Add JSON Schema validation for .sops.yaml configuration files #2015
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…iguration Signed-off-by: miiyakumo <miiyakumo@qq.com>
…ration Signed-off-by: miiyakumo <miiyakumo@qq.com>
Contributor
|
@miiyakumo thanks for your contribution! As indicated in #1767 (comment) I think it's better to have a single source of truth. Right now (with this PR) we have three: the Go structures, the documentation (https://github.com/getsops/sops?tab=readme-ov-file#5config-file-format, that's not even complete yet), and the schema (added in this PR). Maybe we should have a different source of truth, and use that one to generate all three (Go structures, documentation, and JSON schema)? WDYT @getsops/maintainers? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds JSON Schema validation for
.sops.yamlconfiguration files, enabling IDE auto-completion, real-time validation, and programmatic config checking.What's Changed
JSON Schema Definition (
schema/sops.json): A comprehensive schema defining all available configuration options, types, and constraints.Schema Test Suite (
config/config_schema_test.go): Includes 8 test functions and 13 test cases (7 valid configurations and 6 invalid configurations) to ensure schema correctness.Documentation Update: A usage guide has been added to
README.rst.Build Target: Introduced a new
make test-schematarget for conveniently running schema validation tests.Implementation Notes
I opted for a hand-written JSON Schema (
schema/sops.json) to avoid introducing new external dependencies at this time.While generating the schema from Go structs is technically feasible, it would require extensive custom logic and more complex struct tags to properly address the following challenges in the current configuration structure:
Complex Type Handling: Fields with flexible types, such as
Age interface{}(which accepts a string or an array of strings), necessitate customoneOflogic in the schema.Validation Constraints: Business-specific rules, such as range constraints (
shamir_threshold >= 1) and defined enum values, are not automatically derived from standard Go struct tags.Mutually Exclusive Fields: Custom validation is required for options that are incompatible with each other (mutually exclusive fields).
Related: #1767