getsops/sops
1
0
Fork 0
mirror of https://github.com/getsops/sops.git synced 2026-02-05 12:45:21 +01:00
Code Issues Activity

Default to Warn log level unless verbose flag is passed

Browse Source
This commit is contained in:
Adrian Utrilla
2018-03-07 17:18:45 +01:00
parent 8a0ce52f1b
commit 9d6a8d0e21
6 changed files with 35 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
kms/keysource.go
View File

@@ -61,14 +61,14 @@ func (key *MasterKey) Encrypt(dataKey []byte) error {
if kmsSvc == nil || !isMocked {
sess, err := key.createSession()
if err != nil {
log.WithField("arn", key.Arn).Warn("Encryption failed")
log.WithField("arn", key.Arn).Info("Encryption failed")
return fmt.Errorf("Failed to create session: %v", err)
}
kmsSvc = kms.New(sess)
}
out, err := kmsSvc.Encrypt(&kms.EncryptInput{Plaintext: dataKey, KeyId: &key.Arn, EncryptionContext: key.EncryptionContext})
if err != nil {
log.WithField("arn", key.Arn).Warn("Encryption failed")
log.WithField("arn", key.Arn).Info("Encryption failed")
return fmt.Errorf("Failed to call KMS encryption service: %v", err)
}
key.EncryptedKey = base64.StdEncoding.EncodeToString(out.CiphertextBlob)
@@ -88,7 +88,7 @@ func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error {
func (key *MasterKey) Decrypt() ([]byte, error) {
k, err := base64.StdEncoding.DecodeString(key.EncryptedKey)
if err != nil {
log.WithField("arn", key.Arn).Warn("Decryption failed")
log.WithField("arn", key.Arn).Info("Decryption failed")
return nil, fmt.Errorf("Error base64-decoding encrypted data key: %s", err)
}
// isMocked is set by unit test to indicate that the KMS service
@@ -96,14 +96,14 @@ func (key *MasterKey) Decrypt() ([]byte, error) {
if kmsSvc == nil || !isMocked {
sess, err := key.createSession()
if err != nil {
log.WithField("arn", key.Arn).Warn("Decryption failed")
log.WithField("arn", key.Arn).Info("Decryption failed")
return nil, fmt.Errorf("Error creating AWS session: %v", err)
}
kmsSvc = kms.New(sess)
}
decrypted, err := kmsSvc.Decrypt(&kms.DecryptInput{CiphertextBlob: k, EncryptionContext: key.EncryptionContext})
if err != nil {
log.WithField("arn", key.Arn).Warn("Decryption failed")
log.WithField("arn", key.Arn).Info("Decryption failed")
return nil, fmt.Errorf("Error decrypting key: %v", err)
}
log.WithField("arn", key.Arn).Info("Decryption succeeded")
@@ -221,6 +221,7 @@ func (key MasterKey) ToMap() map[string]interface{} {
// ParseKMSContext takes either a KMS context map or a comma-separated list of KMS context key:value pairs and returns a map
func ParseKMSContext(in interface{}) map[string]*string {
nonStringValueWarning := "Encryption context contains a non-string value, context will not be used"
out := make(map[string]*string)
switch in := in.(type) {
@@ -231,7 +232,7 @@ func ParseKMSContext(in interface{}) map[string]*string {
for k, v := range in {
value, ok := v.(string)
if !ok {
log.Warn("Encryption context contains a non-string value, context will not be used")
log.Warn(nonStringValueWarning)
return nil
}
out[k] = &value
@@ -243,12 +244,12 @@ func ParseKMSContext(in interface{}) map[string]*string {
for k, v := range in {
key, ok := k.(string)
if !ok {
log.Warn("Encryption context contains a non-string value, context will not be used")
log.Warn(nonStringValueWarning)
return nil
}
value, ok := v.(string)
if !ok {
log.Warn("Encryption context contains a non-string value, context will not be used")
log.Warn(nonStringValueWarning)
return nil
}
out[key] = &value
@@ -260,7 +261,7 @@ func ParseKMSContext(in interface{}) map[string]*string {
for _, kv := range strings.Split(in, ",") {
kv := strings.Split(kv, ":")
if len(kv) != 2 {
log.Warn("Encryption context contains a non-string value, context will not be used")
log.Warn(nonStringValueWarning)
return nil
}
out[kv[0]] = &kv[1]