Delete deletes a key group from a SOPS file
(opts DeleteOpts)
| 24 | |
| 25 | // Delete deletes a key group from a SOPS file |
| 26 | func Delete(opts DeleteOpts) error { |
| 27 | tree, err := common.LoadEncryptedFile(opts.InputStore, opts.InputPath) |
| 28 | if err != nil { |
| 29 | return err |
| 30 | } |
| 31 | dataKey, err := tree.Metadata.GetDataKeyWithKeyServices(opts.KeyServices, opts.DecryptionOrder) |
| 32 | if err != nil { |
| 33 | return err |
| 34 | } |
| 35 | tree.Metadata.KeyGroups = append(tree.Metadata.KeyGroups[:opts.Group], tree.Metadata.KeyGroups[opts.Group+1:]...) |
| 36 | |
| 37 | if opts.GroupThreshold != 0 { |
| 38 | tree.Metadata.ShamirThreshold = opts.GroupThreshold |
| 39 | } |
| 40 | |
| 41 | if len(tree.Metadata.KeyGroups) < tree.Metadata.ShamirThreshold { |
| 42 | return fmt.Errorf("removing this key group will make the Shamir threshold impossible to satisfy: "+ |
| 43 | "Shamir threshold is %d, but we only have %d key groups", tree.Metadata.ShamirThreshold, |
| 44 | len(tree.Metadata.KeyGroups)) |
| 45 | } |
| 46 | |
| 47 | tree.Metadata.UpdateMasterKeysWithKeyServices(dataKey, opts.KeyServices) |
| 48 | output, err := opts.OutputStore.EmitEncryptedFile(*tree) |
| 49 | if err != nil { |
| 50 | return err |
| 51 | } |
| 52 | var outputFile = os.Stdout |
| 53 | if opts.InPlace { |
| 54 | var err error |
| 55 | outputFile, err = os.Create(opts.InputPath) |
| 56 | if err != nil { |
| 57 | return err |
| 58 | } |
| 59 | defer outputFile.Close() |
| 60 | } |
| 61 | outputFile.Write(output) |
| 62 | return nil |
| 63 | } |
no test coverage detected