Add JSON Schema validation for .sops.yaml configuration files#2015
Add JSON Schema validation for .sops.yaml configuration files#2015miiyakumo wants to merge 2 commits intogetsops:mainfrom
Conversation
…iguration Signed-off-by: miiyakumo <miiyakumo@qq.com>
…ration Signed-off-by: miiyakumo <miiyakumo@qq.com>
|
@miiyakumo thanks for your contribution! As indicated in #1767 (comment) I think it's better to have a single source of truth. Right now (with this PR) we have three: the Go structures, the documentation (https://github.com/getsops/sops?tab=readme-ov-file#5config-file-format, that's not even complete yet), and the schema (added in this PR). Maybe we should have a different source of truth, and use that one to generate all three (Go structures, documentation, and JSON schema)? WDYT @getsops/maintainers? |
|
I've tested the JSON schema manually with a comment like this at the top of # yaml-language-server: $schema=https://raw.githubusercontent.com/miiyakumo/sops/fb89aeaae6d1bc8cecab27d636f1650029702b39/schema/sops.jsonThe schema is a bit too strict in that it prevents the user from using this trick described in the sops-nix docs to avoid repeating a key: https://github.com/Mic92/sops-nix/blob/c7067be8db2c09ab1884de67ef6c4f693973f4a2/README.md?plain=1#L216-L232 The LSP reports "property keys is not allowed". |
3 participants
Adds JSON Schema validation for
.sops.yamlconfiguration files, enabling IDE auto-completion, real-time validation, and programmatic config checking.What's Changed
JSON Schema Definition (
schema/sops.json): A comprehensive schema defining all available configuration options, types, and constraints.Schema Test Suite (
config/config_schema_test.go): Includes 8 test functions and 13 test cases (7 valid configurations and 6 invalid configurations) to ensure schema correctness.Documentation Update: A usage guide has been added to
README.rst.Build Target: Introduced a new
make test-schematarget for conveniently running schema validation tests.Implementation Notes
I opted for a hand-written JSON Schema (
schema/sops.json) to avoid introducing new external dependencies at this time.While generating the schema from Go structs is technically feasible, it would require extensive custom logic and more complex struct tags to properly address the following challenges in the current configuration structure:
Complex Type Handling: Fields with flexible types, such as
Age interface{}(which accepts a string or an array of strings), necessitate customoneOflogic in the schema.Validation Constraints: Business-specific rules, such as range constraints (
shamir_threshold >= 1) and defined enum values, are not automatically derived from standard Go struct tags.Mutually Exclusive Fields: Custom validation is required for options that are incompatible with each other (mutually exclusive fields).
Related: #1767