From 9d6a8d0e2101d8a00a5e69491766976147421bb1 Mon Sep 17 00:00:00 2001
From: Adrian Utrilla <adrianutrilla@gmail.com>
Date: Wed, 7 Mar 2018 17:18:45 +0100
Subject: [PATCH] Default to Warn log level unless verbose flag is passed

---
 cmd/sops/main.go    |  9 +++++++++
 gcpkms/keysource.go | 14 +++++++-------
 kms/keysource.go    | 19 ++++++++++---------
 logging/logging.go  |  6 ++++++
 pgp/keysource.go    |  4 ++--
 sops.go             |  2 +-
 6 files changed, 35 insertions(+), 19 deletions(-)

diff --git a/cmd/sops/main.go b/cmd/sops/main.go
index bddcefbad..fcfda1e8a 100644
--- a/cmd/sops/main.go
+++ b/cmd/sops/main.go
@@ -344,9 +344,18 @@ func main() {
 			Name:  "shamir-secret-sharing-threshold",
 			Usage: "the number of master keys required to retrieve the data key with shamir",
 		},
+		cli.BoolFlag{
+			Name:  "verbose",
+			Usage: "Enable verbose logging output",
+		},
 	}, keyserviceFlags...)
 
 	app.Action = func(c *cli.Context) error {
+		if c.Bool("verbose") {
+			logging.SetLevel(logrus.DebugLevel)
+		} else {
+			logging.SetLevel(logrus.WarnLevel)
+		}
 		if c.NArg() < 1 {
 			return common.NewExitError("Error: no file specified", codes.NoFileSpecified)
 		}
diff --git a/gcpkms/keysource.go b/gcpkms/keysource.go
index d16eaa155..0474c7f2a 100644
--- a/gcpkms/keysource.go
+++ b/gcpkms/keysource.go
@@ -43,7 +43,7 @@ func (key *MasterKey) SetEncryptedDataKey(enc []byte) {
 func (key *MasterKey) Encrypt(dataKey []byte) error {
 	cloudkmsService, err := key.createCloudKMSService()
 	if err != nil {
-		log.WithField("resourceID", key.ResourceID).Warn("Encryption failed")
+		log.WithField("resourceID", key.ResourceID).Info("Encryption failed")
 		return fmt.Errorf("Cannot create GCP KMS service: %v", err)
 	}
 	req := &cloudkms.EncryptRequest{
@@ -51,10 +51,10 @@ func (key *MasterKey) Encrypt(dataKey []byte) error {
 	}
 	resp, err := cloudkmsService.Projects.Locations.KeyRings.CryptoKeys.Encrypt(key.ResourceID, req).Do()
 	if err != nil {
-		log.WithField("resourceID", key.ResourceID).Warn("Encryption failed")
+		log.WithField("resourceID", key.ResourceID).Info("Encryption failed")
 		return fmt.Errorf("Failed to call GCP KMS encryption service: %v", err)
 	}
-	log.WithField("resourceID", key.ResourceID).Warn("Encryption succeeded")
+	log.WithField("resourceID", key.ResourceID).Info("Encryption succeeded")
 	key.EncryptedKey = resp.Ciphertext
 	return nil
 }
@@ -71,7 +71,7 @@ func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error {
 func (key *MasterKey) Decrypt() ([]byte, error) {
 	cloudkmsService, err := key.createCloudKMSService()
 	if err != nil {
-		log.WithField("resourceID", key.ResourceID).Warn("Decryption failed")
+		log.WithField("resourceID", key.ResourceID).Info("Decryption failed")
 		return nil, fmt.Errorf("Cannot create GCP KMS service: %v", err)
 	}
 
