class Chef::Knife::Bootstrap::ChefVaultHandler
Attributes
@return [Chef::ApiClient] vault client
@return [Hash] knife merged config, typically @config
@return [Chef::Knife::UI] ui object for output
Public Class Methods
@param config [Hash] knife merged config, typically @config @param ui [Chef::Knife::UI] ui object for output
# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 34 def initialize(config: {}, knife_config: nil, ui: nil) @config = config unless knife_config.nil? @config = knife_config Chef.deprecated(:knife_bootstrap_apis, "The knife_config option to the Bootstrap::ClientBuilder object is deprecated and has been renamed to just 'config'") end @ui = ui end
Public Instance Methods
@return [Boolean] if we've got chef vault options to act on or not
# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 73 def doing_chef_vault? !!(bootstrap_vault_json || bootstrap_vault_file || bootstrap_vault_item) end
Hook to stub out ChefVault
@param vault [String] name of the chef-vault encrypted data bag @param item [String] name of the chef-vault encrypted item @return [ChefVault::Item] ChefVault::Item object
# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 135 def load_chef_bootstrap_vault_item(vault, item) ChefVault::Item.load(vault, item) end
Updates the chef vault items for the newly created client.
@param client [Chef::ApiClient] vault client
# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 46 def run(client) return unless doing_chef_vault? sanity_check @client = client update_bootstrap_vault_json! end
Iterate through all the vault items to update. Items may be either a String or an Array of Strings:
{
"vault1": "item", "vault2": [ "item1", "item2", "item2" ]
}
# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 64 def update_bootstrap_vault_json! vault_json.each do |vault, items| [ items ].flatten.each do |item| update_vault(vault, item) end end end
Private Instance Methods
@return [String] JSON text in a file representing the chef vault items
# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 96 def bootstrap_vault_file config[:bootstrap_vault_file] end
@return [Hash] Ruby object representing the chef vault items to create
# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 101 def bootstrap_vault_item config[:bootstrap_vault_item] end
@return [String] string with serialized JSON representing the chef vault items
# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 91 def bootstrap_vault_json config[:bootstrap_vault_json] end
Helper to very lazily require the chef-vault gem
# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 142 def require_chef_vault! @require_chef_vault ||= begin error_message = "Knife bootstrap requires version 2.6.0 or higher of the chef-vault gem to configure vault items" require "chef-vault" if Gem::Version.new(ChefVault::VERSION) < Gem::Version.new("2.6.0") raise error_message end true rescue LoadError raise error_message end end
warn if the user has given mutual conflicting options
# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 80 def sanity_check if bootstrap_vault_item && (bootstrap_vault_json || bootstrap_vault_file) ui.warn "--vault-item given with --vault-list or --vault-file, ignoring the latter" end if bootstrap_vault_json && bootstrap_vault_file ui.warn "--vault-list given with --vault-file, ignoring the latter" end end
Update an individual vault item and save it
@param vault [String] name of the chef-vault encrypted data bag @param item [String] name of the chef-vault encrypted item
# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 123 def update_vault(vault, item) require_chef_vault! bootstrap_vault_item = load_chef_bootstrap_vault_item(vault, item) bootstrap_vault_item.clients(client) bootstrap_vault_item.save end
Helper to return a ruby object representing all the data bags and items to update via chef-vault.
@return [Hash] deserialized ruby hash with all the vault items
# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 109 def vault_json @vault_json ||= if bootstrap_vault_item bootstrap_vault_item else json = bootstrap_vault_json || File.read(bootstrap_vault_file) Chef::JSONCompat.from_json(json) end end