Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support lookup of a specific key in a SOPS file #158

Closed
wants to merge 1 commit into from
Closed

Support lookup of a specific key in a SOPS file #158

wants to merge 1 commit into from

Conversation

mig5
Copy link
Contributor

@mig5 mig5 commented Aug 22, 2023

Motivation

I have a use case for looking up a specific key from a SOPS file. Often, said structure is not a simple key: value but a more complex dict from which I need to obtain the values of sub-keys in the dict.

Right now with the community SOPS collection, a SOPS file containing a dict comes back as a string with \n line breaks and I am having to resort to a custom lookup plugin to do what I want. This PR achieves it for the community collection, so thought I'd offer it, but it may not be solid enough to work for wider cases - feel free to discard it.

Changes description

An optional key argument can be passed to the lookup plugin. If that key is found in the SOPS file, it's that item that gets appended and returned.

See the test suite and the README example for more information on how to use it.

Additional notes

I only tested it with YAML SOPS files, and I didn't test it with multiple SOPS files passed in as terms. The tests were all passing at time of writing.

@github-actions
Copy link

github-actions bot commented Aug 22, 2023
edited
Loading

Docs Build 📝

This PR is closed and any previously published docsite has been unpublished.

@felixfontein
Copy link
Collaborator

Thanks for your contribution!

Why not simply use lookup('community.sops.sops', playbook_dir + '/../vars/sops/my-secret-file.sops.yml') | from_yaml | attr('specific_key_in_sops_file') with the ansible.builtin.from_yaml filter and the attr filter?

And if adding support for this to the lookup, I'd rather provide a way to use sops's --extract option.

@mig5
Copy link
Contributor Author

mig5 commented Aug 22, 2023

Thanks! No reason not to simply use that - I was just too stupid to know that it was possible :) I did wonder 'there must be a better way'..

That solution is indeed working for some of my needs (but not others, where I get 'dict object' has no attribute 'xxxxxxxxxx' where xxxxxxxxxx is the top-level key in the dict). But that will surely be something wrong that I'm doing, too.

Thanks for the tip, I'll close this out.

@mig5 mig5 closed this Aug 22, 2023
@mig5 mig5 deleted the load-individual-key branch August 22, 2023 04:53
@mig5
Copy link
Contributor Author

mig5 commented Aug 22, 2023
edited
Loading

(got it working for my use case, in case it helps anyone else)

some_var: "{{ (lookup('community.sops.sops', role_path + '/../../vars/sops/some-file.sops.yml') | from_yaml).some_key }}"

..where some_key might be a dict of its own in the sops file. This allows me to iterate over the keys in that dict like normal, with with_items, etc

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mig5 @felixfontein