feat(settings): add support for per-project environment variable configuration for SOPS

Author: Blarc

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## [Unreleased]
 
+### Added
+
+- Support for per-project environment variable configuration for SOPS.
+
 ### Changed
 
 - Remove SOPS_AGE_KEY_FILE from default environment variables.

src/main/kotlin/com/github/blarc/sops/intellij/plugin/SopsWrapper.kt

@@ -1,9 +1,12 @@
 package com.github.blarc.sops.intellij.plugin
 
 import com.github.blarc.sops.intellij.plugin.settings.AppSettings
+import com.github.blarc.sops.intellij.plugin.settings.ProjectSettings
 import com.intellij.execution.configurations.GeneralCommandLine
 import com.intellij.execution.process.*
 import com.intellij.execution.util.ExecUtil
+import com.intellij.openapi.components.service
+import com.intellij.openapi.project.Project
 import com.intellij.openapi.util.Key
 import com.intellij.openapi.vfs.LocalFileSystem
 import com.intellij.openapi.vfs.VirtualFile
@@ -18,36 +21,42 @@ object SopsWrapper {
 
     suspend fun version(
         sopsPath: String,
+        project: Project,
         onSuccess: suspend (String) -> Unit,
         onError: suspend (String) -> Unit = {}
     ) {
         run(
-            sopsPath, "--version",
+            sopsPath,
+            "--version",
+            project,
             onSuccess = { result -> onSuccess(result.lines().first()) },
             onError = onError
         )
     }
 
     suspend fun encrypt(
         file: VirtualFile,
+        project: Project,
         inPlace: Boolean = false,
         onSuccess: suspend (String) -> Unit,
         onError: suspend (String) -> Unit = {}
     ) {
-        run("encrypt", file, inPlace, onSuccess, onError)
+        run("encrypt", project, file, inPlace, onSuccess, onError)
     }
 
     suspend fun decrypt(
         file: VirtualFile,
+        project: Project,
         inPlace: Boolean = false,
         onSuccess: suspend (String) -> Unit,
         onError: suspend (String) -> Unit = {}
     ) {
-        run("decrypt", file, inPlace, onSuccess, onError)
+        run("decrypt", project, file, inPlace, onSuccess, onError)
     }
 
     suspend fun decrypt(
         text: String,
+        project: Project,
         onSuccess: suspend (String) -> Unit,
         onError: suspend (String) -> Unit = {}
     ) {
@@ -58,11 +67,12 @@ object SopsWrapper {
         tmpFile.deleteOnExit()
 
         val file = LocalFileSystem.getInstance().refreshAndFindFileByIoFile(tmpFile)
-        run("decrypt", file!!, false, onSuccess, onError)
+        run("decrypt", project, file!!, false, onSuccess, onError)
     }
 
     suspend fun edit(
         file: VirtualFile,
+        project: Project,
         newText: String?,
         onSuccess: suspend () -> Unit = {},
         onError: suspend (String, Int) -> Unit = { _, _ -> }
@@ -73,7 +83,7 @@ object SopsWrapper {
             onError("Sops path not configured", 1)
             return
         }
-        val command = buildCommand(sopsPath, file.parent.path)
+        val command = buildCommand(sopsPath, project, file.parent.path)
 
         val scriptFiles = ScriptUtil.createScriptFiles()
         val editorPath: String = scriptFiles.script.toAbsolutePath().toString()
@@ -130,6 +140,7 @@ object SopsWrapper {
 
     suspend fun run(
         sopsCommand: String,
+        project: Project,
         file: VirtualFile? = null,
         inPlace: Boolean = false,
         onSuccess: suspend (String) -> Unit,
@@ -140,18 +151,19 @@ object SopsWrapper {
             onError("Sops path not configured")
             return
         }
-        run(sopsPath, sopsCommand, file, inPlace, onSuccess, onError)
+        run(sopsPath, sopsCommand, project, file, inPlace, onSuccess, onError)
     }
 
     suspend fun run(
         sopsPath: String,
         sopsCommand: String,
+        project: Project,
         file: VirtualFile? = null,
         inPlace: Boolean = false,
         onSuccess: suspend (String) -> Unit,
         onError: suspend (String) -> Unit
     ) {
-        val command = buildCommand(sopsPath, file?.parent?.path)
+        val command = buildCommand(sopsPath, project, file?.parent?.path)
         command.addParameter(sopsCommand)
         if (inPlace) {
             command.addParameter("--in-place")
@@ -176,10 +188,11 @@ object SopsWrapper {
         }
     }
 
