From 6c03ec45521fc969b1a68fd6be550fec85a785e4 Mon Sep 17 00:00:00 2001 From: mike-luminal Date: Sat, 25 Jan 2020 13:13:34 -0500 Subject: [PATCH 1/4] Add configurable logging and log ALL exceptions --- credstash.py | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/credstash.py b/credstash.py index 2b7742f..3488f69 100755 --- a/credstash.py +++ b/credstash.py @@ -25,6 +25,7 @@ import re import boto3 import botocore.exceptions +import logging try: from StringIO import StringIO @@ -66,6 +67,20 @@ WILDCARD_CHAR = "*" THREAD_POOL_MAX_SIZE = 64 +logger = logging.getLogger('credstash') + +def setup_logging(level, log_file): + if logger.hasHandlers(): + for h in logger.handlers: + logger.removeHandler(h) + handler = logging.FileHandler(log_file) + formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s') + handler.setFormatter(formatter) + logger.addHandler(handler) + logger.setLevel(level) + +# setup logging with default values when imported as a lib +setup_logging(logging.WARNING, 'credstash.log') class KeyService(object): @@ -247,7 +262,11 @@ def func_wrapper(*args, **kwargs): return func(*args, **kwargs) except botocore.exceptions.ClientError as e: print(str(e), file=sys.stderr) - sys.exit(1) + logger.exception(e) + except Exception as e: + print(str(e), file=sys.stderr) + logger.exception(e) + sys.exit(1) return func_wrapper @@ -796,6 +815,15 @@ def get_parser(): "CREDSTASH_DEFAULT_TABLE env variable, " "or if that is not set, the value " "`credential-store` will be used") + parsers['super'].add_argument("--log-level", + help="Set the log level, default WARNING", + default='WARNING' + ) + parsers['super'].add_argument("-log-file", + help="Set the log output file, default credstash.log. Errors are " + "printed to stderr and stack traces are logged to file", + default='credstash.log' + ) role_parse = parsers['super'].add_mutually_exclusive_group() role_parse.add_argument("-p", "--profile", default=None, help="Boto config profile to use when " @@ -965,6 +993,9 @@ def main(): parsers = get_parser() args = parsers['super'].parse_args() + # setup logging + setup_logging(args.log_level, args.log_file) + # Check for assume role and set session params session_params = get_session_params(args.profile, args.arn) From c387b0d31c601900a586abdb2b407a3ddf5514dd Mon Sep 17 00:00:00 2001 From: mike-luminal Date: Sat, 25 Jan 2020 13:20:10 -0500 Subject: [PATCH 2/4] Update readme --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 63b3f23..142911a 100644 --- a/README.md +++ b/README.md @@ -215,6 +215,11 @@ optional arguments: AWS_DEFAULT_REGION env variable, or if that is not set, the value in `~/.aws/config`. As a last resort, it will use us-east-1 + --log-level LOG_LEVEL + Set the log level, default WARNING + -log-file LOG_FILE Set the log output file, default credstash.log. Errors + are printed to stderr and stack traces are logged to + file -t TABLE, --table TABLE DynamoDB table to use for credential storage -p PROFILE, --profile PROFILE From a5f0c438c54865a6bad885d90bfde986c0badfdc Mon Sep 17 00:00:00 2001 From: mike-luminal Date: Sat, 25 Jan 2020 13:20:59 -0500 Subject: [PATCH 3/4] Missing - --- README.md | 2 +- credstash.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 142911a..0816dca 100644 --- a/README.md +++ b/README.md @@ -217,7 +217,7 @@ optional arguments: it will use us-east-1 --log-level LOG_LEVEL Set the log level, default WARNING - -log-file LOG_FILE Set the log output file, default credstash.log. Errors + --log-file LOG_FILE Set the log output file, default credstash.log. Errors are printed to stderr and stack traces are logged to file -t TABLE, --table TABLE diff --git a/credstash.py b/credstash.py index 3488f69..a3d5e86 100755 --- a/credstash.py +++ b/credstash.py @@ -819,7 +819,7 @@ def get_parser(): help="Set the log level, default WARNING", default='WARNING' ) - parsers['super'].add_argument("-log-file", + parsers['super'].add_argument("--log-file", help="Set the log output file, default credstash.log. Errors are " "printed to stderr and stack traces are logged to file", default='credstash.log' From ce91e323ab2e3fbee86ac7bb2380a31f86fa1040 Mon Sep 17 00:00:00 2001 From: mike-luminal Date: Sat, 25 Jan 2020 13:25:40 -0500 Subject: [PATCH 4/4] Add more exception handling --- credstash.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/credstash.py b/credstash.py index a3d5e86..6685be1 100755 --- a/credstash.py +++ b/credstash.py @@ -270,6 +270,7 @@ def func_wrapper(*args, **kwargs): return func_wrapper +@clean_fail def listSecrets(region=None, table="credential-store", session=None, **kwargs): ''' do a full-table scan of the credential-store, @@ -298,7 +299,7 @@ def listSecrets(region=None, table="credential-store", session=None, **kwargs): return items - +@clean_fail def putSecret(name, secret, version="", kms_key="alias/credstash", region=None, table="credential-store", context=None, digest=DEFAULT_DIGEST, comment="", kms=None, dynamodb=None, **kwargs): @@ -509,7 +510,7 @@ def getSecretAction(args, region, **session_params): except IntegrityError as e: fatal(e) - +@clean_fail def getSecret(name, version="", region=None, table="credential-store", context=None, dynamodb=None, kms=None, **kwargs): @@ -999,6 +1000,7 @@ def main(): # Check for assume role and set session params session_params = get_session_params(args.profile, args.arn) + # test for region try: region = args.region session = get_session(**session_params)