зеркало из https://github.com/getsops/sops.git
Do not fail old-style decryption if no matching creation_rule is present in config file.
Signed-off-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Felix Fontein
Родитель
34cdad8a21
Коммит
2e31b601ac
|
|
@ -1500,6 +1500,12 @@ func main() {
|
|||
}, keyserviceFlags...)
|
||||
|
||||
app.Action = func(c *cli.Context) error {
|
||||
isDecryptMode := c.Bool("decrypt")
|
||||
isEncryptMode := c.Bool("encrypt")
|
||||
isRotateMode := c.Bool("rotate")
|
||||
isSetMode := c.String("set") != ""
|
||||
isEditMode := !isEncryptMode && !isDecryptMode && !isRotateMode && !isSetMode
|
||||
|
||||
if c.Bool("verbose") {
|
||||
logging.SetLevel(logrus.DebugLevel)
|
||||
}
|
||||
|
|
@ -1519,7 +1525,7 @@ func main() {
|
|||
c.String("rm-kms") != "" || c.String("rm-pgp") != "" || c.String("rm-gcp-kms") != "" || c.String("rm-hc-vault-transit") != "" || c.String("rm-azure-kv") != "" || c.String("rm-age") != "" {
|
||||
return common.NewExitError("Error: cannot add or remove keys on non-existent files, use `--kms` and `--pgp` instead.", codes.CannotChangeKeysFromNonExistentFile)
|
||||
}
|
||||
if c.Bool("encrypt") || c.Bool("decrypt") || c.Bool("rotate") {
|
||||
if isEncryptMode || isDecryptMode || isRotateMode {
|
||||
return common.NewExitError("Error: cannot operate on non-existent file", codes.NoFileSpecified)
|
||||
}
|
||||
}
|
||||
|
|
@ -1529,26 +1535,30 @@ func main() {
|
|||
}
|
||||
|
||||
commandCount := 0
|
||||
if c.Bool("encrypt") {
|
||||
if isDecryptMode {
|
||||
commandCount++
|
||||
}
|
||||
if c.Bool("decrypt") {
|
||||
if isEncryptMode {
|
||||
commandCount++
|
||||
}
|
||||
if c.Bool("rotate") {
|
||||
if isRotateMode {
|
||||
commandCount++
|
||||
}
|
||||
if c.String("set") != "" {
|
||||
if isSetMode {
|
||||
commandCount++
|
||||
}
|
||||
if commandCount > 1 {
|
||||
log.Warn("More than one command (--encrypt, --decrypt, --rotate, --set) has been specified. Only the changes made by the last one will be visible. Note that this behavior is deprecated and will cause an error eventually.")
|
||||
}
|
||||
|
||||
// Load configuration here for backwards compatibility (error out in case of bad config files)
|
||||
_, err = loadConfig(c, fileNameOverride, nil)
|
||||
if err != nil {
|
||||
return toExitError(err)
|
||||
// Load configuration here for backwards compatibility (error out in case of bad config files),
|
||||
// but only when not just decrypting (https://github.com/getsops/sops/issues/868)
|
||||
needsCreationRule := isEncryptMode || isRotateMode || isSetMode || isEditMode
|
||||
if needsCreationRule {
|
||||
_, err = loadConfig(c, fileNameOverride, nil)
|
||||
if err != nil {
|
||||
return toExitError(err)
|
||||
}
|
||||
}
|
||||
|
||||
inputStore := inputStore(c, fileNameOverride)
|
||||
|
|
@ -1560,7 +1570,7 @@ func main() {
|
|||
return toExitError(err)
|
||||
}
|
||||
var output []byte
|
||||
if c.Bool("encrypt") {
|
||||
if isEncryptMode {
|
||||
encConfig, err := getEncryptConfig(c, fileNameOverride)
|
||||
if err != nil {
|
||||
return toExitError(err)
|
||||
|
|
@ -1576,12 +1586,12 @@ func main() {
|
|||
// While this check is also done below, the `err` in this scope shadows
|
||||
// the `err` in the outer scope. **Only** do this in case --decrypt,
|
||||
// --rotate-, and --set are not specified, though, to keep old behavior.
|
||||
if err != nil && !c.Bool("decrypt") && !c.Bool("rotate") && c.String("set") == "" {
|
||||
if err != nil && !isDecryptMode && !isRotateMode && !isSetMode {
|
||||
return toExitError(err)
|
||||
}
|
||||
}
|
||||
|
||||
if c.Bool("decrypt") {
|
||||
if isDecryptMode {
|
||||
var extract []interface{}
|
||||
extract, err = parseTreePath(c.String("extract"))
|
||||
if err != nil {
|
||||
|
|
@ -1598,7 +1608,7 @@ func main() {
|
|||
IgnoreMAC: c.Bool("ignore-mac"),
|
||||
})
|
||||
}
|
||||
if c.Bool("rotate") {
|
||||
if isRotateMode {
|
||||
rotateOpts, err := getRotateOpts(c, fileName, inputStore, outputStore, svcs, order)
|
||||
if err != nil {
|
||||
return toExitError(err)
|
||||
|
|
@ -1612,7 +1622,7 @@ func main() {
|
|||
}
|
||||
}
|
||||
|
||||
if c.String("set") != "" {
|
||||
if isSetMode {
|
||||
var path []interface{}
|
||||
var value interface{}
|
||||
path, value, err = extractSetArguments(c.String("set"))
|
||||
|
|
@ -1632,7 +1642,6 @@ func main() {
|
|||
})
|
||||
}
|
||||
|
||||
isEditMode := !c.Bool("encrypt") && !c.Bool("decrypt") && !c.Bool("rotate") && c.String("set") == ""
|
||||
if isEditMode {
|
||||
_, statErr := os.Stat(fileName)
|
||||
fileExists := statErr == nil
|
||||
|
|
@ -1672,7 +1681,7 @@ func main() {
|
|||
|
||||
// We open the file *after* the operations on the tree have been
|
||||
// executed to avoid truncating it when there's errors
|
||||
if c.Bool("in-place") || isEditMode || c.String("set") != "" {
|
||||
if c.Bool("in-place") || isEditMode || isSetMode {
|
||||
file, err := os.Create(fileName)
|
||||
if err != nil {
|
||||
return common.NewExitError(fmt.Sprintf("Could not open in-place file for writing: %s", err), codes.CouldNotWriteOutputFile)
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче