Significantly improve logging, make error logs not conditional

internal/asherah/asherah.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	awssession "github.com/aws/aws-sdk-go/aws/session"
+	"github.com/godaddy/asherah-cobhan/internal/output"
 	"github.com/godaddy/asherah/go/appencryption"
 	"github.com/godaddy/asherah/go/appencryption/pkg/crypto/aead"
 	"github.com/godaddy/asherah/go/appencryption/pkg/kms"
@@ -23,6 +24,7 @@ var ErrAsherahFailedInitialization = errors.New("asherah failed initialization")
 
 func Setup(options *Options) error {
 	if atomic.LoadInt32(&globalInitialized) == 1 {
+		output.StderrDebugOutputf("Failed to initialize asherah: already initialized")
 		return ErrAsherahAlreadyInitialized
 	}
 
@@ -58,6 +60,7 @@ func Setup(options *Options) error {
 	)
 
 	if globalSessionFactory == nil {
+		output.StderrDebugOutputf("Failed to create session factory")
 		return ErrAsherahFailedInitialization
 	}
 
@@ -74,11 +77,13 @@ func Shutdown() {
 
 func Encrypt(partitionId string, data []byte) (*appencryption.DataRowRecord, error) {
 	if globalInitialized == 0 {
+		output.StderrDebugOutputf("Failed to encrypt data: asherah is not initialized")
 		return nil, ErrAsherahNotInitialized
 	}
 
 	session, err := globalSessionFactory.GetSession(partitionId)
 	if err != nil {
+		output.StderrDebugOutputf("Failed to get session for partition %v: %v", partitionId, err)
 		return nil, err
 	}
 	defer session.Close()
@@ -94,6 +99,7 @@ func Decrypt(partitionId string, drr *appencryption.DataRowRecord) ([]byte, erro
 
 	session, err := globalSessionFactory.GetSession(partitionId)
 	if err != nil {
+		output.StderrDebugOutputf("Failed to get session for partition %v: %v", partitionId, err)
 		return nil, err
 	}
 	defer session.Close()
@@ -108,13 +114,15 @@ func NewMetastore(opts *Options) appencryption.Metastore {
 		// TODO: support other databases
 		db, err := newMysql(opts.ConnectionString)
 		if err != nil {
+			output.StderrDebugOutputf("PANIC: Failed to connect to database: %v", err)
 			panic(err)
 		}
 
 		// set optional replica read consistency
 		if len(opts.ReplicaReadConsistency) > 0 {
 			err := setRdbmsReplicaReadConsistencyValue(opts.ReplicaReadConsistency)
 			if err != nil {
+				output.StderrDebugOutputf("PANIC: Failed to set replica read consistency: %v", err)
 				panic(err)
 			}
 		}
@@ -145,8 +153,11 @@ func NewMetastore(opts *Options) appencryption.Metastore {
 
 func NewKMS(opts *Options, crypto appencryption.AEAD) appencryption.KeyManagementService {
 	if opts.KMS == "static" {
+		output.StderrDebugOutputf("*** WARNING WARNING WARNING USING STATIC MASTER KEY - THIS IS FOR DEBUG ONLY ***")
+
 		m, err := kms.NewStatic("thisIsAStaticMasterKeyForTesting", aead.NewAES256GCM())
 		if err != nil {
+			output.StderrDebugOutputf("PANIC: Failed to create static master key: %v", err)
 			panic(err)
 		}
 
