Don't require SOPS for local development (#19)

We don't need to `sops`-encrypt our local allowlist, it complicates local development for no particular gain.
RMI · Aug 14, 2024 · 46f36e0 · 46f36e0
1 parent 9469a8e
commit 46f36e0
Show file tree

Hide file tree

Showing 7 changed files with 3 additions and 59 deletions.
diff --git a/.gitignore b/.gitignore
@@ -5,5 +5,6 @@
 /test_server.pub
 
 /cmd/server/configs/allowlists/*.json
+!/cmd/server/configs/allowlists/local.json
 !/cmd/server/configs/allowlists/*.enc.json
 !/cmd/server/configs/allowlists/example.json
diff --git a/.sops.yaml b/.sops.yaml
@@ -1,7 +1,5 @@
 # creation rules are evaluated sequentially, the first match wins
 creation_rules:
-        - path_regex: cmd/server/configs/allowlists/local\.enc\.json$
-          azure_keyvault: https://rmicredsrvlocalsops.vault.azure.net/keys/sops/8c544f0ae62b4d5a9b1c7ef755345f22
         - path_regex: cmd/server/configs/allowlists/dev\.enc\.json$
           azure_keyvault: https://rmicredsrvdevsops.vault.azure.net/keys/sops/2e4989d46cb24ccb96c8ce98e9104fe5
 
diff --git a/README.md b/README.md
@@ -17,8 +17,6 @@ Things to note:
 
 ## Running the Credential Service
 
-Before running the service locally, make sure you have [`sops`](https://github.com/getsops/sops) installed, and are logged into Azure with credentials that can access the relevant keys. See the `.sops.yaml` for more info.
-
 Run the server against an Azure AD B2C instance:
 
 ```bash

diff --git a/cmd/server/configs/allowlists/local.enc.json b/cmd/server/configs/allowlists/local.enc.json
diff --git a/cmd/server/configs/allowlists/example.json → cmd/server/configs/allowlists/local.json b/cmd/server/configs/allowlists/example.json → cmd/server/configs/allowlists/local.json
diff --git a/cmd/server/configs/local.conf b/cmd/server/configs/local.conf
@@ -1,6 +1,6 @@
 env local
 allowed_cors_origins http://localhost:3000
-# allowlist_file is added by our /scripts/run_server.sh script
+allowlist_file cmd/server/configs/allowlists/local.json
 
 use_local_jwts true
 enable_credential_test_api true

diff --git a/scripts/run_server.sh b/scripts/run_server.sh
@@ -23,26 +23,10 @@ OPTS=$(getopt \
   -- "$@"
 )
 
-if ! [ -x "$(command -v sops)" ]; then
-  echo 'Error: sops is not installed.' >&2
-  exit 1
-fi
-
-TMP_CONFIG_DIR="$(mktemp -d -t credsrv-local-XXXXXXXXX)"
-function cleanup {
-  rm -rf "$TMP_CONFIG_DIR"
-}
-trap cleanup EXIT
-TMP_ALLOWLIST_FILE="${TMP_CONFIG_DIR}/local.json"
-TMP_CONFIG_FILE="${TMP_CONFIG_DIR}/local.conf"
-sops -d "$ROOT/cmd/server/configs/allowlists/local.enc.json" > "$TMP_ALLOWLIST_FILE"
-cp "$ROOT/cmd/server/configs/local.conf" "$TMP_CONFIG_FILE"
-printf "\nallowlist_file %s\n" "$TMP_ALLOWLIST_FILE" >> "$TMP_CONFIG_FILE"
-
 eval set --$OPTS
 
 declare -a FLAGS=(
-  "--config=$TMP_CONFIG_FILE"
+  "--config=cmd/server/configs/local.conf"
 )
 while [ ! $# -eq 0 ]
 do