Skip to content

Commit

Permalink
Merge pull request hashicorp#15360 from hashicorp/jbardin/get-provide…
Browse files Browse the repository at this point in the history
…r-err

make sure we error out on plugin checksum signature mismatch
  • Loading branch information
jbardin authored Jun 21, 2017
2 parents 40e2fbb + e059eb8 commit 2051b28
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 1 deletion.
2 changes: 1 addition & 1 deletion plugin/discovery/get.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ func (i *ProviderInstaller) Get(provider string, req Constraints) (PluginMeta, e
if !i.SkipVerify {
sha256, err := getProviderChecksum(provider, v.String())
if err != nil {
return PluginMeta{}, nil
return PluginMeta{}, err
}

// add the checksum parameter for go-getter to verify the download for us.
Expand Down
28 changes: 28 additions & 0 deletions plugin/discovery/get_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,16 @@ func testChecksumHandler(w http.ResponseWriter, r *http.Request) {
return
}

// this this checksum file is corrupt and doesn't match the sig
if r.URL.Path == "/terraform-provider-badsig/0.1.0/terraform-provider-badsig_0.1.0_SHA256SUMS" {
http.ServeFile(w, r, "testdata/terraform-provider-badsig_0.1.0_SHA256SUMS")
return
}
if r.URL.Path == "/terraform-provider-badsig/0.1.0/terraform-provider-badsig_0.1.0_SHA256SUMS.sig" {
http.ServeFile(w, r, "testdata/terraform-provider-badsig_0.1.0_SHA256SUMS.sig")
return
}

http.Error(w, "signtaure files not found", http.StatusNotFound)
}

Expand Down Expand Up @@ -77,6 +87,7 @@ func testReleaseServer() *httptest.Server {
handler := http.NewServeMux()
handler.HandleFunc("/terraform-provider-test/", testHandler)
handler.HandleFunc("/terraform-provider-template/", testChecksumHandler)
handler.HandleFunc("/terraform-provider-badsig/", testChecksumHandler)

return httptest.NewServer(handler)
}
Expand Down Expand Up @@ -273,6 +284,23 @@ func TestProviderChecksum(t *testing.T) {
}
}

// Test fetching a provider's checksum file witha bad signature
func TestProviderChecksumBadSignature(t *testing.T) {
// we only need the checksum, as getter is doing the actual file comparison.
sha256sum, err := getProviderChecksum("badsig", "0.1.0")
if err == nil {
t.Fatal("expcted error")
}

if !strings.Contains(err.Error(), "signature") {
t.Fatal("expected signature error, got:", err)
}

if sha256sum != "" {
t.Fatal("expected no checksum, got:", sha256sum)
}
}

const versionList = `<!DOCTYPE html>
<html>
<body>
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
XX3X7df78b1f0161a3f941c271d55X1f7b5e5f2c53738e7a37145XX12f5d4726 terraform-provider-template_0.1.0_darwin_amd64.zip
XXXXfe878e2dXb2ed0a7da1d0eb6X6Xe4703d3df93ebf22bc12aXf5X1bb38b7c terraform-provider-template_0.1.0_freebsd_386.zip
XXXX9268ebfX8Xb63e53b2a476cX21aXf18c52e303673e2219eXc0dcXcc25622 terraform-provider-template_0.1.0_freebsd_amd64.zip
XXXX0c5ef0X43X47ecf93c313aXd58b3X8b8df8a10d2fb5dbeX3f7ac2X81cee7 terraform-provider-template_0.1.0_freebsd_arm.zip
XXXfXXa6dX5ddbX6903c8733cX4b69893X4f088ceb96560c7Xc876df49Xce2f4 terraform-provider-template_0.1.0_linux_386.zip
XXX8bXX1Xe2e077X88a68e4aX271c49e2dX22b149f440ff7X362581ec11Xe380 terraform-provider-template_0.1.0_linux_amd64.zip
XXX0969XXb34e8fcXXf7653Xd8bb42654cbX49c1d3902d8X729d3b1792daX9fe terraform-provider-template_0.1.0_linux_arm.zip
XXX8eca7X33808ec5eX027X83c42824ac9c0Xf5a458299Xc9ae86f4a04d76X4b terraform-provider-template_0.1.0_openbsd_386.zip
XXX18466c1590fc3cceXeXd619b29d6ea4ec1X3aab976X9dc64d1f5652d5c4Xf terraform-provider-template_0.1.0_openbsd_amd64.zip
XXXe603de6fd57310175X842002c0cc53472c4Xf1cf5X8d306884009fd80d22X terraform-provider-template_0.1.0_solaris_amd64.zip
XXX7a87ae47c383991f31774be8dfb70b7786cfXf22X497fe2d8b48dfcfe5ca1 terraform-provider-template_0.1.0_windows_386.zip
XXf12267bf26a5754f740e28f445cf015e66f59aXXX681564ac45888ebd83ff0 terraform-provider-template_0.1.0_windows_amd64.zip
Binary file not shown.

0 comments on commit 2051b28

Please sign in to comment.