module Chef::EncryptedDataBagItem::Assertions

Public Instance Methods

assert_aead_requirements_met!(algorithm) click to toggle source
# File lib/chef/encrypted_data_bag_item/assertions.rb, line 46
def assert_aead_requirements_met!(algorithm)
  unless OpenSSL::Cipher.ciphers.include?(algorithm)
    raise EncryptedDataBagRequirementsFailure, "The used Encrypted Data Bags version requires an OpenSSL version with \"#{algorithm}\" algorithm support"
  end
end
assert_format_version_acceptable!(format_version) click to toggle source
# File lib/chef/encrypted_data_bag_item/assertions.rb, line 29
def assert_format_version_acceptable!(format_version)
  unless format_version.kind_of?(Integer) && format_version >= Chef::Config[:data_bag_decrypt_minimum_version]
    raise UnacceptableEncryptedDataBagItemFormat,
      "The encrypted data bag item has format version `#{format_version}', " +
      "but the config setting 'data_bag_decrypt_minimum_version' requires version `#{Chef::Config[:data_bag_decrypt_minimum_version]}'"
  end
end
assert_requirements_met!() click to toggle source
# File lib/chef/encrypted_data_bag_item/encrypted_data_bag_item_assertions.rb, line 26
def assert_requirements_met!
  unless OpenSSL::Cipher.method_defined?(:auth_data=)
    raise EncryptedDataBagRequirementsFailure, "The used Encrypted Data Bags version requires Ruby >= 2.0"
  end
  unless OpenSSL::Cipher.ciphers.include?(algorithm)
    raise EncryptedDataBagRequirementsFailure, "The used Encrypted Data Bags version requires an OpenSSL version with \"#{algorithm}\" algorithm support"
  end
end
assert_valid_cipher!(requested_cipher, algorithm) click to toggle source
# File lib/chef/encrypted_data_bag_item/assertions.rb, line 37
def assert_valid_cipher!(requested_cipher, algorithm)
  # In the future, chef may support configurable ciphers. For now, only
  # aes-256-cbc and aes-256-gcm are supported.
  unless requested_cipher == algorithm
    raise UnsupportedCipher,
      "Cipher '#{requested_cipher}' is not supported by this version of Chef. Available ciphers: ['#{ALGORITHM}', '#{AEAD_ALGORITHM}']"
  end
end