forked from getsops/sops
-
Notifications
You must be signed in to change notification settings - Fork 1
/
delete.go
62 lines (54 loc) · 1.58 KB
/
delete.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package groups
import (
"os"
"fmt"
"go.mozilla.org/sops/v3"
"go.mozilla.org/sops/v3/cmd/sops/common"
"go.mozilla.org/sops/v3/keyservice"
)
// DeleteOpts are the options for deleting a key group from a SOPS file
type DeleteOpts struct {
InputPath string
InputStore sops.Store
OutputStore sops.Store
Group uint
GroupThreshold int
InPlace bool
KeyServices []keyservice.KeyServiceClient
}
// Delete deletes a key group from a SOPS file
func Delete(opts DeleteOpts) error {
tree, err := common.LoadEncryptedFile(opts.InputStore, opts.InputPath)
if err != nil {
return err
}
dataKey, err := tree.Metadata.GetDataKeyWithKeyServices(opts.KeyServices)
if err != nil {
return err
}
tree.Metadata.KeyGroups = append(tree.Metadata.KeyGroups[:opts.Group], tree.Metadata.KeyGroups[opts.Group+1:]...)
if opts.GroupThreshold != 0 {
tree.Metadata.ShamirThreshold = opts.GroupThreshold
}
if len(tree.Metadata.KeyGroups) < tree.Metadata.ShamirThreshold {
return fmt.Errorf("removing this key group will make the Shamir threshold impossible to satisfy: "+
"Shamir threshold is %d, but we only have %d key groups", tree.Metadata.ShamirThreshold,
len(tree.Metadata.KeyGroups))
}
tree.Metadata.UpdateMasterKeysWithKeyServices(dataKey, opts.KeyServices)
output, err := opts.OutputStore.EmitEncryptedFile(*tree)
if err != nil {
return err
}
var outputFile = os.Stdout
if opts.InPlace {
var err error
outputFile, err = os.Create(opts.InputPath)
if err != nil {
return err
}
defer outputFile.Close()
}
outputFile.Write(output)
return nil
}