Module: Chef::Knife::SecureBagBase

Included in:
SecureBagCreate, SecureBagEdit, SecureBagFromFile, SecureBagShow
Defined in:
lib/chef/knife/secure_bag_base.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(includer) ⇒ Object 



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/chef/knife/secure_bag_base.rb', line 7

def self.included(includer)
  includer.class_eval do
    deps do
      require 'secure_data_bag'
    end
  
    option :secret,
      short:  "-s SECRET",
      long:   "--secret",
      description: "The secret key to use to encrypt data bag item values",
      proc: Proc.new { |s| Chef::Config[:knife][:secret] = s }

    option :secret_file,
      long: "--secret-file SECRET_FILE",
      description: "A file containing a secret key to use to encrypt data bag item values",
      proc: Proc.new { |sf| Chef::Config[:knife][:secret_file] = sf }

    option :encode_fields,
      long: "--encode-fields FIELD1,FIELD2,FIELD3",
      description: "List of attribute keys for which to encode values",
      default: Array.new
  end
end

Instance Method Details

#encode_fields_to_arrayObject 



31
32
33
34
35
 
# File 'lib/chef/knife/secure_bag_base.rb', line 31

def encode_fields_to_array
  unless config[:encode_fields].is_a?(Array)
    config[:encode_fields] = config[:encode_fields].split(",")
  end
end

#encoded_fields_for(item) ⇒ Object 



53
54
55
56
57
 
# File 'lib/chef/knife/secure_bag_base.rb', line 53

def encoded_fields_for(item)
  [].concat(config[:encode_fields]).
    concat(item.encode_fields).
    uniq
end

#require_secretObject 



59
60
61
62
63
64
65
 
# File 'lib/chef/knife/secure_bag_base.rb', line 59

def require_secret
  if not config[:secret] and not config[:secret_file]
    show_usage
    ui.fatal("A secret or secret_file must be specified")
    exit 1
  end
end

#use_encryptionObject 



37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/chef/knife/secure_bag_base.rb', line 37

def use_encryption
  if use_secure_databag then false
  else
    if @raw_data["encrypted_data"] or
        @raw_data.reject { |k,v| k == "id" }.
        all? { |k,v| v.is_a?(Hash) and v.key? "encrypted_data" }
    then super
    else false
    end
  end
end

#use_secure_databagObject 



49
50
51
 
# File 'lib/chef/knife/secure_bag_base.rb', line 49

def use_secure_databag
  @raw_data["encryption"]
end