Merge pull request #234 from autrilla/yaml-list-comments

Fix YAML comments in lists
2026-02-05 12:45:21 +01:00 · 2017-09-15 21:25:40 -07:00
parent 08165de2a8 7911bb1542
commit 5caa68e1cd
8 changed files with 104 additions and 68 deletions
--- a/functional-tests/res/comments.enc.yaml
+++ b/functional-tests/res/comments.enc.yaml
@@ -0,0 +1,23 @@
+lorem: ENC[AES256_GCM,data:PhmSdTs=,iv:J5ugEWq6RfyNx+5zDXvcTdoQ18YYZkqesDED7LNzou4=,tag:0Qrom6J6aUnZMZzGz5XCxw==,type:str]
+#ENC[AES256_GCM,data:HiHCasVRzWUiFxKb3X/AcEeM,iv:bmNg+T91dqGk/CEtVH+FDC53osDCEPmWmJKpLyAU5OM=,tag:bTLDYxQSAfYDCBYccoUokQ==,type:comment]
+dolor: ENC[AES256_GCM,data:IgvT,iv:wtPNYbDTARFE810PH6ldOLzCDcAjkB/dzPsZjpgHcko=,tag:zwE8P+AwO1hrHkgF6pTbZw==,type:str]
+sops:
+    kms: []
+    lastmodified: '2017-08-16T03:41:16Z'
+    mac: ENC[AES256_GCM,data:3ngUnY2hkK6pkDbCeAnOHsi/M6bLnGk1vkd+EeGyN/efqJZmwH0+9hUdACNnwHzofIR6NbtCGZal+cSCuTGD4eDuqNV+LbwV1/EaaVZj9RktTNXq3STSXxfzYGoHV3NOMtBhq6sYhF0U72nunreCymm3QzOTylAa2HlmRs54axM=,iv:EMXphsMa+ELK8XXX3MDfFJe3jFgXzwCSwjxNR5ah14k=,tag:gakwLdPvwyihj+FkTG/2kQ==,type:str]
+    pgp:
+    -   created_at: '2017-08-16T03:41:16Z'
+        enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            wYwDEEVDpnzXnMABBAAlUcnNciv6rGJua/wmjVYBAHD95VT/M6cc8dg0bPR8XH5a
+            /GeM2RasBzX7ICuBijjesY9exsnrTkBK3/1XpAjygdiW5DciXmqRz/5nE4DLxH+w
+            nZvmnCmg8AdfPKxhr+eM+pKibiN4uEhsJggA9c2ACUQ/YMo4o04fLKZGXqGtT9Lg
+            AeRiZfM3ykiyHDbUQ3P9YAdL4fH44A3gpeHoGeBv4iBFFE7ge+XCby9rgN9Qa7NF
+            /Wahxm7U3RcwT6JSbNDHNCJtolEPeuCR5D2/Kc/2b30e6fLDnpbfSJXiRh4TbOG3
+            rAA=
+            =7P04
+            -----END PGP MESSAGE-----
+        fp: 1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A
+    unencrypted_suffix: _unencrypted
+    version: 2.0.9
--- a/functional-tests/res/comments.yaml
+++ b/functional-tests/res/comments.yaml
@@ -0,0 +1,3 @@
+lorem: ipsum
+# this-is-a-comment
+dolor: sit
--- a/functional-tests/res/comments_list.yaml
+++ b/functional-tests/res/comments_list.yaml
@@ -0,0 +1,4 @@
+lorem:
+- foo
+#this-is-a-comment
+- bar
--- a/functional-tests/res/comments_unencrypted_comments.yaml
+++ b/functional-tests/res/comments_unencrypted_comments.yaml
@@ -0,0 +1,23 @@
+lorem: ENC[AES256_GCM,data:PhmSdTs=,iv:J5ugEWq6RfyNx+5zDXvcTdoQ18YYZkqesDED7LNzou4=,tag:0Qrom6J6aUnZMZzGz5XCxw==,type:str]
+# this-is-a-comment
+dolor: ENC[AES256_GCM,data:IgvT,iv:wtPNYbDTARFE810PH6ldOLzCDcAjkB/dzPsZjpgHcko=,tag:zwE8P+AwO1hrHkgF6pTbZw==,type:str]
+sops:
+    kms: []
+    lastmodified: '2017-08-16T03:41:16Z'
+    mac: ENC[AES256_GCM,data:3ngUnY2hkK6pkDbCeAnOHsi/M6bLnGk1vkd+EeGyN/efqJZmwH0+9hUdACNnwHzofIR6NbtCGZal+cSCuTGD4eDuqNV+LbwV1/EaaVZj9RktTNXq3STSXxfzYGoHV3NOMtBhq6sYhF0U72nunreCymm3QzOTylAa2HlmRs54axM=,iv:EMXphsMa+ELK8XXX3MDfFJe3jFgXzwCSwjxNR5ah14k=,tag:gakwLdPvwyihj+FkTG/2kQ==,type:str]
+    pgp:
+    -   created_at: '2017-08-16T03:41:16Z'
+        enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            wYwDEEVDpnzXnMABBAAlUcnNciv6rGJua/wmjVYBAHD95VT/M6cc8dg0bPR8XH5a
+            /GeM2RasBzX7ICuBijjesY9exsnrTkBK3/1XpAjygdiW5DciXmqRz/5nE4DLxH+w
+            nZvmnCmg8AdfPKxhr+eM+pKibiN4uEhsJggA9c2ACUQ/YMo4o04fLKZGXqGtT9Lg
+            AeRiZfM3ykiyHDbUQ3P9YAdL4fH44A3gpeHoGeBv4iBFFE7ge+XCby9rgN9Qa7NF
+            /Wahxm7U3RcwT6JSbNDHNCJtolEPeuCR5D2/Kc/2b30e6fLDnpbfSJXiRh4TbOG3
+            rAA=
+            =7P04
+            -----END PGP MESSAGE-----
+        fp: 1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A
+    unencrypted_suffix: _unencrypted
+    version: 2.0.9
--- a/functional-tests/src/lib.rs
+++ b/functional-tests/src/lib.rs
@@ -251,49 +251,32 @@ b: ba"#

