From f4b465a151f2ca22815bb8459b3c51623a0806af Mon Sep 17 00:00:00 2001 From: LeeW Date: Thu, 13 Feb 2025 15:40:01 +0100 Subject: [PATCH] adds function to locate sops config --- bin/update_sops.sh | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/bin/update_sops.sh b/bin/update_sops.sh index 2c4aafa..b234682 100755 --- a/bin/update_sops.sh +++ b/bin/update_sops.sh @@ -86,6 +86,32 @@ function fn_gpg_extract_uid(){ echo "${uid}" } +function fn_sops_locate_config_in_git_repo(){ + # Returns path sops config to be updated; defaults to returning "$(git rev-parse --show-toplevel)/.sops.yaml" + # sops locates config by recursively walking _up_ the tree from the execeution dir context, + # + _but_ does not have a mechanism to update the sops config + # This function does the same in order to locate the correct sops config to update + + # starting dir, default: PWD. Note: 'realpath' to normalise the dir + start_dir="$(realpath "${1:-"${PWD}"}")"; + stop_dir="$(git rev-parse --show-toplevel)" + + # sops_filepath="" + # being + search_dir="${start_dir}" + # stopping condition + # while [[ "${search_dir}" != "${stop_dir}" ]]; do + contender="${search_dir}/.sops.yaml" + if [[ -e "${contender}" ]]; then + >&2 echo "# BASE CASE" + echo "${contender}" + else + # walk up one dir + >&2 echo "# walk up one dir" + fn_sops_locate_config_in_git_repo "$(dirname "${search_dir}")" + fi +} + function fn_sops_generate_config(){ # sops.yaml doc: https://github.com/getsops/sops?tab=readme-ov-file#using-sops-yaml-conf-to-select-kms-pgp-and-age-for-new-files # CAVEAT: dirty hacks, as DRY as feasible within bash @@ -144,6 +170,13 @@ if [[ "${opt_list_roles}" -eq 1 ]]; then fi # UPDATE SOPS CONFIG +# locate sops config +if [[ ! -e "${sops_config}" ]]; then + # dev note: '2> /dev/null' to disable debug output + sops_config="$(fn_sops_locate_config_in_git_repo 2> /dev/null)" +fi + +# update sops config # TODO: remove the 'pushd;popd' workaround and make the functions aware of the dir being read pushd "${keyfiles_dir}" > /dev/null 2>&1 (fn_sops_generate_config) > "${sops_config}"