mirror of
https://github.com/getsops/sops.git
synced 2026-02-05 12:45:21 +01:00
Default to Warn log level unless verbose flag is passed
This commit is contained in:
Adrian Utrilla
@@ -344,9 +344,18 @@ func main() {
|
||||
Name: "shamir-secret-sharing-threshold",
|
||||
Usage: "the number of master keys required to retrieve the data key with shamir",
|
||||
},
|
||||
cli.BoolFlag{
|
||||
Name: "verbose",
|
||||
Usage: "Enable verbose logging output",
|
||||
},
|
||||
}, keyserviceFlags...)
|
||||
|
||||
app.Action = func(c *cli.Context) error {
|
||||
if c.Bool("verbose") {
|
||||
logging.SetLevel(logrus.DebugLevel)
|
||||
} else {
|
||||
logging.SetLevel(logrus.WarnLevel)
|
||||
}
|
||||
if c.NArg() < 1 {
|
||||
return common.NewExitError("Error: no file specified", codes.NoFileSpecified)
|
||||
}
|
||||
|
||||
@@ -43,7 +43,7 @@ func (key *MasterKey) SetEncryptedDataKey(enc []byte) {
|
||||
func (key *MasterKey) Encrypt(dataKey []byte) error {
|
||||
cloudkmsService, err := key.createCloudKMSService()
|
||||
if err != nil {
|
||||
log.WithField("resourceID", key.ResourceID).Warn("Encryption failed")
|
||||
log.WithField("resourceID", key.ResourceID).Info("Encryption failed")
|
||||
return fmt.Errorf("Cannot create GCP KMS service: %v", err)
|
||||
}
|
||||
req := &cloudkms.EncryptRequest{
|
||||
@@ -51,10 +51,10 @@ func (key *MasterKey) Encrypt(dataKey []byte) error {
|
||||
}
|
||||
resp, err := cloudkmsService.Projects.Locations.KeyRings.CryptoKeys.Encrypt(key.ResourceID, req).Do()
|
||||
if err != nil {
|
||||
log.WithField("resourceID", key.ResourceID).Warn("Encryption failed")
|
||||
log.WithField("resourceID", key.ResourceID).Info("Encryption failed")
|
||||
return fmt.Errorf("Failed to call GCP KMS encryption service: %v", err)
|
||||
}
|
||||
log.WithField("resourceID", key.ResourceID).Warn("Encryption succeeded")
|
||||
log.WithField("resourceID", key.ResourceID).Info("Encryption succeeded")
|
||||
key.EncryptedKey = resp.Ciphertext
|
||||
return nil
|
||||
}
|
||||
@@ -71,7 +71,7 @@ func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error {
|
||||
func (key *MasterKey) Decrypt() ([]byte, error) {
|
||||
cloudkmsService, err := key.createCloudKMSService()
|
||||
if err != nil {
|
||||
log.WithField("resourceID", key.ResourceID).Warn("Decryption failed")
|
||||
log.WithField("resourceID", key.ResourceID).Info("Decryption failed")
|
||||
return nil, fmt.Errorf("Cannot create GCP KMS service: %v", err)
|
||||
}
|
||||
|
||||
@@ -80,15 +80,15 @@ func (key *MasterKey) Decrypt() ([]byte, error) {
|
||||
}
|
||||
resp, err := cloudkmsService.Projects.Locations.KeyRings.CryptoKeys.Decrypt(key.ResourceID, req).Do()
|
||||
if err != nil {
|
||||
log.WithField("resourceID", key.ResourceID).Warn("Decryption failed")
|
||||
log.WithField("resourceID", key.ResourceID).Info("Decryption failed")
|
||||
return nil, fmt.Errorf("Error decrypting key: %v", err)
|
||||
}
|
||||
encryptedKey, err := base64.StdEncoding.DecodeString(resp.Plaintext)
|
||||
if err != nil {
|
||||
log.WithField("resourceID", key.ResourceID).Warn("Decryption failed")
|