    #[test]
    fn encrypt_comments() {
-        let file_contents = br#"
-        lorem: ipsum
-        # this-is-a-comment
-        dolor: sit
-        "#;
-        let file_path = prepare_temp_file("test_encrypt_comments.yaml", file_contents);
+        let file_path = "res/comments.yaml";
        let output = Command::new(SOPS_BINARY_PATH)
-                    .arg("-e")
-                    .arg(file_path.clone())
-                    .output()
-                    .expect("Error running sops");
+            .arg("-e")
+            .arg(file_path.clone())
+            .output()
+            .expect("Error running sops");
        assert!(output.status.success(), "SOPS didn't return successfully");
        assert!(!String::from_utf8_lossy(&output.stdout).contains("this-is-a-comment"), "Comment was not encrypted");
    }

    #[test]
-    fn decrypt_comments() {
-        let file_contents = br#"
-        lorem: ENC[AES256_GCM,data:PhmSdTs=,iv:J5ugEWq6RfyNx+5zDXvcTdoQ18YYZkqesDED7LNzou4=,tag:0Qrom6J6aUnZMZzGz5XCxw==,type:str]
-        #ENC[AES256_GCM,data:HiHCasVRzWUiFxKb3X/AcEeM,iv:bmNg+T91dqGk/CEtVH+FDC53osDCEPmWmJKpLyAU5OM=,tag:bTLDYxQSAfYDCBYccoUokQ==,type:comment]
-        dolor: ENC[AES256_GCM,data:IgvT,iv:wtPNYbDTARFE810PH6ldOLzCDcAjkB/dzPsZjpgHcko=,tag:zwE8P+AwO1hrHkgF6pTbZw==,type:str]
-        sops:
-            kms: []
-            lastmodified: '2017-08-16T03:41:16Z'
-            mac: ENC[AES256_GCM,data:3ngUnY2hkK6pkDbCeAnOHsi/M6bLnGk1vkd+EeGyN/efqJZmwH0+9hUdACNnwHzofIR6NbtCGZal+cSCuTGD4eDuqNV+LbwV1/EaaVZj9RktTNXq3STSXxfzYGoHV3NOMtBhq6sYhF0U72nunreCymm3QzOTylAa2HlmRs54axM=,iv:EMXphsMa+ELK8XXX3MDfFJe3jFgXzwCSwjxNR5ah14k=,tag:gakwLdPvwyihj+FkTG/2kQ==,type:str]
-            pgp:
-            -   created_at: '2017-08-16T03:41:16Z'
-                enc: |-
-                    -----BEGIN PGP MESSAGE-----
+    fn encrypt_comments_list() {
+        let file_path = "res/comments_list.yaml";
+        let output = Command::new(SOPS_BINARY_PATH)
+            .arg("-e")
+            .arg(file_path.clone())
+            .output()
+            .expect("Error running sops");
+        assert!(output.status.success(), "SOPS didn't return successfully");
+        assert!(!String::from_utf8_lossy(&output.stdout).contains("this-is-a-comment"), "Comment was not encrypted");
+        assert!(!String::from_utf8_lossy(&output.stdout).contains("this-is-a-comment"), "Comment was not encrypted");
+    }

