From 43128c28474eb80a3a34ffc98cd6a45a97b15d69 Mon Sep 17 00:00:00 2001 From: iosmanthus Date: Wed, 13 Dec 2023 21:50:35 +0800 Subject: [PATCH 1/9] marshal nested secrets value to string Signed-off-by: iosmanthus --- pkgs/sops-install-secrets/main.go | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go index 34756de..d47b93d 100644 --- a/pkgs/sops-install-secrets/main.go +++ b/pkgs/sops-install-secrets/main.go @@ -209,7 +209,7 @@ type plainData struct { binary []byte } -func recurseSecretKey(keys map[string]interface{}, wantedKey string) (string, error) { +func recurseSecretKey(format FormatType, keys map[string]interface{}, wantedKey string) (string, error) { var val interface{} var ok bool currentKey := wantedKey @@ -246,15 +246,26 @@ func recurseSecretKey(keys map[string]interface{}, wantedKey string) (string, er } currentData = make(map[string]interface{}) for key, value := range valWithWrongType { - currentData[key.(string)] = value + currentData[fmt.Sprintf("%v", key)] = value } } - strVal, ok := val.(string) - if !ok { - return "", fmt.Errorf("The value of key '%s' is not a string", keyUntilNow) + var marshaller func(interface{}) ([]byte, error) + switch format { + case Json: + marshaller = json.Marshal + case Yaml: + marshaller = yaml.Marshal + default: + return "", fmt.Errorf("Secret of type %s is not supported", format) } - return strVal, nil + + strVal, err := marshaller(val) + if err != nil { + return "", fmt.Errorf("Cannot the value of key '%s': %w", keyUntilNow, err) + } + + return string(strVal), nil } func decryptSecret(s *secret, sourceFiles map[string]plainData) error { @@ -284,7 +295,7 @@ func decryptSecret(s *secret, sourceFiles map[string]plainData) error { case Binary, Dotenv, Ini: s.value = sourceFile.binary case Yaml, Json: - strVal, err := recurseSecretKey(sourceFile.data, s.Key) + strVal, err := recurseSecretKey(s.Format, sourceFile.data, s.Key) if err != nil { return fmt.Errorf("secret %s in %s is not valid: %w", s.Name, s.SopsFile, err) } @@ -446,7 +457,7 @@ func (app *appContext) validateSopsFile(s *secret, file *secretFile) error { file.firstSecret.Format, file.firstSecret.Name) } if app.checkMode != Manifest && (!(s.Format == Binary || s.Format == Dotenv || s.Format == Ini)) { - _, err := recurseSecretKey(file.keys, s.Key) + _, err := recurseSecretKey(s.Format, file.keys, s.Key) if err != nil { return fmt.Errorf("secret %s in %s is not valid: %w", s.Name, s.SopsFile, err) } From 8f44eed8b8dbb4aa9928370ba873e3457e0d020c Mon Sep 17 00:00:00 2001 From: iosmanthus Date: Wed, 13 Dec 2023 22:02:04 +0800 Subject: [PATCH 2/9] fix error message Signed-off-by: iosmanthus --- pkgs/sops-install-secrets/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go index d47b93d..c324337 100644 --- a/pkgs/sops-install-secrets/main.go +++ b/pkgs/sops-install-secrets/main.go @@ -262,7 +262,7 @@ func recurseSecretKey(format FormatType, keys map[string]interface{}, wantedKey strVal, err := marshaller(val) if err != nil { - return "", fmt.Errorf("Cannot the value of key '%s': %w", keyUntilNow, err) + return "", fmt.Errorf("Cannot marshal the value of key '%s': %w", keyUntilNow, err) } return string(strVal), nil From 95f888cdc59ef11c89ec3b2f22e71a52765e5180 Mon Sep 17 00:00:00 2001 From: iosmanthus Date: Thu, 14 Dec 2023 00:21:20 +0800 Subject: [PATCH 3/9] trim strVal Signed-off-by: iosmanthus --- pkgs/sops-install-secrets/main.