Module: Chef::Knife::SecureBagBase

Included in:

SecureBagEdit, SecureBagFromFile, SecureBagShow

Defined in:

lib/chef/knife/secure_bag_base.rb

Class Method Summary

• .included(includer) ⇒ Object

Instance Method Summary

• #data_for_create(hash = {}) ⇒ Object
• #data_for_save(hash) ⇒ Object
• #encoded_fields ⇒ Object
• #read_secret ⇒ Object
• #require_secret ⇒ Object
• #secret ⇒ Object
• #secret_file ⇒ Object
• #use_encryption ⇒ Object

Class Method Details

.included(includer) ⇒ Object

# File 'lib/chef/knife/secure_bag_base.rb', line 7

def self.included(includer)
  includer.class_eval do
    deps do
      require 'secure_data_bag'
    end
  
    option :secret,
      short:  "-s SECRET",
      long:   "--secret",
      description: "The secret key to use to encrypt data bag item values"

    option :secret_file,
      long: "--secret-file SECRET_FILE",
      description: "A file containing a secret key to use to encrypt data bag item values"

    option :encoded_fields,
      long: "--encoded-fields FIELD1,FIELD2,FIELD3",
      description: "List of attribute keys for which to encode values",
      proc: Proc.new { |s| s.split(',') }
  end
end

Instance Method Details

#data_for_create(hash = {}) ⇒ Object

# File 'lib/chef/knife/secure_bag_base.rb', line 61

def data_for_create(hash={})
  hash[:id] = @data_bag_item_name
  hash
end

#data_for_save(hash) ⇒ Object

# File 'lib/chef/knife/secure_bag_base.rb', line 66

def data_for_save(hash)
  @encoded_fields = hash.delete(:_encoded_fields)
  hash
end

#encoded_fields ⇒ Object

# File 'lib/chef/knife/secure_bag_base.rb', line 29

def encoded_fields
  config[:encoded_fields] || 
    Chef::Config[:knife][:secure_data_bag][:fields]
end

#read_secret ⇒ Object

# File 'lib/chef/knife/secure_bag_base.rb', line 47

def read_secret
  if config[:secret] then config[:secret]
  else SecureDataBag::Item.load_secret(secret_file)
  end
end

#require_secret ⇒ Object

# File 'lib/chef/knife/secure_bag_base.rb', line 53

def require_secret
  if not secret
    show_usage
    ui.fatal("A secret or secret_file must be specified")
    exit 1
  end
end

#secret ⇒ Object

# File 'lib/chef/knife/secure_bag_base.rb', line 39

def secret
  @secret ||= read_secret
end

#secret_file ⇒ Object

# File 'lib/chef/knife/secure_bag_base.rb', line 34

def secret_file
  config[:secret_file] ||
    SecureDataBag::Item.secret_path
end

#use_encryption ⇒ Object

# File 'lib/chef/knife/secure_bag_base.rb', line 43

def use_encryption
  true
end