fix: Avoid panic in sops decrypt (#3494)

config/config_helpers.go

@@ -1110,7 +1110,7 @@ func extractSopsErrors(err error) *errors.MultiError {
 	}
 
 	// append the original error if no group results were found
-	if errs.Len() == 0 {
+	if errs == nil {
 		errs = errs.Append(err)
 	}
 

test/fixtures/sops-missing/terragrunt.hcl

@@ -0,0 +1,3 @@
+locals {
+  secret_vars = yamldecode(sops_decrypt_file("${get_terragrunt_dir()}/missing.yaml"))
+}

test/integration_sops_test.go

@@ -12,8 +12,9 @@ import (
 )
 
 const (
-	testFixtureSops       = "fixtures/sops"
-	testFixtureSopsErrors = "fixtures/sops-errors"
+	testFixtureSops        = "fixtures/sops"
+	testFixtureSopsErrors  = "fixtures/sops-errors"
+	testFixtureSopsMissing = "fixtures/sops-missing"
 )
 
 func TestSopsDecryptedCorrectly(t *testing.T) {
@@ -97,3 +98,17 @@ func TestTerragruntLogSopsErrors(t *testing.T) {
 	assert.Contains(t, errorOut, "error decrypting key: [error decrypting key")
 	assert.Contains(t, errorOut, "error base64-decoding encrypted data key: illegal base64 data at input byte")
 }
+
+func TestSopsDecryptOnMissing(t *testing.T) {
+	t.Parallel()
+
+	cleanupTerraformFolder(t, testFixtureSopsMissing)
+	tmpEnvPath := copyEnvironment(t, testFixtureSopsMissing)
+	rootPath := util.JoinPath(tmpEnvPath, testFixtureSopsMissing)
+
+	// apply and check for errors
+	_, errorOut, err := runTerragruntCommandWithOutput(t, "terragrunt apply --terragrunt-non-interactive --terragrunt-log-level debug --terragrunt-working-dir "+rootPath)
+	require.Error(t, err)
+
+	assert.Contains(t, errorOut, "Encountered error while evaluating locals in file ./terragrunt.hcl")
+}