diff options
author | tyler-ball <tyleraball@gmail.com> | 2014-09-08 14:32:49 -0700 |
---|---|---|
committer | tyler-ball <tyleraball@gmail.com> | 2014-09-29 08:31:08 -0700 |
commit | 61c92270be36ad93eef8e769bbbed37a97f43fb1 (patch) | |
tree | d6cc3dede1bd31893a2cb13862fd2d2e395bc8bb /lib/chef/knife/data_bag_edit.rb | |
parent | 8b1866e11e8ab41543cde22151c08365f2d4e3da (diff) | |
download | chef-61c92270be36ad93eef8e769bbbed37a97f43fb1.tar.gz |
Finishing spec work for data bag UX (https://gist.github.com/sersut/94c8daad5c11369bd2e8). Tests up next, breaking into multiple commits to keep the review smaller.
Diffstat (limited to 'lib/chef/knife/data_bag_edit.rb')
-rw-r--r-- | lib/chef/knife/data_bag_edit.rb | 51 |
1 files changed, 12 insertions, 39 deletions
diff --git a/lib/chef/knife/data_bag_edit.rb b/lib/chef/knife/data_bag_edit.rb index 2486edd5dd..13d51daee0 100644 --- a/lib/chef/knife/data_bag_edit.rb +++ b/lib/chef/knife/data_bag_edit.rb @@ -22,6 +22,7 @@ require 'chef/knife' class Chef class Knife class DataBagEdit < Knife + include DataBagSecretOptions deps do require 'chef/data_bag_item' @@ -31,46 +32,15 @@ class Chef banner "knife data bag edit BAG ITEM (options)" category "data bag" - option :secret, - :short => "-s SECRET", - :long => "--secret ", - :description => "The secret key to use to encrypt data bag item values", - :proc => Proc.new { |s| Chef::Config[:knife][:secret] = s } - - option :secret_file, - :long => "--secret-file SECRET_FILE", - :description => "A file containing the secret key to use to encrypt data bag item values", - :proc => Proc.new { |sf| Chef::Config[:knife][:secret_file] = sf } - - option :encrypted, - :long => "--encrypted", - :description => "Only encrypt data bag when specified.", - :proc => Proc.new { |e| Chef::Config[:knife][:encrypted] = e } - - def read_secret - if config[:secret] - config[:secret] - else - Chef::EncryptedDataBagItem.load_secret(config[:secret_file]) - end - end - - def use_encryption - if config[:encrypted] - if config[:secret] && config[:secret_file] - ui.fatal("please specify only one of --secret, --secret-file") - exit(1) - end - config[:secret] || config[:secret_file] - else - false - end - end - def load_item(bag, item_name) item = Chef::DataBagItem.load(bag, item_name) - if use_encryption - Chef::EncryptedDataBagItem.new(item, read_secret).to_hash + if encrypted?(item.raw_data) + if encryption_secret_provided? + Chef::EncryptedDataBagItem.new(item, read_secret).to_hash + else + ui.fatal("You cannot edit an encrypted data bag without providing the secret.") + exit(1) + end else item end @@ -78,9 +48,11 @@ class Chef def edit_item(item) output = edit_data(item) - if use_encryption + if encryption_secret_provided? + ui.info("Encrypting data bag using provided secret.") Chef::EncryptedDataBagItem.encrypt_data_bag_item(output, read_secret) else + ui.info("Saving data bag unencrypted. To encrypt it, provide an appropriate secret.") output end end @@ -95,6 +67,7 @@ class Chef output = edit_item(item) rest.put_rest("data/#{@name_args[0]}/#{@name_args[1]}", output) stdout.puts("Saved data_bag_item[#{@name_args[1]}]") + # TODO this is trying to read :print_after from the CLI, not the knife.rb ui.output(output) if config[:print_after] end end |