Adds support for multiple documents in a YAML file and encrypted_regex options#14
Open
mgaruccio wants to merge 5 commits intoyuvipanda:mainfrom
Open
Adds support for multiple documents in a YAML file and encrypted_regex options#14mgaruccio wants to merge 5 commits intoyuvipanda:mainfrom
mgaruccio wants to merge 5 commits intoyuvipanda:mainfrom
Conversation
Owner
|
Somehow I never got notified of this :( I will take a look at this shortly. Apologies, @mgaruccio and thank you for your patience & contribution. |
|
was just looking if this feature is supported and then i found this open PR would be really nice so this merged :) |
yuvipanda
reviewed
Sep 20, 2023
Owner
yuvipanda
left a comment
yuvipanda
left a comment
There was a problem hiding this comment.
Well well well, if it isn't me being slow to respond to a wonderful PR on a project I maintain. So sorry for the slow response!
I've asked for one change, but happy to merge after that.
Again, sorry for the delayed response, and thank you for the PR!
| # otherwise, sets the value to "match all strings" \S regex | ||
| if 'encrypted_regex' in doc['sops']: | ||
| encrypted_regex = doc['sops']['encrypted_regex'] | ||
| else: |
Owner
There was a problem hiding this comment.
If it's not set, let's just not do any regex matching at all?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds two new features to the pre-commit hook. Both primarily designed to make the hook work better in a kubernetes/flux workflow, but also helpful in other contexts like ansible playbooks.
First it allows multiple documents using an option matching the one used in the check_yaml hook provided by the upstream project relevant PR I tried to match their patterning as well as possible and make as few changes to the underlying code of this project as possible, but it may be better to do something like always using the
_load_all()function and simply error out if there is more than one doc and the-mflag was not passed (or assume that multiple docs are fine and allow users to perform that type of check using the check_yaml hook itself). I'm happy to make those changes if you'd like me to. fixes #12Second it adds support for sops
encrypted_regexoption, which limits the actual fields sops encrypts to only ones the user expects/intends to contain secrets. This change looks for theencrypted_regexkey within the sops configuration and uses it if available, if not, it uses\Sto match any valid string (and so all keys). I omitted a flag for this one since the behavior remains unchanged for any file that does not include theencrypted-regexkey, and any file that does specify it will always fail without this additional filtering, but I'm happy to add a flag if you feel that being explicit here is better, just let me know if you'd like to see that or any other changes before the commit. fixes #13