-
Notifications
You must be signed in to change notification settings - Fork 53
/
keys.go
60 lines (50 loc) · 1.26 KB
/
keys.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
package machinery
import (
"path/filepath"
"github.com/spf13/afero"
"github.com/ttacon/chalk"
"go.uber.org/zap"
"github.com/rancher/opni/pkg/keyring"
"github.com/rancher/opni/pkg/logger"
)
var keyringLog = logger.New().Named("keyring")
func LoadEphemeralKeys(fsys afero.Afero, dirs ...string) ([]*keyring.EphemeralKey, error) {
var keys []*keyring.EphemeralKey
for _, dir := range dirs {
infos, err := fsys.ReadDir(dir)
if err != nil {
return nil, err
}
for _, info := range infos {
if info.IsDir() {
continue
}
perm := info.Mode().Perm()
path := filepath.Join(dir, info.Name())
lg := keyringLog.With("path", path)
if perm&0040 > 0 {
lg.Warn(chalk.Yellow.Color("Ephemeral key is group-readable. This is insecure."))
}
if perm&0004 > 0 {
lg.Warn(chalk.Yellow.Color("Ephemeral key is world-readable. This is insecure."))
}
f, err := fsys.Open(path)
if err != nil {
return nil, err
}
ekey, err := keyring.LoadEphemeralKey(f)
if err != nil {
lg.With(
zap.Error(err),
).Error("failed to load ephemeral key, skipping")
continue
}
lg.With(
"usage", ekey.Usage,
"labels", ekey.Labels,
).Debug("loaded ephemeral key")
keys = append(keys, ekey)
}
}
return keys, nil
}