.Request) (*http.Request, error) { + if r.URL.RawQuery == "" { + r.URL.RawQuery = c.sasToken + } else if !strings.Contains(r.URL.RawQuery, c.sasToken) { + r.URL.RawQuery = fmt.Sprintf("%s&%s", r.URL.RawQuery, c.sasToken) + } + return r, nil + }) + return blobsClient, nil + } + + if c.accessKey != "" { + log.Printf("[DEBUG] Building the Blob Client from an Access Key") + baseURL, err := naiveStorageAccountBlobBaseURL(c.environment, c.storageAccountName) + if err != nil { + return nil, fmt.Errorf("build storage account blob base URL: %v", err) + } + blobsClient, err := blobs.NewWithBaseUri(baseURL) + if err != nil { + return nil, fmt.Errorf("new blob client: %v", err) + } + c.configureClient(blobsClient.Client, nil) + + authorizer, err := auth.NewSharedKeyAuthorizer(c.storageAccountName, c.accessKey, auth.SharedKey) + if err != nil { + return nil, fmt.Errorf("new shared key authorizer: %v", err) + } + c.configureClient(blobsClient.Client, authorizer) + + return blobsClient, nil + } + + // Neither shared access key nor sas token specified, then we have the storage account details populated. + // This detail can be used to get the "most" correct blob endpoint comparing to the naive construction. + baseUri, err := c.accountDetail.DataPlaneEndpoint(EndpointTypeBlob) + if err != nil { + return nil, err + } + blobsClient, err := blobs.NewWithBaseUri(*baseUri) + if err != nil { + return nil, fmt.Errorf("new blob client: %v", err) + } + + if c.azureAdStorageAuth != nil { + log.Printf("[DEBUG] Building the Blob Client from AAD auth") + c.configureClient(blobsClient.Client, c.azureAdStorageAuth) + return blobsClient, nil + } + + log.Printf("[DEBUG] Building the Blob Client from an Access Token (using user credentials)") + key, err := c.accountDetail.AccountKey(ctx, c.storageAccountsClient) + if err != nil { + return nil, fmt.Errorf("Error retrieving key for Storage Account %q: %s", c.storageAccountName, err) + } + accessKey := *key + + authorizer, err := auth.NewSharedKeyAuthorizer(c.storageAccountName, accessKey, auth.SharedKey) + if err != nil { + return nil, fmt.Errorf("new shared key authorizer: %v", err) + } + c.configureClient(blobsClient.Client, authorizer) + + return blobsClient, nil +} + +func (c *Client) getContainersClient(ctx context.Context) (cc *containers.Client, err error) { + if c.containersClient != nil { + return c.containersClient, nil + } + + defer func() { + if err == nil { + c.containersClient = cc + } + }() + + if c.sasToken != "" { + log.Printf("[DEBUG] Building the Container Client from a SAS Token") + baseURL, err := naiveStorageAccountBlobBaseURL(c.environment, c.storageAccountName) + if err != nil { + return nil, fmt.Errorf("build storage account blob base URL: %v", err) + } + containersClient, err := containers.NewWithBaseUri(baseURL) + if err != nil { + return nil, fmt.Errorf("new container client: %v", err) + } + c.configureClient(containersClient.Client, nil) + containersClient.Client.AppendRequestMiddleware(func(r *http.Request) (*http.Request, error) { + if r.URL.RawQuery == "" { + r.URL.RawQuery = c.sasToken + } else if !strings.Contains(r.URL.RawQuery, c.sasToken) { + r.URL.RawQuery = fmt.Sprintf("%s&%s", r.URL.RawQuery, c.sasToken) + } + return r, nil + }) + return containersClient, nil + } + + if c.accessKey != "" { + log.Printf("[DEBUG] Building the Container Client from an Access Key") + baseURL, err := naiveStorageAccountBlobBaseURL(c.environment, c.storageAccountName) + if err != nil { + return nil, fmt.Errorf("build storage account blob base URL: %v", err) + } + containersClient, err := containers.NewWithBaseUri(baseURL) + if err != nil { + return nil, fmt.Errorf("new container client: %v", err) + } + c.configureClient(containersClient.Client, nil) + + authorizer, err := auth.NewSharedKeyAuthorizer(c.storageAccountName, c.accessKey, auth.SharedKey) + if err != nil { + return nil, fmt.Errorf("new shared key authorizer: %v", err) + } + c.configureClient(containersClient.Client, authorizer) + + return containersClient, nil + } + + // Neither shared access key nor sas token specified, then we have the storage account details populated. + // This detail can be used to get the "most" correct blob endpoint comparing to the naive construction. + baseUri, err := c.accountDetail.DataPlaneEndpoint(EndpointTypeBlob) + if err != nil { + return nil, err + } + containersClient, err := containers.NewWithBaseUri(*baseUri) + if err != nil { + return nil, fmt.Errorf("new container client: %v", err) + } + + if c.azureAdStorageAuth != nil { + log.Printf("[DEBUG] Building the Container Client from AAD auth") + c.configureClient(containersClient.Client, c.azureAdStorageAuth) + return containersClient, nil + } + + log.Printf("[DEBUG] Building the Container Client from an Access Token (using user credentials)") + key, err := c.accountDetail.AccountKey(ctx, c.storageAccountsClient) + if err != nil { + return nil, fmt.Errorf("Error retrieving key for Storage Account %q: %s", c.storageAccountName, err) + } + accessKey := *key + + authorizer, err := auth.NewSharedKeyAuthorizer(c.storageAccountName, accessKey, auth.SharedKey) + if err != nil { + return nil, fmt.Errorf("new shared key authorizer: %v", err) + } + c.configureClient(containersClient.Client, authorizer) + + return containersClient, nil +} + +func (c *Client) configureClient(client client.BaseClient, authorizer auth.Authorizer) { + client.SetAuthorizer(authorizer) + client.SetUserAgent(buildUserAgent(client.GetUserAgent())) +} + +func buildUserAgent(userAgent string) string { + userAgent = strings.TrimSpace(fmt.Sprintf("%s %s", userAgent, httpclient.TerraformUserAgent(version.Version))) + + // append the CloudShell version to the user agent if it exists + if azureAgent := os.Getenv("AZURE_HTTP_USER_AGENT"); azureAgent != "" { + userAgent = fmt.Sprintf("%s %s", userAgent, azureAgent) + } + + return userAgent +} diff --git a/internal/backend/remote-state/azure/arm_client.go b/internal/backend/remote-state/azure/arm_client.go deleted file mode 100644 index 511dcdedfeae..000000000000 --- a/internal/backend/remote-state/azure/arm_client.go +++ /dev/null @@ -1,249 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package azure - -import ( - "context" - "fmt" - "log" - "os" - "time" - - "github.com/Azure/azure-sdk-for-go/profiles/2017-03-09/resources/mgmt/resources" - armStorage "github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2021-01-01/storage" - "github.com/Azure/go-autorest/autorest" - "github.com/Azure/go-autorest/autorest/azure" - "github.com/hashicorp/go-azure-helpers/authentication" - "github.com/hashicorp/go-azure-helpers/sender" - "github.com/hashicorp/terraform/internal/httpclient" - "github.com/hashicorp/terraform/version" - "github.com/manicminer/hamilton/environments" - "github.com/tombuildsstuff/giovanni/storage/2018-11-09/blob/blobs" - "github.com/tombuildsstuff/giovanni/storage/2018-11-09/blob/containers" -) - -type ArmClient struct { - // These Clients are only initialized if an Access Key isn't provided - groupsClient *resources.GroupsClient - storageAccountsClient *armStorage.AccountsClient - containersClient *containers.Client - blobsClient *blobs.Client - - // azureAdStorageAuth is only here if we're using AzureAD Authentication but is an Authorizer for Storage - azureAdStorageAuth *autorest.Authorizer - - accessKey string - environment azure.Environment - resourceGroupName string - storageAccountName string - sasToken string -} - -func buildArmClient(ctx context.Context, config BackendConfig) (*ArmClient, error) { - env, err := authentication.AzureEnvironmentByNameFromEndpoint(ctx, config.MetadataHost, config.Environment) - if err != nil { - return nil, err - } - - client := ArmClient{ - environment: *env, - resourceGroupName: config.ResourceGroupName, - storageAccountName: config.StorageAccountName, - } - - // if we have an Access Key - we don't need the other clients - if config.AccessKey != "" { - client.accessKey = config.AccessKey - return &client, nil - } - - // likewise with a SAS token - if config.SasToken != "" { - client.sasToken = config.SasToken - return &client, nil - } - - builder := authentication.Builder{ - ClientID: config.ClientID, - SubscriptionID: config.SubscriptionID, - TenantID: config.TenantID, - CustomResourceManagerEndpoint: config.CustomResourceManagerEndpoint, - MetadataHost: config.MetadataHost, - Environment: config.Environment, - ClientSecretDocsLink: "https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret", - - // Service Principal (Client Certificate) - ClientCertPassword: config.ClientCertificatePassword, - ClientCertPath: config.ClientCertificatePath, - - // Service Principal (Client Secret) - ClientSecret: config.ClientSecret, - - // Managed Service Identity - MsiEndpoint: config.MsiEndpoint, - - // OIDC - IDToken: config.OIDCToken, - IDTokenFilePath: config.OIDCTokenFilePath, - IDTokenRequestURL: config.OIDCRequestURL, - IDTokenRequestToken: config.OIDCRequestToken, - - // Feature Toggles - SupportsAzureCliToken: true, - SupportsClientCertAuth: true, - SupportsClientSecretAuth: true, - SupportsManagedServiceIdentity: config.UseMsi, - SupportsOIDCAuth: config.UseOIDC, - UseMicrosoftGraph: true, - } - armConfig, err := builder.Build() - if err != nil { - return nil, fmt.Errorf("Error building ARM Config: %+v", err) - } - - oauthConfig, err := armConfig.BuildOAuthConfig(env.ActiveDirectoryEndpoint) - if err != nil { - return nil, err - } - - hamiltonEnv, err := environments.EnvironmentFromString(config.Environment) - if err != nil { - return nil, err - } - - sender := sender.BuildSender("backend/remote-state/azure") - log.Printf("[DEBUG] Obtaining an MSAL / Microsoft Graph token for Resource Manager..") - auth, err := armConfig.GetMSALToken(ctx, hamiltonEnv.ResourceManager, sender, oauthConfig, env.TokenAudience) - if err != nil { - return nil, err - } - - if config.UseAzureADAuthentication { - log.Printf("[DEBUG] Obtaining an MSAL / Microsoft Graph token for Storage..") - storageAuth, err := armConfig.GetMSALToken(ctx, hamiltonEnv.Storage, sender, oauthConfig, env.ResourceIdentifiers.Storage) - if err != nil { - return nil, err - } - client.azureAdStorageAuth = &storageAuth - } - - accountsClient := armStorage.NewAccountsClientWithBaseURI(env.ResourceManagerEndpoint, armConfig.SubscriptionID) - client.configureClient(&accountsClient.Client, auth) - client.storageAccountsClient = &accountsClient - - groupsClient := resources.NewGroupsClientWithBaseURI(env.ResourceManagerEndpoint, armConfig.SubscriptionID) - client.configureClient(&groupsClient.Client, auth) - client.groupsClient = &groupsClient - - return &client, nil -} - -func (c ArmClient) getBlobClient(ctx context.Context) (*blobs.Client, error) { - if c.sasToken != "" { - log.Printf("[DEBUG] Building the Blob Client from a SAS Token") - storageAuth, err := autorest.NewSASTokenAuthorizer(c.sasToken) - if err != nil { - return nil, fmt.Errorf("Error building Authorizer: %+v", err) - } - - blobsClient := blobs.NewWithEnvironment(c.environment) - c.configureClient(&blobsClient.Client, storageAuth) - return &blobsClient, nil - } - - if c.azureAdStorageAuth != nil { - blobsClient := blobs.NewWithEnvironment(c.environment) - c.configureClient(&blobsClient.Client, *c.azureAdStorageAuth) - return &blobsClient, nil - } - - accessKey := c.accessKey - if accessKey == "" { - log.Printf("[DEBUG] Building the Blob Client from an Access Token (using user credentials)") - keys, err := c.storageAccountsClient.ListKeys(ctx, c.resourceGroupName, c.storageAccountName, "") - if err != nil { - return nil, fmt.Errorf("Error retrieving keys for Storage Account %q: %s", c.storageAccountName, err) - } - - if keys.Keys == nil { - return nil, fmt.Errorf("Nil key returned for storage account %q", c.storageAccountName) - } - - accessKeys := *keys.Keys - accessKey = *accessKeys[0].Value - } - - storageAuth, err := autorest.NewSharedKeyAuthorizer(c.storageAccountName, accessKey, autorest.SharedKey) - if err != nil { - return nil, fmt.Errorf("Error building Authorizer: %+v", err) - } - - blobsClient := blobs.NewWithEnvironment(c.environment) - c.configureClient(&blobsClient.Client, storageAuth) - return &blobsClient, nil -} - -func (c ArmClient) getContainersClient(ctx context.Context) (*containers.Client, error) { - if c.sasToken != "" { - log.Printf("[DEBUG] Building the Container Client from a SAS Token") - storageAuth, err := autorest.NewSASTokenAuthorizer(c.sasToken) - if err != nil { - return nil, fmt.Errorf("Error building Authorizer: %+v", err) - } - - containersClient := containers.NewWithEnvironment(c.environment) - c.configureClient(&containersClient.Client, storageAuth) - return &containersClient, nil - } - - if c.azureAdStorageAuth != nil { - containersClient := containers.NewWithEnvironment(c.environment) - c.configureClient(&containersClient.Client, *c.azureAdStorageAuth) - return &containersClient, nil - } - - accessKey := c.accessKey - if accessKey == "" { - log.Printf("[DEBUG] Building the Container Client from an Access Token (using user credentials)") - keys, err := c.storageAccountsClient.ListKeys(ctx, c.resourceGroupName, c.storageAccountName, "") - if err != nil { - return nil, fmt.Errorf("Error retrieving keys for Storage Account %q: %s", c.storageAccountName, err) - } - - if keys.Keys == nil { - return nil, fmt.Errorf("Nil key returned for storage account %q", c.storageAccountName) - } - - accessKeys := *keys.Keys - accessKey = *accessKeys[0].Value - } - - storageAuth, err := autorest.NewSharedKeyAuthorizer(c.storageAccountName, accessKey, autorest.SharedKey) - if