Support all sops formats

Use the code from sops to determine format instead of reimplementing ourselves.
goabout · May 19, 2020 · 09e94d3 · 09e94d3
1 parent 5b74b9d
commit 09e94d3
Show file tree

Hide file tree

Showing 6 changed files with 76 additions and 42 deletions.
diff --git a/SopsSecretGenerator.go b/SopsSecretGenerator.go
@@ -192,18 +192,18 @@ func parseEnvSource(source string, data kvMap) error {
 		return errors.Wrap(err, "could not read file")
 	}
 
-	format := formatForPath(source)
-	decrypted, err := decrypt.Data(content, format)
+	format := formats.FormatForPath(source)
+	decrypted, err := decrypt.DataWithFormat(content, format)
 	if err != nil {
 		return errors.Wrap(err, "sops could not decrypt")
 	}
 
 	switch format {
-	case "dotenv":
+	case formats.Dotenv:
 		err = parseDotEnvContent(decrypted, data)
-	case "yaml":
+	case formats.Yaml:
 		err = parseYAMLContent(decrypted, data)
-	case "json":
+	case formats.Json:
 		err = parseJSONContent(decrypted, data)
 	default:
 		err = errors.New("unknown file format, use dotenv, yaml or json")
@@ -298,7 +298,7 @@ func parseFileSource(source string, data kvMap) error {
 		return errors.Wrap(err, "could not read file")
 	}
 
-	decrypted, err := decrypt.Data(content, formatForPath(source))
+	decrypted, err := decrypt.DataWithFormat(content, formats.FormatForPath(source))
 	if err != nil {
 		return errors.Wrap(err, "sops could not decrypt")
 	}
@@ -325,14 +325,3 @@ func parseFileName(source string) (key string, fn string, err error) {
 		return "", "", errors.New("key names or file paths cannot contain '='")
 	}
 }
-
-func formatForPath(path string) string {
-	if formats.IsYAMLFile(path) {
-		return "yaml"
-	} else if formats.IsJSONFile(path) {
-		return "json"
-	} else if formats.IsEnvFile(path) {
-		return "dotenv"
-	}
-	return "binary"
-}
diff --git a/SopsSecretGenerator_test.go b/SopsSecretGenerator_test.go
@@ -465,7 +465,12 @@ func Test_parseFileSource(t *testing.T) {
 		want    kvMap
 		wantErr bool
 	}{
-		{"File", args{"testdata/file.txt"}, kvMap{"file.txt": b64("secret\n")}, false},
+		{"Yaml", args{"testdata/file.yaml"}, kvMap{"file.yaml": b64("var: secret\n")}, false},
+		{"Json", args{"testdata/file.json"}, kvMap{"file.json": b64("{\n\t\"var\": \"secret\"\n}")}, false},
+		{"Env", args{"testdata/file.env"}, kvMap{"file.env": b64("VAR=secret\n")}, false},
+		{"Ini", args{"testdata/file.ini"}, kvMap{"file.ini": b64("[section]\nvar = secret\n\n")}, false},
+		{"Binary", args{"testdata/file.txt"}, kvMap{"file.txt": b64("secret\n")}, false},
+		{"BinaryRenamed", args{"renamed.txt=testdata/file.txt"}, kvMap{"renamed.txt": b64("secret\n")}, false},
 		{"MissingFile", args{"testdata/missing.txt"}, kvMap{}, true},
 		{"InvalidName", args{"=testdata/file.txt"}, kvMap{}, true},
 		{"NotSopsFile", args{"testdata/empty.txt"}, kvMap{}, true},
@@ -520,30 +525,6 @@ func Test_parseFileName(t *testing.T) {
 	}
 }
 
-func Test_formatForPath(t *testing.T) {
-	type args struct {
-		path string
-	}
-	tests := []struct {
-		name string
-		args args
-		want string
-	}{
-		{"YAMLLong", args{"dir/file.yaml"}, "yaml"},
-		{"YAMLShort", args{"dir/file.yml"}, "yaml"},
-		{"JSON", args{"dir/file.json"}, "json"},
-		{"DotEnv", args{"dir/file.env"}, "dotenv"},
-		{"Other", args{"dir/file.txt"}, "binary"},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := formatForPath(tt.args.path); got != tt.want {
-				t.Errorf("formatForPath() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-
 // Test util functions
 
