github.com/kubernetes-incubator/kube-aws@v0.16.4/credential/store.go (about) 1 package credential 2 3 import ( 4 "fmt" 5 "os" 6 7 "github.com/kubernetes-incubator/kube-aws/logger" 8 ) 9 10 func (e Store) EncryptedCredentialFromPath(filePath string, defaultValue *string) (*EncryptedFile, error) { 11 raw, errRaw := RawCredentialFileFromPath(filePath, defaultValue) 12 cache, err := EncryptedCredentialCacheFromPath(filePath, errRaw == nil) 13 if err != nil { 14 if errRaw != nil { // if neither .enc nor raw is there, it is an error 15 return nil, fmt.Errorf("Error reading raw file: %v", errRaw) 16 } 17 cache, err = EncryptedCredentialCacheFromRawCredential(raw, e.Encryptor) 18 if err != nil { 19 return nil, err 20 } 21 logger.Debugf("generated \"%s\" by encrypting \"%s\"\n", cache.filePath, raw.filePath) 22 } else { 23 // we verify fingreprints only if non .enc version is present, so there is something there to compare against 24 // otherwise we assume that user provided correct .enc files to be used as-is 25 if errRaw == nil && raw.Fingerprint() != cache.Fingerprint() { 26 logger.Debugf("\"%s\" is not up-to-date. kube-aws is regenerating it from \"%s\"\n", cache.filePath, raw.filePath) 27 cache, err = EncryptedCredentialCacheFromRawCredential(raw, e.Encryptor) 28 if err != nil { 29 return nil, err 30 } 31 } else if errRaw != nil && !os.IsNotExist(errRaw) { 32 return nil, fmt.Errorf("Error reading existing raw file: %v", errRaw) 33 } 34 } 35 36 return cache, nil 37 }