fix for git secret hide -m doesn't work on first use #466 (#469)

This commit is contained in:
Simon Massey 2019-05-09 06:23:02 +01:00 committed by GitHub
parent 57903b9e75
commit 10879e2253
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 45 additions and 16 deletions

View File

@ -65,7 +65,7 @@ function _get_file_hash {
echo "$file_hash"
}
function _optional_fsdb_update_hash {
function _fsdb_update_hash {
local key="$1"
local hash="$2"
local fsdb # path_mappings
@ -80,7 +80,7 @@ function hide {
local clean=0
local preserve=0
local delete=0
local fsdb_update_hash=0 # add checksum hashes to fsdb
local update_only_modified=0
local force_continue=0
OPTIND=1
@ -95,7 +95,7 @@ function hide {
d) delete=1;;
m) fsdb_update_hash=1;;
m) update_only_modified=1;;
v) _SECRETS_VERBOSE=1;;
@ -160,7 +160,7 @@ function hide {
file_hash=$(_get_file_hash "$input_path")
# encrypt file only if required
if [[ "$fsdb_file_hash" != "$file_hash" ]]; then
if [[ "$update_only_modified" -eq 0 ]] || [[ "$fsdb_file_hash" != "$file_hash" ]]; then
local args=( --homedir "$secrets_dir_keys" "--no-permission-warning" --use-agent --yes "--trust-model=always" --encrypt )
@ -193,12 +193,10 @@ function hide {
fi
fi
# If -m option was provided, it will update unencrypted file hash
# Update file hash for future use of -m
local key="$filename"
local hash="$file_hash"
# Update file hash if required in fsdb
[[ "$fsdb_update_hash" -gt 0 ]] && \
_optional_fsdb_update_hash "$key" "$hash"
_fsdb_update_hash "$key" "$hash"
fi
fi
done

View File

@ -32,7 +32,7 @@ function teardown {
# Command must execute normally:
[ "$status" -eq 0 ]
[ "$output" = "git-secret: done. 1 of 1 files are hidden." ]
[[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]
# New files should be created:
local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
@ -50,11 +50,11 @@ function teardown {
}
@test "run 'hide' normally with SECRETS_VERBOSE=1" {
SECRETS_VERBOSE=1 run git secret hide
SECRETS_VERBOSE=1 run git secret hide
# Command must execute normally.
[ "$status" -eq 0 ]
[[ "$output" == "git-secret: done. 1 of 1 files are hidden." ]]
[[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]
}
@test "run 'hide' with '-P'" {
@ -68,7 +68,7 @@ function teardown {
# Command must execute normally:
[ "$status" -eq 0 ]
[ "$output" = "git-secret: done. 1 of 1 files are hidden." ]
[[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]
# New files should be created:
local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
@ -141,7 +141,7 @@ function teardown {
run git secret hide
#echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
[ "$status" -eq 0 ]
[ "$output" = "git-secret: done. 2 of 2 files are hidden." ]
[[ "$output" == *"git-secret: done. 2 of 2 files are hidden."* ]]
# Cleaning up:
rm "$second_file"
@ -172,7 +172,7 @@ function teardown {
# Command must execute normally:
[ "$status" -eq 0 ]
# git secret hide -m: uses temp file so cleaning should take place, but we only show tmp file cleanup in VERBOSE mode
[ "${lines[0]}" = "git-secret: done. 1 of 1 files are hidden." ]
[[ "${lines[0]}" == *"git-secret: done. 1 of 1 files are hidden."* ]]
# back path mappings
cp "${path_mappings}" "${path_mappings}.bak"
@ -183,7 +183,38 @@ function teardown {
[[ "${#lines[@]}" -eq 1 ]]
# output says 0 of 1 files are hidden because checksum didn't change and we didn't need to hide it again.
[ "$output" = "git-secret: done. 0 of 1 files are hidden." ]
[[ "$output" == *"git-secret: done. 0 of 1 files are hidden."* ]]
# no changes should occur to path_mappings files
cmp -s "${path_mappings}" "${path_mappings}.bak"
# New files should be created:
local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
[ -f "$encrypted_file" ]
}
@test "run 'hide' without then with '-m'" {
local path_mappings
path_mappings=$(_get_secrets_dir_paths_mapping)
run git secret hide
#echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# Command must execute normally:
[ "$status" -eq 0 ]
# git secret hide -m: uses temp file so cleaning should take place, but we only show tmp file cleanup in VERBOSE mode
[[ "${lines[0]}" == *"git-secret: done. 1 of 1 files are hidden."* ]]
# back path mappings
cp "${path_mappings}" "${path_mappings}.bak"
# run hide again
run git secret hide -m
# compare
[ "$status" -eq 0 ]
[[ "${#lines[@]}" -eq 1 ]]
# output says 0 of 1 files are hidden because checksum didn't change and we didn't need to hide it again.
[[ "$output" == *"git-secret: done. 0 of 1 files are hidden."* ]]
# no changes should occur to path_mappings files
cmp -s "${path_mappings}" "${path_mappings}.bak"
@ -264,5 +295,5 @@ function teardown {
run git secret hide
[ "$status" -eq 0 ]
[ "$output" = "git-secret: done. 1 of 1 files are hidden." ]
[[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]
}