3.3.1 (develop -> master) (#478)

* Changes to travis config and docs for using develop (#462)

* Fixes integration tests in travis to not run on PR's (they will now
run on merges into `develop` and `master`)
* Change README.rst and CONTRIBUTING.md to reflect the use of `develop`
as the primary development branch

* use golang 1.12 for building sops

* pgp/keysource: Check size of key fingerprint

Make sure the key fingerprint is longer than 16 characters before
slicing it.

Closes #463

* Allow set "json value" to be a string. (#468)

* Allow set "json value" to be a string.

Adds back support for string values in --set, while retaining support
for yaml multidoc that caused this bug.

Fixes #461

* Add functional test for --set'ing strings

* Vendoring update (#472)

It's been around 9 months since our last vendor update. This is also
needed for some new features being worked on for sops workspace.

Additionally, this PR regenerates the kms mocks.

* Remove duplicate sentence from readme (#475)

* 3.3.1 bump and release notes (#477)

Author: ajvb

.circleci/config.yml

@@ -3,7 +3,7 @@ jobs:
   build:
     working_directory: /go/src/go.mozilla.org/sops
     docker:
-      - image: circleci/golang:1.8
+      - image: circleci/golang:1.12
     steps:
       - checkout
       - setup_remote_docker

.travis.yml

@@ -1,5 +1,5 @@
 language: go
-go: 1.9
+go: 1.12
 go_import_path: go.mozilla.org/sops/
 
 addons:
@@ -15,8 +15,8 @@ before_install:
   - source ~/.cargo/env
 
 script:
-  - 'if [ "$TRAVIS_REPO_SLUG" != "mozilla/sops" ]; then make; fi'
-  - 'if [ "$TRAVIS_REPO_SLUG" = "mozilla/sops" ]; then make origin-build; fi'
+  - 'if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then make; fi'
+  - 'if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then make origin-build; fi'
   - bash <(curl -s https://codecov.io/bash)
 
 before_deploy:

CHANGELOG.rst

@@ -1,6 +1,22 @@
 Changelog
 =========
 
+3.3.1
+-----
+
+Bug fixes:
+
+* Make sure the pgp key fingerprint is longer than 16 characters before
+  slicing it. (#463)
+* Allow for `--set` value to be a string. (#461)
+
+Project changes:
+
+* Using `develop` as a staging branch to create releases off of. What
+  is in `master` is now the current stable release.
+* Upgrade to using Go 1.12 to build sops
+* Updated all vendored packages
+
 3.3.0
 -----
 

CONTRIBUTING.md

@@ -4,16 +4,17 @@ Mozilla welcomes contributions from everyone. Here are a few guidelines and inst
 
 # Getting started
 
-* Make sure you have Go 1.6 or greater installed. You can find information on how to install Go [here](https://golang.org/dl/)
+* Make sure you have Go 1.12 or greater installed. You can find information on how to install Go [here](https://golang.org/dl/)
 * After following the [Go installation guide](https://golang.org/doc/install), run `go get go.mozilla.org/sops`. This will automatically clone this repository.
 * Switch into sops's directory, which will be in `$GOPATH/src/go.mozilla.org/sops`.
 * Run the tests with `make test`. They should all pass.
 * Fork the project on GitHub.
 * Add your fork to git's remotes:
   * If you use SSH authentication: `git remote add <your username> [email protected]:<your username>/sops.git`.
   * Otherwise: `git remote add <your username> https://github.com/<your username>/sops.git`.
+* **Switch to the `develop` branch: `git checkout develop`**
 * Make any changes you want to sops, commit them, and push them to your fork.
-* Create a pull request, and a contributor will come by and review your code. They may ask for some changes, and hopefully your contribution will be merged to the `master` branch!
+* **Create a pull request against `develop`**, and a contributor will come by and review your code. They may ask for some changes, and hopefully your contribution will be merged to the `develop` branch!
 
