Comments (4)
@uasi The main point of this issue is to support --
in the first place with a well-defined argument handling that doesn't get in the way.
In the description I've presented briefly what the main issue with SOPS is when it comes to dynamic command building as part of scripting.
In your example I'd still need to:
- export variable
my_url
so thesops
sees it - trust that
sops exec-env
will actually pass it down to the command - somehow assume that
test.env
does NOT contain variablemy_url
The major issue is with variable expansion and control of WHERE it gets expanded without losing readability of the SOPS invocation code.
from sops.
Hmm, this is not so trivial to implement. Simply passing on the array of strings from the command line arguments on as a new command is simple, but that doesn't allow you to access further shell features (like ${API_USER}
). But if you want to pass what has been handed in through another shell, we need to figure out how to handle other things that shell might interpret, such as !
or spcaes in arguments. For example, what should sops exec-env test.env -- foo "bar baz" "b'a'm"
execute? The command foo
with three parameters bar
, baz
, and b'a'm
? Or the command foo
with two arguments bar baz
and b'a'm
? And do you want to quote the single quotes in b'a'm
? Or remove them as a shell would do?
from sops.
@felixfontein Thanx for the feedback and I agree, that behavior needs to be well-defined to clarify expectations on the user side.
Picking up your example:
sops exec-env test.env -- foo "bar baz" "b'a'm"
...should internally be creating a command with the following parts:
- command/executable:
foo
- command arguments:
bar baz
b'a'm
To sops itself, the argument should present itself as follows:
exec-env
test.env
--
foo
bar baz
b'a'm
So its barely a pass-through of arguments with the exception of the first argument after --
to represent the command/executable.
If I had a shell script where I needed to produce an actual command line, I'd have something like this:
my_url="${api_baseuri}/${resource_path}"
curl_opts=(-s --fail-with-body --user '${API_USER}:${API_PASSWORD}')
# ...add other options depending on script behavior...
sops exec-env test.env -- curl "${curl_opts[@]}" "${my_url}"
Here, the "${curl_opts[@]}"
is of course expanded by the shell into the individual arguments as presented in the array and due to single-quoting the user option value, it will expand neither API_USER
nor API_PASSWORD
, which then shall be handled by sops.
At least that's my take on this issue.
from sops.
@ancoron @felixfontein Why not just make sops execute the given arguments, and use an actual shell if we need to expand variables, like sops exec-env test.env -- bash -c 'curl -s --user "${API_USER}:${API_PASSWORD}" "${my_url}"'
?
edit: Nevermind, it seems sops exec-env
already runs the given command using shell. It would still be useful to support multiple arguments though.
from sops.
Related Issues (20)
- sops command doesn't read --aws-profile flag value
- sops encryption/decryption with age key doesn't work for Python ini Files with [DEFAULT] section HOT 4
- New patch version please HOT 4
- Main project page getsops/sops never loads because of README rendering issue HOT 3
- hc-vault: Support for kubernetes auth HOT 1
- Support encryption with x.509 cert in win certmgr
- Allow to encrypt specific nodes in a file with specific keys (muliple matching creation_rules) HOT 3
- Different AWS profiles are ignored when using multiple KMS keys
- Can't use docker compose and sops together HOT 3
- `sops execfile` filename should not have a random suffix appended in --no-fifo mode HOT 2
- diff shows entire file has changed HOT 1
- [question] Where is the documentation? HOT 2
- ForbiddenByRbac when using azure key vault backend with version 3.8+
- "$" in code examples in Readme prevents simple copy/paste HOT 1
- When we encrypt our values it updates all variables HOT 2
- Decrypt doesn't handle multiple files / bulk operations
- panic: runtime error: invalid memory address or nil pointer dereference when using updatekeys HOT 11
- SOPS mac_only_encrypted HOT 2
- Does sops edit exist? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sops.