Skip to content

Commit

Permalink
Merge pull request #56 from godaddy/ErrorLogImprovements
Browse files Browse the repository at this point in the history
Significantly improve logging, make error logs not conditional
  • Loading branch information
jgowdy authored Oct 3, 2023
2 parents 6875f82 + f518ed4 commit be43671
Show file tree
Hide file tree
Showing 3 changed files with 49 additions and 15 deletions.
12 changes: 12 additions & 0 deletions internal/asherah/asherah.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (

"github.com/aws/aws-sdk-go/aws"
awssession "github.com/aws/aws-sdk-go/aws/session"
"github.com/godaddy/asherah-cobhan/internal/output"
"github.com/godaddy/asherah/go/appencryption"
"github.com/godaddy/asherah/go/appencryption/pkg/crypto/aead"
"github.com/godaddy/asherah/go/appencryption/pkg/kms"
Expand All @@ -23,6 +24,7 @@ var ErrAsherahFailedInitialization = errors.New("asherah failed initialization")

func Setup(options *Options) error {
if atomic.LoadInt32(&globalInitialized) == 1 {
output.StderrDebugOutputf("Failed to initialize asherah: already initialized")
return ErrAsherahAlreadyInitialized
}

Expand Down Expand Up @@ -58,6 +60,7 @@ func Setup(options *Options) error {
)

if globalSessionFactory == nil {
output.StderrDebugOutputf("Failed to create session factory")
return ErrAsherahFailedInitialization
}

Expand All @@ -74,11 +77,13 @@ func Shutdown() {

func Encrypt(partitionId string, data []byte) (*appencryption.DataRowRecord, error) {
if globalInitialized == 0 {
output.StderrDebugOutputf("Failed to encrypt data: asherah is not initialized")
return nil, ErrAsherahNotInitialized
}

session, err := globalSessionFactory.GetSession(partitionId)
if err != nil {
output.StderrDebugOutputf("Failed to get session for partition %v: %v", partitionId, err)
return nil, err
}
defer session.Close()
Expand All @@ -94,6 +99,7 @@ func Decrypt(partitionId string, drr *appencryption.DataRowRecord) ([]byte, erro

session, err := globalSessionFactory.GetSession(partitionId)
if err != nil {
output.StderrDebugOutputf("Failed to get session for partition %v: %v", partitionId, err)
return nil, err
}
defer session.Close()
Expand All @@ -108,13 +114,15 @@ func NewMetastore(opts *Options) appencryption.Metastore {
// TODO: support other databases
db, err := newMysql(opts.ConnectionString)
if err != nil {
output.StderrDebugOutputf("PANIC: Failed to connect to database: %v", err)
panic(err)
}

// set optional replica read consistency
if len(opts.ReplicaReadConsistency) > 0 {
err := setRdbmsReplicaReadConsistencyValue(opts.ReplicaReadConsistency)
if err != nil {
output.StderrDebugOutputf("PANIC: Failed to set replica read consistency: %v", err)
panic(err)
}
}
Expand Down Expand Up @@ -145,8 +153,11 @@ func NewMetastore(opts *Options) appencryption.Metastore {

func NewKMS(opts *Options, crypto appencryption.AEAD) appencryption.KeyManagementService {
if opts.KMS == "static" {
output.StderrDebugOutputf("*** WARNING WARNING WARNING USING STATIC MASTER KEY - THIS IS FOR DEBUG ONLY ***")

m, err := kms.NewStatic("thisIsAStaticMasterKeyForTesting", aead.NewAES256GCM())
if err != nil {
output.StderrDebugOutputf("PANIC: Failed to create static master key: %v", err)
panic(err)
}

Expand All @@ -155,6 +166,7 @@ func NewKMS(opts *Options, crypto appencryption.AEAD) appencryption.KeyManagemen

m, err := kms.NewAWS(crypto, opts.PreferredRegion, opts.RegionMap)
if err != nil {
output.StderrDebugOutputf("PANIC: Failed to create AWS KMS: %v", err)
panic(err)
}

Expand Down
6 changes: 3 additions & 3 deletions internal/output/output.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,19 +12,19 @@ func EnableVerboseOutput(flag bool) {
if flag {
VerboseOutput = StderrDebugOutput
VerboseOutputf = StderrDebugOutputf
VerboseOutput("Enabled debug output")
VerboseOutput("asherah-cobhan: Enabled debug output")
} else {
VerboseOutput = NullDebugOutput
VerboseOutputf = NullDebugOutputf
}
}

func StderrDebugOutput(output interface{}) {
fmt.Fprintf(os.Stderr, "%#v\n", output)
fmt.Fprintf(os.Stderr, "asherah-cobhan: %#v\n", output)
}

func StderrDebugOutputf(format string, args ...interface{}) {
fmt.Fprintf(os.Stderr, format+"\n", args...)
fmt.Fprintf(os.Stderr, "asherah-cobhan:"+format+"\n", args...)
}

func NullDebugOutput(output interface{}) {
Expand Down
46 changes: 34 additions & 12 deletions libasherah.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ func main() {