err != nil { - return nil, fmt.Errorf("Error building Authorizer: %+v", err) - } - - containersClient := containers.NewWithEnvironment(c.environment) - c.configureClient(&containersClient.Client, storageAuth) - return &containersClient, nil -} - -func (c *ArmClient) configureClient(client *autorest.Client, auth autorest.Authorizer) { - client.UserAgent = buildUserAgent() - client.Authorizer = auth - client.Sender = buildSender() - client.SkipResourceProviderRegistration = false - client.PollingDuration = 60 * time.Minute -} - -func buildUserAgent() string { - userAgent := httpclient.TerraformUserAgent(version.Version) - - // append the CloudShell version to the user agent if it exists - if azureAgent := os.Getenv("AZURE_HTTP_USER_AGENT"); azureAgent != "" { - userAgent = fmt.Sprintf("%s %s", userAgent, azureAgent) - } - - return userAgent -} diff --git a/internal/backend/remote-state/azure/backend.go b/internal/backend/remote-state/azure/backend.go index c3a1ebbf1ef9..0d600c19bff1 100644 --- a/internal/backend/remote-state/azure/backend.go +++ b/internal/backend/remote-state/azure/backend.go @@ -7,6 +7,8 @@ import ( "context" "fmt" + "github.com/hashicorp/go-azure-sdk/sdk/auth" + "github.com/hashicorp/go-azure-sdk/sdk/environments" "github.com/hashicorp/terraform/internal/backend" "github.com/hashicorp/terraform/internal/legacy/helper/schema" ) @@ -15,6 +17,19 @@ import ( func New() backend.Backend { s := &schema.Backend{ Schema: map[string]*schema.Schema{ + "subscription_id": { + Type: schema.TypeString, + Optional: true, // TODO: make this Required in a future version + Description: "The Subscription ID where the Storage Account is located.", + DefaultFunc: schema.EnvDefaultFunc("ARM_SUBSCRIPTION_ID", ""), + }, + + "resource_group_name": { + Type: schema.TypeString, + Optional: true, + Description: "The Resource Group where the Storage Account is located.", + }, + "storage_account_name": { Type: schema.TypeString, Required: true, @@ -24,157 +39,187 @@ func New() backend.Backend { "container_name": { Type: schema.TypeString, Required: true, - Description: "The container name.", + Description: "The container name to use in the Storage Account.", }, "key": { Type: schema.TypeString, Required: true, - Description: "The blob key.", + Description: "The blob key to use in the Storage Container.", }, - "metadata_host": { - Type: schema.TypeString, - Required: true, - DefaultFunc: schema.EnvDefaultFunc("ARM_METADATA_HOST", ""), - Description: "The Metadata URL which will be used to obtain the Cloud Environment.", + "snapshot": { + Type: schema.TypeBool, + Optional: true, + Description: "Whether to enable automatic blob snapshotting.", + DefaultFunc: schema.EnvDefaultFunc("ARM_SNAPSHOT", false), }, "environment": { Type: schema.TypeString, Optional: true, - Description: "The Azure cloud environment.", + Description: "The Cloud Environment which should be used. Possible values are public, usgovernment, and china. Defaults to public. Not used and should not be specified when `metadata_host` is specified.", DefaultFunc: schema.EnvDefaultFunc("ARM_ENVIRONMENT", "public"), }, + "metadata_host": { + Type: schema.TypeString, + Required: true, + DefaultFunc: schema.MultiEnvDefaultFunc([]string{"ARM_METADATA_HOSTNAME", "ARM_METADATA_HOST"}, ""), // TODO: remove support for `METADATA_HOST` in a future version + Description: "The Hostname which should be used for the Azure Metadata Service.", + }, + "access_key": { Type: schema.TypeString, Optional: true, - Description: "The access key.", + Description: "The access key to use when authenticating using a Storage Access Key.", DefaultFunc: schema.EnvDefaultFunc("ARM_ACCESS_KEY", ""), }, "sas_token": { Type: schema.TypeString, Optional: true, - Description: "A SAS Token used to interact with the Blob Storage Account.", + Description: "The SAS Token to use when authenticating using a SAS Token.", DefaultFunc: schema.EnvDefaultFunc("ARM_SAS_TOKEN", ""), }, - "snapshot": { - Type: schema.TypeBool, - Optional: true, - Description: "Enable/Disable automatic blob snapshotting", - DefaultFunc: schema.EnvDefaultFunc("ARM_SNAPSHOT", false), - }, - - "resource_group_name": { + "tenant_id": { Type: schema.TypeString, Optional: true, - Description: "The resource group name.", + Description: "The Tenant ID to use when authenticating using Azure Active Directory.", + DefaultFunc: schema.EnvDefaultFunc("ARM_TENANT_ID", ""), }, "client_id": { Type: schema.TypeString, Optional: true, - Description: "The Client ID.", + Description: "The Client ID to use when authenticating using Azure Active Directory.", DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_ID", ""), }, - "endpoint": { + "client_id_file_path": { Type: schema.TypeString, Optional: true, - Description: "A custom Endpoint used to access the Azure Resource Manager API's.", - DefaultFunc: schema.EnvDefaultFunc("ARM_ENDPOINT", ""), + Description: "The path to a file containing the Client ID which should be used.", + DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_ID_FILE_PATH", nil), }, - "subscription_id": { + "endpoint": { + Type: schema.TypeString, + Optional: true, + Deprecated: "`endpoint` is deprecated and no longer used, it will be removed in a future version of Terraform", + }, + + // Client Certificate specific fields + "client_certificate": { Type: schema.TypeString, Optional: true, - Description: "The Subscription ID.", - DefaultFunc: schema.EnvDefaultFunc("ARM_SUBSCRIPTION_ID", ""), + DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_CERTIFICATE", ""), + Description: "Base64 encoded PKCS#12 certificate bundle to use when authenticating as a Service Principal using a Client Certificate", }, - "tenant_id": { + "client_certificate_path": { Type: schema.TypeString, Optional: true, - Description: "The Tenant ID.", - DefaultFunc: schema.EnvDefaultFunc("ARM_TENANT_ID", ""), + Description: "The path to the Client Certificate associated with the Service Principal for use when authenticating as a Service Principal using a Client Certificate.", + DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_CERTIFICATE_PATH", ""), }, - // Service Principal (Client Certificate) specific "client_certificate_password": { Type: schema.TypeString, Optional: true, - Description: "The password associated with the Client Certificate specified in `client_certificate_path`", + Description: "The password associated with the Client Certificate. For use when authenticating as a Service Principal using a Client Certificate", DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_CERTIFICATE_PASSWORD", ""), }, - "client_certificate_path": { + + // Client Secret specific fields + "client_secret": { Type: schema.TypeString, Optional: true, - Description: "The path to the PFX file used as the Client Certificate when authenticating as a Service Principal", - DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_CERTIFICATE_PATH", ""), + Description: "The Client Secret which should be used. For use When authenticating as a Service Principal using a Client Secret.", + DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_SECRET", ""), }, - // Service Principal (Client Secret) specific - "client_secret": { + "client_secret_file_path": { Type: schema.TypeString, Optional: true, - Description: "The Client Secret.", - DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_SECRET", ""), + Description: "The path to a file containing the Client Secret which should be used. For use When authenticating as a Service Principal using a Client Secret.", + DefaultFunc: schema.EnvDefaultFunc("ARM_CLIENT_SECRET_FILE_PATH", nil), }, - // Managed Service Identity specific - "use_msi": { + // OIDC specific fields + "use_oidc": { Type: schema.TypeBool, Optional: true, - Description: "Should Managed Service Identity be used?", - DefaultFunc: schema.EnvDefaultFunc("ARM_USE_MSI", false), + DefaultFunc: schema.EnvDefaultFunc("ARM_USE_OIDC", false), + Description: "Allow OpenID Connect to be used for authentication", }, - "msi_endpoint": { + + "oidc_request_token": { Type: schema.TypeString, Optional: true, - Description: "The Managed Service Identity Endpoint.", - DefaultFunc: schema.EnvDefaultFunc("ARM_MSI_ENDPOINT", ""), + DefaultFunc: schema.MultiEnvDefaultFunc([]string{"ARM_OIDC_REQUEST_TOKEN", "ACTIONS_ID_TOKEN_REQUEST_TOKEN"}, ""), + Description: "The bearer token for the request to the OIDC provider. For use when authenticating as a Service Principal using OpenID Connect.", }, - // OIDC auth specific fields - "use_oidc": { - Type: schema.TypeBool, + "oidc_request_url": { + Type: schema.TypeString, Optional: true, - DefaultFunc: schema.EnvDefaultFunc("ARM_USE_OIDC", false), - Description: "Allow OIDC to be used for authentication", + DefaultFunc: schema.MultiEnvDefaultFunc([]string{"ARM_OIDC_REQUEST_URL", "ACTIONS_ID_TOKEN_REQUEST_URL"}, ""), + Description: "The URL for the OIDC provider from which to request an ID token. For use when authenticating as a Service Principal using OpenID Connect.", }, + "oidc_token": { Type: schema.TypeString, Optional: true, DefaultFunc: schema.EnvDefaultFunc("ARM_OIDC_TOKEN", ""), - Description: "A generic JWT token that can be used for OIDC authentication. Should not be used in conjunction with `oidc_request_token`.", + Description: "The OIDC ID token for use when authenticating as a Service Principal using OpenID Connect.", }, + "oidc_token_file_path": { Type: schema.TypeString, Optional: true, DefaultFunc: schema.EnvDefaultFunc("ARM_OIDC_TOKEN_FILE_PATH", ""), - Description: "Path to file containing a generic JWT token that can be used for OIDC authentication. Should not be used in conjunction with `oidc_request_token`.", + Description: "The path to a file containing an OIDC ID token for use when authenticating as a Service Principal using OpenID Connect.", }, - "oidc_request_url": { - Type: schema.TypeString, + + // Managed Identity specific fields + "use_msi": { + Type: schema.TypeBool, Optional: true, - DefaultFunc: schema.MultiEnvDefaultFunc([]string{"ARM_OIDC_REQUEST_URL", "ACTIONS_ID_TOKEN_REQUEST_URL"}, ""), - Description: "The URL of the OIDC provider from which to request an ID token. Needs to be used in conjunction with `oidc_request_token`. This is meant to be used for Github Actions.", + Description: "Allow Managed Identity to be used for Authentication.", + DefaultFunc: schema.EnvDefaultFunc("ARM_USE_MSI", false), }, - "oidc_request_token": { + + "msi_endpoint": { Type: schema.TypeString, Optional: true, - DefaultFunc: schema.MultiEnvDefaultFunc([]string{"ARM_OIDC_REQUEST_TOKEN", "ACTIONS_ID_TOKEN_REQUEST_TOKEN"}, ""), - Description: "The bearer token to use for the request to the OIDC providers `oidc_request_url` URL to fetch an ID token. Needs to be used in conjunction with `oidc_request_url`. This is meant to be used for Github Actions.", + Description: "The path to a custom endpoint for Managed Identity - in most circumstances this should be detected automatically.", + DefaultFunc: schema.EnvDefaultFunc("ARM_MSI_ENDPOINT", ""), + }, + + // Azure CLI specific fields + "use_cli": { + Type: schema.TypeBool, + Optional: true, + Default: true, + DefaultFunc: schema.EnvDefaultFunc("ARM_USE_CLI", true), + Description: "Allow Azure CLI to be used for Authentication.", + }, + + // Azure AKS Workload Identity fields + "use_aks_workload_identity": { + Type: schema.TypeBool, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("ARM_USE_AKS_WORKLOAD_IDENTITY", false), + Description: "Allow Azure AKS Workload Identity to be used for Authentication.", }, // Feature Flags "use_azuread_auth": { Type: schema.TypeBool, Optional: true, - Description: "Should Terraform use AzureAD Authentication to access the Blob?", + Description: "Whether to use Azure Active Directory authentication to access the Storage Data Plane APIs.", DefaultFunc: schema.EnvDefaultFunc("ARM_USE_AZUREAD", false), }, }, @@ -189,7 +234,7 @@ type Backend struct { *schema.Backend // The fields below are set from configure - armClient *ArmClient + apiClient *Client containerName string keyName string accountName string @@ -197,35 +242,19 @@ type Backend struct { } type BackendConfig struct { - // Required - StorageAccountName string - - // Optional - AccessKey string - ClientID string - ClientCertificatePassword string - ClientCertificatePath string - ClientSecret string - CustomResourceManagerEndpoint string - MetadataHost string - Environment string - MsiEndpoint string - OIDCToken string - OIDCTokenFilePath string - OIDCRequestURL string - OIDCRequestToken string - ResourceGroupName string - SasToken string - SubscriptionID string - TenantID string - UseMsi bool - UseOIDC bool - UseAzureADAuthentication bool + AuthConfig *auth.Credentials + SubscriptionID string + ResourceGroupName string + StorageAccountName string + AccessKey string + SasToken string + UseAzureADAuthentication bool } func (b *Backend) configure(ctx context.Context) error { - if b.containerName != "" { - return nil + // This is to make the go-azure-sdk/sdk/client Client happy. + if _, ok := ctx.Deadline(); !ok { + ctx, _ = context.WithTimeout(ctx, veryLongTimeout) } // Grab the resource data @@ -235,40 +264,104 @@ func (b *Backend) configure(ctx context.Context) error { b.keyName = data.Get("key").(string) b.snapshot = data.Get("snapshot").(bool) - config := BackendConfig{ - AccessKey: data.Get("access_key").(string), - ClientID: data.Get("client_id").(string), - ClientCertificatePassword: data.Get("client_certificate_password").(string), - ClientCertificatePath: data.Get("client_certificate_path").(string), - ClientSecret: data.Get("client_secret").