||||
log.WithField("resourceID", key.ResourceID).Info("Decryption failed")
|
||||
return nil, err
|
||||
}
|
||||
log.WithField("resourceID", key.ResourceID).Warn("Decryption succeeded")
|
||||
log.WithField("resourceID", key.ResourceID).Info("Decryption succeeded")
|
||||
return encryptedKey, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -61,14 +61,14 @@ func (key *MasterKey) Encrypt(dataKey []byte) error {
|
||||
if kmsSvc == nil || !isMocked {
|
||||
sess, err := key.createSession()
|
||||
if err != nil {
|
||||
log.WithField("arn", key.Arn).Warn("Encryption failed")
|
||||
log.WithField("arn", key.Arn).Info("Encryption failed")
|
||||
return fmt.Errorf("Failed to create session: %v", err)
|
||||
}
|
||||
kmsSvc = kms.New(sess)
|
||||
}
|
||||
out, err := kmsSvc.Encrypt(&kms.EncryptInput{Plaintext: dataKey, KeyId: &key.Arn, EncryptionContext: key.EncryptionContext})
|
||||
if err != nil {
|
||||
log.WithField("arn", key.Arn).Warn("Encryption failed")
|
||||
log.WithField("arn", key.Arn).Info("Encryption failed")
|
||||
return fmt.Errorf("Failed to call KMS encryption service: %v", err)
|
||||
}
|
||||
key.EncryptedKey = base64.StdEncoding.EncodeToString(out.CiphertextBlob)
|
||||
@@ -88,7 +88,7 @@ func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error {
|
||||
func (key *MasterKey) Decrypt() ([]byte, error) {
|
||||
k, err := base64.StdEncoding.DecodeString(key.EncryptedKey)
|
||||
if err != nil {
|
||||
log.WithField("arn", key.Arn).Warn("Decryption failed")
|
||||
log.WithField("arn", key.Arn).Info("Decryption failed")
|
||||
return nil, fmt.Errorf("Error base64-decoding encrypted data key: %s", err)
|
||||
}
|
||||
// isMocked is set by unit test to indicate that the KMS service
|
||||
@@ -96,14 +96,14 @@ func (key *MasterKey) Decrypt() ([]byte, error) {
|
||||
if kmsSvc == nil || !isMocked {
|
||||
sess, err := key.createSession()
|
||||
if err != nil {
|
||||
log.WithField("arn", key.Arn).Warn("Decryption failed")
|
||||
log.WithField("arn", key.Arn).Info("Decryption failed")
|
||||
return nil, fmt.Errorf("Error creating AWS session: %v", err)
|
||||
}
|
||||
kmsSvc = kms.New(sess)
|
||||
}
|
||||
decrypted, err := kmsSvc.Decrypt(&kms.DecryptInput{CiphertextBlob: k, EncryptionContext: key.EncryptionContext})
|
||||
if err != nil {
|
||||
log.WithField("arn", key.Arn).Warn("Decryption failed")
|
||||
log.WithField("arn", key.Arn).Info("Decryption failed")
|
||||
return nil, fmt.Errorf("Error decrypting key: %v", err)
|
||||
}
|
||||
log.WithField("arn", key.Arn).Info("Decryption succeeded")
|
||||
@@ -221,6 +221,7 @@ func (key MasterKey) ToMap() map[string]interface{} {
|
||||
|
||||
// ParseKMSContext takes either a KMS context map or a comma-separated list of KMS context key:value pairs and returns a map
|
||||
func ParseKMSContext(in interface{}) map[string]*string {
|
||||
nonStringValueWarning := "Encryption context contains a non-string value, context will not be used"
|
||||
out := make(map[string]*string)
|
||||
|
||||
switch in := in.(type) {
|
||||
@@ -231,7 +232,7 @@ func ParseKMSContext(in interface{}) map[string]*string {
