Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update c7n logging for base64 decode error for clarification #7185

Open
liz-acosta opened this issue Mar 28, 2022 · 0 comments
Open

Update c7n logging for base64 decode error for clarification #7185

liz-acosta opened this issue Mar 28, 2022 · 0 comments
Labels
kind/bug

Comments

@liz-acosta
Copy link

Describe the bug

c7n-mailer supports KMS encryption of Slack tokens and other mailer config secrets and will attempt to handle the secret accordingly. However, this is not always the user's intention and the error log that occurs as a result of a failed attempted unnecessary decryption lacks clarity.

So even though my intention is plaintext, the log reads as an error:

Error: Incorrect padding Unable to base64 decode slack_token, will assume plaintext.

What did you expect to happen?

I was expecting more information and clarity that I can use for debugging if necessary.

Cloud Provider

Amazon Web Services (AWS)

Cloud Custodian version and dependency information

Custodian:   0.9.15
Python:      3.10.2 (main, Feb  2 2022, 08:42:42) [Clang 13.0.0 (clang-1300.0.29.3)]
Platform:    posix.uname_result(sysname='Darwin', nodename='all-computers-are-broken.local', release='20.5.0', version='Darwin Kernel Version 20.5.0: Sat May  8 05:10:33 PDT 2021; root:xnu-7195.121.3~9/RELEASE_X86_64', machine='x86_64')
Using venv:  True
Docker: False
Installed: 

PyJWT==1.7.1
PyYAML==6.0
adal==1.2.7
appdirs==1.4.4
applicationinsights==0.11.10
apscheduler==3.8.1
argcomplete==2.0.0
attrs==21.4.0
azure-common==1.1.28
azure-core==1.22.1
azure-cosmos==3.2.0
azure-cosmosdb-nspkg==2.0.2
azure-cosmosdb-table==1.0.6
azure-functions==1.9.0
azure-graphrbac==0.61.1
azure-identity==1.7.1
azure-keyvault==4.1.0
azure-keyvault-certificates==4.3.0
azure-keyvault-keys==4.4.0
azure-keyvault-secrets==4.3.0
azure-mgmt-advisor==9.0.0
azure-mgmt-apimanagement==1.0.0
azure-mgmt-applicationinsights==1.0.0
azure-mgmt-authorization==1.0.0
azure-mgmt-batch==15.0.0
azure-mgmt-cdn==10.0.0
azure-mgmt-cognitiveservices==11.0.0
azure-mgmt-compute==19.0.0
azure-mgmt-containerinstance==7.0.0
azure-mgmt-containerregistry==8.0.0b1
azure-mgmt-containerservice==15.1.0
azure-mgmt-core==1.3.0
azure-mgmt-cosmosdb==6.4.0
azure-mgmt-costmanagement==1.0.0
azure-mgmt-databricks==1.0.0b1
azure-mgmt-datafactory==1.1.0
azure-mgmt-datalake-store==1.0.0
azure-mgmt-dns==8.0.0b1
azure-mgmt-eventgrid==8.0.0
azure-mgmt-eventhub==8.0.0
azure-mgmt-frontdoor==1.0.0
azure-mgmt-hdinsight==7.0.0
azure-mgmt-iothub==1.0.0
azure-mgmt-keyvault==8.0.0
azure-mgmt-logic==9.0.0
azure-mgmt-managementgroups==1.0.0b1
azure-mgmt-monitor==2.0.0
azure-mgmt-msi==1.0.0
azure-mgmt-network==17.1.0
azure-mgmt-policyinsights==1.0.0
azure-mgmt-rdbms==8.1.0
azure-mgmt-redis==12.0.0
azure-mgmt-resource==16.1.0
azure-mgmt-resourcegraph==7.0.0
azure-mgmt-search==8.0.0
azure-mgmt-security==1.0.0
azure-mgmt-servicefabric==1.0.0
azure-mgmt-sql==1.0.0
azure-mgmt-storage==17.1.0
azure-mgmt-subscription==1.0.0
azure-mgmt-trafficmanager==0.51.0
azure-mgmt-web==2.0.0
azure-nspkg==3.0.2
azure-storage-blob==12.9.0
azure-storage-common==2.1.0
azure-storage-file==2.1.0
azure-storage-file-share==12.6.0
azure-storage-queue==12.1.6
boto3==1.21.5
botocore==1.24.5
cachetools==5.0.0
certifi==2021.10.8
cffi==1.15.0
charset-normalizer==2.0.12
click==8.0.4
cryptography==36.0.1
decorator==5.1.1
distlib==0.3.4
docutils==0.17.1
dogpile.cache==1.1.5
google-api-core==2.5.0
google-api-python-client==2.37.0
google-auth==2.6.0
google-auth-httplib2==0.1.0
google-cloud-appengine-logging==1.1.0
google-cloud-audit-log==0.2.0
google-cloud-core==2.2.2
google-cloud-logging==2.7.0
google-cloud-monitoring==2.8.0
google-cloud-storage==1.44.0
google-crc32c==1.3.0
google-resumable-media==2.2.1
googleapis-common-protos==1.54.0
grpc-google-iam-v1==0.12.3
grpcio==1.44.0
httplib2==0.20.4
idna==3.3
importlib-metadata==4.11.1
iso8601==1.0.2
isodate==0.6.1
jmespath==0.10.0
jsonpatch==1.32
jsonpointer==2.2
jsonschema==4.4.0
keystoneauth1==4.4.0
kubernetes==10.0.1
mock==4.0.3
msal==1.17.0
msal-extensions==0.3.1
msrest==0.6.21
msrestazure==0.6.4
munch==2.5.0
netaddr==0.7.20
netifaces==0.11.0
oauthlib==3.2.0
openstacksdk==0.52.0
os-service-types==1.7.0
packaging==21.3
pbr==5.8.1
portalocker==2.4.0
proto-plus==1.20.3
protobuf==3.19.4
pyasn1==0.4.8
pyasn1-modules==0.2.8
pycparser==2.21
pyparsing==3.0.7
pyrsistent==0.18.1
python-dateutil==2.8.2
pytz==2021.3
pytz-deprecation-shim==0.1.0.post0
pyyaml==6.0
ratelimiter==1.2.0.post0
requests==2.27.1
requests-oauthlib==1.3.1
requestsexceptions==1.4.0
retrying==1.3.3
rsa==4.8
s3transfer==0.5.1
setuptools==58.3.0
six==1.16.0
stevedore==3.5.0
tabulate==0.8.9
tzdata==2021.5
tzlocal==4.1
uritemplate==4.1.1
urllib3==1.26.8
websocket-client==1.2.3
zipp==3.7.0

Policy

queue_url: https://sqs.us-east-1.amazonaws.com/<account_number>/c7n-102-mailer-queue
role: arn:aws:iam::<account_number>:role/c7n-102-execution-role
slack_token: <slack_token>
lambda_tags:
  c7n-102: ""

Relevant log/traceback output

No response

Extra information or context

Spoke with @ajkerrigan about this as well and this was partly his suggestion : )
@liz-acosta liz-acosta changed the title Update c7n logging for base64 decode error to make it easier to understand Update c7n logging for base64 decode error for clarification Mar 28, 2022
@liz-acosta liz-acosta mentioned this issue Mar 28, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@liz-acosta