 func b64(s string) string {

diff --git a/testdata/file.env b/testdata/file.env
@@ -0,0 +1,8 @@
+VAR=ENC[AES256_GCM,data:NVwQxpgd,iv:mMLKn5MjuqiGUNKC35d4egbPIh43HJZZ8IyIJuzexD8=,tag:zr8p6vwaV/innB0lHgTbbg==,type:str]
+sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhQEMA6z+tHR/duVIAQf/YNQr7N4ZCx/kETNXka06HvTTuq5VpUW9sCrRDxLOx0yL\nweno/z8kbVti4SraTxoF4Wx4Vyy5E0DOqRU5u1ELtMqG8jlZ37xenwn3knaqtRGs\ndMVhRwi7zjMsh9Qt1wcq3ZdhtAFTqZ9rglBt1rrWIHB6miyXG/XGwTz0WRUs02b0\nET9e+E7TAB4fZgWzhYVqBRCIKV4M1ZDOJ4l77rA01I/SUZyqmtA1EqPUNDwGMhUi\nigSPS4TLXdn0fVKeL8x91QHGAHolRYM1jtxt93A4O7MW4afD6FuBdCabeh1dexy0\nQanbWK8P+EcR9r06BVkLuMNfrz4hR0KM18mSvVHzfdJeAXkUQ+uqjgu0odpuFafu\nsuiVJHClwup209csOmWEfmQcayvjKl6tTnYtFDpYbiiEbjSn1npbZt5QndzgrLMn\nemXDrQbdVdWVCmRwRrDg2Rel5nk4n05fFKb48xK8kw==\n=7F1y\n-----END PGP MESSAGE-----\n
+sops_version=3.5.0
+sops_unencrypted_suffix=_unencrypted
+sops_lastmodified=2020-05-19T10:12:41Z
+sops_mac=ENC[AES256_GCM,data:rDwXeihjRe2MhBqLVdDyqEzmcFLagvOEgEKtCdLnbbaEiBgVzCPdVaSdPeI++AMTsSY6R3VdSFeLGFKIljjkhCjQG5EdZDOi4SuNqv+vdeGwtBH6IfzSNicbL5WOMWkSCVg+F/s1uy5vMZvWTAchHpj8kO6Elzf8KeNMkOrnE3o=,iv:12xIFlgZ/RAxwz9haqH7YXtK1Tp2jujWCxGn9aqTLRo=,tag:1txT1KmUvMM9bO2OBWR0AQ==,type:str]
+sops_pgp__list_0__map_fp=2D2483DF73A3A0FAEE3C2A695BDC395360CE8FF4
+sops_pgp__list_0__map_created_at=2020-05-19T10:12:40Z
diff --git a/testdata/file.ini b/testdata/file.ini
@@ -0,0 +1,12 @@
+[section]
+var = ENC[AES256_GCM,data:c4yMV48f,iv:FlZOGNhY0hOFCvIpsyqUX02pctrRKFU5BjKWP/7wyhg=,tag:VqBJOSmOzpMgocAxrq9TEQ==,type:str]
+
+[sops]
+pgp__list_0__map_enc        = -----BEGIN PGP MESSAGE-----\n\nhQEMA6z+tHR/duVIAQf/ftZbAhRGKKyClseAwJsoANriLqv3AlJzb8NwPsoq3hRv\ng62oN24Km8dMgYZjmdR2knNUpRvJWr7ZcFQbxybAUIWCrisNG1frS6nxSVls1db/\nj8KhyhTLOJUk7sdXvHVicRxoUJhG9PnpjKRmUygvdIIDEnDsNPuUGoMTOKhKvSjS\nRnj2ZfAGAGDnRd6f6AbYJ/N1lhgQp2X7nGeJzrXgwjQFvQY9eGLdpiSyTbR/004p\nEqNdVaGOMpIXGZ4+3iwQIkNUbNPQXFFqzgPIAKh1KpD/kOsh7KjNp8ms1dUYtlTf\neV6UY8/nH+MJhRZ6k9Y2LafJGV8jGMC/qsNYh+vxA9JeAXYk9nrv6fT25PRTlpuY\nrhA7jeBNm63A5RZxvPK08AoUkWLGmoZODpW9pTR0wJ2UmE5Te2dWsYdVj7qYmRf3\naNV6EbZ3hB7oSaeadUdrCAJEmeb4ej34hfwoFq3Rcg==\n=ptKs\n-----END PGP MESSAGE-----\n
+version                     = 3.5.0
+mac                         = ENC[AES256_GCM,data:NB6YJI6kMvHlQ1Qdq3g2QDqUej3YpwSPy4/yeENCXkuSFVyUCMvphGafwz/4V58+u4QK8LmRd73CXN3diKYoGcFlWS9Bjway3mUFol84h2i4rALEAvCT6N1L+9CpBKM174/KYQIu+3Yc6i6qQOQie/TBeBr7RJHLdGEJY4DQRzU=,iv:cUvSGD+RYOu83+yBfoqmppFexedJegVx+xtebSCC1Ao=,tag:SHN0eYoGkhvSJtuAdgXMOQ==,type:str]
+lastmodified                = 2020-05-19T10:16:06Z
+pgp__list_0__map_created_at = 2020-05-19T10:16:04Z
+pgp__list_0__map_fp         = 2D2483DF73A3A0FAEE3C2A695BDC395360CE8FF4
+unencrypted_suffix          = _unencrypted
+
diff --git a/testdata/file.json b/testdata/file.json
