class Chef::Knife::Bootstrap::ChefVaultHandler

Attributes

client[R]

@return [Chef::ApiClient] vault client

config[RW]

@return [Hash] knife merged config, typically @config

ui[RW]

@return [Chef::Knife::UI] ui object for output

Public Class Methods

new(config: {}, knife_config: nil, ui: nil) click to toggle source

@param config [Hash] knife merged config, typically @config @param ui [Chef::Knife::UI] ui object for output

# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 34
def initialize(config: {}, knife_config: nil, ui: nil)
  @config = config
  unless knife_config.nil?
    @config = knife_config
    Chef.deprecated(:knife_bootstrap_apis, "The knife_config option to the Bootstrap::ClientBuilder object is deprecated and has been renamed to just 'config'")
  end
  @ui = ui
end

Public Instance Methods

doing_chef_vault?() click to toggle source

@return [Boolean] if we've got chef vault options to act on or not

# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 73
def doing_chef_vault?
  !!(bootstrap_vault_json || bootstrap_vault_file || bootstrap_vault_item)
end
load_chef_bootstrap_vault_item(vault, item) click to toggle source

Hook to stub out ChefVault

@param vault [String] name of the chef-vault encrypted data bag @param item [String] name of the chef-vault encrypted item @return [ChefVault::Item] ChefVault::Item object

# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 135
def load_chef_bootstrap_vault_item(vault, item)
  ChefVault::Item.load(vault, item)
end
run(client) click to toggle source

Updates the chef vault items for the newly created client.

@param client [Chef::ApiClient] vault client

# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 46
def run(client)
  return unless doing_chef_vault?

  sanity_check

  @client = client

  update_bootstrap_vault_json!
end
update_bootstrap_vault_json!() click to toggle source

Iterate through all the vault items to update. Items may be either a String or an Array of Strings:

{

"vault1":  "item",
"vault2":  [ "item1", "item2", "item2" ]

}

# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 64
def update_bootstrap_vault_json!
  vault_json.each do |vault, items|
    [ items ].flatten.each do |item|
      update_vault(vault, item)
    end
  end
end

Private Instance Methods

bootstrap_vault_file() click to toggle source

@return [String] JSON text in a file representing the chef vault items

# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 96
def bootstrap_vault_file
  config[:bootstrap_vault_file]
end
bootstrap_vault_item() click to toggle source

@return [Hash] Ruby object representing the chef vault items to create

# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 101
def bootstrap_vault_item
  config[:bootstrap_vault_item]
end
bootstrap_vault_json() click to toggle source

@return [String] string with serialized JSON representing the chef vault items

# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 91
def bootstrap_vault_json
  config[:bootstrap_vault_json]
end
require_chef_vault!() click to toggle source

Helper to very lazily require the chef-vault gem

# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 142
def require_chef_vault!
  @require_chef_vault ||=
    begin
      error_message = "Knife bootstrap requires version 2.6.0 or higher of the chef-vault gem to configure vault items"
      require "chef-vault"
      if Gem::Version.new(ChefVault::VERSION) < Gem::Version.new("2.6.0")
        raise error_message
      end

      true
    rescue LoadError
      raise error_message
    end
end
sanity_check() click to toggle source

warn if the user has given mutual conflicting options

# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 80
def sanity_check
  if bootstrap_vault_item && (bootstrap_vault_json || bootstrap_vault_file)
    ui.warn "--vault-item given with --vault-list or --vault-file, ignoring the latter"
  end

  if bootstrap_vault_json && bootstrap_vault_file
    ui.warn "--vault-list given with --vault-file, ignoring the latter"
  end
end
update_vault(vault, item) click to toggle source

Update an individual vault item and save it

@param vault [String] name of the chef-vault encrypted data bag @param item [String] name of the chef-vault encrypted item

# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 123
def update_vault(vault, item)
  require_chef_vault!
  bootstrap_vault_item = load_chef_bootstrap_vault_item(vault, item)
  bootstrap_vault_item.clients(client)
  bootstrap_vault_item.save
end
vault_json() click to toggle source

Helper to return a ruby object representing all the data bags and items to update via chef-vault.

@return [Hash] deserialized ruby hash with all the vault items

# File lib/chef/knife/bootstrap/chef_vault_handler.rb, line 109
def vault_json
  @vault_json ||=
    if bootstrap_vault_item
      bootstrap_vault_item
    else
      json = bootstrap_vault_json || File.read(bootstrap_vault_file)
      Chef::JSONCompat.from_json(json)
    end
end