@@ -155,6 +166,7 @@ func NewKMS(opts *Options, crypto appencryption.AEAD) appencryption.KeyManagemen
 
 	m, err := kms.NewAWS(crypto, opts.PreferredRegion, opts.RegionMap)
 	if err != nil {
+		output.StderrDebugOutputf("PANIC: Failed to create AWS KMS: %v", err)
 		panic(err)
 	}
 

internal/output/output.go

@@ -12,19 +12,19 @@ func EnableVerboseOutput(flag bool) {
 	if flag {
 		VerboseOutput = StderrDebugOutput
 		VerboseOutputf = StderrDebugOutputf
-		VerboseOutput("Enabled debug output")
+		VerboseOutput("asherah-cobhan: Enabled debug output")
 	} else {
 		VerboseOutput = NullDebugOutput
 		VerboseOutputf = NullDebugOutputf
 	}
 }
 
 func StderrDebugOutput(output interface{}) {
-	fmt.Fprintf(os.Stderr, "%#v\n", output)
+	fmt.Fprintf(os.Stderr, "asherah-cobhan: %#v\n", output)
 }
 
 func StderrDebugOutputf(format string, args ...interface{}) {
-	fmt.Fprintf(os.Stderr, format+"\n", args...)
+	fmt.Fprintf(os.Stderr, "asherah-cobhan:"+format+"\n", args...)
 }
 
 func NullDebugOutput(output interface{}) {

libasherah.go

@@ -23,6 +23,8 @@ func main() {
 
 //export Shutdown
 func Shutdown() {
+	output.VerboseOutput("Asherah shutdown")
+
 	asherah.Shutdown()
 }
 
@@ -42,6 +44,7 @@ func SetEnv(envJson unsafe.Pointer) int32 {
 
 	result := cobhan.BufferToJsonStruct(envJson, &env)
 	if result != cobhan.ERR_NONE {
+		output.StderrDebugOutputf("Failed to deserialize environment JSON string %v", result)
 		return result
 	}
 
@@ -61,6 +64,7 @@ func SetupJson(configJson unsafe.Pointer) int32 {
 		output.StderrDebugOutputf("Failed to deserialize configuration string %v", result)
 		configString, stringResult := cobhan.BufferToString(configJson)
 		if stringResult != cobhan.ERR_NONE {
+			output.StderrDebugOutputf("Could not convert configJson to string: %v", stringResult)
 			return result
 		}
 		output.StderrDebugOutputf("Could not deserialize: %v", configString)
@@ -75,11 +79,16 @@ func SetupJson(configJson unsafe.Pointer) int32 {
 
 	err := asherah.Setup(options)
 	if err == asherah.ErrAsherahAlreadyInitialized {
+		output.StderrDebugOutput("Setup failed: asherah is already initialized")
 		return ERR_ALREADY_INITIALIZED
 	}
 	if err != nil {
+		output.StderrDebugOutput("Setup failed due to bad config?")
 		return ERR_BAD_CONFIG
 	}
+
+	output.VerboseOutput("Successfully configured asherah")
+
 	return cobhan.ERR_NONE
 }
 
@@ -99,16 +108,19 @@ func Decrypt(partitionIdPtr unsafe.Pointer, encryptedDataPtr unsafe.Pointer, enc
 	created int64, parentKeyIdPtr unsafe.Pointer, parentKeyCreated int64, outputDecryptedDataPtr unsafe.Pointer) int32 {
 	encryptedData, result := cobhan.BufferToBytes(encryptedDataPtr)
 	if result != cobhan.ERR_NONE {
+		output.StderrDebugOutputf("Failed to convert encryptedDataPtr cobhan buffer to bytes %v", result)
 		return result
 	}
 
 	encryptedKey, result := cobhan.BufferToBytes(encryptedKeyPtr)
 	if result != cobhan.ERR_NONE {
+		output.StderrDebugOutputf("Failed to convert encryptedKeyPtr cobhan buffer to bytes %v", result)
 		return result
 	}
 
 	parentKeyId, result := cobhan.BufferToString(parentKeyIdPtr)
 	if result != cobhan.ERR_NONE {
+		output.StderrDebugOutputf("Failed to convert parentKeyIdPtr cobhan buffer to string %v", result)
 		return result
 	}
 
@@ -126,6 +138,7 @@ func Decrypt(partitionIdPtr unsafe.Pointer, encryptedDataPtr unsafe.Pointer, enc
 
 	data, result := decryptData(partitionIdPtr, &drr)
 	if result != cobhan.ERR_NONE {
+		output.StderrDebugOutputf("Failed to decrypt data %v", result)
 		return result
 	}
 
