Bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.26.1 to 2.27.0

Bumps [github.com/hashicorp/terraform-plugin-sdk/v2](https://github.com/hashicorp/terraform-plugin-sdk) from 2.26.1 to 2.27.0.
- [Release notes](https://github.com/hashicorp/terraform-plugin-sdk/releases)
- [Changelog](https://github.com/hashicorp/terraform-plugin-sdk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/terraform-plugin-sdk/compare/v2.26.1...v2.27.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/terraform-plugin-sdk/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot]
2023-07-03 20:21:30 +00:00
committed by GitHub
parent b2403e2569
commit 910ccdb092
722 changed files with 31260 additions and 8125 deletions

View File

@ -0,0 +1,7 @@
schema_version = 1
project {
license = "MPL-2.0"
copyright_year = 2020
header_ignore = []
}

View File

@ -1 +1 @@
1.19.5
1.20

View File

@ -44,13 +44,13 @@ Each comes with different trade-offs described below.
- **Cons:**
- Installation may consume some bandwith, disk space and a little time
- Potentially less stable builds (see `checkpoint` below)
- `checkpoint.{LatestVersion}` - Downloads, verifies & installs any known product available in HashiCorp Checkpoint
- `checkpoint.LatestVersion` - Downloads, verifies & installs any known product available in HashiCorp Checkpoint
- **Pros:**
- Checkpoint typically contains only product versions considered stable
- **Cons:**
- Installation may consume some bandwith, disk space and a little time
- Currently doesn't allow installation of a old versions (see `releases` above)
- `build.{GitRevision}` - Clones raw source code and builds the product from it
- `build.GitRevision` - Clones raw source code and builds the product from it
- **Pros:**
- Useful for catching bugs and incompatibilities as early as possible (prior to product release).
- **Cons:**
@ -61,73 +61,59 @@ Each comes with different trade-offs described below.
## Example Usage
### Install single version
See examples at https://pkg.go.dev/github.com/hashicorp/hc-install#example-Installer.
```go
TODO
## CLI
In addition to the Go library, which is the intended primary use case of `hc-install`, we also distribute CLI.
The CLI comes with some trade-offs:
- more limited interface compared to the flexible Go API (installs specific versions of products via `releases.ExactVersion`)
- minimal environment pre-requisites (no need to compile Go code)
- see ["hc-install is not a package manager"](https://github.com/hashicorp/hc-install#hc-install-is-not-a-package-manager)
### Installation
Given that one of the key roles of the CLI/library is integrity checking, you should choose the installation method which involves the same level of integrity checks, and/or perform these checks yourself. `go install` provides only minimal to no integrity checks, depending on exact use. We recommend any of the installation methods documented below.
#### Homebrew (macOS / Linux)
[Homebrew](https://brew.sh)
```
brew install hashicorp/tap/hc-install
```
### Find or install single version
#### Linux
```go
i := NewInstaller()
We support Debian & Ubuntu via apt and RHEL, CentOS, Fedora and Amazon Linux via RPM.
v0_14_0 := version.Must(version.NewVersion("0.14.0"))
You can follow the instructions in the [Official Packaging Guide](https://www.hashicorp.com/official-packaging-guide) to install the package from the official HashiCorp-maintained repositories. The package name is `hc-install` in all repositories.
execPath, err := i.Ensure(context.Background(), []src.Source{
&fs.ExactVersion{
Product: product.Terraform,
Version: v0_14_0,
},
&releases.ExactVersion{
Product: product.Terraform,
Version: v0_14_0,
},
})
if err != nil {
// process err
}
#### Other platforms
// run any tests
1. [Download for the latest version](https://releases.hashicorp.com/hc-install/) relevant for your operating system and architecture.
2. Verify integrity by comparing the SHA256 checksums which are part of the release (called `hc-install_<VERSION>_SHA256SUMS`).
3. Install it by unzipping it and moving it to a directory included in your system's `PATH`.
4. Check that you have installed it correctly via `hc-install --version`.
You should see the latest version printed to your terminal.
### Usage
defer i.Remove()
```
Usage: hc-install install [options] -version <version> <product>
### Install multiple versions
```go
TODO
This command installs a HashiCorp product.
Options:
-version [REQUIRED] Version of product to install.
-path Path to directory where the product will be installed. Defaults
to current working directory.
```
### Install and build multiple versions
```go
i := NewInstaller()
vc, _ := version.NewConstraint(">= 0.12")
rv := &releases.Versions{
Product: product.Terraform,
Constraints: vc,
}
versions, err := rv.List(context.Background())
if err != nil {
return err
}
versions = append(versions, &build.GitRevision{Ref: "HEAD"})
for _, installableVersion := range versions {
execPath, err := i.Ensure(context.Background(), []src.Source{
installableVersion,
})
if err != nil {
return err
}
// Do some testing here
_ = execPath
// clean up
os.Remove(execPath)
}
```sh
hc-install install -version 1.3.7 terraform
```
```
hc-install: will install terraform@1.3.7
installed terraform@1.3.7 to /current/working/dir/terraform
```

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package checkpoint
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package errors
type skippableErr struct {

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package fs
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package fs
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package fs
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
//go:build !windows
// +build !windows

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package fs
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package fs
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package install
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package build
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package build
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package build
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package build
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package httpclient
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package pubkey
const (

