Skip to content

Commit

Permalink
Merge pull request #1107 from 2i2c-org/revert-1104-remove-explicit-error
Browse files Browse the repository at this point in the history
  • Loading branch information
@sgibson91
sgibson91 authored Mar 15, 2022
2 parents 9e6e18d + 81da2a7 commit 5b13627
Showing 1 changed file with 23 additions and 7 deletions.
30 changes: 23 additions & 7 deletions deployer/file_acquisition.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
absolute paths, decrypting and reading encrypted files when needed.
"""
import os
import json
import warnings
import subprocess
import tempfile
Expand Down Expand Up @@ -103,14 +104,29 @@ def get_decrypted_file(original_filepath):
if filename.startswith("enc-") or ("secret" in filename):
# We must then determine if the file is using sops
# sops files are JSON/YAML with a `sops` key. So we first check
# if the file is valid JSON/YAML, and then if it has a `sops` key.
# Since valid JSON is also valid YAML by design, a YAML parser can read in JSON.
# if the file is valid JSON/YAML, and then if it has a `sops` key
with open(original_filepath) as f:
try:
content = yaml.load(f)
except ScannerError:
yield original_filepath
return

# FIXME: Right now we expect encrypted files to be JSON or YAML files, and
# so we fail if these are not valid JSON/YAML. However in the
# future, we may want to support encrypted files of other types
# and we should update this section accordingly.
#
# Support the (clearly wrong) people who use .yml instead of .yaml
if ext == ".yaml" or ext == ".yml":
try:
content = yaml.load(f)
except ScannerError:
raise ScannerError(
"We expect encrypted files to be valid JSON or YAML files."
)
elif ext == ".json":
try:
content = json.load(f)
except json.JSONDecodeError:
raise json.JSONDecodeError(
"We expect encrypted files to be valid JSON or YAML files."
)

if "sops" not in content:
raise KeyError(
Expand Down

0 comments on commit 5b13627

Please sign in to comment.