-                    wYwDEEVDpnzXnMABBAAlUcnNciv6rGJua/wmjVYBAHD95VT/M6cc8dg0bPR8XH5a
-                    /GeM2RasBzX7ICuBijjesY9exsnrTkBK3/1XpAjygdiW5DciXmqRz/5nE4DLxH+w
-                    nZvmnCmg8AdfPKxhr+eM+pKibiN4uEhsJggA9c2ACUQ/YMo4o04fLKZGXqGtT9Lg
-                    AeRiZfM3ykiyHDbUQ3P9YAdL4fH44A3gpeHoGeBv4iBFFE7ge+XCby9rgN9Qa7NF
-                    /Wahxm7U3RcwT6JSbNDHNCJtolEPeuCR5D2/Kc/2b30e6fLDnpbfSJXiRh4TbOG3
-                    rAA=
-                    =7P04
-                    -----END PGP MESSAGE-----
-                fp: 1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A
-            unencrypted_suffix: _unencrypted
-            version: 2.0.9
-        "#;
-        let file_path = prepare_temp_file("test_decrypt_comments.yaml", file_contents);
+    #[test]
+    fn decrypt_comments() {
+        let file_path = "res/comments.enc.yaml";
        let output = Command::new(SOPS_BINARY_PATH)
                    .arg("-d")
                    .arg(file_path.clone())
@@ -305,32 +288,7 @@ b: ba"#

    #[test]
    fn decrypt_comments_unencrypted_comments() {
-        let file_contents = br#"
-        lorem: ENC[AES256_GCM,data:PhmSdTs=,iv:J5ugEWq6RfyNx+5zDXvcTdoQ18YYZkqesDED7LNzou4=,tag:0Qrom6J6aUnZMZzGz5XCxw==,type:str]
-        # this-is-a-comment
-        dolor: ENC[AES256_GCM,data:IgvT,iv:wtPNYbDTARFE810PH6ldOLzCDcAjkB/dzPsZjpgHcko=,tag:zwE8P+AwO1hrHkgF6pTbZw==,type:str]
-        sops:
-            kms: []
-            lastmodified: '2017-08-16T03:41:16Z'
-            mac: ENC[AES256_GCM,data:3ngUnY2hkK6pkDbCeAnOHsi/M6bLnGk1vkd+EeGyN/efqJZmwH0+9hUdACNnwHzofIR6NbtCGZal+cSCuTGD4eDuqNV+LbwV1/EaaVZj9RktTNXq3STSXxfzYGoHV3NOMtBhq6sYhF0U72nunreCymm3QzOTylAa2HlmRs54axM=,iv:EMXphsMa+ELK8XXX3MDfFJe3jFgXzwCSwjxNR5ah14k=,tag:gakwLdPvwyihj+FkTG/2kQ==,type:str]
-            pgp:
-            -   created_at: '2017-08-16T03:41:16Z'
-                enc: |-
-                    -----BEGIN PGP MESSAGE-----
-
-                    wYwDEEVDpnzXnMABBAAlUcnNciv6rGJua/wmjVYBAHD95VT/M6cc8dg0bPR8XH5a
-                    /GeM2RasBzX7ICuBijjesY9exsnrTkBK3/1XpAjygdiW5DciXmqRz/5nE4DLxH+w
-                    nZvmnCmg8AdfPKxhr+eM+pKibiN4uEhsJggA9c2ACUQ/YMo4o04fLKZGXqGtT9Lg
-                    AeRiZfM3ykiyHDbUQ3P9YAdL4fH44A3gpeHoGeBv4iBFFE7ge+XCby9rgN9Qa7NF
-                    /Wahxm7U3RcwT6JSbNDHNCJtolEPeuCR5D2/Kc/2b30e6fLDnpbfSJXiRh4TbOG3
-                    rAA=
-                    =7P04
-                    -----END PGP MESSAGE-----
-                fp: 1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A
-            unencrypted_suffix: _unencrypted
-            version: 2.0.9
-        "#;
-        let file_path = prepare_temp_file("test_decrypt_comments.yaml", file_contents);
+        let file_path = "res/comments_unencrypted_comments.yaml";
        let output = Command::new(SOPS_BINARY_PATH)
                    .arg("-d")
                    .arg(file_path.clone())
@@ -340,6 +298,7 @@ b: ba"#
        assert!(String::from_utf8_lossy(&output.stdout).contains("this-is-a-comment"), "Comment was not decrypted");
    }