@@ -0,0 +1,19 @@
+{
+	"var": "ENC[AES256_GCM,data:bORCvodk,iv:FOsMKtpoisTtYOQBZix6DY2qCYskBp21fcuLwg1oMvU=,tag:Le0RZYkKwrW62LKIyTabpQ==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"lastmodified": "2020-05-19T10:12:37Z",
+		"mac": "ENC[AES256_GCM,data:dtchUcCPDd0gGADWfnzxScocL3xKCfpPe/kjgsRlzVqzubc08gqB8FtEGjdGN8v1cXrPcOX4SfFAUAaquFLLOiSWjEQaSp9qioVLFG8sboj8STFT5GlD8b4q/KHQC1po+ZHa42eixMnKEterj3KBL4karRgUC2Stn9GAXk7dqxk=,iv:dzqyXmcL0RSCqinn+9puIJkjI97HRul5xcoh6yfCGus=,tag:pFT2ADWtcHq8hOXJW6nrYA==,type:str]",
+		"pgp": [
+			{
+				"created_at": "2020-05-19T10:12:36Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA6z+tHR/duVIAQf/ThgLBFw3GvA8WxGvrJ+Qcv0s6/GpGuDU1L70hiikDMHp\nmthXmVUXs6p6NkrcMGNqz1wbIgiTwqBjNMeFgORzP89kDNPGN9wD2u6BUpZyI5Q2\n5M7TqOBAqk1n8+1UyS/TZ3J5WmvZk+F0O2D1VgVr0l91l5RtzPImbbKAR88dfvjJ\nTSjQfgiFcfXTYkOKA9wHeFHmKowOmirSfIJTETvpI1x0DQjbfGxsQfezqVCtxCCg\nGzezDFW7uiIflR4aRooP7eGdHG4skHbWaewnS8iWuX0KfZ//1aLDgq+LrQd880um\nQrJYB3SzJ2SDrRHmoSj1ine8PPsF+TVv+tdXFjrcF9JeAY0okjHleIVtxUlTrtzJ\nvEUVAPwz0e8CW2yzOwa4Mg45pyBQkgUHqek5xtYQOCkuE1/k4mC/PvYGKJSvz8Fx\nKUuN+Yu/ie0bP7G5VGs/IwF986nN6X3BdYsDHPMTkg==\n=ZGfK\n-----END PGP MESSAGE-----\n",
+				"fp": "2D2483DF73A3A0FAEE3C2A695BDC395360CE8FF4"
+			}
+		],
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.5.0"
+	}
+}
diff --git a/testdata/file.yaml b/testdata/file.yaml
@@ -0,0 +1,25 @@
+var: ENC[AES256_GCM,data:yQzKPdit,iv:DkYZhpQOWqIjWuWmtvweQTpy76KrmQAlpDwIucENwkM=,tag:SCEmkgivcFAr9l+E8uRHUQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    lastmodified: '2020-05-19T10:12:31Z'
+    mac: ENC[AES256_GCM,data:WVZe0SfBqgTUGi5/DaRgWSJIb6oe4wl/gOzAtbabq0aZ05BGyObLA8VdIsRsFi3EXY2mXjJ5xhL19X9W0mHZLjjNxgkvEj6uQiOVQTXvkbI9686LnC9EutRWV2wzWY2Y4JKZneE7hAf04of49mYNH8SRbrOhn4+IvaQE+lBR9Ko=,iv:2C7M72ANAW7uCnAWP3XkvieE0/FaiWRBilAxle/jd/4=,tag:OomqTyw9VaxaILEuGh7d7g==,type:str]
+    pgp:
+    -   created_at: '2020-05-19T10:12:27Z'
+        enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQEMA6z+tHR/duVIAQf+MDn2tWhDK5RdtxSN/6Ax/8pxTnid4sPxXE0Y5CJfyw/E
+            x4ZhLAwdcBp0eIPuZosig4gK+JpCQ5K9scpbUrM/OcHlBUnGl5BGTrZS9E7B7Xj6
+            CmK+WVImh1xlWeBE7FzWXNut6cMeTfc4KETyoLdz7bUh+hLR6Hh/mAtw3bkBM/+D
+            Hk+0BUYIMkWWFudAayxb8/bCkm9j6ovRowk8RnNo5mkjrSw/nlsURBU0x1ci/wgz
+            rnH8oRVBnZJOX6tQZ104oYdVS4/jWdhemRGVaWKAASg3OEOMi+I8FxXlOuRl41dJ
+            dXcTZSL1EMTI0Co5b+bsQZLSgyBl3xLEzG3mJEA+29JcAZ7+0R/Sjt9xstzZpyTH
+            peNhR6pHLJ4vp4m6FGSLeJEhVZFqTYV35uc4jnFFd1sYTPd+8e8WVItkMOqwzeIO
+            gIgpgu0CeDCpYPyP9mMPtt0BkKqvkKlhb1q/3w4=
+            =snSI
+            -----END PGP MESSAGE-----
+        fp: 2D2483DF73A3A0FAEE3C2A695BDC395360CE8FF4
+    unencrypted_suffix: _unencrypted
+    version: 3.5.0