summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnshul Sharma <justanshulsharma@gmail.com>2014-08-19 18:16:34 +0000
committertyler-ball <tyleraball@gmail.com>2014-09-29 08:31:07 -0700
commit4623c6a7f504bbac9a1a847ba3c16f17d9a7e5cf (patch)
treecf3627a538052c23b69b7188ae3064f1893ac6ce
parent5a88d0ef5b64280150f89332544e55144605eeb1 (diff)
downloadchef-4623c6a7f504bbac9a1a847ba3c16f17d9a7e5cf.tar.gz
[Feature] encrypted flag to knife data bag create
-rw-r--r--lib/chef/knife/data_bag_create.rb27
-rw-r--r--lib/chef/knife/data_bag_edit.rb17
-rw-r--r--lib/chef/knife/data_bag_show.rb18
-rw-r--r--spec/unit/knife/data_bag_create_spec.rb8
-rw-r--r--spec/unit/knife/data_bag_edit_spec.rb8
-rw-r--r--spec/unit/knife/data_bag_show_spec.rb8
6 files changed, 56 insertions, 30 deletions
diff --git a/lib/chef/knife/data_bag_create.rb b/lib/chef/knife/data_bag_create.rb
index bc49c68448..e8ca479fe4 100644
--- a/lib/chef/knife/data_bag_create.rb
+++ b/lib/chef/knife/data_bag_create.rb
@@ -42,6 +42,11 @@ class Chef
:description => "A file containing the secret key to use to encrypt data bag item values",
:proc => Proc.new { |sf| Chef::Config[:knife][:secret_file] = sf }
+ option :encrypted,
+ :long => "--encrypted",
+ :description => "Only encrypt data bag when specified.",
+ :proc => Proc.new { |e| Chef::Config[:knife][:encrypted] = e }
+
def read_secret
if config[:secret]
config[:secret]
@@ -51,11 +56,15 @@ class Chef
end
def use_encryption
- if config[:secret] && config[:secret_file]
- ui.fatal("please specify only one of --secret, --secret-file")
- exit(1)
+ if config[:encrypted]
+ if config[:secret] && config[:secret_file]
+ ui.fatal("please specify only one of --secret, --secret-file")
+ exit(1)
+ end
+ config[:secret] || config[:secret_file]
+ else
+ false
end
- config[:secret] || config[:secret_file]
end
def run
@@ -87,11 +96,11 @@ class Chef
if @data_bag_item_name
create_object({ "id" => @data_bag_item_name }, "data_bag_item[#{@data_bag_item_name}]") do |output|
item = Chef::DataBagItem.from_hash(
- if use_encryption
- Chef::EncryptedDataBagItem.encrypt_data_bag_item(output, read_secret)
- else
- output
- end)
+ if use_encryption
+ Chef::EncryptedDataBagItem.encrypt_data_bag_item(output, read_secret)
+ else
+ output
+ end)
item.data_bag(@data_bag_name)
rest.post_rest("data/#{@data_bag_name}", item)
end
diff --git a/lib/chef/knife/data_bag_edit.rb b/lib/chef/knife/data_bag_edit.rb
index b3f53af919..2486edd5dd 100644
--- a/lib/chef/knife/data_bag_edit.rb
+++ b/lib/chef/knife/data_bag_edit.rb
@@ -42,6 +42,11 @@ class Chef
:description => "A file containing the secret key to use to encrypt data bag item values",
:proc => Proc.new { |sf| Chef::Config[:knife][:secret_file] = sf }
+ option :encrypted,
+ :long => "--encrypted",
+ :description => "Only encrypt data bag when specified.",
+ :proc => Proc.new { |e| Chef::Config[:knife][:encrypted] = e }
+
def read_secret
if config[:secret]
config[:secret]
@@ -51,11 +56,15 @@ class Chef
end
def use_encryption
- if config[:secret] && config[:secret_file]
- stdout.puts "please specify only one of --secret, --secret-file"
- exit(1)
+ if config[:encrypted]
+ if config[:secret] && config[:secret_file]
+ ui.fatal("please specify only one of --secret, --secret-file")
+ exit(1)
+ end
+ config[:secret] || config[:secret_file]
+ else
+ false
end
- config[:secret] || config[:secret_file]
end
def load_item(bag, item_name)
diff --git a/lib/chef/knife/data_bag_show.rb b/lib/chef/knife/data_bag_show.rb
index 519859ca2d..c236bea53b 100644
--- a/lib/chef/knife/data_bag_show.rb
+++ b/lib/chef/knife/data_bag_show.rb
@@ -42,6 +42,11 @@ class Chef
:description => "A file containing the secret key to use to decrypt data bag item values",
:proc => Proc.new { |sf| Chef::Config[:knife][:secret_file] = sf }
+ option :encrypted,
+ :long => "--encrypted",
+ :description => "Only encrypt data bag when specified.",
+ :proc => Proc.new { |e| Chef::Config[:knife][:encrypted] = e }
+
def read_secret
if config[:secret]
config[:secret]
@@ -51,11 +56,15 @@ class Chef
end
