sops stores: test for duplicate keys, reserve keyword (yaml only now)

I started looking into sops, which I find to be a really nice idea and implementation. Kudos! However, when testing some edgecase scenarios, I found some rough corners.

Specifically, it was possible to, when editing the file, add a sops key. This was then encrypted, and when trying to open it later on, I got

go run ./cmd/sops/ mytestfile2.yaml 
Error unmarshalling input yaml: yaml: unmarshal errors:
  line 12: mapping key "sops" already defined at line 7

This is a bit so-so UX wise, since the only way to recover is to remove the sops-line, and then reopen the file with the --ignore-mac enabled, and then save it again.

In general, it seems to me that sops should be strict about validation. In that sense, this PR:

Applies a check for disallowing duplicate keys in YAML
Tests for, but does not disallow, duplicate keys in json.
Applies a check for disallowing reserved keywords in YAML (only sops now).
Remaining small changes come from go fmt.

If you think this is a good idea, the reserved keyword should be applied for other formats too, and I can go ahead and make that change too.

Apr 21 '23 08:04 holiman

Looking at https://github.com/mozilla/sops/issues/596#issuecomment-569066218, it seems that perhaps data should be a reserved key too (?)

Apr 21 '23 08:04 holiman

This should fix #851.

Apr 21 '23 11:04 felixfontein

Looking at #596 (comment), it seems that perhaps data should be a reserved key too (?)

The README explicitly shows using data for other things in quite a few examples, so I guess it's not a good idea to disallow it globally.

I think #596 should probably be handled differently, like only treating it as binary if there is no other key than data and its value is a string. (I'm not sure which mechanism is used right now. Maybe detection is only based on the file name.)

Sep 16 '23 12:09 felixfontein

I did look a bit into detection; the detection is done purely by filename, not by anything else.

Something that definitely can be improved is error handling in BinaryStore.EmitPlainFile, if data's value is not a string. That would produce a better readable error message instead of a panic (and that error message could mention --output-type so that users qiuckly get an idea what to do). (Edit: #1289 does that.)

Sep 16 '23 12:09 felixfontein

Rebased on main, a few tests seem to be failing, not quite sure why

Sep 19 '23 12:09 holiman

You did not sign-off your commits, which is required to accept our DCO. Please refer to https://github.com/getsops/sops/pull/1203/checks?check_run_id=16924447836 for more information.

Sep 19 '23 12:09 hiddeco

You did not sign-off your commits

Fixed (on my branch, seems to be taking github some time to propagate the changes here)

Sep 19 '23 13:09 holiman

Do you want to fix the error handling in a separate PR, or should I do that?

Also you need to sign-off the commit (DCO check). Finally, it's probably better to squash b44f024b0fca42d7c68905c085d3caac1dd74076 and 4bad36ea39d4e65feddb5ed895d66e07c08f89c8 are merged into one commit.

Sep 27 '23 20:09 felixfontein

I squashed everything now.

Do you want to fix the error handling in a separate PR, or should I do that?

I'd prefer to leave that to you, thanks

Sep 28 '23 06:09 holiman

This is looking good to me, but I think we should release a patch first before moving ahead with changes which force a new minor.

Sep 28 '23 13:09 hiddeco

Do you want to fix the error handling in a separate PR, or should I do that?

I'd prefer to leave that to you, thanks

#1307.

Sep 28 '23 20:09 felixfontein

@hiddeco should we merge this now?

Nov 05 '23 13:11 felixfontein

Any updates about this? the problem stills happening at version 3.8.1

Jan 23 '24 14:01 enmanuelmoreira

@holiman can you rebase and use the constant?

Jun 15 '24 16:06 felixfontein