@@ -80,15 +80,15 @@ func (key *MasterKey) Decrypt() ([]byte, error) {
 	}
 	resp, err := cloudkmsService.Projects.Locations.KeyRings.CryptoKeys.Decrypt(key.ResourceID, req).Do()
 	if err != nil {
-		log.WithField("resourceID", key.ResourceID).Warn("Decryption failed")
+		log.WithField("resourceID", key.ResourceID).Info("Decryption failed")
 		return nil, fmt.Errorf("Error decrypting key: %v", err)
 	}
 	encryptedKey, err := base64.StdEncoding.DecodeString(resp.Plaintext)
 	if err != nil {
-		log.WithField("resourceID", key.ResourceID).Warn("Decryption failed")
+		log.WithField("resourceID", key.ResourceID).Info("Decryption failed")
 		return nil, err
 	}
-	log.WithField("resourceID", key.ResourceID).Warn("Decryption succeeded")
+	log.WithField("resourceID", key.ResourceID).Info("Decryption succeeded")
 	return encryptedKey, nil
 }
 
diff --git a/kms/keysource.go b/kms/keysource.go
index 568f66b24..b61445d52 100644
--- a/kms/keysource.go
+++ b/kms/keysource.go
@@ -61,14 +61,14 @@ func (key *MasterKey) Encrypt(dataKey []byte) error {
 	if kmsSvc == nil || !isMocked {
 		sess, err := key.createSession()
 		if err != nil {
-			log.WithField("arn", key.Arn).Warn("Encryption failed")
+			log.WithField("arn", key.Arn).Info("Encryption failed")
 			return fmt.Errorf("Failed to create session: %v", err)
 		}
 		kmsSvc = kms.New(sess)
 	}
 	out, err := kmsSvc.Encrypt(&kms.EncryptInput{Plaintext: dataKey, KeyId: &key.Arn, EncryptionContext: key.EncryptionContext})
 	if err != nil {
-		log.WithField("arn", key.Arn).Warn("Encryption failed")
+		log.WithField("arn", key.Arn).Info("Encryption failed")
 		return fmt.Errorf("Failed to call KMS encryption service: %v", err)
 	}
 	key.EncryptedKey = base64.StdEncoding.EncodeToString(out.CiphertextBlob)
@@ -88,7 +88,7 @@ func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error {
 func (key *MasterKey) Decrypt() ([]byte, error) {
 	k, err := base64.StdEncoding.DecodeString(key.EncryptedKey)
 	if err != nil {
-		log.WithField("arn", key.Arn).Warn("Decryption failed")
+		log.WithField("arn", key.Arn).Info("Decryption failed")
 		return nil, fmt.Errorf("Error base64-decoding encrypted data key: %s", err)
 	}
 	// isMocked is set by unit test to indicate that the KMS service
@@ -96,14 +96,14 @@ func (key *MasterKey) Decrypt() ([]byte, error) {
 	if kmsSvc == nil || !isMocked {
 		sess, err := key.createSession()
 		if err != nil {
-			log.WithField("arn", key.Arn).Warn("Decryption failed")
+			log.WithField("arn", key.Arn).Info("Decryption failed")
 			return nil, fmt.Errorf("Error creating AWS session: %v", err)
 		}
 		kmsSvc = kms.New(sess)
 	}
 	decrypted, err := kmsSvc.Decrypt(&kms.DecryptInput{CiphertextBlob: k, EncryptionContext: key.EncryptionContext})
 	if err != nil {
-		log.WithField("arn", key.Arn).Warn("Decryption failed")
+		log.WithField("arn", key.Arn).Info("Decryption failed")
 		return nil, fmt.Errorf("Error decrypting key: %v", err)
 	}
 	log.WithField("arn", key.Arn).Info("Decryption succeeded")
@@ -221,6 +221,7 @@ func (key MasterKey) ToMap() map[string]interface{} {
 
 // ParseKMSContext takes either a KMS context map or a comma-separated list of KMS context key:value pairs and returns a map
 func ParseKMSContext(in interface{}) map[string]*string {
+	nonStringValueWarning := "Encryption context contains a non-string value, context will not be used"
 	out := make(map[string]*string)
 
 	switch in := in.(type) {
@@ -231,7 +232,7 @@ func ParseKMSContext(in interface{}) map[string]*string {
 		for k, v := range in {
 			value, ok := v.(string)
 			if !ok {
-				log.Warn("Encryption context contains a non-string value, context will not be used")
+				log.Warn(nonStringValueWarning)
 				return nil
 			}
 			out[k] = &value
@@ -243,12 +244,12 @@ func ParseKMSContext(in interface{}) map[string]*string {
 		for k, v := range in {
 			key, ok := k.(string)
 			if !ok {
-				log.Warn("Encryption context contains a non-string value, context will not be used")
+				log.Warn(nonStringValueWarning)
 				return nil
 			}
 			value, ok := v.(string)
 			if !ok {
-				log.Warn("Encryption context contains a non-string value, context will not be used")
+				log.Warn(nonStringValueWarning)
 				return nil
 			}
 			out[key] = &value
@@ -260,7 +261,7 @@ func ParseKMSContext(in interface{}) map[string]*string {
 		for _, kv := range strings.Split(in, ",") {
 			kv := strings.Split(kv, ":")
 			if len(kv) != 2 {
-				log.Warn("Encryption context contains a non-string value, context will not be used")
+				log.Warn(nonStringValueWarning)
 				return nil
 			}
 			out[kv[0]] = &kv[1]
diff --git a/logging/logging.go b/logging/logging.go
index b8eeb258a..ef01f0f82 100644
--- a/logging/logging.go
+++ b/logging/logging.go
@@ -32,4 +32,10 @@ func NewLogger(name string) *logrus.Logger {
 	return log
 }
 
+func SetLevel(level logrus.Level) {
+	for k := range Loggers {
+		Loggers[k].SetLevel(level)
+	}
+}
+
 var Loggers map[string]*logrus.Logger
diff --git a/pgp/keysource.go b/pgp/keysource.go
index bae339a4d..8911681ea 100644
--- a/pgp/keysource.go
+++ b/pgp/keysource.go
@@ -163,7 +163,7 @@ func (key *MasterKey) Encrypt(dataKey []byte) error {
 		log.WithField("fingerprint", key.Fingerprint).Info("Encryption succeeded")
 		return nil
 	}
-	log.WithField("fingerprint", key.Fingerprint).Warn("Encryption failed")
+	log.WithField("fingerprint", key.Fingerprint).Info("Encryption failed")
 	return fmt.Errorf(
 		`could not encrypt data key with PGP key: golang.org/x/crypto/openpgp error: %v; GPG binary error: %v`,
 		openpgpErr, binaryErr)
@@ -225,7 +225,7 @@ func (key *MasterKey) Decrypt() ([]byte, error) {
 		log.WithField("fingerprint", key.Fingerprint).Info("Decryption succeeded")
 		return dataKey, nil
 	}
-	log.WithField("fingerprint", key.Fingerprint).Warn("Decryption failed")
+	log.WithField("fingerprint", key.Fingerprint).Info("Decryption failed")
 	return nil, fmt.Errorf(
 		`could not decrypt data key with PGP key: golang.org/x/crypto/openpgp error: %v; GPG binary error: %v`,
 		openpgpErr, binaryErr)
diff --git a/sops.go b/sops.go
index 5d2608644..11e242957 100644
--- a/sops.go
+++ b/sops.go
@@ -335,7 +335,7 @@ func (tree Tree) Decrypt(key []byte, cipher Cipher) (string, error) {
 				if err != nil {
 					// Assume the comment was not encrypted in the first place
 					log.WithField("comment", c.Value).
-						Warn("Found possibly unencrypted field in file. " +
+						Warn("Found possibly unencrypted comment in file. " +
 							"This is to be expected if the file being " +
 							"decrypted was created with an older version of " +
 							"SOPS.")