diff options
author | Claire McQuin <claire@getchef.com> | 2014-08-22 13:24:05 -0700 |
---|---|---|
committer | tyler-ball <tyleraball@gmail.com> | 2014-09-29 08:31:07 -0700 |
commit | 6cdcccae73325a4b22460838ca3ebcd5384ad2d9 (patch) | |
tree | 67824823c79cd4dc3e68532c28c3afe55e6ec00f | |
parent | 92e83b3a4de78e4273b23d0c0f737c43755aff59 (diff) | |
download | chef-6cdcccae73325a4b22460838ca3ebcd5384ad2d9.tar.gz |
Create encrypted data bag from config secrets with --encrypt.
-rw-r--r-- | lib/chef/knife/data_bag_create.rb | 41 |
1 files changed, 31 insertions, 10 deletions
diff --git a/lib/chef/knife/data_bag_create.rb b/lib/chef/knife/data_bag_create.rb index e8ca479fe4..e0c7f089b6 100644 --- a/lib/chef/knife/data_bag_create.rb +++ b/lib/chef/knife/data_bag_create.rb @@ -42,28 +42,49 @@ class Chef :description => "A file containing the secret key to use to encrypt data bag item values", :proc => Proc.new { |sf| Chef::Config[:knife][:secret_file] = sf } - option :encrypted, - :long => "--encrypted", + option :encrypt, + :long => "--encrypt", :description => "Only encrypt data bag when specified.", - :proc => Proc.new { |e| Chef::Config[:knife][:encrypted] = e } + :boolean => true, + :default => false def read_secret - if config[:secret] - config[:secret] + if secret = config[:secret] || knife_config[:secret] || Chef::Config[:secret] + secret else - Chef::EncryptedDataBagItem.load_secret(config[:secret_file]) + secret_file = config[:secret_file] || knife_config[:secret_file] || Chef::Config[:secret_file] + Chef::EncryptedDataBagItem.load_secret(secret_file) end end + def knife_config + Chef::Config.key?(:knife) ? Chef::Config[:knife] : {} + end + + def has_secret? + knife_config[:secret] || Chef::Config[:secret] + end + + def has_secret_file? + knife_config[:secret_file] || Chef::Config[:secret_file] + end + def use_encryption + # Ensure only one of --secret and --secret-file has been given. + if config[:secret] && config[:secret_file] + ui.fatal("Please specify only one of --secret, --secret-file") + exit(1) + end + + return true if config[:secret] || config[:secret_file] if config[:encrypted] - if config[:secret] && config[:secret_file] - ui.fatal("please specify only one of --secret, --secret-file") + unless has_secret? || has_secret_file? + ui.fatal("No secret or secret_file specified in config, unable to encrypt item.") exit(1) end - config[:secret] || config[:secret_file] + return true else - false + return false end end |