diff options
author | Seth Falcon <seth@opscode.com> | 2010-12-16 17:21:58 -0800 |
---|---|---|
committer | Seth Falcon <seth@opscode.com> | 2011-03-11 11:46:29 -0800 |
commit | 1c3da9d80be53a4cc2a60f5d84f1f5e25831ec9b (patch) | |
tree | ffd8180114fe17c76f8396366672b34aa1682004 /chef/lib/chef/knife/data_bag_edit.rb | |
parent | f0aab59ea97bea368413bf7798704ee4cad87e46 (diff) | |
download | chef-1c3da9d80be53a4cc2a60f5d84f1f5e25831ec9b.tar.gz |
Add support for encrypted data bags to knife data bag subcommands
Diffstat (limited to 'chef/lib/chef/knife/data_bag_edit.rb')
-rw-r--r-- | chef/lib/chef/knife/data_bag_edit.rb | 61 |
1 files changed, 51 insertions, 10 deletions
diff --git a/chef/lib/chef/knife/data_bag_edit.rb b/chef/lib/chef/knife/data_bag_edit.rb index 2f2168ef44..027bfd3687 100644 --- a/chef/lib/chef/knife/data_bag_edit.rb +++ b/chef/lib/chef/knife/data_bag_edit.rb @@ -1,6 +1,7 @@ # # Author:: Adam Jacob (<adam@opscode.com>) -# Copyright:: Copyright (c) 2009 Opscode, Inc. +# Author:: Seth Falcon (<seth@opscode.com>) +# Copyright:: Copyright (c) 2009-2010 Opscode, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -18,6 +19,7 @@ require 'chef/knife' require 'chef/data_bag_item' +require 'chef/encrypted_data_bag_item' class Chef class Knife @@ -26,21 +28,60 @@ class Chef banner "knife data bag edit BAG ITEM (options)" category "data bag" - def run - if @name_args.length != 2 - Chef::Log.fatal("You must supply the data bag and an item to edit!") - exit 42 + option :secret, + :short => "-s SECRET", + :long => "--secret ", + :description => "The secret key to use to encrypt data bag item values" + + option :secret_file, + :long => "--secret_file SECRET_FILE", + :description => "A file containing the secret key to use to encrypt data bag item values" + + def read_secret + if config[:secret] + config[:secret] else - object = Chef::DataBagItem.load(@name_args[0], @name_args[1]) + Chef::EncryptedDataBagItem.load_secret(config[:secret_file]) + end + end - output = edit_data(object) + def use_encryption + if config[:secret] && config[:secret_file] + stdout.puts "please specify only one of --secret, --secret_file" + exit(1) + end + config[:secret] || config[:secret_file] + end - rest.put_rest("data/#{@name_args[0]}/#{@name_args[1]}", output) + def load_item(bag, item_name) + item = Chef::DataBagItem.load(bag, item_name) + if use_encryption + Chef::EncryptedDataBagItem.new(item, read_secret).to_hash + else + item + end + end - Chef::Log.info("Saved data_bag_item[#{@name_args[1]}]") + def edit_item(item) + output = edit_data(item) + if use_encryption + Chef::EncryptedDataBagItem.encrypt_data_bag_item(output, read_secret) + else + output + end + end - output(format_for_display(object)) if config[:print_after] + def run + if @name_args.length != 2 + stdout.puts "You must supply the data bag and an item to edit!" + stdout.puts opt_parser + exit 1 end + item = load_item(@name_args[0], @name_args[1]) + output = edit_item(item) + rest.put_rest("data/#{@name_args[0]}/#{@name_args[1]}", output) + stdout.puts("Saved data_bag_item[#{@name_args[1]}]") + output(format_for_display(object)) if config[:print_after] end end end |