Граф коммитов

28 Коммитов

Автор SHA1 Сообщение Дата
Hidde Beydals 1d7fc78a75
Update rustc functional tests to v1.70.0
Bear minimum to get this going again, including an update of
dependencies.

It's worth noting that there is a detachment between the GitHub Action
workflow and running this locally. As there are assumptions around:

1. Having the `pgp/sops_functional_tests_key.asc` imported.
2. Having a Vault server running for two functional tests.

The `functional-tests` Make target does not facilitate this, and
putting something in place using a temporary `GNUPGHOME` and a
container image would likely be a welcome future improvement.

In addition, there is Rust code in `validation/` which appears to be an
artifact from an ancient Python library[1][2]. This should probably be
removed in the future.

[1]: https://github.com/getsops/sops/tree/python-sops
[2]: https://pypi.org/project/sops/

Signed-off-by: Hidde Beydals <hidde@hhh.computer>
2023-07-02 13:37:49 +02:00
Felix Fontein b1d253e7b9
Do not discard comments at beginning of YAML documents (#757)
* Allow to preserve comments at beginning of YAML document.

* Extend functional tests.

* Update changelog.
2020-10-07 18:10:51 +02:00
AJ Bahnken ebf0705182
vault kv version and mount names in publish config (#513)
Adds support for publishing to vault using KV v1 and a different mount
name (or multiple).
2019-08-30 13:44:04 -07:00
AJ Bahnken e9b9f7aeef
Replace old functional test gpg keys (#512)
Two of the three old keys have expired, so create a new set with no
expiration.
2019-08-30 09:07:00 -07:00
AJ Bahnken 6910225545
Adds support for sops publish-ing to Vault (#494)
* Add vault/api to vendor/

* Adds support for sops publish-ing to Vault

* Adds support for publishing secrets (unencrypted) to Vault
* Adds a new EmitAsMap for TreeBanches
* Adds documentation about sops publish-ing to Vault
* Initial integration/functional test for publishing to vault
2019-07-16 14:33:59 -07:00
AJ Bahnken ebd153f540
Implement `sops publish` command (#473)
* Implement `sops publish` command

Publishes a file to a pre-configured destination (this lives in the sops
config file). Additionally, support re-encryption rules that work
just like the creation rules. Initial support for S3/GCS.

This is a part of the sops-workspace v2.0 project

Includes the addition of a new dependency:
  github.com/googleapis/gax-go/v2

* code review changes; support global --verbose flag

* Switch to recreation_rule with full support

Reencryption rule is now recreation rule and supports everything that a
creation rule does. Now, when you load a config for a file, you load
either the creation rule or the destination rule. I'm not sure about
this style long term, but it allows for support to be added for the
recreation rules without a bigger refactor of how the config file works.

* split loadForFileFromBytes into two functions

remove branching based on destination rule or not, create one for
creation rules and one for destination rules

* pretty diff for keygroup updates in sops publish
2019-06-27 16:48:54 +00:00
AJ Bahnken f8e60a1db5
Allow set "json value" to be a string. (#468)
* Allow set "json value" to be a string.

Adds back support for string values in --set, while retaining support
for yaml multidoc that caused this bug.

Fixes #461

* Add functional test for --set'ing strings
2019-05-28 15:55:54 +00:00
AJ Bahnken f000986f20
Only run kms functional tests within mozilla/sops
Instead of exiting early, only run the kms tests within the context of
mozilla/sops (and not from forks).
2019-03-29 10:42:01 -07:00
AJ Bahnken 51503b5177
Initial set of AWS KMS tests (#444)
* Initial set of AWS KMS tests

* rename temp file in kms test

* Skip AWS KMS functional tests if env var is unset
2019-03-21 09:43:36 -07:00
Adrian Utrilla 6ce0290791
Add functional test for --output flag 2018-11-07 08:09:44 -05:00
Adrian Utrilla 5e6aa7f3eb
Fix double encryption prevention (#346)
* Fix binary file bug double encryption prevention

The `ensureNoMetadata` function was incorrectly implemented and called
LoadEncryptedFile on the InputStore and checked whether the returned error was
MetadataNotFound or not. In the case where loading the input file as an encrypted
file would fail (e.g. due to syntax errors), it would incorrectly report the file as
having a "sops" branch. When using the binary mode, it would try to load the file as
an encrypted binary file (which is expected to be JSON), which would fail, thus
triggering this error.

* Add functional test for binary file roundtrip
2018-05-14 19:59:07 +02:00
Adrian Utrilla 1a895c9004
Add functional test for extracting strings 2018-03-30 20:54:10 +02:00
Adrian Utrilla 7911bb1542
Merge branch 'master' into yaml-list-comments 2017-09-15 19:29:06 -07:00
Adrian Utrilla e6f46513dd
Merge branch 'master' into encrypt-comments 2017-09-15 10:28:26 -07:00
Adrian Utrilla 31cab09b18
Move test files outside of Rust source 2017-09-13 09:55:26 -07:00
Adrian Utrilla 00d7a5a1f8
Allow using lists in key groups in .sops.yaml 2017-09-12 11:38:03 -07:00
Adrian Utrilla 79a662e4ba
Improve documentation with @jvehent's suggestions 2017-09-11 16:52:56 -07:00
Adrian Utrilla 8541e26f7a
Fix data key retrieval bug with 1 key group
This happened when there's multiple master keys inside a single key
group. SOPS would decrypt the data key with every single key in the
group, when only one is needed. This meant that multiple "parts" are
found, so because SOPS encountered != 1 part without using Shamir, it
errored out.
2017-09-11 10:14:41 -07:00
Adrian Utrilla be4a35e7f5
Fix shamir tests 2017-08-25 13:12:34 -07:00
Adrian Utrilla 4c9697874e
Add functional tests for comment decryption 2017-08-15 20:43:21 -07:00
Adrian Utrilla 2c30afdc5a
Added functional tests for shamir secret sharing 2017-05-26 22:29:57 +02:00
Adrian Utrilla 706888c2ac
Added functional test checking decryption of files with no MAC 2017-03-13 15:27:32 +01:00
Adrian Utrilla 6e6068de16
Allow decrypting files with no MAC
Fixes #195
2017-02-04 17:01:40 +01:00
Adrian Utrilla 075aa2f7ac
Added tests
- Unit test for inserting or updating a tree branch
- Functional tests for using --set to insert or update yaml and json files
2016-11-20 01:17:20 +01:00
Adrian Utrilla 0b3d74ca58
Just deserialize everything to YAML values 2016-11-14 01:51:10 +01:00
Adrian Utrilla 822d974ebd
Run functional tests on TravisCI 2016-11-13 22:31:28 +01:00
Adrian Utrilla 16f48eb2d2
Added YAML encryption test 2016-11-13 19:19:29 +01:00
Adrian Utrilla 3415b92bff
Test file encryption 2016-11-13 16:36:43 +01:00