@@ -139,37 +152,38 @@ func Encrypt(partitionIdPtr unsafe.Pointer, dataPtr unsafe.Pointer, outputEncryp
 
 	drr, result := encryptData(partitionIdPtr, dataPtr)
 	if result != cobhan.ERR_NONE {
+		output.StderrDebugOutputf("Failed to encrypt data %v", result)
 		return result
 	}
 
 	result = cobhan.BytesToBuffer(drr.Data, outputEncryptedDataPtr)
 	if result != cobhan.ERR_NONE {
-		output.VerboseOutputf("Encrypted data length: %v", len(drr.Data))
-		output.VerboseOutputf("Encrypt: BytesToBuffer returned %v for outputEncryptedDataPtr", result)
+		output.StderrDebugOutputf("Encrypted data length: %v", len(drr.Data))
+		output.StderrDebugOutputf("Encrypt: BytesToBuffer returned %v for outputEncryptedDataPtr", result)
 		return result
 	}
 
 	result = cobhan.BytesToBuffer(drr.Key.EncryptedKey, outputEncryptedKeyPtr)
 	if result != cobhan.ERR_NONE {
-		output.VerboseOutputf("Encrypt: BytesToBuffer returned %v for outputEncryptedKeyPtr", result)
+		output.StderrDebugOutputf("Encrypt: BytesToBuffer returned %v for outputEncryptedKeyPtr", result)
 		return result
 	}
 
 	result = cobhan.Int64ToBuffer(drr.Key.Created, outputCreatedPtr)
 	if result != cobhan.ERR_NONE {
-		output.VerboseOutputf("Encrypt: Int64ToBuffer returned %v for outputCreatedPtr", result)
+		output.StderrDebugOutputf("Encrypt: Int64ToBuffer returned %v for outputCreatedPtr", result)
 		return result
 	}
 
 	result = cobhan.StringToBuffer(drr.Key.ParentKeyMeta.ID, outputParentKeyIdPtr)
 	if result != cobhan.ERR_NONE {
-		output.VerboseOutputf("Encrypt: BytesToBuffer returned %v for outputParentKeyIdPtr", result)
+		output.StderrDebugOutputf("Encrypt: BytesToBuffer returned %v for outputParentKeyIdPtr", result)
 		return result
 	}
 
 	result = cobhan.Int64ToBuffer(drr.Key.ParentKeyMeta.Created, outputParentKeyCreatedPtr)
 	if result != cobhan.ERR_NONE {
-		output.VerboseOutputf("Encrypt: BytesToBuffer returned %v for outputParentKeyCreatedPtr", result)
+		output.StderrDebugOutputf("Encrypt: BytesToBuffer returned %v for outputParentKeyCreatedPtr", result)
 		return result
 	}
 
@@ -180,6 +194,7 @@ func Encrypt(partitionIdPtr unsafe.Pointer, dataPtr unsafe.Pointer, outputEncryp
 func EncryptToJson(partitionIdPtr unsafe.Pointer, dataPtr unsafe.Pointer, jsonPtr unsafe.Pointer) int32 {
 	drr, result := encryptData(partitionIdPtr, dataPtr)
 	if result != cobhan.ERR_NONE {
+		output.StderrDebugOutputf("Failed to encrypt data %v", result)
 		return result
 	}
 
@@ -188,11 +203,11 @@ func EncryptToJson(partitionIdPtr unsafe.Pointer, dataPtr unsafe.Pointer, jsonPt
 		if result == cobhan.ERR_BUFFER_TOO_SMALL {
 			outputBytes, err := json.Marshal(drr)
 			if err == nil {
-				output.VerboseOutputf("EncryptToJson: JsonToBuffer: Output buffer needed %v bytes", len(outputBytes))
+				output.StderrDebugOutputf("EncryptToJson: JsonToBuffer: Output buffer needed %v bytes", len(outputBytes))
 				return result
 			}
 		}
-		output.VerboseOutputf("EncryptToJson: JsonToBuffer returned %v for jsonPtr", result)
+		output.StderrDebugOutputf("EncryptToJson: JsonToBuffer returned %v for jsonPtr", result)
 		return result
 	}
 
