fix configuration lookup logic

2026-02-05 12:45:21 +01:00 · 2016-03-28 10:36:48 -04:00
parent 6f6ad5aee5
commit fb351e57be
2 changed files with 15 additions and 10 deletions
--- a/README.rst
+++ b/README.rst
@@ -292,12 +292,11 @@ Let's take an example:

 * file named **something.dev.yaml** should use one set of KMS A
 * file named **something.prod.yaml** should use another set of KMS B
-* all other files use a third set of KMS C
-* All live under **mysecretrepo/something.{dev,prod}.yaml**
+* other files use a third set of KMS C
+* all live under **mysecretrepo/something.{dev,prod}.yaml**

-Under those circumstances, a configuration file placed at
-**mysecretrepo/.sops.yaml** can drive the two sets of KMS used for the two types
-of files.
+Under those circumstances, a file placed at **mysecretrepo/.sops.yaml**
+can manage the three sets of configurations for the three types of files:

 .. code:: yaml

@@ -323,7 +322,7 @@ of files.
 When creating any file under **mysecretrepo**, whether at the root or under
 a subdirectory, sops will recursively look for a `.sops.yaml` file. If one is
 found, the filename of the file being created is compared with the filename
-patterns of the configuration file. The first pattern that matches is selected,
+regexes of the configuration file. The first regex that matches is selected,
 and its KMS and PGP keys are used to encrypt the file.

 Creating a new file with the right keys is now as simple as
--- a/sops/init.py
+++ b/sops/init.py
@@ -473,10 +473,16 @@ def find_config_for_file(filename, configloc):
            # when we find a file, exit the loop
            configloc = (i * "../") + DEFAULT_CONFIG_FILE
            break
+    if not configloc:
+        # no configuration was found
+        return None
    # load the config file as yaml and look for creation rules that
    # contain a regex that matches the current filename
-    with open(configloc, "rb") as filedesc:
-        config = ruamel.yaml.load(filedesc, ruamel.yaml.RoundTripLoader)
+    try:
+        with open(configloc, "rb") as filedesc:
+            config = ruamel.yaml.load(filedesc, ruamel.yaml.RoundTripLoader)
+    except IOError:
+        panic("no configuration file found at '%s'" % configloc, 61)
    if 'creation_rules' not in config:
        return None
    for rule in config["creation_rules"]:
@@ -526,9 +532,9 @@ def verify_or_create_sops_branch(tree, kms_arns=None, pgp_fps=None):
    # we need a new data key
    has_at_least_one_method = False
    need_new_data_key = True
-    if kms_arns != "":
+    if kms_arns:
        tree, has_at_least_one_method = parse_kms_arn(tree, kms_arns)
-    if pgp_fps != "":
+    if pgp_fps:
        tree, has_at_least_one_method = parse_pgp_fp(tree, pgp_fps)
    if not has_at_least_one_method:
        panic("Error: No KMS ARN or PGP Fingerprint found to encrypt the data "