func()

in cmd/stet/main.go [166:263]

• 76 lines of code
• 16 McCabe index (conditional complexity)

func (e *encryptCmd) Execute(ctx context.Context, f *flag.FlagSet, _ ...any) subcommands.ExitStatus {
	yamlBytes, err := os.ReadFile(e.configFile)
	if err != nil {
		glog.Errorf("Failed to read config file: %v", err.Error())
		return subcommands.ExitFailure
	}

	jsonBytes, err := yaml.YAMLToJSON(yamlBytes)
	if err != nil {
		glog.Errorf("Failed to convert config YAML to JSON: %v", err.Error())
		return subcommands.ExitFailure
	}

	stetConfig := &configpb.StetConfig{}
	if err := protojson.Unmarshal(jsonBytes, stetConfig); err != nil {
		glog.Errorf("Failed to unmarshal StetConfig: %v", err.Error())
		return subcommands.ExitFailure
	}

	if stetConfig.GetEncryptConfig() == nil {
		glog.Errorf("No EncryptConfig stanza found in config file")
		return subcommands.ExitFailure
	}

	if f.NArg() < 2 {
		glog.Errorf("Not enough arguments (expected plaintext file and encrypted file)")
		return subcommands.ExitFailure
	}

	var inFile io.Reader

	if f.Arg(0) == "-" {
		// Read input from stdin.
		inFile = os.Stdin
	} else {
		inFile, err = os.Open(f.Arg(0))
		if err != nil {
			glog.Errorf("Failed to open plaintext file: %v", err.Error())
			return subcommands.ExitFailure
		}
	}

	var outFile *os.File
	var logFile *os.File

	outputArg := f.Arg(1)
	if outputArg == "-" {
		// If output goes to stdout, use stderr for logging.
		outFile = os.Stdout
		logFile = os.Stderr
	} else {
		// For atomicity, create a temp file to write to.
		outFile, err = setupOutputFile(outputArg)
		if err != nil {
			glog.Errorf("Failed to setup output %v: %v", outputArg, err.Error())
			return subcommands.ExitFailure
		}
		defer os.Remove(outFile.Name())

		logFile = os.Stdout
	}

	// Initialize StetClient and encrypt plaintext.
	c := client.StetClient{
		InsecureSkipVerify: e.insecureSkipVerify,
		Version:            version,
	}

	md, err := c.Encrypt(ctx, inFile, outFile, stetConfig, e.blobID)
	if err != nil {
		glog.Errorf("Failed to encrypt plaintext: %v", err.Error())
		return subcommands.ExitFailure
	}

	// If writing to a file (not stdout), rename the temp output file to the provided argument.
	if outputArg != "-" {
		if err := finalizeOutputFile(outputArg, outFile); err != nil {
			glog.Errorf("Failed to finalize output: %v", err.Error())
			return subcommands.ExitFailure
		}
	}

	if !e.quiet {
		if outputArg == "-" {
			outputArg = os.Stdout.Name()
		}

		logFile.WriteString(fmt.Sprintln("Wrote encrypted data to", outputArg))

		// Debug information to guard against authorship attacks.
		logFile.WriteString(fmt.Sprintln("Blob ID of encrypted data:", md.BlobID))
		if len(md.KeyUris) > 0 {
			logFile.WriteString(fmt.Sprintln("Used these key URIs:", md.KeyUris))
		}
	}

	return subcommands.ExitSuccess
}