@@ -204,21 +219,23 @@ func DecryptFromJson(partitionIdPtr unsafe.Pointer, jsonPtr unsafe.Pointer, data
 	var drr appencryption.DataRowRecord
 	result := cobhan.BufferToJsonStruct(jsonPtr, &drr)
 	if result != cobhan.ERR_NONE {
+		output.StderrDebugOutputf("Failed to convert cobhan buffer to JSON structs %v", result)
 		return result
 	}
 
 	data, result := decryptData(partitionIdPtr, &drr)
 	if result != cobhan.ERR_NONE {
+		output.StderrDebugOutputf("Failed to decrypt data %v", result)
 		return result
 	}
 
 	result = cobhan.BytesToBuffer(data, dataPtr)
 	if result != cobhan.ERR_NONE {
 		if result == cobhan.ERR_BUFFER_TOO_SMALL {
-			output.VerboseOutputf("DecryptFromJson: BytesToBuffer: Output buffer needed %v bytes", len(data))
+			output.StderrDebugOutputf("DecryptFromJson: BytesToBuffer: Output buffer needed %v bytes", len(data))
 			return result
 		}
-		output.VerboseOutputf("DecryptFromJson: BytesToBuffer returned %v for dataPtr", result)
+		output.StderrDebugOutputf("DecryptFromJson: BytesToBuffer returned %v for dataPtr", result)
 		return result
 	}
 
@@ -228,20 +245,23 @@ func DecryptFromJson(partitionIdPtr unsafe.Pointer, jsonPtr unsafe.Pointer, data
 func encryptData(partitionIdPtr unsafe.Pointer, dataPtr unsafe.Pointer) (*appencryption.DataRowRecord, int32) {
 	partitionId, result := cobhan.BufferToString(partitionIdPtr)
 	if result != cobhan.ERR_NONE {
+		output.StderrDebugOutputf("Failed to convert cobhan buffer to string %v", result)
 		return nil, result
 	}
 
 	data, result := cobhan.BufferToBytes(dataPtr)
 	if result != cobhan.ERR_NONE {
+		output.StderrDebugOutputf("Failed to convert cobhan buffer to bytes %v", result)
 		return nil, result
 	}
 
 	drr, err := asherah.Encrypt(partitionId, data)
 	if err != nil {
 		if err == asherah.ErrAsherahNotInitialized {
+			output.StderrDebugOutput("Encrypt failed: asherah is not initialized")
 			return nil, ERR_NOT_INITIALIZED
 		}
-		output.VerboseOutputf("Encrypt failed: %v", err)
+		output.StderrDebugOutputf("Encrypt failed: %v", err)
 		return nil, ERR_ENCRYPT_FAILED
 	}
 
@@ -251,15 +271,17 @@ func encryptData(partitionIdPtr unsafe.Pointer, dataPtr unsafe.Pointer) (*appenc
 func decryptData(partitionIdPtr unsafe.Pointer, drr *appencryption.DataRowRecord) ([]byte, int32) {
 	partitionId, result := cobhan.BufferToString(partitionIdPtr)
 	if result != cobhan.ERR_NONE {
+		output.StderrDebugOutputf("Failed to convert cobhan buffer to string %v", result)
 		return nil, result
 	}
 
 	data, err := asherah.Decrypt(partitionId, drr)
 	if err != nil {
 		if err == asherah.ErrAsherahNotInitialized {
+			output.StderrDebugOutput("Decrypt failed: asherah is not initialized")
 			return nil, ERR_NOT_INITIALIZED
 		}
-		output.VerboseOutputf("Decrypt failed: %v", err)
+		output.StderrDebugOutputf("Decrypt failed: %v", err)
 		return nil, ERR_DECRYPT_FAILED
 	}