diff options
| author | Bryan McLellan <btm@loftninjas.org> | 2018-10-05 02:31:24 -0400 |
|---|---|---|
| committer | Bryan McLellan <btm@loftninjas.org> | 2018-10-05 02:31:24 -0400 |
| commit | 27e927ba69ee36ddd10810a322c0abb8c9f62825 (patch) | |
| tree | 756c5b4971a76fa0c5b4a453c7d7bbbcf0501b3d | |
| parent | afae897c14d9853a178d5acd26db5148394e1560 (diff) | |
| download | chef-btm/secrets-spike.tar.gz | |
do not merge: spike on secretsbtm/secrets-spike
Signed-off-by: Bryan McLellan <btm@loftninjas.org>
| -rw-r--r-- | lib/chef/secret.rb | 27 | ||||
| -rw-r--r-- | lib/chef/secret/store.rb | 16 | ||||
| -rw-r--r-- | lib/chef/secret/store/data_bag.rb | 22 | ||||
| -rw-r--r-- | lib/chef/secret/store/encrypted_data_bag.rb | 22 |
4 files changed, 87 insertions, 0 deletions
diff --git a/lib/chef/secret.rb b/lib/chef/secret.rb new file mode 100644 index 0000000000..00602ff911 --- /dev/null +++ b/lib/chef/secret.rb @@ -0,0 +1,27 @@ +require "secret/store" +require "chef/mixin/convert_to_class_name" + +class Chef + class Secret + include Chef::Mixin::ConvertToClassName + + def initialize(type = "data_bag") + @store = Object.const_get("Chef::Secret::Store::#{convert_to_class_name(type.to_s)}").new + rescue NameError + raise "Unsupported Secret Store '#{type}'" + end + + def store + @store + end + + def read(arg) + @store.read(arg) + end + + def write(arg) + @store.write(arg) + end + end +end + diff --git a/lib/chef/secret/store.rb b/lib/chef/secret/store.rb new file mode 100644 index 0000000000..2c4c7748f0 --- /dev/null +++ b/lib/chef/secret/store.rb @@ -0,0 +1,16 @@ +require "secret/store/data_bag" +require "secret/store/encrypted_data_bag" + +class Chef + class Secret + class Store + def read + raise "Secret store #{self} does not support read" + end + + def write + raise "Secret store #{self} does not support write" + end + end + end +end diff --git a/lib/chef/secret/store/data_bag.rb b/lib/chef/secret/store/data_bag.rb new file mode 100644 index 0000000000..24169bb8b0 --- /dev/null +++ b/lib/chef/secret/store/data_bag.rb @@ -0,0 +1,22 @@ +class Chef + class Secret + class Store + class DataBag < Chef::Secret::Store + require "chef/data_bag_item" + + attr_accessor :data_bag_name + attr_accessor :data_bag_item + + def validate! + raise "'data_bag_name' is a required configuration for #{self}" unless @data_bag_name + raise "'data_bag_item' is a required configuration for #{self}" unless @data_bag_item + end + + def read(key) + validate! + Chef::DataBagItem.load(@data_bag_name, @data_bag_item).to_hash[key.to_s] + end + end + end + end +end diff --git a/lib/chef/secret/store/encrypted_data_bag.rb b/lib/chef/secret/store/encrypted_data_bag.rb new file mode 100644 index 0000000000..ef1f3ea0ad --- /dev/null +++ b/lib/chef/secret/store/encrypted_data_bag.rb @@ -0,0 +1,22 @@ +class Chef + class Secret + class Store + class EncryptedDataBag < Chef::Secret::Store::DataBag + require "chef/encrypted_data_bag_item" + + attr_accessor :data_bag_token + + def validate! + super + raise "'data_bag_token' is a required configuration for #{self}" unless @data_bag_token + end + + def read(key) + validate! + Chef::EncryptedDataBagItem.load(@data_bag_name, @data_bag_item, @data_bag_token).to_hash[key.to_s] + end + + end + end + end +end |