def use_encryption
- if config[:secret] && config[:secret_file]
- stdout.puts "please specify only one of --secret, --secret-file"
- exit(1)
+ if config[:encrypted]
+ if config[:secret] && config[:secret_file]
+ ui.fatal("please specify only one of --secret, --secret-file")
+ exit(1)
+ end
+ config[:secret] || config[:secret_file]
+ else
+ false
end
- config[:secret] || config[:secret_file]
end
def run
@@ -80,4 +89,3 @@ class Chef
end
end
end
-
diff --git a/spec/unit/knife/data_bag_create_spec.rb b/spec/unit/knife/data_bag_create_spec.rb
index 984be8e58a..2656b2b9b4 100644
--- a/spec/unit/knife/data_bag_create_spec.rb
+++ b/spec/unit/knife/data_bag_create_spec.rb
@@ -100,16 +100,16 @@ describe Chef::Knife::DataBagCreate do
@secret_file.unlink
end
- it "creates an encrypted data bag item via --secret" do
- @knife.stub(:config).and_return({:secret => @secret})
+ it "creates an encrypted data bag item via --secret and --encrypted" do
+ @knife.stub(:config).and_return({:secret => @secret, :encrypted => true})
@knife.run
end
- it "creates an encrypted data bag item via --secret_file" do
+ it "creates an encrypted data bag item via --secret_file and --encrypted" do
secret_file = Tempfile.new("encrypted_data_bag_secret_file_test")
secret_file.puts(@secret)
secret_file.flush
- @knife.stub(:config).and_return({:secret_file => secret_file.path})
+ @knife.stub(:config).and_return({:secret_file => secret_file.path, :encrypted => true})
@knife.run
end
end
diff --git a/spec/unit/knife/data_bag_edit_spec.rb b/spec/unit/knife/data_bag_edit_spec.rb
index 866ca99174..ba931c1883 100644
--- a/spec/unit/knife/data_bag_edit_spec.rb
+++ b/spec/unit/knife/data_bag_edit_spec.rb
@@ -74,16 +74,16 @@ describe Chef::Knife::DataBagEdit do
@secret_file.unlink
end
- it "decrypts and encrypts via --secret" do
- @knife.stub(:config).and_return({:secret => @secret})
+ it "decrypts and encrypts via --secret and --encrypted" do
+ @knife.stub(:config).and_return({:secret => @secret, :encrypted => true})
@knife.should_receive(:edit_data).with(@plain_data).and_return(@edited_data)
@rest.should_receive(:put_rest).with("data/bag_name/item_name", @enc_edited_data).ordered
@knife.run
end
- it "decrypts and encrypts via --secret_file" do
- @knife.stub(:config).and_return({:secret_file => @secret_file.path})
+ it "decrypts and encrypts via --secret_file and --encrypted" do
+ @knife.stub(:config).and_return({:secret_file => @secret_file.path, :encrypted => true})
@knife.should_receive(:edit_data).with(@plain_data).and_return(@edited_data)
@rest.should_receive(:put_rest).with("data/bag_name/item_name", @enc_edited_data).ordered
diff --git a/spec/unit/knife/data_bag_show_spec.rb b/spec/unit/knife/data_bag_show_spec.rb
index 4aa642fc4b..ac368ed6da 100644
--- a/spec/unit/knife/data_bag_show_spec.rb
+++ b/spec/unit/knife/data_bag_show_spec.rb
@@ -91,8 +91,8 @@ describe Chef::Knife::DataBagShow do
@secret_file.unlink
end
- it "prints the decrypted contents of an item when given --secret" do
- allow(@knife).to receive(:config).and_return({:secret => @secret})
+ it "prints the decrypted contents of an item when given --secret and --encrypted" do
+ allow(@knife).to receive(:config).and_return({:secret => @secret, :encrypted => true})
expect(Chef::EncryptedDataBagItem).to receive(:load).
with('bag_name', 'item_name', @secret).
and_return(Chef::EncryptedDataBagItem.new(@enc_data, @secret))
@@ -100,8 +100,8 @@ describe Chef::Knife::DataBagShow do
expect(Chef::JSONCompat.from_json(@stdout.string)).to eq(@plain_data)
end
- it "prints the decrypted contents of an item when given --secret_file" do
- allow(@knife).to receive(:config).and_return({:secret_file => @secret_file.path})
+ it "prints the decrypted contents of an item when given --secret_file and --encrypted" do
+ allow(@knife).to receive(:config).and_return({:secret_file => @secret_file.path, :encrypted => true})
expect(Chef::EncryptedDataBagItem).to receive(:load).
with('bag_name', 'item_name', @secret).
and_return(Chef::EncryptedDataBagItem.new(@enc_data, @secret))