[CHEF-4011] `--secret` and `--secret-file` options for `knife bootstrap`

This commit adds new CLI options to `knife bootstrap` for specifying encrypted data bag secret key (actual string or file) at node bootstrap time. This approach is more explicit than the previous approach of reading the path to the secret key from the `encrypted_data_bag_secret` value in the knife.rb file. For backward compatibility we will still attempt to load a key from Chef::Config[:encrypted_data_bag_secret].
author: Seth Chisamore <schisamo@opscode.com> 2013-03-17 22:26:05 -0400
committer: Bryan McLellan <btm@opscode.com> 2013-04-11 14:25:45 -0700
commit: 98dd98b6641b7e6da2b3db152ef39bb5dc212e2f (patch)
tree: e4d26f8a49f4ca7f178ad28ba3401439053be56d /spec/data/bootstrap
parent: 64b1a49d4a03916402df57197aa97485820b842d (diff)
download: chef-98dd98b6641b7e6da2b3db152ef39bb5dc212e2f.tar.gz
2 files changed, 10 insertions, 0 deletions
diff --git a/spec/data/bootstrap/encrypted_data_bag_secret b/spec/data/bootstrap/encrypted_data_bag_secret
new file mode 100644
index 0000000000..ac88558a1a
--- /dev/null
+++ b/spec/data/bootstrap/encrypted_data_bag_secret
@@ -0,0 +1 @@
+supersekret_from_file
diff --git a/spec/data/bootstrap/secret.erb b/spec/data/bootstrap/secret.erb
new file mode 100644
index 0000000000..e0ad41576d
--- /dev/null
+++ b/spec/data/bootstrap/secret.erb
@@ -0,0 +1,9 @@
+bash -c '
+<% if encrypted_data_bag_secret -%>
+awk NF > /etc/chef/encrypted_data_bag_secret <<'EOP'
+<%= encrypted_data_bag_secret %>
+EOP
+chmod 0600 /etc/chef/encrypted_data_bag_secret
+<% end -%>
+
+<%= config_content %>'
author	Seth Chisamore <schisamo@opscode.com>	2013-03-17 22:26:05 -0400
committer	Bryan McLellan <btm@opscode.com>	2013-04-11 14:25:45 -0700
commit	98dd98b6641b7e6da2b3db152ef39bb5dc212e2f (patch)
tree	e4d26f8a49f4ca7f178ad28ba3401439053be56d /spec/data/bootstrap
parent	64b1a49d4a03916402df57197aa97485820b842d (diff)
download	chef-98dd98b6641b7e6da2b3db152ef39bb5dc212e2f.tar.gz