|
||||
for k, v := range in {
|
||||
value, ok := v.(string)
|
||||
if !ok {
|
||||
log.Warn("Encryption context contains a non-string value, context will not be used")
|
||||
log.Warn(nonStringValueWarning)
|
||||
return nil
|
||||
}
|
||||
out[k] = &value
|
||||
@@ -243,12 +244,12 @@ func ParseKMSContext(in interface{}) map[string]*string {
|
||||
for k, v := range in {
|
||||
key, ok := k.(string)
|
||||
if !ok {
|
||||
log.Warn("Encryption context contains a non-string value, context will not be used")
|
||||
log.Warn(nonStringValueWarning)
|
||||
return nil
|
||||
}
|
||||
value, ok := v.(string)
|
||||
if !ok {
|
||||
log.Warn("Encryption context contains a non-string value, context will not be used")
|
||||
log.Warn(nonStringValueWarning)
|
||||
return nil
|
||||
}
|
||||
out[key] = &value
|
||||
@@ -260,7 +261,7 @@ func ParseKMSContext(in interface{}) map[string]*string {
|
||||
for _, kv := range strings.Split(in, ",") {
|
||||
kv := strings.Split(kv, ":")
|
||||
if len(kv) != 2 {
|
||||
log.Warn("Encryption context contains a non-string value, context will not be used")
|
||||
log.Warn(nonStringValueWarning)
|
||||
return nil
|
||||
}
|
||||
out[kv[0]] = &kv[1]
|
||||
|
||||
@@ -32,4 +32,10 @@ func NewLogger(name string) *logrus.Logger {
|
||||
return log
|
||||
}
|
||||
|
||||
func SetLevel(level logrus.Level) {
|
||||
for k := range Loggers {
|
||||
Loggers[k].SetLevel(level)
|
||||
}
|
||||
}
|
||||
|
||||
var Loggers map[string]*logrus.Logger
|
||||
|
||||
@@ -163,7 +163,7 @@ func (key *MasterKey) Encrypt(dataKey []byte) error {
|
||||
log.WithField("fingerprint", key.Fingerprint).Info("Encryption succeeded")
|
||||
return nil
|
||||
}
|
||||
log.WithField("fingerprint", key.Fingerprint).Warn("Encryption failed")
|
||||
log.WithField("fingerprint", key.Fingerprint).Info("Encryption failed")
|
||||
return fmt.Errorf(
|
||||
`could not encrypt data key with PGP key: golang.org/x/crypto/openpgp error: %v; GPG binary error: %v`,
|
||||
openpgpErr, binaryErr)
|
||||
@@ -225,7 +225,7 @@ func (key *MasterKey) Decrypt() ([]byte, error) {
|
||||
log.WithField("fingerprint", key.Fingerprint).Info("Decryption succeeded")
|
||||
return dataKey, nil
|
||||
}
|
||||
log.WithField("fingerprint", key.Fingerprint).Warn("Decryption failed")
|
||||
log.WithField("fingerprint", key.Fingerprint).Info("Decryption failed")
|
||||
return nil, fmt.Errorf(
|
||||
`could not decrypt data key with PGP key: golang.org/x/crypto/openpgp error: %v; GPG binary error: %v`,
|
||||
openpgpErr, binaryErr)
|
||||
|
||||
2
sops.go
2
sops.go
@@ -335,7 +335,7 @@ func (tree Tree) Decrypt(key []byte, cipher Cipher) (string, error) {
|
||||
if err != nil {
|
||||
// Assume the comment was not encrypted in the first place
|
||||
log.WithField("comment", c.Value).
|
||||
Warn("Found possibly unencrypted field in file. " +
|
||||
Warn("Found possibly unencrypted comment in file. " +
|
||||
"This is to be expected if the file being " +
|
||||
"decrypted was created with an older version of " +
|
||||
"SOPS.")
|
||||
|
||||
Reference in New Issue
Block a user