Expand ~ and ~user in secrets.providers#215
Open
sparr wants to merge 3 commits intoawslabs:masterfrom
Open
Conversation
sparr
commented
Sep 14, 2022
| if git config --global --get-regex --type path "^secrets\.providers$"; then RESULT=0; fi | ||
| if git config --global --get-regex "^secrets\.patterns$"; then RESULT=0; fi | ||
| if git config --global --get-regex "^secrets\.allowed$"; then RESULT=0; fi | ||
| [ $RESULT -eq 0 ] |
Contributor
Author
There was a problem hiding this comment.
The old regex was overly broad and should have been at least ^secrets\..* to begin with.
--type path should only be applied to providers, so they have to be broken out here. That means explicitly enumerating the settings keys. Because the tests (and plausible real world use cases) expect --list's exit code to reflect whether any settings were found I had to accumulate a result along the way, and this was the most concise way that I was comfortable with.
sparr
commented
Sep 14, 2022
sparr
force-pushed
the
config_path_expansion
branch
from
f493691 to
ce45cc2
Compare
creswick
approved these changes
Jun 16, 2023
sparr
force-pushed
the
config_path_expansion
branch
from
ce45cc2 to
193a2bd
Compare
ginglis13
approved these changes
Jul 27, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of changes:
By adding
--type pathwhen retrieving the list of providers, provider paths starting with ~ or ~user will undergo expansion. This allows referring to paths relative to the home directory of the current user or a specific user.My use case for ~ is to put a provider script under my home directory and refer to it from config.providers without having to hard-code my username in my dotfiles.
There is a technically possible but completely implausible regression mode for this PR: Someone has a provider defined starting with "~" which they expect to resolve to a directory with a literal "~" leading its name, located in the cwd(s) from which they call git-secrets. That provider path would fail to resolve after this change.
--pathwould accomplish the same goal, with more backwards compatibility for older git versions, but less forward compatibility if that deprecated option is ever removed.Also fixes #159
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.