-    private fun buildCommand(sopsPath: String, cwd: String? = null): GeneralCommandLine {
+    private fun buildCommand(sopsPath: String, project: Project, cwd: String? = null): GeneralCommandLine {
+        val projectSettings = project.service<ProjectSettings>()
         val command: GeneralCommandLine = GeneralCommandLine(sopsPath)
             .withParentEnvironmentType(GeneralCommandLine.ParentEnvironmentType.CONSOLE)
-            .withEnvironment(AppSettings.instance.sopsEnvironment)
+            .withEnvironment(projectSettings.sopsProjectEnvironment + AppSettings.instance.sopsEnvironment)
             .withCharset(StandardCharsets.UTF_8)
             .withWorkDirectory(cwd)
 

src/main/kotlin/com/github/blarc/sops/intellij/plugin/services/SopsService.kt

@@ -37,7 +37,7 @@ class SopsService(
         cs.launch {
             withBackgroundProgress(project, message("background.decrypting")) {
                 SopsWrapper.decrypt(
-                    file, inPlace,
+                    file, project, inPlace,
                     { decryptedText ->
                         errors[file.path] = ""
                         EditorNotifications.getInstance(project).updateAllNotifications()
@@ -62,7 +62,7 @@ class SopsService(
         cs.launch {
             withBackgroundProgress(project, message("background.decrypting")) {
                 AppSettings.instance.recordHit()
-                SopsWrapper.decrypt(text, {
+                SopsWrapper.decrypt(text, project, {
                     AppSettings.instance.recordHit()
                     onSuccess(it)
                 }, onError)
@@ -84,7 +84,7 @@ class SopsService(
 
                 val originalEncryptedText = file.getLastCommitContent(project)
                 var originalDecryptedText = ""
-                SopsWrapper.decrypt(originalEncryptedText.orEmpty(), onSuccess = {
+                SopsWrapper.decrypt(originalEncryptedText.orEmpty(), project, onSuccess = {
                     originalDecryptedText = it
                 })
 
@@ -102,7 +102,7 @@ class SopsService(
                 }
 
                 SopsWrapper.encrypt(
-                    file, inPlace,
+                    file, project, inPlace,
                     {
                         errors[file.path] = ""
                         EditorNotifications.getInstance(project).updateAllNotifications()
@@ -146,7 +146,7 @@ class SopsService(
 
                 withContext(Dispatchers.IO) {
                     SopsWrapper.edit(
-                        file, newDecryptedText,
+                        file, project,newDecryptedText,
                         {
                             errors[file.path] = ""
                             EditorNotifications.getInstance(project).updateAllNotifications()

src/main/kotlin/com/github/blarc/sops/intellij/plugin/settings/AppSettingsConfigurable.kt

@@ -3,16 +3,18 @@ package com.github.blarc.sops.intellij.plugin.settings
 import com.github.blarc.sops.intellij.plugin.SopsBundle
 import com.github.blarc.sops.intellij.plugin.SopsBundle.message
 import com.github.blarc.sops.intellij.plugin.notBlank
-import com.intellij.execution.configuration.EnvironmentVariablesComponent
 import com.intellij.execution.configuration.EnvironmentVariablesTextFieldWithBrowseButton
+import com.intellij.openapi.components.service
 import com.intellij.openapi.fileChooser.FileChooserDescriptorFactory
 import com.intellij.openapi.options.BoundConfigurable
+import com.intellij.openapi.project.Project
 import com.intellij.openapi.ui.TextFieldWithBrowseButton
 import com.intellij.ui.JBColor
 import com.intellij.ui.components.JBLabel
 import com.intellij.ui.dsl.builder.*
 
-class AppSettingsConfigurable : BoundConfigurable(message("name")) {
+// Most of the settings are global, but we use project configurable to set environment variables per project
+class AppSettingsConfigurable(val project: Project) : BoundConfigurable(message("name")) {
 
     val sopsPathTextField = TextFieldWithBrowseButton()
     val sopsPathVerifyLabel = JBLabel()
@@ -36,7 +38,7 @@ class AppSettingsConfigurable : BoundConfigurable(message("name")) {
                 }
 
             button(message("settings.verify")) {
-                AppService.instance.version(
+                project.service<ProjectService>().version(
                     sopsPathTextField.text,
                     { result ->
                         sopsPathVerifyLabel.text = "✓ $result"
@@ -68,6 +70,18 @@ class AppSettingsConfigurable : BoundConfigurable(message("name")) {
                 )
         }
 
