Module: Chef::DSL::ChefVault

Includes:
DataQuery
Included in:
Universal
Defined in:
lib/chef/dsl/chef_vault.rb

Instance Method Summary collapse

Methods included from DataQuery

#data_bag, #data_bag_item, #search, #tagged?

Methods included from EncryptedDataBagItem::CheckEncrypted

#encrypted?

Instance Method Details

#chef_vault(bag) ⇒ Array

Helper method that allows for listing the ids of a vault in a recipe. This method is needed because data_bag() returns the keys along with the items, so this method strips out the keys for users so that they don't have to do it in their recipes.

Examples:

ids = chef_vault('secrets')
log 'Yeah buddy!' if ids[0] == 'bacon'

Parameters:

  • bag (String)

    Name of the data bag to load from.

Returns:

  • (Array)


58
59
60
61
62
63
64
65
# File 'lib/chef/dsl/chef_vault.rb', line 58

def chef_vault(bag)
  raise "'#{bag}' is not a vault" unless Chef::DataBag.list.include? bag

  pattern = Regexp.new(/_keys$/).freeze
  data_bag(bag).each_with_object([]) do |id, acc|
    acc << id unless pattern.match?(id)
  end
end

#chef_vault_item(bag, id) ⇒ Object

Note:

Helper method which provides a Recipe/Resource DSL for wrapping creation of ChefVault::Item. Falls back to normal data bag item loading if the item is not actually a Chef Vault item. This is controlled via +node['chef-vault']['databag_fallback']+.

Examples:

item = chef_vault_item('secrets', 'bacon')
log 'Yeah buddy!' if item['_default']['type']

Parameters:

  • bag (String)

    Name of the data bag to load from.

  • id (String)

    Identifier of the data bag item to load.



39
40
41
42
43
44
45
46
47
# File 'lib/chef/dsl/chef_vault.rb', line 39

def chef_vault_item(bag, id)
  if ::ChefVault::Item.vault?(bag, id)
    ::ChefVault::Item.load(bag, id)
  elsif node["chef-vault"]["databag_fallback"]
    data_bag_item(bag, id)
  else
    raise "Trying to load a regular data bag item #{id} from #{bag}, and databag_fallback is disabled"
  end
end

#chef_vault_item_for_environment(bag, id) ⇒ Hash

Helper method which provides an environment wrapper for a data bag. This allows for easy access to current environment secrets inside of an item.

Examples:

item = chef_vault_item_for_environment('secrets', 'bacon')
log 'Yeah buddy!' if item['type'] == 'applewood_smoked'

Parameters:

  • bag (String)

    Name of the data bag to load from.

  • id (String)

    Identifier of the data bag item to load.

Returns:

  • (Hash)


76
77
78
79
80
81
# File 'lib/chef/dsl/chef_vault.rb', line 76

def chef_vault_item_for_environment(bag, id)
  item = chef_vault_item(bag, id)
  return {} unless item[node.chef_environment]

  item[node.chef_environment]
end