(string), - CustomResourceManagerEndpoint: data.Get("endpoint").(string), - MetadataHost: data.Get("metadata_host").(string), - Environment: data.Get("environment").(string), - MsiEndpoint: data.Get("msi_endpoint").(string), - OIDCToken: data.Get("oidc_token").(string), - OIDCTokenFilePath: data.Get("oidc_token_file_path").(string), - OIDCRequestURL: data.Get("oidc_request_url").(string), - OIDCRequestToken: data.Get("oidc_request_token").(string), - ResourceGroupName: data.Get("resource_group_name").(string), - SasToken: data.Get("sas_token").(string), - StorageAccountName: data.Get("storage_account_name").(string), - SubscriptionID: data.Get("subscription_id").(string), - TenantID: data.Get("tenant_id").(string), - UseMsi: data.Get("use_msi").(bool), - UseOIDC: data.Get("use_oidc").(bool), - UseAzureADAuthentication: data.Get("use_azuread_auth").(bool), + var clientCertificateData []byte + if encodedCert := data.Get("client_certificate").(string); encodedCert != "" { + var err error + clientCertificateData, err = decodeCertificate(encodedCert) + if err != nil { + return err + } + } + + oidcToken, err := getOidcToken(data) + if err != nil { + return err + } + + clientSecret, err := getClientSecret(data) + if err != nil { + return err + } + + clientId, err := getClientId(data) + if err != nil { + return err } - armClient, err := buildArmClient(context.TODO(), config) + tenantId, err := getTenantId(data) if err != nil { return err } - thingsNeededToLookupAccessKeySpecified := config.AccessKey == "" && config.SasToken == "" && config.ResourceGroupName == "" - if thingsNeededToLookupAccessKeySpecified && !config.UseAzureADAuthentication { - return fmt.Errorf("Either an Access Key / SAS Token or the Resource Group for the Storage Account must be specified - or Azure AD Authentication must be enabled") + var ( + env *environments.Environment + + envName = data.Get("environment").(string) + metadataHost = data.Get("metadata_host").(string) + ) + + if metadataHost != "" { + logEntry("[DEBUG] Configuring cloud environment from Metadata Service at %q", metadataHost) + if env, err = environments.FromEndpoint(ctx, fmt.Sprintf("https://%s", metadataHost)); err != nil { + return err + } + } else { + logEntry("[DEBUG] Configuring built-in cloud environment by name: %q", envName) + if env, err = environments.FromName(envName); err != nil { + return err + } + } + + var ( + enableAzureCli = data.Get("use_cli").(bool) + enableManagedIdentity = data.Get("use_msi").(bool) + enableOidc = data.Get("use_oidc").(bool) || data.Get("use_aks_workload_identity").(bool) + ) + + authConfig := &auth.Credentials{ + Environment: *env, + ClientID: *clientId, + TenantID: *tenantId, + + ClientCertificateData: clientCertificateData, + ClientCertificatePath: data.Get("client_certificate_path").(string), + ClientCertificatePassword: data.Get("client_certificate_password").(string), + ClientSecret: *clientSecret, + + OIDCAssertionToken: *oidcToken, + GitHubOIDCTokenRequestURL: data.Get("oidc_request_url").(string), + GitHubOIDCTokenRequestToken: data.Get("oidc_request_token").(string), + + CustomManagedIdentityEndpoint: data.Get("msi_endpoint").(string), + + EnableAuthenticatingUsingClientCertificate: true, + EnableAuthenticatingUsingClientSecret: true, + EnableAuthenticatingUsingAzureCLI: enableAzureCli, + EnableAuthenticatingUsingManagedIdentity: enableManagedIdentity, + EnableAuthenticationUsingOIDC: enableOidc, + EnableAuthenticationUsingGitHubOIDC: enableOidc, + } + + backendConfig := BackendConfig{ + AuthConfig: authConfig, + SubscriptionID: data.Get("subscription_id").(string), + ResourceGroupName: data.Get("resource_group_name").(string), + StorageAccountName: data.Get("storage_account_name").(string), + AccessKey: data.Get("access_key").(string), + SasToken: data.Get("sas_token").(string), + UseAzureADAuthentication: data.Get("use_azuread_auth").(bool), + } + + propertiesNeededToLookupAccessKeySpecified := backendConfig.AccessKey == "" && backendConfig.SasToken == "" && backendConfig.ResourceGroupName == "" + if propertiesNeededToLookupAccessKeySpecified && !backendConfig.UseAzureADAuthentication { + return fmt.Errorf("either an Access Key / SAS Token or the Resource Group for the Storage Account must be specified - or Azure AD Authentication must be enabled") + } + + client, err := buildClient(ctx, backendConfig) + if err != nil { + return err } - b.armClient = armClient + b.apiClient = client return nil } diff --git a/internal/backend/remote-state/azure/backend_state.go b/internal/backend/remote-state/azure/backend_state.go index 4be5102953d1..94a8f7ef078a 100644 --- a/internal/backend/remote-state/azure/backend_state.go +++ b/internal/backend/remote-state/azure/backend_state.go @@ -4,7 +4,6 @@ package azure import ( - "context" "fmt" "sort" "strings" @@ -13,8 +12,8 @@ import ( "github.com/hashicorp/terraform/internal/states" "github.com/hashicorp/terraform/internal/states/remote" "github.com/hashicorp/terraform/internal/states/statemgr" - "github.com/tombuildsstuff/giovanni/storage/2018-11-09/blob/blobs" - "github.com/tombuildsstuff/giovanni/storage/2018-11-09/blob/containers" + "github.com/jackofallops/giovanni/storage/2023-11-03/blob/blobs" + "github.com/jackofallops/giovanni/storage/2023-11-03/blob/containers" ) const ( @@ -29,14 +28,14 @@ func (b *Backend) Workspaces() ([]string, error) { Prefix: &prefix, } - ctx := context.TODO() - client, err := b.armClient.getContainersClient(ctx) + ctx := newCtx() + client, err := b.apiClient.getContainersClient(ctx) if err != nil { - return nil, err + return nil, fmt.Errorf("gettign container client: %v", err) } - resp, err := client.ListBlobs(ctx, b.armClient.storageAccountName, b.containerName, params) + resp, err := client.ListBlobs(ctx, b.containerName, params) if err != nil { - return nil, err + return nil, fmt.Errorf("listing blobs: %v", err) } envs := map[string]struct{}{} @@ -66,14 +65,14 @@ func (b *Backend) DeleteWorkspace(name string, _ bool) error { return fmt.Errorf("can't delete default state") } - ctx := context.TODO() - client, err := b.armClient.getBlobClient(ctx) + ctx := newCtx() + client, err := b.apiClient.getBlobClient(ctx) if err != nil { return err } - if resp, err := client.Delete(ctx, b.armClient.storageAccountName, b.containerName, b.path(name), blobs.DeleteInput{}); err != nil { - if resp.Response.StatusCode != 404 { + if resp, err := client.Delete(ctx, b.containerName, b.path(name), blobs.DeleteInput{}); err != nil { + if !responseWasNotFound(resp.HttpResponse) { return err } } @@ -82,8 +81,8 @@ func (b *Backend) DeleteWorkspace(name string, _ bool) error { } func (b *Backend) StateMgr(name string) (statemgr.Full, error) { - ctx := context.TODO() - blobClient, err := b.armClient.getBlobClient(ctx) + ctx := newCtx() + blobClient, err := b.apiClient.getBlobClient(ctx) if err != nil { return nil, err } diff --git a/internal/backend/remote-state/azure/backend_test.go b/internal/backend/remote-state/azure/backend_test.go index a25ca362031d..8abb1e15ed6d 100644 --- a/internal/backend/remote-state/azure/backend_test.go +++ b/internal/backend/remote-state/azure/backend_test.go @@ -4,7 +4,6 @@ package azure import ( - "context" "os" "testing" @@ -16,6 +15,8 @@ func TestBackend_impl(t *testing.T) { } func TestBackendConfig(t *testing.T) { + t.Parallel() + // This test just instantiates the client. Shouldn't make any actual // requests nor incur any costs. @@ -42,146 +43,160 @@ func TestBackendConfig(t *testing.T) { } func TestAccBackendAccessKeyBasic(t *testing.T) { + t.Parallel() + testAccAzureBackend(t) - rs := randString(4) - res := testResourceNames(rs, "testState") - armClient := buildTestClient(t, res) - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) + ctx := newCtx() + m := BuildTestMeta(t, ctx) + + err := m.buildTestResources(ctx) if err != nil { - armClient.destroyTestResources(ctx, res) + m.destroyTestResources(ctx) t.Fatalf("Error creating Test Resources: %q", err) } + defer m.destroyTestResources(ctx) + clearEnv() b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "access_key": res.storageAccountAccessKey, - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, + "access_key": m.storageAccessKey, + "environment": m.env.Name, })).(*Backend) backend.TestBackendStates(t, b) } func TestAccBackendSASTokenBasic(t *testing.T) { + t.Parallel() + testAccAzureBackend(t) - rs := randString(4) - res := testResourceNames(rs, "testState") - armClient := buildTestClient(t, res) - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) + ctx := newCtx() + m := BuildTestMeta(t, ctx) + + err := m.buildTestResources(ctx) if err != nil { + m.destroyTestResources(ctx) t.Fatalf("Error creating Test Resources: %q", err) } + defer m.destroyTestResources(ctx) - sasToken, err := buildSasToken(res.storageAccountName, res.storageAccountAccessKey) + sasToken, err := buildSasToken(m.names.storageAccountName, m.storageAccessKey) if err != nil { t.Fatalf("Error building SAS Token: %+v", err) } + clearEnv() b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, "sas_token": *sasToken, - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "environment": m.env.Name, })).(*Backend) backend.TestBackendStates(t, b) } -func TestAccBackendOIDCBasic(t *testing.T) { - testAccAzureBackend(t) - rs := randString(4) - res := testResourceNames(rs, "testState") - armClient := buildTestClient(t, res) +func TestAccBackendGithubOIDCBasic(t *testing.T) { + t.Parallel() + + testAccAzureBackendRunningInGitHubActions(t) - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) + ctx := newCtx() + m := BuildTestMeta(t, ctx) + + err := m.buildTestResources(ctx) if err != nil { + m.destroyTestResources(ctx) t.Fatalf("Error creating Test Resources: %q", err) } + defer m.destroyTestResources(ctx) + clearEnv() b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "resource_group_name": res.resourceGroup, + "subscription_id": m.subscriptionId, + "resource_group_name": m.names.resourceGroup, + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, "use_oidc": true, - "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), - "tenant_id": os.Getenv("ARM_TENANT_ID"), - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "tenant_id": m.tenantId, + "client_id": m.clientId, + "environment": m.env.Name, })).(*Backend) backend.TestBackendStates(t, b) } func TestAccBackendAzureADAuthBasic(t *testing.T) { + t.Parallel() + testAccAzureBackend(t) - rs := randString(4) - res := testResourceNames(rs, "testState") - res.useAzureADAuth = true - armClient := buildTestClient(t, res) - - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) + + ctx := newCtx() + m := BuildTestMeta(t, ctx) + + err := m.buildTestResources(ctx) if err != nil { - armClient.destroyTestResources(ctx, res) + m.destroyTestResources(ctx) t.Fatalf("Error creating Test Resources: %q", err) } + defer m.destroyTestResources(ctx) + clearEnv() b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "access_key": res.storageAccountAccessKey, - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "subscription_id": m.subscriptionId, + "resource_group_name": m.names.resourceGroup, + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, + "tenant_id": m.tenantId, + "client_id": m.clientId, + "client_secret": m.clientSecret, "use_azuread_auth": true, + "environment": m.env.Name, })).(*Backend) backend.TestBackendStates(t, b) } func TestAccBackendManagedServiceIdentityBasic(t *testing.T) { + t.Parallel() + testAccAzureBackendRunningInAzure(t) - rs := randString(4) - res := testResourceNames(rs, "testState") - armClient := buildTestClient(t, res) - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) + ctx := newCtx() + m := BuildTestMeta(t, ctx) + + err := m.buildTestResources(ctx) if err != nil { + m.destroyTestResources(ctx) t.Fatalf("Error creating Test Resources: %q", err) } + defer m.destroyTestResources(ctx) + clearEnv() b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "resource_group_name": res.resourceGroup, + "subscription_id": m.subscriptionId, + "resource_group_name": m.names.resourceGroup, + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, "use_msi": true, - "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), - "tenant_id": os.Getenv("ARM_TENANT_ID"), - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "tenant_id": m.tenantId, + "environment": m.env.Name, })).(*Backend) backend.TestBackendStates(t, b) } func TestAccBackendServicePrincipalClientCertificateBasic(t *testing.T) { + t.Parallel() + testAccAzureBackend(t) clientCertPassword := os.Getenv("ARM_CLIENT_CERTIFICATE_PASSWORD") @@ -190,128 +205,95 @@ func TestAccBackendServicePrincipalClientCertificateBasic(t *testing.T) { t.Skip("Skipping since `ARM_CLIENT_CERTIFICATE_PATH` is not specified!") } - rs := randString(4) - res := testResourceNames(rs, "testState") - armClient := buildTestClient(t, res) + ctx := newCtx() + m := BuildTestMeta(t, ctx) - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) + err := m.buildTestResources(ctx) if err != nil { + m.destroyTestResources(ctx) t.Fatalf("Error creating Test Resources: %q", err) } + defer m.destroyTestResources(ctx) + clearEnv() b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "resource_group_name": res.resourceGroup, - "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), - "tenant_id": os.Getenv("ARM_TENANT_ID"), - "client_id": os.Getenv("ARM_CLIENT_ID"), + "subscription_id": m.subscriptionId, + "resource_group_name": m.names.resourceGroup, + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, + "tenant_id": m.tenantId, + "client_id": m.clientId, "client_certificate_password": clientCertPassword, "client_certificate_path": clientCertPath, - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "environment": m.env.Name, })).