class Veil::CredentialCollection::ChefSecretsFile

Constants

CURRENT_VERSION

Attributes

group[R]
key[R]
path[R]
user[R]

Public Class Methods

from_file(path, opts = {}) click to toggle source
# File lib/veil/credential_collection/chef_secrets_file.rb, line 10
def from_file(path, opts = {})
  unless File.exists?(path)
    raise InvalidCredentialCollectionFile.new("#{path} does not exist")
  end

  new(opts.merge(path: path))
end
new(opts = {}) click to toggle source

Create a new ChefSecretsFile

@param [Hash] opts

a hash of options to pass to the constructor
Calls superclass method Veil::CredentialCollection::Base::new
# File lib/veil/credential_collection/chef_secrets_file.rb, line 27
def initialize(opts = {})
  @path = (opts[:path] && File.expand_path(opts[:path])) || "/etc/opscode/private-chef-secrets.json"

  import_existing = File.exists?(path) && (File.size(path) != 0)
  legacy = true

  if import_existing
    begin
      hash = JSON.parse(IO.read(path), symbolize_names: true)
    rescue JSON::ParserError, Errno::ENOENT => e
      raise InvalidCredentialCollectionFile.new("#{path} is not a valid credentials file:\n #{e.message}")
    end

    if hash.key?(:veil) && hash[:veil][:type] == "Veil::CredentialCollection::ChefSecretsFile"
      opts = Veil::Utils.symbolize_keys(hash[:veil]).merge(opts)
      legacy = false
    end
  end

  @user    = opts[:user]
  @group   = opts[:group] || @user
  opts[:version] = CURRENT_VERSION
  super(opts)

  import_credentials_hash(hash) if import_existing && legacy
end

Public Instance Methods

existing() click to toggle source
# File lib/veil/credential_collection/chef_secrets_file.rb, line 87
def existing
  @existing ||= File.stat(path)
rescue Errno::ENOENT
  nil
end
path=(path) click to toggle source

Set the secrets file path

@param [String] path

a path to the private-chef-secrets.json
# File lib/veil/credential_collection/chef_secrets_file.rb, line 58
def path=(path)
  @path = File.expand_path(path)
end
save() click to toggle source

Save the CredentialCollection to file, encrypt it

# File lib/veil/credential_collection/chef_secrets_file.rb, line 63
def save
  FileUtils.mkdir_p(File.dirname(path))

  f = Tempfile.new("veil") # defaults to mode 0600

  if existing
    @user  ||= existing.uid
    @group ||= existing.gid
  end

  FileUtils.chown(user, group, f.path) if user
  f.puts(JSON.pretty_generate(secrets_hash))
  f.flush
  f.close

  FileUtils.mv(f.path, path)
  true
end
secrets_hash() click to toggle source

Return the instance as a secrets style hash

# File lib/veil/credential_collection/chef_secrets_file.rb, line 83
def secrets_hash
  { "veil" => to_h }
end