module Chef::Knife::DataBagSecretOptions
Public Class Methods
included(base)
click to toggle source
The config object is populated by knife#merge_configs with knife.rb `knife` config values, but they do not overwrite the command line properties. It does mean, however, that `knife` and `–secret-file` passed at the same time populate both `config` and `config`. We cannot differentiate the valid case (`knife` in config file and `–secret-file` on CL) and the invalid case (`–secret` and `–secret-file` on the CL) - thats why I'm storing the CL options in a different config key if they are provided.
# File lib/chef/knife/data_bag_secret_options.rb, line 36 def self.included(base) base.option :secret, short: "-s SECRET", long: "--secret ", description: "The secret key to use to encrypt data bag item values. Can also be defaulted in your config with the key 'secret'.", # Need to store value from command line in separate variable - knife#merge_configs populates same keys # on config object from proc: Proc.new { |s| set_cl_secret(s) } base.option :secret_file, long: "--secret-file SECRET_FILE", description: "A file containing the secret key to use to encrypt data bag item values. Can also be defaulted in your config with the key 'secret_file'.", proc: Proc.new { |sf| set_cl_secret_file(sf) } base.option :encrypt, long: "--encrypt", description: "If 'secret' or 'secret_file' is present in your config, then encrypt data bags using it.", boolean: true, default: false end
Private Class Methods
set_cl_secret(s)
click to toggle source
# File lib/chef/knife/data_bag_secret_options.rb, line 124 def self.set_cl_secret(s) Chef::Config[:knife][:cl_secret] = s end
set_cl_secret_file(sf)
click to toggle source
# File lib/chef/knife/data_bag_secret_options.rb, line 132 def self.set_cl_secret_file(sf) Chef::Config[:knife][:cl_secret_file] = sf end
Public Instance Methods
encryption_secret_provided?()
click to toggle source
# File lib/chef/knife/data_bag_secret_options.rb, line 57 def encryption_secret_provided? base_encryption_secret_provided? end
encryption_secret_provided_ignore_encrypt_flag?()
click to toggle source
# File lib/chef/knife/data_bag_secret_options.rb, line 61 def encryption_secret_provided_ignore_encrypt_flag? base_encryption_secret_provided?(false) end
read_secret()
click to toggle source
# File lib/chef/knife/data_bag_secret_options.rb, line 65 def read_secret # Moving the non 'compile-time' requires into here to speed up knife command loading # IE, if we are not running 'knife data bag *' we don't need to load 'chef/encrypted_data_bag_item' require_relative "../encrypted_data_bag_item" if has_cl_secret? config[:secret] elsif has_cl_secret_file? Chef::EncryptedDataBagItem.load_secret(config[:secret_file]) elsif secret = knife_config[:secret] secret else secret_file = knife_config[:secret_file] Chef::EncryptedDataBagItem.load_secret(secret_file) end end
validate_secrets()
click to toggle source
# File lib/chef/knife/data_bag_secret_options.rb, line 82 def validate_secrets if has_cl_secret? && has_cl_secret_file? ui.fatal("Please specify only one of --secret, --secret-file") exit(1) end if knife_config[:secret] && knife_config[:secret_file] ui.fatal("Please specify only one of 'secret' or 'secret_file' in your config file") exit(1) end end
Private Instance Methods
base_encryption_secret_provided?(need_encrypt_flag = true)
click to toggle source
Determine if the user has specified an appropriate secret for encrypting data bag items. @return boolean
# File lib/chef/knife/data_bag_secret_options.rb, line 99 def base_encryption_secret_provided?(need_encrypt_flag = true) validate_secrets return true if has_cl_secret? || has_cl_secret_file? if need_encrypt_flag if config[:encrypt] unless knife_config[:secret] || knife_config[:secret_file] ui.fatal("No secret or secret_file specified in config, unable to encrypt item.") exit(1) end return true end return false elsif knife_config[:secret] || knife_config[:secret_file] # Certain situations (show and bootstrap) don't need a --encrypt flag to use the config file secret return true end false end
has_cl_secret?()
click to toggle source
# File lib/chef/knife/data_bag_secret_options.rb, line 120 def has_cl_secret? Chef::Config[:knife].key?(:cl_secret) end
has_cl_secret_file?()
click to toggle source
# File lib/chef/knife/data_bag_secret_options.rb, line 128 def has_cl_secret_file? Chef::Config[:knife].key?(:cl_secret_file) end
knife_config()
click to toggle source
# File lib/chef/knife/data_bag_secret_options.rb, line 136 def knife_config Chef::Config.key?(:knife) ? Chef::Config[:knife] : {} end