(*Backend) backend.TestBackendStates(t, b) } func TestAccBackendServicePrincipalClientSecretBasic(t *testing.T) { - testAccAzureBackend(t) - rs := randString(4) - res := testResourceNames(rs, "testState") - armClient := buildTestClient(t, res) + t.Parallel() - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) - if err != nil { - t.Fatalf("Error creating Test Resources: %q", err) - } - - b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "resource_group_name": res.resourceGroup, - "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), - "tenant_id": os.Getenv("ARM_TENANT_ID"), - "client_id": os.Getenv("ARM_CLIENT_ID"), - "client_secret": os.Getenv("ARM_CLIENT_SECRET"), - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), - })).(*Backend) - - backend.TestBackendStates(t, b) -} - -func TestAccBackendServicePrincipalClientSecretCustomEndpoint(t *testing.T) { testAccAzureBackend(t) - // this is only applicable for Azure Stack. - endpoint := os.Getenv("ARM_ENDPOINT") - if endpoint == "" { - t.Skip("Skipping as ARM_ENDPOINT isn't configured") - } - - rs := randString(4) - res := testResourceNames(rs, "testState") - armClient := buildTestClient(t, res) + ctx := newCtx() + m := BuildTestMeta(t, ctx) - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) + err := m.buildTestResources(ctx) if err != nil { + m.destroyTestResources(ctx) t.Fatalf("Error creating Test Resources: %q", err) } + defer m.destroyTestResources(ctx) + clearEnv() b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "resource_group_name": res.resourceGroup, - "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), - "tenant_id": os.Getenv("ARM_TENANT_ID"), - "client_id": os.Getenv("ARM_CLIENT_ID"), - "client_secret": os.Getenv("ARM_CLIENT_SECRET"), - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": endpoint, + "subscription_id": m.subscriptionId, + "resource_group_name": m.names.resourceGroup, + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, + "tenant_id": m.tenantId, + "client_id": m.clientId, + "client_secret": m.clientSecret, + "environment": m.env.Name, })).(*Backend) backend.TestBackendStates(t, b) } func TestAccBackendAccessKeyLocked(t *testing.T) { + t.Parallel() + testAccAzureBackend(t) - rs := randString(4) - res := testResourceNames(rs, "testState") - armClient := buildTestClient(t, res) - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) + ctx := newCtx() + m := BuildTestMeta(t, ctx) + + err := m.buildTestResources(ctx) if err != nil { + m.destroyTestResources(ctx) t.Fatalf("Error creating Test Resources: %q", err) } + defer m.destroyTestResources(ctx) + + clearEnv() b1 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "access_key": res.storageAccountAccessKey, - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, + "access_key": m.storageAccessKey, + "environment": m.env.Name, })).(*Backend) b2 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "access_key": res.storageAccountAccessKey, - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, + "access_key": m.storageAccessKey, + "environment": m.env.Name, })).(*Backend) backend.TestBackendStateLocks(t, b1, b2) @@ -322,42 +304,44 @@ func TestAccBackendAccessKeyLocked(t *testing.T) { } func TestAccBackendServicePrincipalLocked(t *testing.T) { + t.Parallel() + testAccAzureBackend(t) - rs := randString(4) - res := testResourceNames(rs, "testState") - armClient := buildTestClient(t, res) - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) + ctx := newCtx() + m := BuildTestMeta(t, ctx) + + err := m.buildTestResources(ctx) if err != nil { + m.destroyTestResources(ctx) t.Fatalf("Error creating Test Resources: %q", err) } + defer m.destroyTestResources(ctx) + + clearEnv() b1 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "access_key": res.storageAccountAccessKey, - "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), - "tenant_id": os.Getenv("ARM_TENANT_ID"), - "client_id": os.Getenv("ARM_CLIENT_ID"), - "client_secret": os.Getenv("ARM_CLIENT_SECRET"), - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "subscription_id": m.subscriptionId, + "resource_group_name": m.names.resourceGroup, + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, + "tenant_id": m.tenantId, + "client_id": m.clientId, + "client_secret": m.clientSecret, + "environment": m.env.Name, })).(*Backend) b2 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "access_key": res.storageAccountAccessKey, - "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), - "tenant_id": os.Getenv("ARM_TENANT_ID"), - "client_id": os.Getenv("ARM_CLIENT_ID"), - "client_secret": os.Getenv("ARM_CLIENT_SECRET"), - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "subscription_id": m.subscriptionId, + "resource_group_name": m.names.resourceGroup, + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, + "tenant_id": m.tenantId, + "client_id": m.clientId, + "client_secret": m.clientSecret, + "environment": m.env.Name, })).(*Backend) backend.TestBackendStateLocks(t, b1, b2) diff --git a/internal/backend/remote-state/azure/client.go b/internal/backend/remote-state/azure/client.go index 59a936d6e5b4..855c11dd11aa 100644 --- a/internal/backend/remote-state/azure/client.go +++ b/internal/backend/remote-state/azure/client.go @@ -11,9 +11,10 @@ import ( "fmt" "log" "net/http" + "time" "github.com/hashicorp/go-uuid" - "github.com/tombuildsstuff/giovanni/storage/2018-11-09/blob/blobs" + "github.com/jackofallops/giovanni/storage/2023-11-03/blob/blobs" "github.com/hashicorp/terraform/internal/states/remote" "github.com/hashicorp/terraform/internal/states/statemgr" @@ -25,6 +26,15 @@ const ( lockInfoMetaKey = "terraformlockid" ) +const veryLongTimeout = 9999 * time.Hour + +// newCtx creates a context with a (meaningless) deadline. +// This is only to make the go-azure-sdk/sdk/client Client happy. +func newCtx() context.Context { + ctx, _ := context.WithTimeout(context.TODO(), veryLongTimeout) + return ctx +} + type RemoteClient struct { giovanniBlobClient blobs.Client accountName string @@ -40,17 +50,21 @@ func (c *RemoteClient) Get() (*remote.Payload, error) { options.LeaseID = &c.leaseID } - ctx := context.TODO() - blob, err := c.giovanniBlobClient.Get(ctx, c.accountName, c.containerName, c.keyName, options) + ctx := newCtx() + blob, err := c.giovanniBlobClient.Get(ctx, c.containerName, c.keyName, options) if err != nil { - if blob.Response.IsHTTPStatus(http.StatusNotFound) { + if responseWasNotFound(blob.HttpResponse) { return nil, nil } return nil, err } + if blob.Contents == nil { + return nil, nil + } + payload := &remote.Payload{ - Data: blob.Contents, + Data: *blob.Contents, } // If there was no data, then return nil @@ -74,22 +88,22 @@ func (c *RemoteClient) Put(data []byte) error { putOptions.LeaseID = &c.leaseID } - ctx := context.TODO() + ctx := newCtx() if c.snapshot { snapshotInput := blobs.SnapshotInput{LeaseID: options.LeaseID} log.Printf("[DEBUG] Snapshotting existing Blob %q (Container %q / Account %q)", c.keyName, c.containerName, c.accountName) - if _, err := c.giovanniBlobClient.Snapshot(ctx, c.accountName, c.containerName, c.keyName, snapshotInput); err != nil { + if _, err := c.giovanniBlobClient.Snapshot(ctx, c.containerName, c.keyName, snapshotInput); err != nil { return fmt.Errorf("error snapshotting Blob %q (Container %q / Account %q): %+v", c.keyName, c.containerName, c.accountName, err) } log.Print("[DEBUG] Created blob snapshot") } - blob, err := c.giovanniBlobClient.GetProperties(ctx, c.accountName, c.containerName, c.keyName, getOptions) + blob, err := c.giovanniBlobClient.GetProperties(ctx, c.containerName, c.keyName, getOptions) if err != nil { - if blob.StatusCode != 404 { + if !responseWasNotFound(blob.HttpResponse) { return err } } @@ -98,7 +112,7 @@ func (c *RemoteClient) Put(data []byte) error { putOptions.Content = &data putOptions.ContentType = &contentType putOptions.MetaData = blob.MetaData - _, err = c.giovanniBlobClient.PutBlockBlob(ctx, c.accountName, c.containerName, c.keyName, putOptions) + _, err = c.giovanniBlobClient.PutBlockBlob(ctx, c.containerName, c.keyName, putOptions) return err } @@ -110,10 +124,10 @@ func (c *RemoteClient) Delete() error { options.LeaseID = &c.leaseID } - ctx := context.TODO() - resp, err := c.giovanniBlobClient.Delete(ctx, c.accountName, c.containerName, c.keyName, options) + ctx := newCtx() + resp, err := c.giovanniBlobClient.Delete(ctx, c.containerName, c.keyName, options) if err != nil { - if !resp.IsHTTPStatus(http.StatusNotFound) { + if !responseWasNotFound(resp.HttpResponse) { return err } } @@ -149,13 +163,13 @@ func (c *RemoteClient) Lock(info *statemgr.LockInfo) (string, error) { ProposedLeaseID: &info.ID, LeaseDuration: -1, } - ctx := context.TODO() + ctx := newCtx() // obtain properties to see if the blob lease is already in use. If the blob doesn't exist, create it - properties, err := c.giovanniBlobClient.GetProperties(ctx, c.accountName, c.containerName, c.keyName, blobs.GetPropertiesInput{}) + properties, err := c.giovanniBlobClient.GetProperties(ctx, c.containerName, c.keyName, blobs.GetPropertiesInput{}) if err != nil { // error if we had issues getting the blob - if !properties.Response.IsHTTPStatus(http.StatusNotFound) { + if !responseWasNotFound(properties.HttpResponse) { return "", getLockInfoErr(err) } // if we don't find the blob, we need to build it @@ -165,7 +179,7 @@ func (c *RemoteClient) Lock(info *statemgr.LockInfo) (string, error) { ContentType: &contentType, } - _, err = c.giovanniBlobClient.PutBlockBlob(ctx, c.accountName, c.containerName, c.keyName, putGOptions) + _, err = c.giovanniBlobClient.PutBlockBlob(ctx, c.containerName, c.keyName, putGOptions) if err != nil { return "", getLockInfoErr(err) } @@ -176,7 +190,7 @@ func (c *RemoteClient) Lock(info *statemgr.LockInfo) (string, error) { return "", getLockInfoErr(fmt.Errorf("state blob is already locked")) } - leaseID, err := c.giovanniBlobClient.AcquireLease(ctx, c.accountName, c.containerName, c.keyName, leaseOptions) + leaseID, err := c.giovanniBlobClient.AcquireLease(ctx, c.containerName, c.keyName, leaseOptions) if err != nil { return "", getLockInfoErr(err) } @@ -197,8 +211,8 @@ func (c *RemoteClient) getLockInfo() (*statemgr.LockInfo, error) { options.LeaseID = &c.leaseID } - ctx := context.TODO() - blob, err := c.giovanniBlobClient.GetProperties(ctx, c.accountName, c.containerName, c.keyName, options) + ctx := newCtx() + blob, err := c.giovanniBlobClient.GetProperties(ctx, c.containerName, c.keyName, options) if err != nil { return nil, err } @@ -224,8 +238,8 @@ func (c *RemoteClient) getLockInfo() (*statemgr.LockInfo, error) { // writes info to blob meta data, deletes metadata entry if info is nil func (c *RemoteClient) writeLockInfo(info *statemgr.LockInfo) error { - ctx := context.TODO() - blob, err := c.giovanniBlobClient.GetProperties(ctx, c.accountName, c.containerName, c.keyName, blobs.GetPropertiesInput{LeaseID: &c.leaseID}) + ctx := newCtx() + blob, err := c.giovanniBlobClient.GetProperties(ctx, c.containerName, c.keyName, blobs.GetPropertiesInput{LeaseID: &c.leaseID}) if err != nil { return err } @@ -245,7 +259,7 @@ func (c *RemoteClient) writeLockInfo(info *statemgr.LockInfo) error { MetaData: blob.MetaData, } - _, err = c.giovanniBlobClient.SetMetaData(ctx, c.accountName, c.containerName, c.keyName, opts) + _, err = c.giovanniBlobClient.SetMetaData(ctx, c.containerName, c.keyName, opts) return err } @@ -270,8 +284,8 @@ func (c *RemoteClient) Unlock(id string) error { return lockErr } - ctx := context.TODO() - _, err = c.giovanniBlobClient.ReleaseLease(ctx, c.accountName, c.containerName, c.keyName, id) + ctx := newCtx() + _, err = c.giovanniBlobClient.ReleaseLease(ctx, c.containerName, c.keyName, blobs.ReleaseLeaseInput{LeaseID: id}) if err != nil { lockErr.Err = err return lockErr @@ -281,3 +295,7 @@ func (c *RemoteClient) Unlock(id string) error { return nil } + +func responseWasNotFound(resp *http.Response) bool { + return resp != nil && resp.StatusCode == http.StatusNotFound +} diff --git a/internal/backend/remote-state/azure/client_test.go b/internal/backend/remote-state/azure/client_test.go index 849c4e7e689b..ab0e0706345c 100644 --- a/internal/backend/remote-state/azure/client_test.go +++ b/internal/backend/remote-state/azure/client_test.go @@ -4,41 +4,38 @@ package azure import ( - "context" - "os" "testing" - "github.com/tombuildsstuff/giovanni/storage/2018-11-09/blob/blobs" - "github.com/hashicorp/terraform/internal/backend" "github.com/hashicorp/terraform/internal/states/remote" + "github.com/jackofallops/giovanni/storage/2023-11-03/blob/blobs" ) -func TestRemoteClient_impl(t *testing.T) { - var _ remote.Client = new(RemoteClient) - var _ remote.ClientLocker = new(RemoteClient) -} +var _ remote.Client = new(RemoteClient) +var _ remote.ClientLocker = new(RemoteClient) func TestRemoteClientAccessKeyBasic(t *testing.T) { + t.Parallel() + testAccAzureBackend(t) - rs := randString(4) - res := testResourceNames(rs, "testState") - armClient := buildTestClient(t, res) - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) + ctx := newCtx() + m := BuildTestMeta(t, ctx) + + err := m.buildTestResources(ctx) if err != nil { + m.destroyTestResources(ctx) t.Fatalf("Error creating Test Resources: %q", err) } + defer m.destroyTestResources(ctx) + clearEnv() b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "access_key": res.storageAccountAccessKey, - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, + "access_key": m.storageAccessKey, + "environment": m.env.Name, })).