//export Shutdown
func Shutdown() {
output.VerboseOutput("Asherah shutdown")

asherah.Shutdown()
}

Expand All @@ -42,6 +44,7 @@ func SetEnv(envJson unsafe.Pointer) int32 {

result := cobhan.BufferToJsonStruct(envJson, &env)
if result != cobhan.ERR_NONE {
output.StderrDebugOutputf("Failed to deserialize environment JSON string %v", result)
return result
}

Expand All @@ -61,6 +64,7 @@ func SetupJson(configJson unsafe.Pointer) int32 {
output.StderrDebugOutputf("Failed to deserialize configuration string %v", result)
configString, stringResult := cobhan.BufferToString(configJson)
if stringResult != cobhan.ERR_NONE {
output.StderrDebugOutputf("Could not convert configJson to string: %v", stringResult)
return result
}
output.StderrDebugOutputf("Could not deserialize: %v", configString)
Expand All @@ -75,11 +79,16 @@ func SetupJson(configJson unsafe.Pointer) int32 {

err := asherah.Setup(options)
if err == asherah.ErrAsherahAlreadyInitialized {
output.StderrDebugOutput("Setup failed: asherah is already initialized")
return ERR_ALREADY_INITIALIZED
}
if err != nil {
output.StderrDebugOutput("Setup failed due to bad config?")
return ERR_BAD_CONFIG
}

output.VerboseOutput("Successfully configured asherah")

return cobhan.ERR_NONE
}

Expand All @@ -99,16 +108,19 @@ func Decrypt(partitionIdPtr unsafe.Pointer, encryptedDataPtr unsafe.Pointer, enc
created int64, parentKeyIdPtr unsafe.Pointer, parentKeyCreated int64, outputDecryptedDataPtr unsafe.Pointer) int32 {
encryptedData, result := cobhan.BufferToBytes(encryptedDataPtr)
if result != cobhan.ERR_NONE {
output.StderrDebugOutputf("Failed to convert encryptedDataPtr cobhan buffer to bytes %v", result)
return result
}

encryptedKey, result := cobhan.BufferToBytes(encryptedKeyPtr)
if result != cobhan.ERR_NONE {
output.StderrDebugOutputf("Failed to convert encryptedKeyPtr cobhan buffer to bytes %v", result)
return result
}

parentKeyId, result := cobhan.BufferToString(parentKeyIdPtr)
if result != cobhan.ERR_NONE {
output.StderrDebugOutputf("Failed to convert parentKeyIdPtr cobhan buffer to string %v", result)
return result
}

Expand All @@ -126,6 +138,7 @@ func Decrypt(partitionIdPtr unsafe.Pointer, encryptedDataPtr unsafe.Pointer, enc

data, result := decryptData(partitionIdPtr, &drr)
if result != cobhan.ERR_NONE {
output.StderrDebugOutputf("Failed to decrypt data %v", result)
return result
}

Expand All @@ -139,37 +152,38 @@ func Encrypt(partitionIdPtr unsafe.Pointer, dataPtr unsafe.Pointer, outputEncryp

drr, result := encryptData(partitionIdPtr, dataPtr)
if result != cobhan.ERR_NONE {
output.StderrDebugOutputf("Failed to encrypt data %v", result)
return result
}

result = cobhan.BytesToBuffer(drr.Data, outputEncryptedDataPtr)
if result != cobhan.ERR_NONE {
output.VerboseOutputf("Encrypted data length: %v", len(drr.Data))
output.VerboseOutputf("Encrypt: BytesToBuffer returned %v for outputEncryptedDataPtr", result)
output.StderrDebugOutputf("Encrypted data length: %v", len(drr.Data))
output.StderrDebugOutputf("Encrypt: BytesToBuffer returned %v for outputEncryptedDataPtr", result)
return result
}

result = cobhan.BytesToBuffer(drr.Key.EncryptedKey, outputEncryptedKeyPtr)
if result != cobhan.ERR_NONE {
output.VerboseOutputf("Encrypt: BytesToBuffer returned %v for outputEncryptedKeyPtr", result)
output.StderrDebugOutputf("Encrypt: BytesToBuffer returned %v for outputEncryptedKeyPtr", result)
return result
}

result = cobhan.Int64ToBuffer(drr.Key.Created, outputCreatedPtr)
if result != cobhan.ERR_NONE {
output.VerboseOutputf("Encrypt: Int64ToBuffer returned %v for outputCreatedPtr", result)
output.StderrDebugOutputf("Encrypt: Int64ToBuffer returned %v for outputCreatedPtr", result)
return result
}

result = cobhan.StringToBuffer(drr.Key.ParentKeyMeta.ID, outputParentKeyIdPtr)
if result != cobhan.ERR_NONE {
output.VerboseOutputf("Encrypt: BytesToBuffer returned %v for outputParentKeyIdPtr", result)
output.StderrDebugOutputf("Encrypt: BytesToBuffer returned %v for outputParentKeyIdPtr", result)
return result
}

result = cobhan.Int64ToBuffer(drr.Key.ParentKeyMeta.Created, outputParentKeyCreatedPtr)
if result != cobhan.ERR_NONE {
output.VerboseOutputf("Encrypt: BytesToBuffer returned %v for outputParentKeyCreatedPtr", result)
output.StderrDebugOutputf("Encrypt: BytesToBuffer returned %v for outputParentKeyCreatedPtr", result)
return result
}

