module Chef::Knife::DataBagSecretOptions
Public Class Methods
included(base)
click to toggle source
The config object is populated by knife#merge_configs with knife.rb `knife` config values, but they do not overwrite the command line properties. It does mean, however, that `knife` and `–secret-file` passed at the same time populate both `config` and `config`. We cannot differentiate the valid case (`knife` in config file and `–secret-file` on CL) and the invalid case (`–secret` and `–secret-file` on the CL) - thats why I'm storing the CL options in a different config key if they are provided.
# File lib/chef/knife/data_bag_secret_options.rb, line 36 def self.included(base) base.option :cl_secret, long: "--secret SECRET", description: "The secret key to use to encrypt data bag item values. Can also be defaulted in your config with the key 'secret'." base.option :cl_secret_file, long: "--secret-file SECRET_FILE", description: "A file containing the secret key to use to encrypt data bag item values. Can also be defaulted in your config with the key 'secret_file'." base.option :encrypt, long: "--encrypt", description: "If 'secret' or 'secret_file' is present in your config, then encrypt data bags using it.", boolean: true, default: false end
Public Instance Methods
encryption_secret_provided?()
click to toggle source
# File lib/chef/knife/data_bag_secret_options.rb, line 52 def encryption_secret_provided? base_encryption_secret_provided? end
encryption_secret_provided_ignore_encrypt_flag?()
click to toggle source
# File lib/chef/knife/data_bag_secret_options.rb, line 56 def encryption_secret_provided_ignore_encrypt_flag? base_encryption_secret_provided?(false) end
read_secret()
click to toggle source
# File lib/chef/knife/data_bag_secret_options.rb, line 60 def read_secret # Moving the non 'compile-time' requires into here to speed up knife command loading # IE, if we are not running 'knife data bag *' we don't need to load 'chef/encrypted_data_bag_item' require "chef/encrypted_data_bag_item" unless defined?(Chef::EncryptedDataBagItem) if config[:cl_secret] config[:cl_secret] elsif config[:cl_secret_file] Chef::EncryptedDataBagItem.load_secret(config[:cl_secret_file]) elsif secret = config[:secret] secret else secret_file = config[:secret_file] Chef::EncryptedDataBagItem.load_secret(secret_file) end end
validate_secrets()
click to toggle source
# File lib/chef/knife/data_bag_secret_options.rb, line 77 def validate_secrets if config[:cl_secret] && config[:cl_secret_file] ui.fatal("Please specify only one of --secret, --secret-file") exit(1) end if config[:secret] && config[:secret_file] ui.fatal("Please specify only one of 'secret' or 'secret_file' in your config file") exit(1) end end
Private Instance Methods
base_encryption_secret_provided?(need_encrypt_flag = true)
click to toggle source
Determine if the user has specified an appropriate secret for encrypting data bag items. @return boolean
# File lib/chef/knife/data_bag_secret_options.rb, line 94 def base_encryption_secret_provided?(need_encrypt_flag = true) validate_secrets return true if config[:cl_secret] || config[:cl_secret_file] if need_encrypt_flag if config[:encrypt] unless config[:secret] || config[:secret_file] ui.fatal("No secret or secret_file specified in config, unable to encrypt item.") exit(1) end return true end return false elsif config[:secret] || config[:secret_file] # Certain situations (show and bootstrap) don't need a --encrypt flag to use the config file secret return true end false end
knife_config()
click to toggle source
# File lib/chef/knife/data_bag_secret_options.rb, line 115 def knife_config Chef.deprecated(:knife_bootstrap_apis, "The `knife_config` bootstrap helper has been deprecated, use the properly merged `config` helper instead") Chef::Config.key?(:knife) ? Chef::Config[:knife] : {} end