github.com/kubernetes-incubator/kube-aws@v0.16.4/credential/store.go

github.com/kubernetes-incubator/kube-aws@v0.16.4/credential/store.go (about)

     1  package credential
     2  
     3  import (
     4  	"fmt"
     5  	"os"
     6  
     7  	"github.com/kubernetes-incubator/kube-aws/logger"
     8  )
     9  
    10  func (e Store) EncryptedCredentialFromPath(filePath string, defaultValue *string) (*EncryptedFile, error) {
    11  	raw, errRaw := RawCredentialFileFromPath(filePath, defaultValue)
    12  	cache, err := EncryptedCredentialCacheFromPath(filePath, errRaw == nil)
    13  	if err != nil {
    14  		if errRaw != nil { // if neither .enc nor raw is there, it is an error
    15  			return nil, fmt.Errorf("Error reading raw file: %v", errRaw)
    16  		}
    17  		cache, err = EncryptedCredentialCacheFromRawCredential(raw, e.Encryptor)
    18  		if err != nil {
    19  			return nil, err
    20  		}
    21  		logger.Debugf("generated \"%s\" by encrypting \"%s\"\n", cache.filePath, raw.filePath)
    22  	} else {
    23  		// we verify fingreprints only if non .enc version is present, so there is something there to compare against
    24  		// otherwise we assume that user provided correct .enc files to be used as-is
    25  		if errRaw == nil && raw.Fingerprint() != cache.Fingerprint() {
    26  			logger.Debugf("\"%s\" is not up-to-date. kube-aws is regenerating it from \"%s\"\n", cache.filePath, raw.filePath)
    27  			cache, err = EncryptedCredentialCacheFromRawCredential(raw, e.Encryptor)
    28  			if err != nil {
    29  				return nil, err
    30  			}
    31  		} else if errRaw != nil && !os.IsNotExist(errRaw) {
    32  			return nil, fmt.Errorf("Error reading existing raw file: %v", errRaw)
    33  		}
    34  	}
    35  
    36  	return cache, nil
    37  }