(*Backend) state, err := b.StateMgr(backend.DefaultStateName) @@ -50,28 +47,30 @@ func TestRemoteClientAccessKeyBasic(t *testing.T) { } func TestRemoteClientManagedServiceIdentityBasic(t *testing.T) { + t.Parallel() + testAccAzureBackendRunningInAzure(t) - rs := randString(4) - res := testResourceNames(rs, "testState") - armClient := buildTestClient(t, res) - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) + ctx := newCtx() + m := BuildTestMeta(t, ctx) + + err := m.buildTestResources(ctx) if err != nil { + m.destroyTestResources(ctx) t.Fatalf("Error creating Test Resources: %q", err) } + defer m.destroyTestResources(ctx) + clearEnv() b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "resource_group_name": res.resourceGroup, + "subscription_id": m.subscriptionId, + "resource_group_name": m.names.resourceGroup, + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, "use_msi": true, - "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), - "tenant_id": os.Getenv("ARM_TENANT_ID"), - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "tenant_id": m.tenantId, + "environment": m.env.Name, })).(*Backend) state, err := b.StateMgr(backend.DefaultStateName) @@ -83,30 +82,32 @@ func TestRemoteClientManagedServiceIdentityBasic(t *testing.T) { } func TestRemoteClientSasTokenBasic(t *testing.T) { + t.Parallel() + testAccAzureBackend(t) - rs := randString(4) - res := testResourceNames(rs, "testState") - armClient := buildTestClient(t, res) - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) + ctx := newCtx() + m := BuildTestMeta(t, ctx) + + err := m.buildTestResources(ctx) if err != nil { + m.destroyTestResources(ctx) t.Fatalf("Error creating Test Resources: %q", err) } + defer m.destroyTestResources(ctx) - sasToken, err := buildSasToken(res.storageAccountName, res.storageAccountAccessKey) + sasToken, err := buildSasToken(m.names.storageAccountName, m.storageAccessKey) if err != nil { t.Fatalf("Error building SAS Token: %+v", err) } + clearEnv() b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, "sas_token": *sasToken, - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "environment": m.env.Name, })).(*Backend) state, err := b.StateMgr(backend.DefaultStateName) @@ -118,29 +119,31 @@ func TestRemoteClientSasTokenBasic(t *testing.T) { } func TestRemoteClientServicePrincipalBasic(t *testing.T) { + t.Parallel() + testAccAzureBackend(t) - rs := randString(4) - res := testResourceNames(rs, "testState") - armClient := buildTestClient(t, res) - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) + ctx := newCtx() + m := BuildTestMeta(t, ctx) + + err := m.buildTestResources(ctx) if err != nil { + m.destroyTestResources(ctx) t.Fatalf("Error creating Test Resources: %q", err) } + defer m.destroyTestResources(ctx) + clearEnv() b := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "resource_group_name": res.resourceGroup, - "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), - "tenant_id": os.Getenv("ARM_TENANT_ID"), - "client_id": os.Getenv("ARM_CLIENT_ID"), - "client_secret": os.Getenv("ARM_CLIENT_SECRET"), - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "subscription_id": m.subscriptionId, + "resource_group_name": m.names.resourceGroup, + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, + "tenant_id": m.tenantId, + "client_id": m.clientId, + "client_secret": m.clientSecret, + "environment": m.env.Name, })).(*Backend) state, err := b.StateMgr(backend.DefaultStateName) @@ -152,34 +155,36 @@ func TestRemoteClientServicePrincipalBasic(t *testing.T) { } func TestRemoteClientAccessKeyLocks(t *testing.T) { + t.Parallel() + testAccAzureBackend(t) - rs := randString(4) - res := testResourceNames(rs, "testState") - armClient := buildTestClient(t, res) - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) + ctx := newCtx() + m := BuildTestMeta(t, ctx) + + err := m.buildTestResources(ctx) if err != nil { + m.destroyTestResources(ctx) t.Fatalf("Error creating Test Resources: %q", err) } + defer m.destroyTestResources(ctx) + + clearEnv() b1 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "access_key": res.storageAccountAccessKey, - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, + "access_key": m.storageAccessKey, + "environment": m.env.Name, })).(*Backend) b2 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "access_key": res.storageAccountAccessKey, - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, + "access_key": m.storageAccessKey, + "environment": m.env.Name, })).(*Backend) s1, err := b1.StateMgr(backend.DefaultStateName) @@ -196,42 +201,44 @@ func TestRemoteClientAccessKeyLocks(t *testing.T) { } func TestRemoteClientServicePrincipalLocks(t *testing.T) { + t.Parallel() + testAccAzureBackend(t) - rs := randString(4) - res := testResourceNames(rs, "testState") - armClient := buildTestClient(t, res) - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) + ctx := newCtx() + m := BuildTestMeta(t, ctx) + + err := m.buildTestResources(ctx) if err != nil { + m.destroyTestResources(ctx) t.Fatalf("Error creating Test Resources: %q", err) } + defer m.destroyTestResources(ctx) + + clearEnv() b1 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "resource_group_name": res.resourceGroup, - "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), - "tenant_id": os.Getenv("ARM_TENANT_ID"), - "client_id": os.Getenv("ARM_CLIENT_ID"), - "client_secret": os.Getenv("ARM_CLIENT_SECRET"), - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "subscription_id": m.subscriptionId, + "resource_group_name": m.names.resourceGroup, + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, + "tenant_id": m.tenantId, + "client_id": m.clientId, + "client_secret": m.clientSecret, + "environment": m.env.Name, })).(*Backend) b2 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ - "storage_account_name": res.storageAccountName, - "container_name": res.storageContainerName, - "key": res.storageKeyName, - "resource_group_name": res.resourceGroup, - "subscription_id": os.Getenv("ARM_SUBSCRIPTION_ID"), - "tenant_id": os.Getenv("ARM_TENANT_ID"), - "client_id": os.Getenv("ARM_CLIENT_ID"), - "client_secret": os.Getenv("ARM_CLIENT_SECRET"), - "environment": os.Getenv("ARM_ENVIRONMENT"), - "endpoint": os.Getenv("ARM_ENDPOINT"), + "subscription_id": m.subscriptionId, + "resource_group_name": m.names.resourceGroup, + "storage_account_name": m.names.storageAccountName, + "container_name": m.names.storageContainerName, + "key": m.names.storageKeyName, + "tenant_id": m.tenantId, + "client_id": m.clientId, + "client_secret": m.clientSecret, + "environment": m.env.Name, })).(*Backend) s1, err := b1.StateMgr(backend.DefaultStateName) @@ -248,32 +255,34 @@ func TestRemoteClientServicePrincipalLocks(t *testing.T) { } func TestPutMaintainsMetaData(t *testing.T) { + t.Parallel() + testAccAzureBackend(t) - rs := randString(4) - res := testResourceNames(rs, "testState") - armClient := buildTestClient(t, res) - ctx := context.TODO() - err := armClient.buildTestResources(ctx, &res) - defer armClient.destroyTestResources(ctx, res) + ctx := newCtx() + m := BuildTestMeta(t, ctx) + + err := m.buildTestResources(ctx) if err != nil { + m.destroyTestResources(ctx) t.Fatalf("Error creating Test Resources: %q", err) } + defer m.destroyTestResources(ctx) headerName := "acceptancetest" expectedValue := "f3b56bad-33ad-4b93-a600-7a66e9cbd1eb" - client, err := armClient.getBlobClient(ctx) + client, err := m.getBlobClient(ctx) if err != nil { t.Fatalf("Error building Blob Client: %+v", err) } - _, err = client.PutBlockBlob(ctx, res.storageAccountName, res.storageContainerName, res.storageKeyName, blobs.PutBlockBlobInput{}) + _, err = client.PutBlockBlob(ctx, m.names.storageContainerName, m.names.storageKeyName, blobs.PutBlockBlobInput{}) if err != nil { t.Fatalf("Error Creating Block Blob: %+v", err) } - blobReference, err := client.GetProperties(ctx, res.storageAccountName, res.storageContainerName, res.storageKeyName, blobs.GetPropertiesInput{}) + blobReference, err := client.GetProperties(ctx, m.names.storageContainerName, m.names.storageKeyName, blobs.GetPropertiesInput{}) if err != nil { t.Fatalf("Error loading MetaData: %+v", err) } @@ -282,16 +291,16 @@ func TestPutMaintainsMetaData(t *testing.T) { opts := blobs.SetMetaDataInput{ MetaData: blobReference.MetaData, } - _, err = client.SetMetaData(ctx, res.storageAccountName, res.storageContainerName, res.storageKeyName, opts) + _, err = client.SetMetaData(ctx, m.names.storageContainerName, m.names.storageKeyName, opts) if err != nil { t.Fatalf("Error setting MetaData: %+v", err) } // update the metadata using the Backend remoteClient := RemoteClient{ - keyName: res.storageKeyName, - containerName: res.storageContainerName, - accountName: res.storageAccountName, + keyName: m.names.storageKeyName, + containerName: m.names.storageContainerName, + accountName: m.names.storageAccountName, giovanniBlobClient: *client, } @@ -303,7 +312,7 @@ func TestPutMaintainsMetaData(t *testing.T) { } // Verify it still exists - blobReference, err = client.GetProperties(ctx, res.storageAccountName, res.storageContainerName, res.storageKeyName, blobs.GetPropertiesInput{}) + blobReference, err = client.GetProperties(ctx, m.names.storageContainerName, m.names.storageKeyName, blobs.GetPropertiesInput{}) if err != nil { t.Fatalf("Error loading MetaData: %+v", err) } diff --git a/internal/backend/remote-state/azure/go.mod b/internal/backend/remote-state/azure/go.mod index 198cc2e75399..5bed209f24b5 100644 --- a/internal/backend/remote-state/azure/go.mod +++ b/internal/backend/remote-state/azure/go.mod @@ -3,53 +3,56 @@ module github.com/hashicorp/terraform/internal/backend/remote-state/azure go 1.23.3 require ( - github.com/Azure/azure-sdk-for-go v59.2.0+incompatible - github.com/Azure/go-autorest/autorest v0.11.27 - github.com/hashicorp/go-azure-helpers v0.43.0 + github.com/hashicorp/go-azure-helpers v0.71.0 + github.com/hashicorp/go-azure-sdk/resource-manager v0.20241212.1154051 + github.com/hashicorp/go-azure-sdk/sdk v0.20241212.1154051 github.com/hashicorp/go-uuid v1.0.3 github.com/hashicorp/terraform v0.0.0-00010101000000-000000000000 github.com/hashicorp/terraform/internal/legacy v0.0.0-00010101000000-000000000000 - github.com/manicminer/hamilton v0.44.0 - github.com/tombuildsstuff/giovanni v0.15.1 + github.com/jackofallops/giovanni v0.28.0 ) require ( github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect - github.com/Azure/go-autorest/autorest/azure/cli v0.4.4 // indirect + github.com/Azure/go-autorest/autorest v0.11.29 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect - github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect - github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/apparentlymart/go-versions v1.0.2 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/dimchansky/utfbom v1.1.1 // indirect github.com/fatih/color v1.17.0 // indirect github.com/golang-jwt/jwt/v4 v4.5.1 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect + github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect github.com/hashicorp/go-hclog v1.6.3 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-slug v0.16.3 // indirect github.com/hashicorp/go-version v1.7.0 // indirect github.com/hashicorp/hcl/v2 v2.23.0 // indirect + github.com/hashicorp/logutils v1.0.0 // indirect + github.com/hashicorp/terraform-plugin-go v0.14.3 // indirect + github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect + github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1 // indirect github.com/hashicorp/terraform-registry-address v0.2.3 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect - github.com/manicminer/hamilton-autorest v0.2.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect - github.com/mitchellh/go-homedir v1.1.0 // indirect + github.com/mitchellh/go-testing-interface v1.14.1 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/spf13/afero v1.9.5 // indirect - github.com/stretchr/testify v1.8.4 // indirect + github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect + github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect + github.com/vmihailenco/tagparser v0.1.1 // indirect github.com/zclconf/go-cty v1.16.2 // indirect golang.org/x/crypto v0.32.0 // indirect golang.org/x/mod v0.21.0 // indirect @@ -59,6 +62,9 @@ require ( golang.org/x/sys v0.29.0 // indirect golang.org/x/text v0.21.0 // indirect golang.org/x/tools v0.25.0 // indirect + google.golang.org/appengine v1.6.8 // indirect + google.golang.org/protobuf v1.34.2 // indirect + software.sslmate.com/src/go-pkcs12 v0.4.0 // indirect ) replace github.com/hashicorp/terraform/internal/backend/remote-state/azure => ../azure diff --git a/internal/backend/remote-state/azure/go.sum b/internal/backend/remote-state/azure/go.sum index 1057f8dd5997..d560df0edcf6 100644 --- a/internal/backend/remote-state/azure/go.sum +++ b/internal/backend/remote-state/azure/go.sum @@ -44,39 +44,18 @@ cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3f cloud.google.com/go/storage v1.30.1 h1:uOdMxAs8HExqBlnLtnQyP0YkvbiDpdGShGKtx6U/oNM= cloud.google.com/go/storage v1.30.1/go.mod h1:NfxhC0UJE1aXSx7CIIbCf7y9HKT7BiccwkR7+P7gN8E= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/azure-sdk-for-go v45.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v47.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v59.2.0+incompatible h1:mbxiZy1K820hQ+dI+YIO/+a0wQDYqOu18BAGe4lXjVk= -github.com/Azure/azure-sdk-for-go v59.