#24 : Thumbprint from Hashicorp change after 1.3.8. (#27)

* Update Windows thumbprint for issue `I can not install version 1.3.9 #24` * Add `7868E4F55FD7B047CD8BF93FEA8C38509CFB5939` thumbprint * Convert to HashiCorpWindowsThumbprint configuration list. Backwards compatible checking.
pearcec · Apr 19, 2023 · a4710c6 · a4710c6
1 parent 2f0ff52
commit a4710c6
Show file tree

Hide file tree

Showing 10 changed files with 53 additions and 7 deletions.
diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
@@ -1,5 +1,5 @@
 name: CI
-on: [push, pull_request]
+on: [push]
 jobs:
   test:
     name: test
@@ -12,3 +12,9 @@ jobs:
     - uses: actions/checkout@v1
     - name: Test
       run: pwsh -f ./build.ps1 -Task Test -Bootstrap
+    - name: Publish Test Results
+      uses: EnricoMi/publish-unit-test-result-action/composite@v2
+      if: always()
+      with:
+        files: |
+          Output/*.xml
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [0.6.2]
+
+###
+
+- Issue #24 Update Windows Thumbprint, convert to list for configuration.  Backwards compatiable checking.
+
 ## [0.6.1]
 
 ###

diff --git a/Invoke-Terraform/Configuration.psd1 b/Invoke-Terraform/Configuration.psd1
@@ -7,7 +7,7 @@
 
     HashiCorpPGPKeyId          = '0x34365D9472D7468F'
     HashiCorpTeamIdentifier    = 'D38WU7D763'
-    HashiCorpWindowsThumbprint = '35AB9FC834D217E9E7B1778FB1B97AF7C73792F2'
+    HashiCorpWindowsThumbprint = @('35AB9FC834D217E9E7B1778FB1B97AF7C73792F2', '7868E4F55FD7B047CD8BF93FEA8C38509CFB5939')
     PGPKeyServer               = 'keyserver.ubuntu.com'
 
     SquelchChecksumWarning     = $false

diff --git a/Invoke-Terraform/Invoke-Terraform.psd1 b/Invoke-Terraform/Invoke-Terraform.psd1
@@ -12,7 +12,7 @@
     RootModule        = 'Invoke-Terraform.psm1'
 
     # Version number of this module.
-    ModuleVersion     = '0.6.1'
+    ModuleVersion     = '0.6.2'
 
     # Supported PSEditions
     # CompatiblePSEditions = @()

diff --git a/Invoke-Terraform/Private/Install-TerraformBinary.ps1 b/Invoke-Terraform/Private/Install-TerraformBinary.ps1
@@ -21,6 +21,6 @@ Function Install-TerraformBinary {
 
     if ( -not (Test-TerraformCodeSignature -TFVersion $TFVersion -SkipCodeSignature:$SkipCodeSignature)) {
         Uninstall-Terraform -TFVersion $TFVersion
-        throw "Terraform $($TFversion) fail to pass Code Signature test. Uninstalling."
+        throw "Terraform $($TFversion) failed to pass Code Signature test. Uninstalling."
     }
 }
diff --git a/Invoke-Terraform/Private/Test-TerraformCodeSignature.ps1 b/Invoke-Terraform/Private/Test-TerraformCodeSignature.ps1
@@ -10,9 +10,20 @@ Function Test-TerraformCodeSignature {
     }
     if ($IsWindows) {
         # HashiCorp started signing with version 0.12.24
-        # TODO return true and throw a Warning
+        # HashiCorp updated the signature in 1.3.8
         $tfThumbprint = (Get-AuthenticodeSignature -FilePath (Get-TerraformPath -TFVersion $TFVersion)).SignerCertificate.Thumbprint
-        return $tfthumbprint -eq (Get-TerraformConfiguration).HashiCorpWindowsThumbprint
+        $configTFThumbprint = (Get-TerraformConfiguration).HashiCorpWindowsThumbprint
+
+        if ($configTFThumbprint -is [String]) {
+            # The configuration is a string
+            return ($configTFThumbprint -eq $tfThumbprint)
+        } elseif ($configTFThumbprint -is [Object[]]) {
+            # The configuration is a list
+            return ($configTFThumbprint -contains $tfThumbprint)
+        } else {
+            # The configuration is neither a string nor a list
+            throw 'Invalid configuration for HashiCorpWindowsThumbprint, needs list or string'
+        }
     }
     if ($IsMacOs) {
         if ($PSCmdlet.MyInvocation.BoundParameters['Verbose'].IsPresent) {

