diff options
| -rw-r--r-- | session.go | 48 | ||||
| -rw-r--r-- | testdata/local/put.aww | 2 | ||||
| -rw-r--r-- | testdata/local/put.data | 2 |
3 files changed, 20 insertions, 32 deletions
@@ -541,19 +541,20 @@ func (ses *Session) executeScriptOnRemote(req *ExecRequest, pos linePosition) (e func (ses *Session) generateFileInput(in string) (out string, isVault bool, err error) { // Check if the file is binary first, since binary file will not get // encrypted. - if libos.IsBinary(in) { + if !strings.HasSuffix(in, defEncryptExt) && libos.IsBinary(in) { return in, false, nil } var ( - logp = `generateFileInput` + logp = `generateFileInput` + relPathInput = relativePath(ses.BaseDir, in) contentInput []byte ) contentInput, isVault, err = ses.loadFileInput(in) if err != nil { - return ``, false, err + return ``, false, fmt.Errorf(`%s %q: %w`, logp, relPathInput, err) } var contentOut []byte @@ -704,43 +705,30 @@ func (ses *Session) loadFileEnv(awwanEnv string, isVault bool) (err error) { } // loadFileInput read the input file for Copy or Put operation. -// If the original input file does not exist, try loading the encrypted file -// with ".vault" extension. +// +// If the input path end with ".vault" suffix, the file will be decrypted +// first. // // On success, it will return the content of file and true if the file is // from encrypted file .vault. func (ses *Session) loadFileInput(path string) (content []byte, isVault bool, err error) { - var ( - logp = `loadFileInput` - relPath = relativePath(ses.BaseDir, path) - ) - - content, err = os.ReadFile(path) - if err == nil { - return content, false, nil - } - if !errors.Is(err, fs.ErrNotExist) { - return nil, false, err + if strings.HasSuffix(path, defEncryptExt) { + content, err = os.ReadFile(path) + if err != nil { + return nil, true, err + } + content, err = ses.cryptoc.decrypt(content) + if err != nil { + return nil, true, err + } + return content, true, nil } - log.Printf(`??? %s %q: not exist`, logp, relPath) - - path = path + defEncryptExt - relPath += defEncryptExt content, err = os.ReadFile(path) if err != nil { - if errors.Is(err, fs.ErrNotExist) { - return nil, false, fmt.Errorf(`%s %q: %w`, logp, relPath, fs.ErrNotExist) - } return nil, false, err } - - content, err = ses.cryptoc.decrypt(content) - if err != nil { - return nil, false, fmt.Errorf(`%s %q: %s`, logp, relPath, err) - } - - return content, true, nil + return content, false, nil } func (ses *Session) loadRawEnv(content []byte) (err error) { diff --git a/testdata/local/put.aww b/testdata/local/put.aww index c67f9c3..c076bd7 100644 --- a/testdata/local/put.aww +++ b/testdata/local/put.aww @@ -2,7 +2,7 @@ #put: {{.ScriptDir}}/missing_val_encrypted.txt {{.ScriptDir}}/tmp/missing_val_encrypted.txt -#put: {{.ScriptDir}}/encrypted.txt {{.ScriptDir}}/tmp/decrypted.txt +#put: {{.ScriptDir}}/encrypted.txt.vault {{.ScriptDir}}/tmp/decrypted.txt #put! {{.ScriptDir}}/plain.txt /etc/plain.txt sudo chmod 0644 /etc/plain.txt diff --git a/testdata/local/put.data b/testdata/local/put.data index b548ea1..e457391 100644 --- a/testdata/local/put.data +++ b/testdata/local/put.data @@ -10,7 +10,7 @@ The host name is encrypt. The secret password is this_is_a_secret. <<< encrypted_empty_passphrase.stderr -Local: Copy: loadFileInput "encrypted.txt.vault": private key is missing or not loaded +Local: Copy: generateFileInput "encrypted.txt.vault": private key is missing or not loaded <<< encrypted_invalid_passphrase Local: NewSession: .awwan.env.vault: LoadPrivateKeyInteractive: x509: decryption password incorrect |