Expand All @@ -180,6 +194,7 @@ func Encrypt(partitionIdPtr unsafe.Pointer, dataPtr unsafe.Pointer, outputEncryp
func EncryptToJson(partitionIdPtr unsafe.Pointer, dataPtr unsafe.Pointer, jsonPtr unsafe.Pointer) int32 {
drr, result := encryptData(partitionIdPtr, dataPtr)
if result != cobhan.ERR_NONE {
output.StderrDebugOutputf("Failed to encrypt data %v", result)
return result
}

Expand All @@ -188,11 +203,11 @@ func EncryptToJson(partitionIdPtr unsafe.Pointer, dataPtr unsafe.Pointer, jsonPt
if result == cobhan.ERR_BUFFER_TOO_SMALL {
outputBytes, err := json.Marshal(drr)
if err == nil {
output.VerboseOutputf("EncryptToJson: JsonToBuffer: Output buffer needed %v bytes", len(outputBytes))
output.StderrDebugOutputf("EncryptToJson: JsonToBuffer: Output buffer needed %v bytes", len(outputBytes))
return result
}
}
output.VerboseOutputf("EncryptToJson: JsonToBuffer returned %v for jsonPtr", result)
output.StderrDebugOutputf("EncryptToJson: JsonToBuffer returned %v for jsonPtr", result)
return result
}

Expand All @@ -204,21 +219,23 @@ func DecryptFromJson(partitionIdPtr unsafe.Pointer, jsonPtr unsafe.Pointer, data
var drr appencryption.DataRowRecord
result := cobhan.BufferToJsonStruct(jsonPtr, &drr)
if result != cobhan.ERR_NONE {
output.StderrDebugOutputf("Failed to convert cobhan buffer to JSON structs %v", result)
return result
}

data, result := decryptData(partitionIdPtr, &drr)
if result != cobhan.ERR_NONE {
output.StderrDebugOutputf("Failed to decrypt data %v", result)
return result
}

result = cobhan.BytesToBuffer(data, dataPtr)
if result != cobhan.ERR_NONE {
if result == cobhan.ERR_BUFFER_TOO_SMALL {
output.VerboseOutputf("DecryptFromJson: BytesToBuffer: Output buffer needed %v bytes", len(data))
output.StderrDebugOutputf("DecryptFromJson: BytesToBuffer: Output buffer needed %v bytes", len(data))
return result
}
output.VerboseOutputf("DecryptFromJson: BytesToBuffer returned %v for dataPtr", result)
output.StderrDebugOutputf("DecryptFromJson: BytesToBuffer returned %v for dataPtr", result)
return result
}

Expand All @@ -228,20 +245,23 @@ func DecryptFromJson(partitionIdPtr unsafe.Pointer, jsonPtr unsafe.Pointer, data
func encryptData(partitionIdPtr unsafe.Pointer, dataPtr unsafe.Pointer) (*appencryption.DataRowRecord, int32) {
partitionId, result := cobhan.BufferToString(partitionIdPtr)
if result != cobhan.ERR_NONE {
output.StderrDebugOutputf("Failed to convert cobhan buffer to string %v", result)
return nil, result
}

data, result := cobhan.BufferToBytes(dataPtr)
if result != cobhan.ERR_NONE {
output.StderrDebugOutputf("Failed to convert cobhan buffer to bytes %v", result)
return nil, result
}

drr, err := asherah.Encrypt(partitionId, data)
if err != nil {
if err == asherah.ErrAsherahNotInitialized {
output.StderrDebugOutput("Encrypt failed: asherah is not initialized")
return nil, ERR_NOT_INITIALIZED
}
output.VerboseOutputf("Encrypt failed: %v", err)
output.StderrDebugOutputf("Encrypt failed: %v", err)
return nil, ERR_ENCRYPT_FAILED
}

Expand All @@ -251,15 +271,17 @@ func encryptData(partitionIdPtr unsafe.Pointer, dataPtr unsafe.Pointer) (*appenc
func decryptData(partitionIdPtr unsafe.Pointer, drr *appencryption.DataRowRecord) ([]byte, int32) {
partitionId, result := cobhan.BufferToString(partitionIdPtr)
if result != cobhan.ERR_NONE {
output.StderrDebugOutputf("Failed to convert cobhan buffer to string %v", result)
return nil, result
}

data, err := asherah.Decrypt(partitionId, drr)
if err != nil {
if err == asherah.ErrAsherahNotInitialized {
output.StderrDebugOutput("Decrypt failed: asherah is not initialized")
return nil, ERR_NOT_INITIALIZED
}
output.VerboseOutputf("Decrypt failed: %v", err)
output.StderrDebugOutputf("Decrypt failed: %v", err)
return nil, ERR_DECRYPT_FAILED
}

Expand Down

0 comments on commit be43671

Please sign in to comment.