Module: Chef::EncryptedDataBagItem::Decryptor

Defined in:
lib/chef/encrypted_data_bag_item.rb

Overview

Decryptor

For backwards compatibility, Chef implements decryption/deserialization for older encrypted data bag item formats in addition to the current version. Each decryption/deserialization strategy is implemented as a class in this namespace. For convenience the factory method Decryptor.for() can be used to create an instance of the appropriate strategy for the given encrypted data bag value.

Defined Under Namespace

Classes: Version0Decryptor, Version1Decryptor, Version2Decryptor

Class Method Summary collapse

Class Method Details

.assert_format_version_acceptable!(format_version) ⇒ Object 



217
218
219
220
221
222
223
 
# File 'lib/chef/encrypted_data_bag_item.rb', line 217

def self.assert_format_version_acceptable!(format_version)
  unless format_version.kind_of?(Integer) and format_version >= Chef::Config[:data_bag_decrypt_minimum_version]
    raise UnacceptableEncryptedDataBagItemFormat,
      "The encrypted data bag item has format version `#{format_version}', " +
      "but the config setting 'data_bag_decrypt_minimum_version' requires version `#{Chef::Config[:data_bag_decrypt_minimum_version]}'"
  end
end

.for(encrypted_value, key) ⇒ Object

Detects the encrypted data bag item format version and instantiates a decryptor object for that version. Call #for_decrypted_item on the resulting object to decrypt and deserialize it.



193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
 
# File 'lib/chef/encrypted_data_bag_item.rb', line 193

def self.for(encrypted_value, key)
  format_version = format_version_of(encrypted_value)
  assert_format_version_acceptable!(format_version)
  case format_version
  when 2
    Version2Decryptor.new(encrypted_value, key)
  when 1
    Version1Decryptor.new(encrypted_value, key)
  when 0
    Version0Decryptor.new(encrypted_value, key)
  else
    raise UnsupportedEncryptedDataBagItemFormat,
      "This version of chef does not support encrypted data bag item format version '#{format_version}'"
  end
end

.format_version_of(encrypted_value) ⇒ Object 



209
210
211
212
213
214
215
 
# File 'lib/chef/encrypted_data_bag_item.rb', line 209

def self.format_version_of(encrypted_value)
  if encrypted_value.respond_to?(:key?)
    encrypted_value["version"]
  else
    0
  end
end