Added support for encrypted_regex

2023-03-03 01:46:31 -05:00
parent cb32ffd65a
commit 6f6f968725
1 changed files with 25 additions and 13 deletions
--- a/pre_commit_hook_ensure_sops/main.py
+++ b/pre_commit_hook_ensure_sops/main.py
@@ -7,6 +7,7 @@ import json
 from ruamel.yaml import YAML
 from ruamel.yaml.parser import ParserError
 import sys
+import re

 yaml = YAML(typ='safe')

@@ -63,15 +64,26 @@ def check_file(filename, args):
        except ParserError:
            # All sops encrypted files are valid JSON or YAML
            return False, f"{filename}: Not valid JSON or YAML, is not properly encrypted"
+    if not args.allow_multiple_documents:
+        docs = [doc]
+    else:
+        docs = doc
+
+    for doc in docs:

        if 'sops' not in doc:
            # sops puts a `sops` key in the encrypted output. If it is not
            # present, very likely the file is not encrypted.
            return False, f"{filename}: sops metadata key not found in file, is not properly encrypted"

+        if 'encrypted_regex' in doc['sops']:
+            encrypted_regex = doc['sops']['encrypted_regex']
+        else:
+            encrypted_regex = '\S'
+
        invalid_keys = []
        for k in doc:
-        if k != 'sops':
+            if k != 'sops' and re.match(encrypted_regex, k):
                # Values under the `sops` key are not encrypted.
                if not validate_enc(doc[k]):
                    # Collect all invalid keys so we can provide useful error message