Open patricknelson opened 2 years ago
This are actually two problems:
{}
(with the comment ahead) if the invalid merging bug is fixed. (See #908, #907.)Since this is a little esoteric for me, can you interpret (or simplify) this for me a bit? I'm inferring that you're saying that a single comment in a document is "empty" so are you suggesting that there's no path to being able to ever encrypt/decrypt this symmetrically and cleanly?
#@data/values
---
foo: bar
When testing comments at the top of YAML files in #757, I found that comments in YAML streams which are isolated into their own documents are coalesced into the adjacent document (but only if they are at the very top of the YAML stream). Also, I found a possible bug where
sops
will encrypt a document that it cannot decrypt later on whenever these isolated comments are located anywhere else in the YAML stream.Coalescing separate documents into a single document:
Becomes:
Errors: Each of the following variants of the above YAML stream will encrypt without an error. However, they cannot be decrypted, resulting in the exact same error message:
Note: While these examples utilize some code from
ytt
which handles comments semantically, it's not expected forsops
to supportytt
syntax per se. Rather, it's just a real-world example of the usefulness of having comments in this positions and isolated in this way, particularly sincesops
can be used to encrypt values that would be used in a templating engine likeytt
(for annotations in a document containing sensitive data that are then interpreted by a parser).