+    #[test]
    fn roundtrip_shamir() {
        // The .sops.yaml file ensures this file is encrypted with two key groups, each with one GPG key
        let file_path = prepare_temp_file("test_roundtrip_keygroups.yaml", "a: secret".as_bytes());
--- a/sops.go
+++ b/sops.go
@@ -266,7 +266,7 @@ func (tree Tree) Decrypt(key []byte, cipher Cipher) (string, error) {
 				if err != nil {
 					// Assume the comment was not encrypted in the first place
 					log.Printf("[WARNING] Found possibly unencrypted comment in file (#%s). This is to be expected if the file being decrypted was created with an older version of SOPS.", c.Value)
-					in = c
+					v = c
 				}
 			} else {
 				v, err = cipher.Decrypt(in.(string), key, pathString)
@@ -278,7 +278,7 @@ func (tree Tree) Decrypt(key []byte, cipher Cipher) (string, error) {
 			v = in
 		}
 		// Only add to MAC if not a comment
-		if _, ok := in.(Comment); !ok {
+		if _, ok := v.(Comment); !ok {
 			bytes, err := ToBytes(v)
 			if err != nil {
 				return nil, fmt.Errorf("Could not convert %s to bytes: %s", in, err)
--- a/sops_test.go
+++ b/sops_test.go
@@ -308,11 +308,22 @@ func TestEncryptComments(t *testing.T) {
 				Key:   Comment{"foo"},
 				Value: nil,
 			},
+			TreeItem{
+				Key: "list",
+				Value: []interface{}{
+					"1",
+					Comment{"bar"},
+					"2",
+				},
+			},
+		},
+		Metadata: Metadata{
+			UnencryptedSuffix: DefaultUnencryptedSuffix,
 		},
-		Metadata: Metadata{},
 	}
 	tree.Encrypt(bytes.Repeat([]byte{'f'}, 32), reverseCipher{})
-	assert.NotEqual(t, "foo", tree.Branch[0].Key.(Comment).Value)
+	assert.Equal(t, "oof", tree.Branch[0].Key.(Comment).Value)
+	assert.Equal(t, "rab", tree.Branch[1].Value.([]interface{})[1])
 }

 func TestDecryptComments(t *testing.T) {
@@ -322,11 +333,22 @@ func TestDecryptComments(t *testing.T) {
 				Key:   Comment{"oof"},
 				Value: nil,
 			},
+			TreeItem{
+				Key: "list",
+				Value: []interface{}{
+					"1",
+					Comment{"rab"},
+					"2",
+				},
+			},
+		},
+		Metadata: Metadata{
+			UnencryptedSuffix: DefaultUnencryptedSuffix,
 		},
-		Metadata: Metadata{},
 	}
 	tree.Decrypt(bytes.Repeat([]byte{'f'}, 32), reverseCipher{})
 	assert.Equal(t, "foo", tree.Branch[0].Key.(Comment).Value)
+	assert.Equal(t, "bar", tree.Branch[1].Value.([]interface{})[1])
 }

 func TestDecryptUnencryptedComments(t *testing.T) {
--- a/stores/yaml/store.go
+++ b/stores/yaml/store.go
@@ -84,6 +84,8 @@ func (store Store) treeValueToYamlValue(in interface{}) interface{} {
 	switch in := in.(type) {
 	case sops.TreeBranch:
 		return store.treeBranchToYamlMap(in)
+	case sops.Comment:
+		return yaml.Comment{in.Value}
 	case []interface{}:
 		var out []interface{}
 		for _, v := range in {
@@ -100,7 +102,7 @@ func (store Store) treeBranchToYamlMap(in sops.TreeBranch) yaml.MapSlice {
 	for _, item := range in {
 		if comment, ok := item.Key.(sops.Comment); ok {
 			branch = append(branch, yaml.MapItem{
-				Key:   yaml.Comment{Value: comment.Value},
+				Key:   store.treeValueToYamlValue(comment),
 				Value: nil,
 			})
 		} else {