Module: Chef::Knife::SecureBagBase

Included in:
SecureBagCreate, SecureBagEdit, SecureBagFromFile, SecureBagShow
Defined in:
lib/chef/knife/secure_bag_base.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(includer) ⇒ Object 



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/chef/knife/secure_bag_base.rb', line 7

def self.included(includer)
  includer.class_eval do
    deps do
      require 'secure_data_bag'
    end
  
    option :secret,
      short:  "-s SECRET",
      long:   "--secret",
      description: "The secret key to use to encrypt data bag item values",
      proc: Proc.new { |s| Chef::Config[:knife][:secret] = s }

    option :secret_file,
      long: "--secret-file SECRET_FILE",
      description: "A file containing a secret key to use to encrypt data bag item values",
      proc: Proc.new { |sf| 
        Chef::Config[:encrypted_data_bag_secret] = sf 
      }

    option :secure_data_bag_fields,
      long: "--encoded-fields FIELD1,FIELD2,FIELD3",
      description: "List of attribute keys for which to encode values",
      proc: Proc.new { |o|
        Chef::Config[:knife][:secure_data_bag][:fields] = o.split(",")
      }
  end
end

Instance Method Details

#data_for_create(hash = {}) ⇒ Object 



65
66
67
68
69
 
# File 'lib/chef/knife/secure_bag_base.rb', line 65

def data_for_create(hash={})
  hash[:id] = @data_bag_item_name
  hash = data_for_edit(hash)
  hash
end

#data_for_edit(hash) ⇒ Object 



71
72
73
74
 
# File 'lib/chef/knife/secure_bag_base.rb', line 71

def data_for_edit(hash)
  hash[:_encoded_fields] = encoded_fields
  hash
end

#data_for_save(hash) ⇒ Object 



76
77
78
79
 
# File 'lib/chef/knife/secure_bag_base.rb', line 76

def data_for_save(hash)
  @encoded_fields = hash.delete(:_encoded_fields)
  hash
end

#encoded_fields(arg = nil) ⇒ Object 



35
36
37
38
39
 
# File 'lib/chef/knife/secure_bag_base.rb', line 35

def encoded_fields(arg=nil)
  config[:secure_data_bag_fields] = arg unless arg.nil?
  config[:secure_data_bag_fields] || 
    Chef::Config[:knife][:secure_data_bag][:fields]
end

#read_secretObject 



51
52
53
54
55
 
# File 'lib/chef/knife/secure_bag_base.rb', line 51

def read_secret
  if config[:secret] then config[:secret]
  else SecureDataBag::Item.load_secret(secret_file)
  end
end

#require_secretObject 



57
58
59
60
61
62
63
 
# File 'lib/chef/knife/secure_bag_base.rb', line 57

def require_secret
  if not config[:secret] and not secret_file
    show_usage
    ui.fatal("A secret or secret_file must be specified")
    exit 1
  end
end

#secret_fileObject 



41
42
43
44
45
 
# File 'lib/chef/knife/secure_bag_base.rb', line 41

def secret_file
  config[:secret] ||
    Chef::Config[:knife][:secure_data_bag][:secret_file] ||
    Chef::Config[:encrypted_data_bag_secret]
end

#use_encryptionObject 



47
48
49
 
# File 'lib/chef/knife/secure_bag_base.rb', line 47

def use_encryption
  true
end