 # Guidelines
 

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.11
+FROM golang:1.12
 
 COPY . /go/src/go.mozilla.org/sops
 WORKDIR /go/src/go.mozilla.org/sops

README.rst

@@ -24,13 +24,16 @@ Binaries and packages of the latest stable release are available at `https://git
 
 Development branch
 ~~~~~~~~~~~~~~~~~~
-For the adventurous, unstable features are available in the master branch, which you can install with:
+For the adventurous, unstable features are available in the `develop` branch, which you can install from source:
 
 .. code:: bash
 
 	$ go get -u go.mozilla.org/sops/cmd/sops
+        $ cd $GOPATH/src/go.mozilla.org/sops/
+        $ git checkout develop
+        $ make install
 
-(requires Go >= 1.8)
+(requires Go >= 1.12)
 
 If you don't have Go installed, set it up with:
 
@@ -215,7 +218,7 @@ And decrypt it using::
 	 $ sops --decrypt test.enc.yaml
 
 Encrypting using Azure Key Vault
-~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 The Azure Key Vault integration uses service principals to access secrets in
 the vault. The following environment variables are used to authenticate:
 
@@ -414,9 +417,6 @@ to refine the access control of a given KMS master key.
 When creating a new file, you can specify encryption context in the
 ``--encryption-context`` flag by comma separated list of key-value pairs:
 
-When creating a new file, you can specify encryption context in the
-``--encryption-context`` flag by comma separated list of key-value pairs:
-
 .. code:: bash
 
 	$ sops --encryption-context Environment:production,Role:web-server test.dev.yaml
@@ -852,6 +852,7 @@ formats like ``JSON`` do not. ``sops`` is able to handle both. This means the
 following multi-document will be encrypted as expected:
 
 .. code:: yaml
+
 	---
 	data: foo
 	---

cmd/sops/main.go

@@ -864,7 +864,14 @@ func jsonValueToTreeInsertableValue(jsonValue string) (interface{}, error) {
 			return nil, common.NewExitError("Invalid --set value format", codes.ErrorInvalidSetFormat)
 		}
 	}
-	return valueToInsert.(sops.TreeBranches)[0], nil
+	// Fix for #461
+	// Attempt conversion to TreeBranches to handle yaml multidoc. If conversion fails it's
+	// most likely a string value, so just return it as-is.
+	values, ok := valueToInsert.(sops.TreeBranches)
+	if !ok {
+		return valueToInsert, nil
+	}
+	return values[0], nil
 }
 
 func extractSetArguments(set string) (path []interface{}, valueToInsert interface{}, err error) {

functional-tests/src/lib.rs

@@ -260,6 +260,46 @@ b: ba"#
         }
         panic!("Output YAML does not have the expected structure");
     }
+    
+    #[test]
+    fn set_yaml_file_string() {
+        let file_path = prepare_temp_file("test_set_string.yaml",
+                                          r#"a: 2
+b: ba"#
+                                          .as_bytes());
+        Command::new(SOPS_BINARY_PATH)
+            .arg("-e")
+            .arg("-i")
+            .arg(file_path.clone())
+            .output()
+            .expect("Error running sops");
+        Command::new(SOPS_BINARY_PATH)
+            .arg("-e")
+            .arg("-i")
+            .arg("--set")
+            .arg(r#"["a"] "aaa""#)
+            .arg(file_path.clone())
+            .output()
+            .expect("Error running sops");
+        let output = Command::new(SOPS_BINARY_PATH)
+            .arg("-d")
+            .arg("-i")
+            .arg(file_path.clone())
+            .output()
+            .expect("Error running sops");
+        println!("stdout: {}, stderr: {}",
+                 String::from_utf8_lossy(&output.stdout),
+                 String::from_utf8_lossy(&output.stderr));
+        let mut s = String::new();
+        File::open(file_path).unwrap().read_to_string(&mut s).unwrap();
+        let data: Value = serde_yaml::from_str(&s).expect("Error parsing sops's YAML output");
+        if let Value::Mapping(data) = data {
+            let a = data.get(&Value::String("a".to_owned())).unwrap();
+            assert_eq!(a, &Value::String("aaa".to_owned()));
+        } else {
+            panic!("Output JSON does not have the expected structure");
+        }
+    }
 
     #[test]
     fn decrypt_file_no_mac() {