-
-
Notifications
You must be signed in to change notification settings - Fork 610
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
system(command; args) operator #2048
Comments
I'm not convinced this would be a great idea, security wise. You can get the same outcome by using environment variables and passing that to yq. |
That’s not really true, the purpose is to perform processing of yq inputs using external tools. |
Ah I think I see what you mean, you could use |
Sorry for the delay. Here are some example use-cases as encountered in practice (by me personally) in the last couple of weeks (I've been using the patched Data SanitizationImagine you're working with computer-generated data (for instance, OCR / ASR / etc). With Without this, you'd need to canonicalize the order of the data, extract the parts you want to handle out, process them separately, generate the replaced structure, merge the two parts, and then undo the canonicalization (if needed). API Traversal
Sanity CheckingSometimes, data is entered incorrectly. Correcting it also obviously requires re-verification. It's much easier to write a small helper that checks validity and corrects it if needed, and then use |
Another real world example is to process a list of users (JSON format), hash the password and then update the Traefik config (YAML format). Iterating over one list of users is doable without getting lost in too many functions. export users="$(
echo "users:"
cat users.json | yq --unwrapScalar --output-format json ".[] | (\"username='\" + .username + \"'; password='\" + .password + \"'\")" |
while read -r vars; do eval $vars; pw_hash=$(echo "${password}" | htpasswd -n -i -B "${username}"); echo " - ${pw_hash}"; done
)"
cat input-config.yaml | yq --output-format yaml ". | .http.middlewares.auth-users.basicAuth.users = env(users)" > output-config.yaml Including the realm makes it significantly harder because iterating over an array in Alternatively, gomplate supports a bcrypt function to hash passwords. It should be relatively easy to template the realm and list of users for each realm. |
Please describe your feature request.
I wish I could use yq to transform keys arbitrarily using external filters.
Describe the solution you'd like
If we have data1.yml like:
And we run a command:
yq '.country = system("/usr/bin/echo"; "test")'
it could output
system
may also pipe inputs as text via stdin.Describe alternatives you've considered
Some tasks simply require additional processing, which this makes possible.
The alternatives involve doing said processing in a different language (such as js), pulling in the involved parsers (e.g yaml), and running the modifications there.
It is possible to perform most of the edits in yq (or similar tool, such as jq), and then perform the final transformation steps in this separate tool.
Additional context
This is essentially the same request/proposal as jq#1614.
It allows for the same use-cases.
It appears that the jq PR implementing this (among others) is stalled, so this could be an additional reason to use yq over jq, when applicable.
I tried searching for this feature request prior to submission, but my searches either returned nothing comparable, or pages upon pages of (seemingly unrelated) results.
If I missed one, please do close this as a duplicate.
The text was updated successfully, but these errors were encountered: