reduce logging from failed decryption with decrypt=lax

3 files changed, 25 insertions, 30 deletions

diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
index cf7eae75b..0a30a070a 100644
--- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
+++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
@@ -1,12 +1,11 @@
 """ CfgEncryptedGenerator lets you encrypt your plaintext
 :ref:`server-plugins-generators-cfg` files on the server. """
 
-import Bcfg2.Server.Plugins.Cfg
 from Bcfg2.Server.Plugin import PluginExecutionError
-from Bcfg2.Server.Plugins.Cfg import CfgGenerator
+from Bcfg2.Server.Plugins.Cfg import CfgGenerator, SETUP
 try:
     from Bcfg2.Encryption import bruteforce_decrypt, EVPError, \
-        get_algorithm
+        get_algorithm, CFG_SECTION
     HAS_CRYPTO = True
 except ImportError:
     HAS_CRYPTO = False
@@ -27,7 +26,6 @@ class CfgEncryptedGenerator(CfgGenerator):
         CfgGenerator.__init__(self, fname, spec, encoding)
         if not HAS_CRYPTO:
             raise PluginExecutionError("M2Crypto is not available")
-    __init__.__doc__ = CfgGenerator.__init__.__doc__
 
     def handle_event(self, event):
         CfgGenerator.handle_event(self, event)
@@ -36,15 +34,18 @@ class CfgEncryptedGenerator(CfgGenerator):
         # todo: let the user specify a passphrase by name
         try:
             self.data = bruteforce_decrypt(
-                self.data,
-                setup=Bcfg2.Server.Plugins.Cfg.SETUP,
-                algorithm=get_algorithm(Bcfg2.Server.Plugins.Cfg.SETUP))
+                self.data, setup=SETUP,
+                algorithm=get_algorithm(SETUP))
         except EVPError:
-            raise PluginExecutionError("Failed to decrypt %s" % self.name)
-    handle_event.__doc__ = CfgGenerator.handle_event.__doc__
+            strict = SETUP.cfp.get(CFG_SECTION, "decrypt",
+                                   default="strict")
+            msg = "Cfg: Failed to decrypt %s" % self.name
+            if strict:
+                raise PluginExecutionError(msg)
+            else:
+                self.logger.debug(msg)
 
     def get_data(self, entry, metadata):
         if self.data is None:
             raise PluginExecutionError("Failed to decrypt %s" % self.name)
         return CfgGenerator.get_data(self, entry, metadata)
-    get_data.__doc__ = CfgGenerator.get_data.__doc__
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py
index e890fdecb..ac031461a 100644
--- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py
+++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py
@@ -31,7 +31,6 @@ class CfgPrivateKeyCreator(CfgCreator, StructFile):
         pubkey_path = os.path.dirname(self.name) + ".pub"
         pubkey_name = os.path.join(pubkey_path, os.path.basename(pubkey_path))
         self.pubkey_creator = CfgPublicKeyCreator(pubkey_name)
-    __init__.__doc__ = CfgCreator.__init__.__doc__
 
     @property
     def category(self):
@@ -55,7 +54,6 @@ class CfgPrivateKeyCreator(CfgCreator, StructFile):
     def handle_event(self, event):
         CfgCreator.handle_event(self, event)
         StructFile.HandleEvent(self, event)
-    handle_event.__doc__ = CfgCreator.handle_event.__doc__
 
     def _gen_keypair(self, metadata, spec=None):
         """ Generate a keypair according to the given client medata
@@ -201,10 +199,6 @@ class CfgPrivateKeyCreator(CfgCreator, StructFile):
     def Index(self):
         StructFile.Index(self)
         if HAS_CRYPTO:
-            strict = self.xdata.get(
-                "decrypt",
-                SETUP.cfp.get(Bcfg2.Encryption.CFG_SECTION, "decrypt",
-                              default="strict")) == "strict"
             for el in self.xdata.xpath("//*[@encrypted]"):
                 try:
                     el.text = self._decrypt(el).encode('ascii',
@@ -213,13 +207,17 @@ class CfgPrivateKeyCreator(CfgCreator, StructFile):
                     self.logger.info("Cfg: Decrypted %s to gibberish, skipping"
                                      % el.tag)
                 except Bcfg2.Encryption.EVPError:
+                    default_strict = SETUP.cfp.get(
+                        Bcfg2.Encryption.CFG_SECTION, "decrypt",
+                        default="strict")
+                    strict = self.xdata.get("decrypt",
+                                            default_strict) == "strict"
                     msg = "Cfg: Failed to decrypt %s element in %s" % \
                         (el.tag, self.name)
                     if strict:
                         raise PluginExecutionError(msg)
                     else:
-                        self.logger.info(msg)
-    Index.__doc__ = StructFile.Index.__doc__
+                        self.logger.debug(msg)
 
     def _decrypt(self, element):
         """ Decrypt a single encrypted element """
diff --git a/src/lib/Bcfg2/Server/Plugins/Properties.py b/src/lib/Bcfg2/Server/Plugins/Properties.py
index 8c6cf799a..ac0cc884a 100644
--- a/src/lib/Bcfg2/Server/Plugins/Properties.py
+++ b/src/lib/Bcfg2/Server/Plugins/Properties.py
@@ -172,7 +172,6 @@ class XMLPropertyFile(Bcfg2.Server.Plugin.StructFile, PropertyFile):
         Bcfg2.Server.Plugin.StructFile.__init__(self, name, fam=fam,
                                                 should_monitor=should_monitor)
         PropertyFile.__init__(self, name)
-    __init__.__doc__ = Bcfg2.Server.Plugin.StructFile.__init__.__doc__
 
     def _write(self):
         open(self.name, "wb").write(
@@ -180,7 +179,6 @@ class XMLPropertyFile(Bcfg2.Server.Plugin.StructFile, PropertyFile):
                                 xml_declaration=False,
                                 pretty_print=True).decode('UTF-8'))
         return True
-    _write.__doc__ = PropertyFile._write.__doc__
 
     def validate_data(self):
         """ ensure that the data in this object validates against the
@@ -203,30 +201,28 @@ class XMLPropertyFile(Bcfg2.Server.Plugin.StructFile, PropertyFile):
                                        self.name)
         else:
             return True
-    validate_data.__doc__ = PropertyFile.validate_data.__doc__
 
     def Index(self):
         Bcfg2.Server.Plugin.StructFile.Index(self)
         if HAS_CRYPTO:
-            strict = self.xdata.get(
-                "decrypt",
-                SETUP.cfp.get(Bcfg2.Encryption.CFG_SECTION, "decrypt",
-                              default="strict")) == "strict"
             for el in self.xdata.xpath("//*[@encrypted]"):
                 try:
                     el.text = self._decrypt(el).encode('ascii',
                                                        'xmlcharrefreplace')
                 except UnicodeDecodeError:
-                    LOGGER.info("Properties: Decrypted %s to gibberish, "
-                                "skipping" % el.tag)
+                    self.logger.info("Properties: Decrypted %s to gibberish, "
+                                     "skipping" % el.tag)
                 except Bcfg2.Encryption.EVPError:
+                    strict = self.xdata.get(
+                        "decrypt",
+                        SETUP.cfp.get(Bcfg2.Encryption.CFG_SECTION, "decrypt",
+                                      default="strict")) == "strict"
                     msg = "Properties: Failed to decrypt %s element in %s" % \
-                        (el.tag, self.name)
+                          (el.tag, self.name)
                     if strict:
                         raise PluginExecutionError(msg)
                     else:
-                        LOGGER.info(msg)
-    Index.__doc__ = Bcfg2.Server.Plugin.StructFile.Index.__doc__
+                        self.logger.debug(msg)
 
     def _decrypt(self, element):
         """ Decrypt a single encrypted properties file element """