+        row {
+            label(message("settings.project.environment"))
+                .widthGroup("label")
+            cell(EnvironmentVariablesTextFieldWithBrowseButton())
+                .align(AlignX.FILL)
+                .bind(
+                    componentSet = { c, s -> c.envs = s },
+                    componentGet = { c -> c.envs },
+                    prop = project.service<ProjectSettings>()::sopsProjectEnvironment.toMutableProperty()
+                )
+        }
+
         row {
             panel {
                 row {

…s/intellij/plugin/settings/AppService.kt …tellij/plugin/settings/ProjectService.ktsrc/main/kotlin/com/github/blarc/sops/intellij/plugin/settings/AppService.kt renamed to src/main/kotlin/com/github/blarc/sops/intellij/plugin/settings/ProjectService.kt src/main/kotlin/com/github/blarc/sops/intellij/plugin/settings/AppService.kt renamed to src/main/kotlin/com/github/blarc/sops/intellij/plugin/settings/ProjectService.kt

@@ -3,24 +3,20 @@ package com.github.blarc.sops.intellij.plugin.settings
 import com.github.blarc.sops.intellij.plugin.SopsWrapper
 import com.intellij.openapi.application.ApplicationManager
 import com.intellij.openapi.components.Service
+import com.intellij.openapi.project.Project
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.launch
 
-@Service(Service.Level.APP)
-class AppService(private val cs: CoroutineScope) {
-
-    companion object {
-        val instance: AppService
-            get() = ApplicationManager.getApplication().getService(AppService::class.java)
-    }
+@Service(Service.Level.PROJECT)
+class ProjectService(private val project: Project, private val cs: CoroutineScope) {
 
     fun version(
         sopsPath: String,
         onSuccess: suspend (result: String) -> Unit,
         onError: suspend (message: String) -> Unit = {}
     ) {
         cs.launch {
-            SopsWrapper.version(sopsPath, onSuccess, onError)
+            SopsWrapper.version(sopsPath, project, onSuccess, onError)
         }
     }
 }

src/main/kotlin/com/github/blarc/sops/intellij/plugin/settings/ProjectSettings.kt

@@ -0,0 +1,27 @@
+package com.github.blarc.sops.intellij.plugin.settings
+
+import com.intellij.openapi.components.PersistentStateComponent
+import com.intellij.openapi.components.Service
+import com.intellij.openapi.components.State
+import com.intellij.openapi.components.Storage
+import com.intellij.util.xmlb.XmlSerializerUtil
+
+@State(
+    name = ProjectSettings.SERVICE_NAME,
+    storages = [Storage("Sops.xml")]
+)
+@Service(Service.Level.PROJECT)
+class ProjectSettings : PersistentStateComponent<ProjectSettings?> {
+    companion object {
+        const val SERVICE_NAME = "com.github.blarc.sops.intellij.plugin.settings.ProjectSettings"
+    }
+
+    var sopsProjectEnvironment: Map<String, String> = emptyMap()
+
+    override fun getState() = this
+
+    override fun loadState(state: ProjectSettings) {
+        XmlSerializerUtil.copyBean(state, this)
+    }
+
+}

src/main/resources/META-INF/plugin.xml

@@ -34,7 +34,7 @@
     <resource-bundle>messages.SopsBundle</resource-bundle>
 
     <extensions defaultExtensionNs="com.intellij">
-        <applicationConfigurable
+        <projectConfigurable
                 parentId="tools"
                 instance="com.github.blarc.sops.intellij.plugin.settings.AppSettingsConfigurable"
                 key="name"

src/main/resources/messages/SopsBundle.properties

@@ -4,6 +4,7 @@ settings.title=Settings
 settings.report-bug=Report bug
 settings.path=Path to SOPS executable
 settings.environment=SOPS environment
+settings.project.environment=SOPS project environment
 settings.github-star=Star on GitHub
 settings.github-sponsors=Sponsor on GitHub
 settings.kofi=Buy me a coffee