diff --git a/README.md b/README.md
@@ -69,7 +69,7 @@ security tolerance:
 | -------------------------- | ------------------------------------------------------------------------------------------- |
 | HashiCorpPGPKeyId          | 0x34365D9472D7468F                                                                          |
 | HashiCorpTeamIdentifier    | D38WU7D763                                                                                  |
-| HashiCorpWindowsThumbprint | 35AB9FC834D217E9E7B1778FB1B97AF7C73792F2                                                    |
+| HashiCorpWindowsThumbprint | 35AB9FC834D217E9E7B1778FB1B97AF7C73792F2, '7868E4F55FD7B047CD8BF93FEA8C38509CFB5939'         |
 | PGPKeyServer               | keyserver.ubuntu.com                                                                        |
 | SquelchChecksumWarning     | Turn off warning from gpg when HashiCorp imported key has not be signed. Defaults to false. |
 | SkipChecksum               | Turn off release archive checksum verification via gpg. Defaults to false.                  |

diff --git a/psakeFile.ps1 b/psakeFile.ps1
@@ -3,6 +3,7 @@ Properties {
     $PSBPreference.Test.ImportModule = $true
     # Broken?
     # $PSBPreference.Test.CodeCoverage.Enabled = $true
+    $PSBPreference.Test.ScriptAnalysisEnabled = $true
     $PSBPreference.Test.OutputFile = "$($PSBPreference.Build.OutDir)/testResults.xml"
 }
 

diff --git a/tests/unit/Set-TerraformConfiguration.tests.ps1 b/tests/unit/Set-TerraformConfiguration.tests.ps1
@@ -1,5 +1,15 @@
 # Only test configuration not covered by other tests
 Describe 'Set-TerraformVersion' {
+    BeforeAll {
+        $outputDir = [IO.Path]::Combine($ENV:BHProjectPath, 'Output')
+        $outputModDir = [IO.Path]::Combine($outputDir, $env:BHProjectName)
+        $outputBinDir = [IO.Path]::Combine($outputModDir, 'bin')
+
+        if (Test-Path $outputBinDir) {
+            Remove-Item -Recurse $outputBinDir
+        } 
+        New-Item $outputBinDir -ItemType directory
+    }
     It 'has Terraform version configuration set to 0.14.6' {
         Set-TerraformConfiguration -Configuration @{'TFVersion' = '0.14.6' } -Confirm:$false
         $setting = Get-TerraformConfiguration
@@ -10,4 +20,11 @@ Describe 'Set-TerraformVersion' {
         $setting = Get-TerraformConfiguration
         $setting.Fake | Should -Be $null
     }
+    It 'has string set for thumbprint' {
+        Set-TerraformConfiguration -Configuration @{'HashiCorpWindowsThumbprint' = '35AB9FC834D217E9E7B1778FB1B97AF7C73792F2'} -Confirm:$false
+        Install-Terraform -TFVersion 0.14.3
+        $testPath = [IO.Path]::Combine($outputBinDir, 'terraform_0.14.3*')
+        $test = Test-Path $testPath
+        $test | Should -BeTrue
+    }
 }
diff --git a/tests/unit/Set-TerraformStableBinary.tests.ps1 b/tests/unit/Set-TerraformStableBinary.tests.ps1
@@ -8,6 +8,11 @@ Describe 'Set-TerraformStableBinary' {
             Remove-Item -Recurse $outputBinDir
         } 
         New-Item $outputBinDir -ItemType directory
+
+        # Reset configuration
+        $configuration = [IO.Path]::Combine($ENV:BHPSModulePath, 'Configuration.psd1')
+        $defaultConfiguration = Import-Configuration -DefaultPath $configuration -CompanyName 'Invoke-Terraform' -Name 'Invoke-Terraform'
+        Set-TerraformConfiguration -Configuration $defaultConfiguration -Confirm:$false
     }
     It 'has version passed 0.14.2' {
         Set-TerraformStableBinary -TFVersion 0.14.2 -Confirm:$false