Module: Chef::DSL::ChefVault
Instance Method Summary collapse
-
#chef_vault(bag) ⇒ Array
Helper method that allows for listing the ids of a vault in a recipe.
-
#chef_vault_item(bag, id) ⇒ Object
Helper method which provides a Recipe/Resource DSL for wrapping creation of ChefVault::Item.
-
#chef_vault_item_for_environment(bag, id) ⇒ Hash
Helper method which provides an environment wrapper for a data bag.
Methods included from DataQuery
#data_bag, #data_bag_item, #search, #tagged?
Methods included from EncryptedDataBagItem::CheckEncrypted
Instance Method Details
#chef_vault(bag) ⇒ Array
Helper method that allows for listing the ids of a vault in a recipe. This method is needed because data_bag() returns the keys along with the items, so this method strips out the keys for users so that they don't have to do it in their recipes. ids = chef_vault('secrets') log 'Yeah buddy!' if ids == 'bacon'
58 59 60 61 62 63 64 65 |
# File 'lib/chef/dsl/chef_vault.rb', line 58 def chef_vault(bag) raise "'#{bag}' is not a vault" unless Chef::DataBag.list.include? bag pattern = Regexp.new(/_keys$/).freeze data_bag(bag).each_with_object([]) do |id, acc| acc << id unless pattern.match?(id) end end |
#chef_vault_item(bag, id) ⇒ Object
Helper method which provides a Recipe/Resource DSL for wrapping creation of ChefVault::Item. Falls back to normal data bag item loading if the item is not actually a Chef Vault item. This is controlled via node['databag_fallback']. item = chef_vault_item('secrets', 'bacon') log 'Yeah buddy!' if item['type']
39 40 41 42 43 44 45 46 47 |
# File 'lib/chef/dsl/chef_vault.rb', line 39 def chef_vault_item(bag, id) if ::ChefVault::Item.vault?(bag, id) ::ChefVault::Item.load(bag, id) elsif node["chef-vault"]["databag_fallback"] data_bag_item(bag, id) else raise "Trying to load a regular data bag item #{id} from #{bag}, and databag_fallback is disabled" end end |
#chef_vault_item_for_environment(bag, id) ⇒ Hash
Helper method which provides an environment wrapper for a data bag. This allows for easy access to current environment secrets inside of an item. item = chef_vault_item_for_environment('secrets', 'bacon') log 'Yeah buddy!' if item == 'applewood_smoked'
76 77 78 79 80 81 |
# File 'lib/chef/dsl/chef_vault.rb', line 76 def chef_vault_item_for_environment(bag, id) item = chef_vault_item(bag, id) return {} unless item[node.chef_environment] item[node.chef_environment] end |