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go index c324337..a153451 100644 --- a/pkgs/sops-install-secrets/main.go +++ b/pkgs/sops-install-secrets/main.go @@ -264,6 +264,7 @@ func recurseSecretKey(format FormatType, keys map[string]interface{}, wantedKey if err != nil { return "", fmt.Errorf("Cannot marshal the value of key '%s': %w", keyUntilNow, err) } + strVal = bytes.TrimSpace(strVal) return string(strVal), nil } From b0e9f7cc9961150d984c4cdd50510ad3b3732447 Mon Sep 17 00:00:00 2001 From: iosmanthus Date: Thu, 6 Jun 2024 16:40:07 +0800 Subject: [PATCH 4/9] test Signed-off-by: iosmanthus --- pkgs/sops-install-secrets/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go index c9c5f74..52751d9 100644 --- a/pkgs/sops-install-secrets/main.go +++ b/pkgs/sops-install-secrets/main.go @@ -474,7 +474,7 @@ func (app *appContext) validateSopsFile(s *secret, file *secretFile) error { if app.checkMode != Manifest && (s.Format != Binary && s.Format != Dotenv && s.Format != Ini) { _, err := recurseSecretKey(s.Format, file.keys, s.Key) if err != nil { - return fmt.Errorf("secret %s in %s is not valid: %w", s.Name, s.SopsFile, err) + return fmt.Errorf("secret %s in %s is not valid: %w (format: %s)", s.Name, s.SopsFile, err, s.Format) } } return nil From 535d34544675f06176511ef7bf976e3da2a0ab7c Mon Sep 17 00:00:00 2001 From: iosmanthus Date: Thu, 6 Jun 2024 16:44:43 +0800 Subject: [PATCH 5/9] test Signed-off-by: iosmanthus --- pkgs/sops-install-secrets/main.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go index 52751d9..26381c6 100644 --- a/pkgs/sops-install-secrets/main.go +++ b/pkgs/sops-install-secrets/main.go @@ -242,8 +242,8 @@ func recurseSecretKey(format FormatType, keys map[string]interface{}, wantedKey if !ok { return "", fmt.Errorf("the key '%s' cannot be found", keyUntilNow) } - var valWithWrongType map[interface{}]interface{} - valWithWrongType, ok = val.(map[interface{}]interface{}) + var valWithWrongType map[string]interface{} + valWithWrongType, ok = val.(map[string]interface{}) if !ok { return "", fmt.Errorf("key '%s' does not refer to a dictionary", keyUntilNow) } @@ -474,7 +474,7 @@ func (app *appContext) validateSopsFile(s *secret, file *secretFile) error { if app.checkMode != Manifest && (s.Format != Binary && s.Format != Dotenv && s.Format != Ini) { _, err := recurseSecretKey(s.Format, file.keys, s.Key) if err != nil { - return fmt.Errorf("secret %s in %s is not valid: %w (format: %s)", s.Name, s.SopsFile, err, s.Format) + return fmt.Errorf("secret %s in %s is not valid: %w", s.Name, s.SopsFile, err) } } return nil From 16c8f814006a13278c285b3e3c8a7d0002cbdca7 Mon Sep 17 00:00:00 2001 From: iosmanthus Date: Thu, 6 Jun 2024 16:55:38 +0800 Subject: [PATCH 6/9] test Signed-off-by: iosmanthus --- pkgs/sops-install-secrets/main.go | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go index 26381c6..8db7491 100644 --- a/pkgs/sops-install-secrets/main.go +++ b/pkgs/sops-install-secrets/main.go @@ -242,14 +242,26 @@ func recurseSecretKey(format FormatType, keys map[string]interface{}, wantedKey if !ok { return "", fmt.Errorf("the key '%s' cannot be found", keyUntilNow) } - var valWithWrongType map[string]interface{} - valWithWrongType, ok = val.(map[string]interface{}) - if !ok { - return "", fmt.Errorf("key '%s' does not refer to a dictionary", keyUntilNow) - } - currentData = make(map[string]interface{}) - for key, value := range valWithWrongType { - currentData[fmt.Sprintf("%v", key)] = value + if format == JSON { + var valWithWrongType map[string]interface{} + valWithWrongType, ok = val.