This repository is only used to illustrate how an attacker can execute arbitrary code in CI/CD environments by attacking your provider supply chain. Specifically by modifying a provider used in your Terraform configuration.
DO NOT UNDER ANY CIRCUMSTANCES USE THIS PROVIDER IN ANY REAL TERRAFORM CONFIGURATION
- Clone the repository
- Enter the repository directory
- Build the provider using the Go
buildcommand:
go build- Move the provider into your plugins directory
mv terraform-provider-poetry <some path>/plugins/registry.terraform.io/max-frank/poetry/1.0.0/darwin_arm64/This provider uses Go modules. Please see the Go documentation for the most up to date information about using Go modules.
To add a new dependency github.com/author/dependency to your Terraform provider:
go get github.com/author/dependency
go mod tidyThen commit the changes to go.mod and go.sum.
If you wish to work on the provider, you'll first need Go installed on your machine (see Requirements above).
To compile the provider, run go install. This will build the provider and put the provider binary in the $GOPATH/bin directory.
To generate or update documentation, run go generate.
In order to run the full suite of Acceptance tests, run make testacc.
Note: Acceptance tests create real resources, and often cost money to run.
make testacc