diff options
author | Claire McQuin <claire@getchef.com> | 2014-08-19 16:13:57 -0700 |
---|---|---|
committer | Claire McQuin <claire@getchef.com> | 2014-08-22 11:59:32 -0700 |
commit | 37a29399cfb0ea169835fe2fc7f52b982b9b4426 (patch) | |
tree | aa6fc4d7ed810c3610b4bda4a2c0ed2a9e554bf0 | |
parent | f3450405e3411644baafa9e453cd64f23f269acd (diff) | |
download | chef-37a29399cfb0ea169835fe2fc7f52b982b9b4426.tar.gz |
Add ::encryptor_keys to versioned encryptor classes.
-rw-r--r-- | lib/chef/dsl/data_query.rb | 30 | ||||
-rw-r--r-- | lib/chef/encrypted_data_bag_item/encryptor.rb | 12 | ||||
-rw-r--r-- | spec/unit/dsl/data_query_spec.rb | 18 |
3 files changed, 24 insertions, 36 deletions
diff --git a/lib/chef/dsl/data_query.rb b/lib/chef/dsl/data_query.rb index d0de15ce1c..e99411d3df 100644 --- a/lib/chef/dsl/data_query.rb +++ b/lib/chef/dsl/data_query.rb @@ -87,39 +87,15 @@ class Chef return false unless data.is_a?(Hash) && data.has_key?("version") case data["version"] when 1 - version_1_encryptor_keys == data.keys.sort + Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor.encryptor_keys.sort == data.keys.sort when 2 - version_2_encryptor_keys == data.keys.sort + Chef::EncryptedDataBagItem::Encryptor::Version2Encryptor.encryptor_keys.sort == data.keys.sort when 3 - version_3_encryptor_keys == data.keys.sort + Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor.encryptor_keys.sort == data.keys.sort else false # version means something else... assume not encrypted. end end - - ### - # The below methods return arrays of keys that are assigned to encrypted - # data hashes when a data bag item gets encrypted. - ### - - # Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor#for_encrypted_item - # Keys added to the encrypted data hash. - def version_1_encryptor_keys - %w(encrypted_data iv cipher version).sort - end - - # Chef::EncryptedDataBagItem::Encryptor::Version2Encryptor#for_encrypted_item - # Keys added to the encrypted data hash. - def version_2_encryptor_keys - %w(encrypted_data hmac iv cipher version).sort - end - - # Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor#for_encrypted_item - # Keys added to the encrypted data hash. - def version_3_encryptor_keys - %w(encrypted_data auth_tag iv cipher version).sort - end - end end end diff --git a/lib/chef/encrypted_data_bag_item/encryptor.rb b/lib/chef/encrypted_data_bag_item/encryptor.rb index 6bf340869a..034413c1bd 100644 --- a/lib/chef/encrypted_data_bag_item/encryptor.rb +++ b/lib/chef/encrypted_data_bag_item/encryptor.rb @@ -125,6 +125,10 @@ class Chef::EncryptedDataBagItem def serialized_data FFI_Yajl::Encoder.encode(:json_wrapper => plaintext_data) end + + def self.encryptor_keys + %w( encrypted_data iv version cipher ) + end end class Version2Encryptor < Version1Encryptor @@ -149,6 +153,10 @@ class Chef::EncryptedDataBagItem Base64.encode64(raw_hmac) end end + + def self.encryptor_keys + super + %w( hmac ) + end end class Version3Encryptor < Version1Encryptor @@ -207,6 +215,10 @@ class Chef::EncryptedDataBagItem end end + def self.encryptor_keys + super + %w( auth_tag ) + end + end end diff --git a/spec/unit/dsl/data_query_spec.rb b/spec/unit/dsl/data_query_spec.rb index 2e16d3c21d..2981c0dac9 100644 --- a/spec/unit/dsl/data_query_spec.rb +++ b/spec/unit/dsl/data_query_spec.rb @@ -103,7 +103,7 @@ describe Chef::DSL::DataQuery do shared_examples_for "encryption detected" do let(:encoded_data) do - Chef::Config[:data_bag_encrypt_version] = version_number + Chef::Config[:data_bag_encrypt_version] = version Chef::EncryptedDataBagItem.encrypt_data_bag_item(raw_data, default_secret) end @@ -112,7 +112,7 @@ describe Chef::DSL::DataQuery do end it "detects encrypted data bag" do - expect( language ).to receive(encryptor_keys).at_least(:once).and_call_original + expect( encryptor ).to receive(:encryptor_keys).at_least(:once).and_call_original expect( Chef::Log ).to receive(:debug).with(/Data bag item looks encrypted/) language.data_bag_item(bag_name, item_name) end @@ -120,22 +120,22 @@ describe Chef::DSL::DataQuery do context "when encryption version is 1" do include_examples "encryption detected" do - let(:version_number) { 1 } - let(:encryptor_keys) { :version_1_encryptor_keys } + let(:version) { 1 } + let(:encryptor) { Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor } end end context "when encryption version is 2" do include_examples "encryption detected" do - let(:version_number) { 2 } - let(:encryptor_keys) { :version_2_encryptor_keys } + let(:version) { 2 } + let(:encryptor) { Chef::EncryptedDataBagItem::Encryptor::Version2Encryptor } end end context "when encryption version is 3" do - include_examples "encryption detected", "v3" do - let(:version_number) { 3 } - let(:encryptor_keys) { :version_3_encryptor_keys } + include_examples "encryption detected" do + let(:version) { 3 } + let(:encryptor) { Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor } end end |