From c5e931ef1f965ae11ddf5b7d78170ba032b4f62c Mon Sep 17 00:00:00 2001 From: LeeW Date: Fri, 14 Feb 2025 14:50:24 +0100 Subject: [PATCH] sops automation: fixes config dir specification --- bin/update_sops.sh | 14 ++++++++++---- example/cmd_sops.sh | 2 +- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/bin/update_sops.sh b/bin/update_sops.sh index bf00446..5f29a04 100755 --- a/bin/update_sops.sh +++ b/bin/update_sops.sh @@ -124,7 +124,7 @@ function main(){ # assume location of script as running directly from repo with keys (instead of as a standalone packaged tool) keyfiles_dir="${repo_root}" # assume location of secrets config file in pwd - sops_config_dir="${PWD}" + sops_config_dir="" # path to group definitions groups_def_dir="${repo_root}/groups" # optional: @@ -168,9 +168,15 @@ function main(){ # VALIDATE INPUTS keyfiles_dir="$(realpath "${keyfiles_dir}")" test -d "${keyfiles_dir}" || (echo "E: specify dir containing keyfiles; invalid dir: '${keyfiles_dir}'" && exit 1) - sops_config_dir="$(realpath "${sops_config_dir}")" - test -d "${sops_config_dir}" || (echo "E: specify dir containing .sops.yaml, invalid dir: '${sops_config_dir}'" && exit 1) - sops_config="${sops_config_dir}/.sops.yaml" + sops_config="" + if [[ -n "${sops_cfg_dir:-}" ]]; then + sops_config_dir="$(realpath "${sops_config_dir}")" + test -d "${sops_config_dir}" || (echo "E: specify dir containing .sops.yaml, invalid dir: '${sops_config_dir}'" && exit 1) + sops_config="${sops_config_dir}/.sops.yaml" + set -x + touch "${sops_config}" + fi + # locate appropriate sops config if default assumption not found if [[ ! -e "${sops_config}" ]]; then # dev note: '2> /dev/null' to disable debug output diff --git a/example/cmd_sops.sh b/example/cmd_sops.sh index f280c1d..4729e4c 100755 --- a/example/cmd_sops.sh +++ b/example/cmd_sops.sh @@ -13,7 +13,7 @@ test -e "${secrets_file}" || (yq -n '.demo.credentials.secret = "hunter2"' > "${ set -x # SAMPLE COMMANDS - manually uncomment to try out # minimal operation: update .sops.yaml, update keys in encrypted file -../bin/update_sops.sh "${secrets_file}" +../bin/update_sops.sh -c "${PWD}" "${secrets_file}" # Full Args: specify path to each, also for secrets, mix specified and positional params # ../bin/update_sops.sh -k "${keys_dir}" -c "${sops_cfg_dir}" -s "${secrets_file}" "${secrets_file}" # TEST: induce error: invalid file