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.3/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= -github.com/Azure/go-autorest/autorest v0.11.10/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= -github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= -github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= -github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= -github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= -github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= -github.com/Azure/go-autorest/autorest/adal v0.9.14/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= -github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg= -github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.0/go.mod h1:JljT387FplPzBA31vUcvsetLKF3pec5bdAxjVU4kI2s= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.4 h1:iuooz5cZL6VRcO7DVSFYxRcouqn6bFVE/e77Wts50Zk= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.4/go.mod h1:yAQ2b6eP/CmLPnmLvxtT1ALIY3OR1oFcCqVBi8vHiTc= +github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= +github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs= +github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= +github.com/Azure/go-autorest/autorest/adal v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8= +github.com/Azure/go-autorest/autorest/adal v0.9.23/go.mod h1:5pcMqFkdPhviJdlEy3kC/v1ZLnQl0MH6XA5YCcMhy4c= github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw= github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= -github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk= -github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= -github.com/Azure/go-autorest/autorest/validation v0.3.0/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= -github.com/Azure/go-autorest/autorest/validation v0.3.1 h1:AgyqjAd94fwNAoTjl/WQXg4VvFeRFpO+UhNyRXqF1ac= -github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= -github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= @@ -85,6 +64,7 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= +github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= github.com/apparentlymart/go-versions v1.0.2 h1:n5Gg9YvSLK8Zzpy743J7abh2jt7z7ammOQ0oTd/5oA4= @@ -104,10 +84,6 @@ github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnht github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= -github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= -github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -117,7 +93,6 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -125,7 +100,7 @@ github.com/go-test/deep v1.0.1/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3a github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= @@ -141,6 +116,7 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= +github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -189,7 +165,6 @@ github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLe github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc= github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -203,43 +178,52 @@ github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-azure-helpers v0.12.0/go.mod h1:Zc3v4DNeX6PDdy7NljlYpnrdac1++qNW0I4U+ofGwpg= -github.com/hashicorp/go-azure-helpers v0.43.0 h1:larj4ZgwO3hKzA9xIOTXRW4NBpI6F3K8wpig8eikNOw= -github.com/hashicorp/go-azure-helpers v0.43.0/go.mod h1:ofh+59GPB8g/lWI08711STfrIPSPOlXQkuMc8rovpBk= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-azure-helpers v0.71.0 h1:ra3aIRzg01g6MLKQ+yABcb6WJtrqRUDDgyuPLmyZ9lY= +github.com/hashicorp/go-azure-helpers v0.71.0/go.mod h1:BmbF4JDYXK5sEmFeU5hcn8Br21uElcqLfdQxjatwQKw= +github.com/hashicorp/go-azure-sdk/resource-manager v0.20241212.1154051 h1:jFgd3bzeRViGTzicIn9gDw2O/Gk6WjVJCTTefPNOGPY= +github.com/hashicorp/go-azure-sdk/resource-manager v0.20241212.1154051/go.mod h1:XapOZ9HiCtXz3qb5yNFiCuWbOBj2I3WU1K2jwqgK2zA= +github.com/hashicorp/go-azure-sdk/sdk v0.20241212.1154051 h1:4fCKJPSeLVvwl7ZCqU7MOUKyx/M7kl/J6wlw2O3xn40= +github.com/hashicorp/go-azure-sdk/sdk v0.20241212.1154051/go.mod h1:oI5R0fTbBx3K/sJBK5R/OlEy8ozdQjvctxVU9v3EDkc= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= +github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI= +github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs= github.com/hashicorp/go-getter v1.7.8 h1:mshVHx1Fto0/MydBekWan5zUipGq7jO0novchgMmSiY= github.com/hashicorp/go-getter v1.7.8/go.mod h1:2c6CboOEb9jG6YvmC9xdD+tyAFsrUaJPedwXDGr0TM4= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.7.0/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo= github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I= github.com/hashicorp/go-slug v0.16.3 h1:pe0PMwz2UWN1168QksdW/d7u057itB2gY568iF0E2Ns= github.com/hashicorp/go-slug v0.16.3/go.mod h1:THWVTAXwJEinbsp4/bBRcmbaO5EYNLTqxbG4tZ3gCYQ= -github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.3.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl/v2 v2.23.0 h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3qos= github.com/hashicorp/hcl/v2 v2.23.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= +github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= +github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= +github.com/hashicorp/terraform-plugin-go v0.14.3 h1:nlnJ1GXKdMwsC8g1Nh05tK2wsC3+3BL/DBBxFEki+j0= +github.com/hashicorp/terraform-plugin-go v0.14.3/go.mod h1:7ees7DMZ263q8wQ6E4RdIdR6nHHJtrdt4ogX5lPkX1A= +github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0= +github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1 h1:G9WAfb8LHeCxu7Ae8nc1agZlQOSCUWsb610iAogBhCs= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1/go.mod h1:xcOSYlRVdPLmDUoqPhO9fiO/YCN/l6MGYeTzGt5jgkQ= github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI= github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/jackofallops/giovanni v0.28.0 h1:fxn55SnxL2Rj3hgkkgQS9UKlIRXkkTZ5WcnE04JCBRE= +github.com/jackofallops/giovanni v0.28.0/go.mod h1:CyzRgZyts4YSI/1iZF8poqdn9I6J8xpmg1iMpvhthTs= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= @@ -248,16 +232,14 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o github.com/klauspost/compress v1.15.11 h1:Lcadnb3RKGin4FYM/orgq0qde+nc15E5Cbqg4B9Sx9c= github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= -github.com/manicminer/hamilton v0.43.0/go.mod h1:lbVyngC+/nCWuDp8UhC6Bw+bh7jcP/E+YwqzHTmzemk= -github.com/manicminer/hamilton v0.44.0 h1:mLb4Vxbt2dsAvOpaB7xd/5D8LaTTX6ACwVP4TmW8qwE= -github.com/manicminer/hamilton v0.44.0/go.mod h1:lbVyngC+/nCWuDp8UhC6Bw+bh7jcP/E+YwqzHTmzemk= -github.com/manicminer/hamilton-autorest v0.2.0 h1:dDL+t2DrQza0EfNYINYCvXISeNwVqzgVAQh+CH/19ZU= -github.com/manicminer/hamilton-autorest v0.2.0/go.mod h1:NselDpNTImEmOc/fa41kPg6YhDt/6S95ejWbTGZ6tlg= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= @@ -288,22 +270,31 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM= github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/tombuildsstuff/giovanni v0.15.1 h1:CVRaLOJ7C/eercCrKIsarfJ4SZoGMdBL9Q2deFDUXco= -github.com/tombuildsstuff/giovanni v0.15.1/go.mod h1:0TZugJPEtqzPlMpuJHYfXY6Dq2uLPrXf98D2XQSxNbA= github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= +github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= +github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= +github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvCazn8G65U= +github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= +github.com/vmihailenco/tagparser v0.1.1 h1:quXMXlA39OCbd2wAdTsGDlK9RkOk6Wuw+x37wVyIuWY= +github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zclconf/go-cty v1.16.2 h1:LAJSwc3v81IRBZyUVQDUdZ7hs3SYs9jv0eZJDWHD/70= github.com/zclconf/go-cty v1.16.2/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= @@ -321,12 +312,10 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -362,6 +351,7 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -396,6 +386,8 @@ golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -407,7 +399,6 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -420,6 +411,7 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -461,11 +453,16 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -474,6 +471,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -526,6 +525,7 @@ golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.25.0 h1:oFU9pkj/iJgs+0DT+VMHrx+oBKs/LJMV+Uvg78sl+fE= golang.org/x/tools v0.25.0/go.mod h1:/vtpO8WL1N9cQC3FN5zPqb//fRXskFHbLKk4OW1Q7rg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -639,6 +639,7 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -655,3 +656,5 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= +software.sslmate.com/src/go-pkcs12 v0.4.0 h1:H2g08FrTvSFKUj+D309j1DPfk5APnIdAQAB8aEykJ5k= +software.sslmate.com/src/go-pkcs12 v0.4.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI= diff --git a/internal/backend/remote-state/azure/helpers.go b/internal/backend/remote-state/azure/helpers.go new file mode 100644 index 000000000000..9ecce81c7e6c --- /dev/null +++ b/internal/backend/remote-state/azure/helpers.go @@ -0,0 +1,147 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +// This file is copied from terraform-provider-azurerm: internal/provider/helpers.go + +package azure + +import ( + "encoding/base64" + "fmt" + "log" + "os" + "strings" + + "github.com/hashicorp/terraform/internal/legacy/helper/schema" +) + +// logEntry avoids log entries showing up in test output +func logEntry(f string, v ...interface{}) { + if os.Getenv("TF_LOG") == "" { + return + } + + if os.Getenv("TF_ACC") != "" { + return + } + + log.Printf(f, v...) +} + +func decodeCertificate(clientCertificate string) ([]byte, error) { + var pfx []byte + if clientCertificate != "" { + out := make([]byte, base64.StdEncoding.DecodedLen(len(clientCertificate))) + n, err := base64.StdEncoding.Decode(out, []byte(clientCertificate)) + if err != nil { + return pfx, fmt.Errorf("could not decode client certificate data: %v", err) + } + pfx = out[:n] + } + return pfx, nil +} + +func getOidcToken(d *schema.ResourceData) (*string, error) { + idToken := strings.TrimSpace(d.Get("oidc_token").(string)) + + if path := d.Get("oidc_token_file_path").(string); path != "" { + fileTokenRaw, err := os.ReadFile(path) + + if err != nil { + return nil, fmt.Errorf("reading OIDC Token from file %q: %v", path, err) + } + + fileToken := strings.TrimSpace(string(fileTokenRaw)) + + if idToken != "" && idToken != fileToken { + return nil, fmt.Errorf("mismatch between supplied OIDC token and supplied OIDC token file contents - please either remove one or ensure they match") + } + + idToken = fileToken + } + + if d.Get("use_aks_workload_identity").(bool) && os.Getenv("AZURE_FEDERATED_TOKEN_FILE") != "" { + path := os.Getenv("AZURE_FEDERATED_TOKEN_FILE") + fileTokenRaw, err := os.ReadFile(os.Getenv("AZURE_FEDERATED_TOKEN_FILE")) + + if err != nil { + return nil, fmt.Errorf("reading OIDC Token from file %q provided by AKS Workload Identity: %v", path, err) + } + + fileToken := strings.TrimSpace(string(fileTokenRaw)) + + if idToken != "" && idToken != fileToken { + return nil, fmt.Errorf("mismatch between supplied OIDC token and OIDC token file contents provided by AKS Workload Identity - please either remove one, ensure they match, or disable use_aks_workload_identity") + } + + idToken = fileToken + } + + return &idToken, nil +} + +func getClientId(d *schema.ResourceData) (*string, error) { + clientId := strings.TrimSpace(d.Get("client_id").(string)) + + if path := d.Get("client_id_file_path").(string); path != "" { + fileClientIdRaw, err := os.ReadFile(path) + + if err != nil { + return nil, fmt.Errorf("reading Client ID from file %q: %v", path, err) + } + + fileClientId := strings.TrimSpace(string(fileClientIdRaw)) + + if clientId != "" && clientId != fileClientId { + return nil, fmt.Errorf("mismatch between supplied Client ID and supplied Client ID file contents - please either remove one or ensure they match") + } + + clientId = fileClientId + } + + if d.Get("use_aks_workload_identity").(bool) && os.Getenv("AZURE_CLIENT_ID") != "" { + aksClientId := os.Getenv("AZURE_CLIENT_ID") + if clientId != "" && clientId != aksClientId { + return nil, fmt.Errorf("mismatch between supplied Client ID and that provided by AKS Workload Identity - please remove, ensure they match, or disable use_aks_workload_identity") + } + clientId = aksClientId + } + + return &clientId, nil +} + +func getClientSecret(d *schema.ResourceData) (*string, error) { + clientSecret := strings.TrimSpace(d.Get("client_secret").(string)) + + if path := d.Get("client_secret_file_path").(string); path != "" { + fileSecretRaw, err := os.ReadFile(path) + + if err != nil { + return nil, fmt.Errorf("reading Client Secret from file %q: %v", path, err) + } + + fileSecret := strings.TrimSpace(string(fileSecretRaw)) + + if clientSecret != "" && clientSecret != fileSecret { + return nil, fmt.Errorf("mismatch between supplied Client Secret and supplied Client Secret file contents - please either remove one or ensure they match") + } + + clientSecret = fileSecret + } + + return &clientSecret, nil +} + +func getTenantId(d *schema.ResourceData) (*string, error) { + tenantId := strings.TrimSpace(d.Get("tenant_id").(string)) + + if d.Get("use_aks_workload_identity").