(map[string]interface{}) + if !ok { + return "", fmt.Errorf("key '%s' does not refer to a dictionary", keyUntilNow) + } + currentData = make(map[string]interface{}) + for key, value := range valWithWrongType { + currentData[fmt.Sprintf("%v", key)] = value + } + } else { + var valWithWrongType map[interface{}]interface{} + valWithWrongType, ok = val.(map[interface{}]interface{}) + if !ok { + return "", fmt.Errorf("key '%s' does not refer to a dictionary", keyUntilNow) + } + currentData = make(map[string]interface{}) + for key, value := range valWithWrongType { + currentData[fmt.Sprintf("%v", key)] = value + } } } From 2431a8ccd6c199e11f86b898e3ef94ebe0af5913 Mon Sep 17 00:00:00 2001 From: iosmanthus Date: Thu, 6 Jun 2024 17:07:28 +0800 Subject: [PATCH 7/9] nested only for json Signed-off-by: iosmanthus --- pkgs/sops-install-secrets/main.go | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go index 8db7491..268f2a7 100644 --- a/pkgs/sops-install-secrets/main.go +++ b/pkgs/sops-install-secrets/main.go @@ -265,28 +265,22 @@ func recurseSecretKey(format FormatType, keys map[string]interface{}, wantedKey } } - var marshaller func(interface{}) ([]byte, error) - switch format { - case JSON: - marshaller = json.Marshal - case Yaml: - marshaller = yaml.Marshal - default: - return "", fmt.Errorf("secret of type %s is not supported", format) - } - // If the value is a string, do not marshal it. if strVal, ok := val.(string); ok { return strVal, nil } - strVal, err := marshaller(val) - if err != nil { - return "", fmt.Errorf("cannot marshal the value of key '%s': %w", keyUntilNow, err) + switch format { + case JSON: + strVal, err := json.Marshal(val) + if err != nil { + return "", fmt.Errorf("cannot marshal the value of key '%s': %w", keyUntilNow, err) + } + strVal = bytes.Trim(strVal, "\"") + return string(strVal), nil + default: + return "", fmt.Errorf("nested secrets are not supported for %s", format) } - strVal = bytes.TrimSpace(strVal) - - return string(strVal), nil } func decryptSecret(s *secret, sourceFiles map[string]plainData) error { From 37d6c28beffabbf95f0fd9d68343799cd25e9d3a Mon Sep 17 00:00:00 2001 From: iosmanthus Date: Thu, 6 Jun 2024 17:10:10 +0800 Subject: [PATCH 8/9] nested only for json Signed-off-by: iosmanthus --- pkgs/sops-install-secrets/main.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go index 268f2a7..bd6f4a0 100644 --- a/pkgs/sops-install-secrets/main.go +++ b/pkgs/sops-install-secrets/main.go @@ -277,6 +277,7 @@ func recurseSecretKey(format FormatType, keys map[string]interface{}, wantedKey return "", fmt.Errorf("cannot marshal the value of key '%s': %w", keyUntilNow, err) } strVal = bytes.Trim(strVal, "\"") + fmt.Println(string(strVal)) return string(strVal), nil default: return "", fmt.Errorf("nested secrets are not supported for %s", format) From f8f6f1b0068e02fb900897060dcd9b991f3a93af Mon Sep 17 00:00:00 2001 From: iosmanthus Date: Thu, 6 Jun 2024 17:37:54 +0800 Subject: [PATCH 9/9] test Signed-off-by: iosmanthus --- pkgs/sops-install-secrets/main.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go index bd6f4a0..f096250 100644 --- a/pkgs/sops-install-secrets/main.go +++ b/pkgs/sops-install-secrets/main.go @@ -276,8 +276,6 @@ func recurseSecretKey(format FormatType, keys map[string]interface{}, wantedKey if err != nil { return "", fmt.Errorf("cannot marshal the value of key '%s': %w", keyUntilNow, err) } - strVal = bytes.Trim(strVal, "\"") - fmt.Println(string(strVal)) return string(strVal), nil default: return "", fmt.Errorf("nested secrets are not supported for %s", format)