If filename is provided for exec-file, use it without random suffix.

Signed-off-by: Felix Fontein <[email protected]>
getsops · Mar 27, 2024 · 71bd4ca · 71bd4ca
1 parent d8e8809
commit 71bd4ca
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 7 deletions.
diff --git a/cmd/sops/main.go b/cmd/sops/main.go
@@ -272,11 +272,6 @@ func main() {
  return toExitError(err)
  }
 
- filename := c.String("filename")
- if filename == "" {
- filename = "tmp-file"
- }
-
  if c.Bool("background") {
  log.Warn("exec-file's --background option is deprecated and will be removed in a future version of sops")
  }
@@ -287,7 +282,7 @@ func main() {
  Background: c.Bool("background"),
  Fifo: !c.Bool("no-fifo"),
  User: c.String("user"),
- Filename: filename,
+ Filename: c.String("filename"),
  }); err != nil {
  return toExitError(err)
  }

diff --git a/cmd/sops/subcommand/exec/exec.go b/cmd/sops/subcommand/exec/exec.go
@@ -3,6 +3,7 @@ package exec
 import (
  "bytes"
  "os"
+ "path/filepath"
  "runtime"
  "strings"
 
@@ -28,10 +29,23 @@ type ExecOpts struct {
 }
 
 func GetFile(dir, filename string) *os.File {
- handle, err := os.CreateTemp(dir, filename)
+ // If no filename is provided, create a random one based on 'tmp-file'
+ if filename == "" {
+ handle, err := os.CreateTemp(dir, "tmp-file")
+ if err != nil {
+ log.Fatal(err)
+ }
+ return handle
+ }
+ // If a filename is provided, use that one
+ handle, err := os.Create(filepath.Join(dir, filename))
  if err != nil {
  log.Fatal(err)
  }
+ // read+write for owner only
+ if err = handle.Chmod(0600); err != nil {
+ log.Fatal(err)
+ }
  return handle
 }
 

diff --git a/functional-tests/src/lib.rs b/functional-tests/src/lib.rs
@@ -949,4 +949,46 @@ bar: |-
 }"#
  );
  }
+
+ #[test]
+ fn exec_file_filename() {
+ let file_path = prepare_temp_file(
+ "test_exec_file.yaml",
+ r#"foo: bar
+bar: |-
+ baz
+ bam
+"#
+ .as_bytes(),
+ );
+ assert!(
+ Command::new(SOPS_BINARY_PATH)
+ .arg("-e")
+ .arg("-i")
+ .arg(file_path.clone())
+ .output()
+ .expect("Error running sops")
+ .status
+ .success(),
+ "sops didn't exit successfully"
+ );
+ let output = Command::new(SOPS_BINARY_PATH)
+ .arg("exec-file")
+ .arg("--filename")
+ .arg("foobar")
+ .arg(file_path.clone())
+ .arg("echo {}")
+ .output()
+ .expect("Error running sops");
+ assert!(output.status.success(), "sops didn't exit successfully");
+ println!(
+ "stdout: {}, stderr: {}",
+ String::from_utf8_lossy(&output.stdout),
+ String::from_utf8_lossy(&output.stderr)
+ );
+ assert!(
+ String::from_utf8_lossy(&output.stdout).ends_with("foobar\n"),
+ "filename did not end with 'foobar'"
+ );
+ }
 }