View File

@ -1,7 +1,9 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package releasesjson
import (
"bytes"
"context"
"crypto/sha256"
"encoding/hex"
@ -12,8 +14,8 @@ import (
"net/url"
"strings"
"github.com/ProtonMail/go-crypto/openpgp"
"github.com/hashicorp/hc-install/internal/httpclient"
"golang.org/x/crypto/openpgp"
)
type ChecksumDownloader struct {
@ -133,43 +135,13 @@ func fileMapFromChecksums(checksums strings.Builder) (ChecksumFileMap, error) {
return csMap, nil
}
func compareChecksum(logger *log.Logger, r io.Reader, verifiedHashSum HashSum, filename string, expectedSize int64) error {
h := sha256.New()
// This may take a while depending on network connection as the io.Reader
// is expected to be http.Response.Body which streams the bytes
// on demand over the network.
logger.Printf("copying %q (%d bytes) to calculate checksum", filename, expectedSize)
bytesCopied, err := io.Copy(h, r)
if err != nil {
return err
}
logger.Printf("copied %d bytes of %q", bytesCopied, filename)
if expectedSize != 0 && bytesCopied != int64(expectedSize) {
return fmt.Errorf("unexpected size (downloaded: %d, expected: %d)",
bytesCopied, expectedSize)
}
calculatedSum := h.Sum(nil)
if !bytes.Equal(calculatedSum, verifiedHashSum) {
return fmt.Errorf("checksum mismatch (expected %q, calculated %q)",
verifiedHashSum,
hex.EncodeToString(calculatedSum))
}
logger.Printf("checksum matches: %q", hex.EncodeToString(calculatedSum))
return nil
}
func (cd *ChecksumDownloader) verifySumsSignature(checksums, signature io.Reader) error {
el, err := cd.keyEntityList()
if err != nil {
return err
}
_, err = openpgp.CheckDetachedSignature(el, checksums, signature)
_, err = openpgp.CheckDetachedSignature(el, checksums, signature, nil)
if err != nil {
return fmt.Errorf("unable to verify checksums signature: %w", err)
}

View File

@ -1,9 +1,13 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package releasesjson
import (
"archive/zip"
"bytes"
"context"
"crypto/sha256"
"fmt"
"io"
"io/ioutil"
@ -92,8 +96,7 @@ func (d *Downloader) DownloadAndUnpack(ctx context.Context, pv *ProductVersion,
defer resp.Body.Close()
var pkgReader io.Reader
pkgReader = resp.Body
pkgReader := resp.Body
contentType := resp.Header.Get("content-type")
if !contentTypeIsZip(contentType) {
@ -103,19 +106,6 @@ func (d *Downloader) DownloadAndUnpack(ctx context.Context, pv *ProductVersion,
expectedSize := resp.ContentLength
if d.VerifyChecksum {
d.Logger.Printf("verifying checksum of %q", pb.Filename)
// provide extra reader to calculate & compare checksum
var buf bytes.Buffer
r := io.TeeReader(resp.Body, &buf)
pkgReader = &buf
err := compareChecksum(d.Logger, r, verifiedChecksum, pb.Filename, expectedSize)
if err != nil {
return "", err
}
}
pkgFile, err := ioutil.TempFile("", pb.Filename)
if err != nil {
return "", err
@ -124,19 +114,39 @@ func (d *Downloader) DownloadAndUnpack(ctx context.Context, pv *ProductVersion,
pkgFilePath, err := filepath.Abs(pkgFile.Name())
d.Logger.Printf("copying %q (%d bytes) to %s", pb.Filename, expectedSize, pkgFile.Name())
// Unless the bytes were already downloaded above for checksum verification
// this may take a while depending on network connection as the io.Reader
// is expected to be http.Response.Body which streams the bytes
// on demand over the network.
bytesCopied, err := io.Copy(pkgFile, pkgReader)
if err != nil {
return pkgFilePath, err
var bytesCopied int64
if d.VerifyChecksum {
d.Logger.Printf("verifying checksum of %q", pb.Filename)
h := sha256.New()
r := io.TeeReader(resp.Body, pkgFile)
bytesCopied, err = io.Copy(h, r)
if err != nil {
return "", err
}
calculatedSum := h.Sum(nil)
if !bytes.Equal(calculatedSum, verifiedChecksum) {
return pkgFilePath, fmt.Errorf(
"checksum mismatch (expected: %x, got: %x)",
verifiedChecksum, calculatedSum,
)
}
} else {
bytesCopied, err = io.Copy(pkgFile, pkgReader)
if err != nil {
return pkgFilePath, err
}
}
d.Logger.Printf("copied %d bytes to %s", bytesCopied, pkgFile.Name())
if expectedSize != 0 && bytesCopied != int64(expectedSize) {
return pkgFilePath, fmt.Errorf("unexpected size (downloaded: %d, expected: %d)",
bytesCopied, expectedSize)
return pkgFilePath, fmt.Errorf(
"unexpected size (downloaded: %d, expected: %d)",
bytesCopied, expectedSize,
)
}
r, err := zip.OpenReader(pkgFile.Name())

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package releasesjson
import "github.com/hashicorp/go-version"

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package releasesjson
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package src
type InstallSrcSigil struct{}

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package validators
import "regexp"

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package product
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package product
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package product
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package product
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package releases
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package releases
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package releases
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package releases
import (

View File

@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package src
import (

View File

@ -1 +1 @@
0.5.0
0.5.2

View File

@ -1,7 +1,11 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package version
import (
_ "embed"
"strings"
"github.com/hashicorp/go-version"
)
@ -9,6 +13,9 @@ import (
//go:embed VERSION
var rawVersion string
// parsedVersion declared here ensures that invalid versions panic early, on import
var parsedVersion = version.Must(version.NewVersion(strings.TrimSpace(rawVersion)))
// Version returns the version of the library
//
// Note: This is only exposed as public function/package
@ -16,5 +23,5 @@ var rawVersion string
// In general downstream should not implement version-specific
// logic and rely on this function to be present in future releases.
func Version() *version.Version {
return version.Must(version.NewVersion(rawVersion))
return parsedVersion
}