(bool) && os.Getenv("AZURE_TENANT_ID") != "" { + aksTenantId := os.Getenv("AZURE_TENANT_ID") + if tenantId != "" && tenantId != aksTenantId { + return nil, fmt.Errorf("mismatch between supplied Tenant ID and that provided by AKS Workload Identity - please remove, ensure they match, or disable use_aks_workload_identity") + } + tenantId = aksTenantId + } + + return &tenantId, nil +} diff --git a/internal/backend/remote-state/azure/helpers_test.go b/internal/backend/remote-state/azure/helpers_test.go index 8d879e270f62..33bab5d9289b 100644 --- a/internal/backend/remote-state/azure/helpers_test.go +++ b/internal/backend/remote-state/azure/helpers_test.go @@ -13,11 +13,15 @@ import ( "testing" "time" - "github.com/Azure/azure-sdk-for-go/profiles/2017-03-09/resources/mgmt/resources" - armStorage "github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2021-01-01/storage" - "github.com/Azure/go-autorest/autorest" + "github.com/hashicorp/go-azure-helpers/lang/pointer" + "github.com/hashicorp/go-azure-helpers/resourcemanager/commonids" sasStorage "github.com/hashicorp/go-azure-helpers/storage" - "github.com/tombuildsstuff/giovanni/storage/2018-11-09/blob/containers" + "github.com/hashicorp/go-azure-sdk/resource-manager/resources/2024-03-01/resourcegroups" + "github.com/hashicorp/go-azure-sdk/resource-manager/storage/2023-01-01/storageaccounts" + "github.com/hashicorp/go-azure-sdk/sdk/auth" + "github.com/hashicorp/go-azure-sdk/sdk/environments" + "github.com/jackofallops/giovanni/storage/2023-11-03/blob/blobs" + "github.com/jackofallops/giovanni/storage/2023-11-03/blob/containers" ) const ( @@ -52,57 +56,25 @@ func testAccAzureBackendRunningInGitHubActions(t *testing.T) { } } -func buildTestClient(t *testing.T, res resourceNames) *ArmClient { - subscriptionID := os.Getenv("ARM_SUBSCRIPTION_ID") - tenantID := os.Getenv("ARM_TENANT_ID") - clientID := os.Getenv("ARM_CLIENT_ID") - clientSecret := os.Getenv("ARM_CLIENT_SECRET") - msiEnabled := strings.EqualFold(os.Getenv("ARM_USE_MSI"), "true") - environment := os.Getenv("ARM_ENVIRONMENT") - - hasCredentials := (clientID != "" && clientSecret != "") || msiEnabled - if !hasCredentials { - t.Fatal("Azure credentials missing or incomplete") - } - - if subscriptionID == "" { - t.Fatalf("Missing ARM_SUBSCRIPTION_ID") - } - - if tenantID == "" { - t.Fatalf("Missing ARM_TENANT_ID") - } - - if environment == "" { - t.Fatalf("Missing ARM_ENVIRONMENT") - } - - // location isn't used in this method, but is in the other test methods - location := os.Getenv("ARM_LOCATION") - if location == "" { - t.Fatalf("Missing ARM_LOCATION") - } - - // Endpoint is optional (only for Stack) - endpoint := os.Getenv("ARM_ENDPOINT") - - armClient, err := buildArmClient(context.TODO(), BackendConfig{ - SubscriptionID: subscriptionID, - TenantID: tenantID, - ClientID: clientID, - ClientSecret: clientSecret, - CustomResourceManagerEndpoint: endpoint, - Environment: environment, - ResourceGroupName: res.resourceGroup, - StorageAccountName: res.storageAccountName, - UseMsi: msiEnabled, - UseAzureADAuthentication: res.useAzureADAuth, - }) - if err != nil { - t.Fatalf("Failed to build ArmClient: %+v", err) +// clearEnv cleans up the azure related environment variables. +// This is to ensure the configuration only comes from HCL, which avoids +// env vars for test setup interfere the behavior. +// +// NOTE: Since `go test` runs all test cases in a single process, clearing +// environment has a whole process impact to other test cases. While this +// impact can be eliminated given all the tests are implemented in a similar +// pattern that those env vars will be consumed at the very begining. The test +// runner has to ensure to set a **big enough parallelism**. +func clearEnv() { + for _, evexp := range os.Environ() { + k, _, ok := strings.Cut(evexp, "=") + if !ok { + continue + } + if strings.HasPrefix(k, "ARM_") { + os.Unsetenv(k) + } } - - return armClient } func buildSasToken(accountName, accessKey string) (*string, error) { @@ -116,6 +88,7 @@ func buildSasToken(accountName, accessKey string) (*string, error) { signedProtocol := "https,http" signedIp := "" signedVersion := sasSignedVersion + signedEncryptionScope := "" utcNow := time.Now().UTC() @@ -124,7 +97,7 @@ func buildSasToken(accountName, accessKey string) (*string, error) { endDate := utcNow.Add(time.Hour * 24).Format(time.RFC3339) sasToken, err := sasStorage.ComputeAccountSASToken(accountName, accessKey, permissions, services, resourceTypes, - startDate, endDate, signedProtocol, signedIp, signedVersion) + startDate, endDate, signedProtocol, signedIp, signedVersion, signedEncryptionScope) if err != nil { return nil, fmt.Errorf("Error computing SAS Token: %+v", err) } @@ -133,102 +106,214 @@ func buildSasToken(accountName, accessKey string) (*string, error) { } type resourceNames struct { - resourceGroup string - location string - storageAccountName string - storageContainerName string - storageKeyName string - storageAccountAccessKey string - useAzureADAuth bool + resourceGroup string + storageAccountName string + storageContainerName string + storageKeyName string } func testResourceNames(rString string, keyName string) resourceNames { return resourceNames{ resourceGroup: fmt.Sprintf("acctestRG-backend-%s-%s", strings.Replace(time.Now().Local().Format("060102150405.00"), ".", "", 1), rString), - location: os.Getenv("ARM_LOCATION"), storageAccountName: fmt.Sprintf("acctestsa%s", rString), storageContainerName: "acctestcont", storageKeyName: keyName, - useAzureADAuth: false, } } -func (c *ArmClient) buildTestResources(ctx context.Context, names *resourceNames) error { - log.Printf("Creating Resource Group %q", names.resourceGroup) - _, err := c.groupsClient.CreateOrUpdate(ctx, names.resourceGroup, resources.Group{Location: &names.location}) +type TestMeta struct { + names resourceNames + + clientId string + clientSecret string + + tenantId string + subscriptionId string + location string + env environments.Environment + + // This is populated during test resource deploying + storageAccessKey string + + // This is populated during test resoruce deploying + blobBaseUri string + + resourceGroupsClient *resourcegroups.ResourceGroupsClient + storageAccountsClient *storageaccounts.StorageAccountsClient +} + +func BuildTestMeta(t *testing.T, ctx context.Context) *TestMeta { + names := testResourceNames(randString(10), "testState") + + subscriptionID := os.Getenv("ARM_SUBSCRIPTION_ID") + if subscriptionID == "" { + t.Fatalf("Missing ARM_SUBSCRIPTION_ID") + } + + tenantID := os.Getenv("ARM_TENANT_ID") + if tenantID == "" { + t.Fatalf("Missing ARM_TENANT_ID") + } + + location := os.Getenv("ARM_TEST_LOCATION") + if location == "" { + t.Fatalf("Missing ARM_TEST_LOCATION") + } + + clientID := os.Getenv("ARM_CLIENT_ID") + clientSecret := os.Getenv("ARM_CLIENT_SECRET") + + environment := "public" + if v := os.Getenv("ARM_ENVIRONMENT"); v != "" { + environment = v + } + env, err := environments.FromName(environment) if err != nil { - return fmt.Errorf("failed to create test resource group: %s", err) + t.Fatalf("Failed to build environment for %s: %v", environment, err) } - log.Printf("Creating Storage Account %q in Resource Group %q", names.storageAccountName, names.resourceGroup) - storageProps := armStorage.AccountCreateParameters{ - Sku: &armStorage.Sku{ - Name: armStorage.StandardLRS, - Tier: armStorage.Standard, - }, - Location: &names.location, + // For deploying test resources, we support the followings: + // - Client secret: For most of the tests + // - Client certificate: For client certificate related tests + // - MSI: For MSI related tests + // - OIDC: For OIDC related tests + authConfig := &auth.Credentials{ + Environment: *env, + TenantID: tenantID, + ClientID: clientID, + ClientSecret: clientSecret, + ClientCertificatePath: os.Getenv("ARM_CLIENT_CERTIFICATE_PATH"), + ClientCertificatePassword: os.Getenv("ARM_CLIENT_CERTIFICATE_PASSWORD"), + GitHubOIDCTokenRequestURL: os.Getenv("ACTIONS_ID_TOKEN_REQUEST_URL"), + GitHubOIDCTokenRequestToken: os.Getenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN"), + + EnableAuthenticatingUsingClientSecret: true, + EnableAuthenticatingUsingClientCertificate: true, + EnableAuthenticatingUsingManagedIdentity: true, + EnableAuthenticationUsingGitHubOIDC: true, } - if names.useAzureADAuth { - allowSharedKeyAccess := false - storageProps.AccountPropertiesCreateParameters = &armStorage.AccountPropertiesCreateParameters{ - AllowSharedKeyAccess: &allowSharedKeyAccess, - } + + resourceManagerAuth, err := auth.NewAuthorizerFromCredentials(ctx, *authConfig, env.ResourceManager) + if err != nil { + t.Fatalf("unable to build authorizer for Resource Manager API: %+v", err) } - future, err := c.storageAccountsClient.Create(ctx, names.resourceGroup, names.storageAccountName, storageProps) + + resourceGroupsClient, err := resourcegroups.NewResourceGroupsClientWithBaseURI(env.ResourceManager) if err != nil { - return fmt.Errorf("failed to create test storage account: %s", err) + t.Fatalf("building Resource Groups client: %+v", err) } + resourceGroupsClient.Client.SetAuthorizer(resourceManagerAuth) - err = future.WaitForCompletionRef(ctx, c.storageAccountsClient.Client) + storageAccountsClient, err := storageaccounts.NewStorageAccountsClientWithBaseURI(env.ResourceManager) if err != nil { - return fmt.Errorf("failed waiting for the creation of storage account: %s", err) + t.Fatalf("building Storage Accounts client: %+v", err) } + storageAccountsClient.Client.SetAuthorizer(resourceManagerAuth) - containersClient := containers.NewWithEnvironment(c.environment) - if names.useAzureADAuth { - containersClient.Client.Authorizer = *c.azureAdStorageAuth - } else { - log.Printf("fetching access key for storage account") - resp, err := c.storageAccountsClient.ListKeys(ctx, names.resourceGroup, names.storageAccountName, "") - if err != nil { - return fmt.Errorf("failed to list storage account keys %s:", err) - } + return &TestMeta{ + names: names, - keys := *resp.Keys - accessKey := *keys[0].Value - names.storageAccountAccessKey = accessKey + clientId: clientID, + clientSecret: clientSecret, - storageAuth, err := autorest.NewSharedKeyAuthorizer(names.storageAccountName, accessKey, autorest.SharedKey) - if err != nil { - return fmt.Errorf("Error building Authorizer: %+v", err) - } + tenantId: tenantID, + subscriptionId: subscriptionID, + location: location, + env: *env, - containersClient.Client.Authorizer = storageAuth + resourceGroupsClient: resourceGroupsClient, + storageAccountsClient: storageAccountsClient, } +} - log.Printf("Creating Container %q in Storage Account %q (Resource Group %q)", names.storageContainerName, names.storageAccountName, names.resourceGroup) - _, err = containersClient.Create(ctx, names.storageAccountName, names.storageContainerName, containers.CreateInput{}) +func (c *TestMeta) buildTestResources(ctx context.Context) error { + log.Printf("Creating Resource Group %q", c.names.resourceGroup) + rgid := commonids.NewResourceGroupID(c.subscriptionId, c.names.resourceGroup) + if _, err := c.resourceGroupsClient.CreateOrUpdate(ctx, rgid, resourcegroups.ResourceGroup{Location: c.location}); err != nil { + return fmt.Errorf("failed to create test resource group: %s", err) + } + + log.Printf("Creating Storage Account %q in Resource Group %q", c.names.storageAccountName, c.names.resourceGroup) + storageProps := storageaccounts.StorageAccountCreateParameters{ + Kind: storageaccounts.KindStorageVTwo, + Sku: storageaccounts.Sku{ + Name: storageaccounts.SkuNameStandardLRS, + Tier: pointer.To(storageaccounts.SkuTierStandard), + }, + Location: c.location, + } + + said := commonids.NewStorageAccountID(c.subscriptionId, c.names.resourceGroup, c.names.storageAccountName) + if err := c.storageAccountsClient.CreateThenPoll(ctx, said, storageProps); err != nil { + return fmt.Errorf("failed to create test storage account: %s", err) + } + + // Populate the storage account access key + resp, err := c.storageAccountsClient.GetProperties(ctx, said, storageaccounts.DefaultGetPropertiesOperationOptions()) if err != nil { + return fmt.Errorf("getting %s: %+v", said, err) + } + if resp.Model == nil { + return fmt.Errorf("unexpected null model of %s", said) + } + accountDetail, err := populateAccountDetails(said, *resp.Model) + if err != nil { + return fmt.Errorf("populating details for %s: %+v", said, err) + } + + accountKey, err := accountDetail.AccountKey(ctx, c.storageAccountsClient) + if err != nil { + return fmt.Errorf("listing access key for %s: %+v", said, err) + } + c.storageAccessKey = *accountKey + + blobBaseUri, err := accountDetail.DataPlaneEndpoint(EndpointTypeBlob) + if err != nil { + return err + } + c.blobBaseUri = *blobBaseUri + + containersClient, err := containers.NewWithBaseUri(*blobBaseUri) + if err != nil { + return fmt.Errorf("failed to new container client: %v", err) + } + + authorizer, err := auth.NewSharedKeyAuthorizer(c.names.storageAccountName, *accountKey, auth.SharedKey) + if err != nil { + return fmt.Errorf("new shared key authorizer: %v", err) + } + containersClient.Client.Authorizer = authorizer + + log.Printf("Creating Container %q in Storage Account %q (Resource Group %q)", c.names.storageContainerName, c.names.storageAccountName, c.names.resourceGroup) + if _, err = containersClient.Create(ctx, c.names.storageContainerName, containers.CreateInput{}); err != nil { return fmt.Errorf("failed to create storage container: %s", err) } return nil } -func (c ArmClient) destroyTestResources(ctx context.Context, resources resourceNames) error { - log.Printf("[DEBUG] Deleting Resource Group %q..", resources.resourceGroup) - future, err := c.groupsClient.Delete(ctx, resources.resourceGroup) - if err != nil { +func (c *TestMeta) destroyTestResources(ctx context.Context) error { + log.Printf("[DEBUG] Deleting Resource Group %q..", c.names.resourceGroup) + rgid := commonids.NewResourceGroupID(c.subscriptionId, c.names.resourceGroup) + if err := c.resourceGroupsClient.DeleteThenPoll(ctx, rgid, resourcegroups.DefaultDeleteOperationOptions()); err != nil { return fmt.Errorf("Error deleting Resource Group: %+v", err) } + return nil +} - log.Printf("[DEBUG] Waiting for deletion of Resource Group %q..", resources.resourceGroup) - err = future.WaitForCompletionRef(ctx, c.groupsClient.Client) +func (c *TestMeta) getBlobClient(ctx context.Context) (bc *blobs.Client, err error) { + blobsClient, err := blobs.NewWithBaseUri(c.blobBaseUri) if err != nil { - return fmt.Errorf("Error waiting for the deletion of Resource Group: %+v", err) + return nil, fmt.Errorf("new blob client: %v", err) } - return nil + authorizer, err := auth.NewSharedKeyAuthorizer(c.names.storageAccountName, c.storageAccessKey, auth.SharedKey) + if err != nil { + return nil, fmt.Errorf("new shared key authorizer: %v", err) + } + blobsClient.Client.SetAuthorizer(authorizer) + + return blobsClient, nil } // randString generates a random alphanumeric string of the length specified diff --git a/internal/backend/remote-state/azure/sender.go b/internal/backend/remote-state/azure/sender.go deleted file mode 100644 index f73a0dbdc533..000000000000 --- a/internal/backend/remote-state/azure/sender.go +++ /dev/null @@ -1,67 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package azure - -import ( - "log" - "net/http" - "net/http/httputil" - - "github.com/Azure/go-autorest/autorest" - "github.com/hashicorp/terraform/internal/logging" -) - -func buildSender() autorest.Sender { - return autorest.DecorateSender(&http.Client{ - Transport: &http.Transport{ - Proxy: http.ProxyFromEnvironment, - }, - }, withRequestLogging()) -} - -func withRequestLogging() autorest.SendDecorator { - return func(s autorest.Sender) autorest.Sender { - return autorest.SenderFunc(func(r *http.Request) (*http.Response, error) { - // only log if logging's enabled - logLevel := logging.CurrentLogLevel() - if logLevel == "" { - return s.Do(r) - } - - // strip the authorization header prior to printing - authHeaderName := "Authorization" - auth := r.Header.Get(authHeaderName) - if auth != "" { - r.Header.Del(authHeaderName) - } - - // dump request to wire format - if dump, err := httputil.DumpRequestOut(r, true); err == nil { - log.Printf("[DEBUG] Azure Backend Request: \n%s\n", dump) - } else { - // fallback to basic message - log.Printf("[DEBUG] Azure Backend Request: %s to %s\n", r.Method, r.URL) - } - - // add the auth header back - if auth != "" { - r.Header.Add(authHeaderName, auth) - } - - resp, err := s.Do(r) - if resp != nil { - // dump response to wire format - if dump, err2 := httputil.DumpResponse(resp, true); err2 == nil { - log.Printf("[DEBUG] Azure Backend Response for %s: \n%s\n", r.URL, dump) - } else { - // fallback to basic message - log.Printf("[DEBUG] Azure Backend Response: %s for %s\n", resp.Status, r.URL) - } - } else { - log.Printf("[DEBUG] Request to %s completed with no response", r.URL) - } - return resp, err - }) - } -} diff --git a/internal/backend/remote-state/azure/storage_client_helpers.go b/internal/backend/remote-state/azure/storage_client_helpers.go new file mode 100644 index 000000000000..827178a509d9 --- /dev/null +++ b/internal/backend/remote-state/azure/storage_client_helpers.go @@ -0,0 +1,165 @@ +package azure + +import ( + "context" + "fmt" + "strings" + + "github.com/hashicorp/go-azure-helpers/lang/pointer" + "github.com/hashicorp/go-azure-helpers/resourcemanager/commonids" + "github.com/hashicorp/go-azure-sdk/resource-manager/storage/2023-01-01/storageaccounts" + "github.com/hashicorp/go-azure-sdk/sdk/environments" +) + +// This file is referencing the terraform-provider-azurerm: internal/services/storage/client/helpers.go + +type EndpointType string + +const ( + EndpointTypeBlob = "blob" + EndpointTypeDfs = "dfs" + EndpointTypeFile = "file" + EndpointTypeQueue = "queue" + EndpointTypeTable = "table" +) + +type AccountDetails struct { + Kind storageaccounts.Kind + IsHnsEnabled bool + StorageAccountId commonids.StorageAccountId + + accountKey *string + + // primaryBlobEndpoint is the Primary Blob Endpoint for the Data Plane API for this Storage Account + // e.g. `https://{account}.blob.core.windows.net` + primaryBlobEndpoint *string + + // primaryDfsEndpoint is the Primary Dfs Endpoint for the Data Plane API for this Storage Account + // e.g. `https://sale.dfs.core.windows.net` + primaryDfsEndpoint *string + + // primaryFileEndpoint is the Primary File Endpoint for the Data Plane API for this Storage Account + // e.g. `https://{account}.file.core.windows.net` + primaryFileEndpoint *string + + // primaryQueueEndpoint is the Primary Queue Endpoint for the Data Plane API for this Storage Account + // e.g. `https://{account}.queue.core.windows.net` + primaryQueueEndpoint *string + + // primaryTableEndpoint is the Primary Table Endpoint for the Data Plane API for this Storage Account + // e.g. `https://{account}.table.core.windows.net` + primaryTableEndpoint *string +} + +func (ad *AccountDetails) AccountKey(ctx context.Context, client *storageaccounts.StorageAccountsClient) (*string, error) { + if ad.accountKey != nil { + return ad.accountKey, nil + } + + opts := storageaccounts.DefaultListKeysOperationOptions() + opts.Expand = pointer.To(storageaccounts.ListKeyExpandKerb) + listKeysResp, err := client.ListKeys(ctx, ad.StorageAccountId, opts) + if err != nil { + return nil, fmt.Errorf("listing Keys for %s: %+v", ad.StorageAccountId, err) + } + + if model := listKeysResp.Model; model != nil && model.Keys != nil { + for _, key := range *model.Keys { + if key.Permissions == nil || key.Value == nil { + continue + } + + if *key.Permissions == storageaccounts.KeyPermissionFull { + ad.accountKey = key.Value + break + } + } + } + + if ad.accountKey == nil { + return nil, fmt.Errorf("unable to determine the Write Key for %s", ad.StorageAccountId) + } + + return ad.accountKey, nil +} + +func (ad *AccountDetails) DataPlaneEndpoint(endpointType EndpointType) (*string, error) { + var baseUri *string + switch endpointType { + case EndpointTypeBlob: + baseUri = ad.primaryBlobEndpoint + + case EndpointTypeDfs: + baseUri = ad.primaryDfsEndpoint + + case EndpointTypeFile: + baseUri = ad.primaryFileEndpoint + + case EndpointTypeQueue: + baseUri = ad.primaryQueueEndpoint + + case EndpointTypeTable: + baseUri = ad.primaryTableEndpoint + + default: + return nil, fmt.Errorf("internal-error: unrecognised endpoint type %q when building storage client", endpointType) + } + + if baseUri == nil { + return nil, fmt.Errorf("determining %s endpoint for %s: missing primary endpoint", endpointType, ad.StorageAccountId) + } + return baseUri, nil +} + +func populateAccountDetails(accountId commonids.StorageAccountId, account storageaccounts.StorageAccount) (*AccountDetails, error) { + out := AccountDetails{ + Kind: pointer.From(account.Kind), + StorageAccountId: accountId, + } + + if account.Properties == nil { + return nil, fmt.Errorf("populating details for %s: `model.Properties` was nil", accountId) + } + if account.Properties.PrimaryEndpoints == nil { + return nil, fmt.Errorf("populating details for %s: `model.Properties.PrimaryEndpoints` was nil", accountId) + } + + props := *account.Properties + out.IsHnsEnabled = pointer.From(props.IsHnsEnabled) + + endpoints := *props.PrimaryEndpoints + if endpoints.Blob != nil { + endpoint := strings.TrimSuffix(*endpoints.Blob, "/") + out.primaryBlobEndpoint = pointer.To(endpoint) + } + if endpoints.Dfs != nil { + endpoint := strings.TrimSuffix(*endpoints.Dfs, "/") + out.primaryDfsEndpoint = pointer.To(endpoint) + } + if endpoints.File != nil { + endpoint := strings.TrimSuffix(*endpoints.File, "/") + out.primaryFileEndpoint = pointer.To(endpoint) + } + if endpoints.Queue != nil { + endpoint := strings.TrimSuffix(*endpoints.Queue, "/") + out.primaryQueueEndpoint = pointer.To(endpoint) + } + if endpoints.Table != nil { + endpoint := strings.TrimSuffix(*endpoints.Table, "/") + out.primaryTableEndpoint = pointer.To(endpoint) + } + + return &out, nil +} + +// naiveStorageAccountBlobBaseURL naively construct the storage account blob endpoint URL instead of +// learning from the storage account response. +// This is only used for the cases that either access key or SAS token is explicitly specified, which +// won't make any call to the ARM, but reach ahead to the data plane API directly. +func naiveStorageAccountBlobBaseURL(e environments.Environment, accountName string) (string, error) { + pDomainSuffix, ok := e.Storage.DomainSuffix() + if !ok { + return "", fmt.Errorf("no storage domain suffix defined for environment: %s", e.Name) + } + return fmt.Sprintf("https://%s.blob.%s", accountName, *pDomainSuffix), nil +} diff --git a/website/docs/language/backend/azurerm.mdx b/website/docs/language/backend/azurerm.mdx index 6b91937ddb94..9ac71293f532 100644 --- a/website/docs/language/backend/azurerm.mdx +++ b/website/docs/language/backend/azurerm.mdx @@ -514,16 +514,14 @@ The following configuration options are supported: * `key` - (Required) The name of the Blob used to retrieve/store Terraform's State file inside the Storage Container. -* `environment` - (Optional) The Azure Environment which should be used. This can also be sourced from the `ARM_ENVIRONMENT` environment variable. Possible values are `public`, `china`, `german`, `stack` and `usgovernment`. Defaults to `public`. - -* `endpoint` - (Optional) The Custom Endpoint for Azure Resource Manager. This can also be sourced from the `ARM_ENDPOINT` environment variable. - -~> **NOTE:** An `endpoint` should only be configured when using Azure Stack. +* `environment` - (Optional) The Azure Environment which should be used. This can also be sourced from the `ARM_ENVIRONMENT` environment variable. Possible values are `public`, `china` and `usgovernment`. Defaults to `public`. * `metadata_host` - (Optional) The Hostname of the Azure Metadata Service (for example `management.azure.com`), used to obtain the Cloud Environment when using a Custom Azure Environment. This can also be sourced from the `ARM_METADATA_HOSTNAME` Environment Variable. * `snapshot` - (Optional) Should the Blob used to store the Terraform Statefile be snapshotted before use? Defaults to `false`. This value can also be sourced from the `ARM_SNAPSHOT` environment variable. +* `use_cli` - (Optional) Should Azure CLI be used for authentication? Defaults to `false`. This value can also be sourced from the `ARM_USE_CLI` environment variable. + *** When authenticating using a Managed Identity (MSI) - the following fields are also supported: @@ -552,6 +550,8 @@ When authenticating using a Service Principal with OpenID Connect (OIDC / Worklo * `use_oidc` - (Optional) Should OIDC authentication be used? This can also be sourced from the `ARM_USE_OIDC` environment variable. +* `use_aks_workload_identity` (Optional) Should Azure AKS Workload Identity be used for Authentication? This can also be sourced from the `ARM_USE_AKS_WORKLOAD_IDENTITY` environment variable. + *** When authenticating using a SAS Token associated with the Storage Account - the following fields are also supported: @@ -580,10 +580,14 @@ When authenticating using a Service Principal with a Client Certificate - the fo * `client_id` - (Optional) The Client ID of the Service Principal. This can also be sourced from the `ARM_CLIENT_ID` environment variable. +* `client_id_file_path` (Optional) The path to a file containing the Client ID which should be used. This can also be sourced from the `ARM_CLIENT_ID_FILE_PATH` Environment Variable. + * `client_certificate_password` - (Optional) The password associated with the Client Certificate specified in `client_certificate_path`. This can also be sourced from the `ARM_CLIENT_CERTIFICATE_PASSWORD` environment variable. * `client_certificate_path` - (Optional) The path to the PFX file used as the Client Certificate when authenticating as a Service Principal. This can also be sourced from the `ARM_CLIENT_CERTIFICATE_PATH` environment variable. +* `client_certificate` - (Optional) Base64 encoded PKCS#12 certificate bundle to use when authenticating as a Service Principal using a Client Certificate. This can also be sourced from the `ARM_CLIENT_CERTIFICATE` environment variable. + * `subscription_id` - (Optional) The Subscription ID in which the Storage Account exists. This can also be sourced from the `ARM_SUBSCRIPTION_ID` environment variable. * `tenant_id` - (Optional) The Tenant ID in which the Subscription exists. This can also be sourced from the `ARM_TENANT_ID` environment variable. @@ -596,8 +600,12 @@ When authenticating using a Service Principal with a Client Secret - the followi * `client_id` - (Optional) The Client ID of the Service Principal. This can also be sourced from the `ARM_CLIENT_ID` environment variable. +* `client_id_file_path` (Optional) The path to a file containing the Client ID which should be used. This can also be sourced from the `ARM_CLIENT_ID_FILE_PATH` Environment Variable. + * `client_secret` - (Optional) The Client Secret of the Service Principal. This can also be sourced from the `ARM_CLIENT_SECRET` environment variable. +* `client_secret_file_path` - (Optional) The path to a file containing the Client Secret which should be used. This can also be sourced from the `ARM_CLIENT_SECRET_FILE_PATH` Environment Variable. + * `subscription_id` - (Optional) The Subscription ID in which the Storage Account exists. This can also be sourced from the `ARM_SUBSCRIPTION_ID` environment variable. * `tenant_id` - (Optional) The Tenant ID in which the Subscription exists. This can also be sourced from the `ARM_TENANT_ID` environment variable.