diff options
-rw-r--r-- | lib/chef/knife/bootstrap.rb | 6 | ||||
-rw-r--r-- | lib/chef/knife/core/bootstrap_context.rb | 6 | ||||
-rw-r--r-- | lib/chef/knife/data_bag_create.rb | 12 | ||||
-rw-r--r-- | lib/chef/knife/data_bag_edit.rb | 12 | ||||
-rw-r--r-- | lib/chef/knife/data_bag_from_file.rb | 18 | ||||
-rw-r--r-- | lib/chef/knife/data_bag_show.rb | 12 | ||||
-rw-r--r-- | spec/unit/knife/core/bootstrap_context_spec.rb | 12 |
7 files changed, 48 insertions, 30 deletions
diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb index 377e8f8736..e88bbc1f19 100644 --- a/lib/chef/knife/bootstrap.rb +++ b/lib/chef/knife/bootstrap.rb @@ -146,11 +146,13 @@ class Chef option :secret, :short => "-s SECRET", :long => "--secret ", - :description => "The secret key to use to encrypt data bag item values" + :description => "The secret key to use to encrypt data bag item values", + :proc => Proc.new { |s| Chef::Config[:knife][:secret] = s } option :secret_file, :long => "--secret-file SECRET_FILE", - :description => "A file containing the secret key to use to encrypt data bag item values" + :description => "A file containing the secret key to use to encrypt data bag item values", + :proc => Proc.new { |sf| Chef::Config[:knife][:secret_file] = sf } def find_template(template=nil) # Are we bootstrapping using an already shipped template? diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb index c63eda34bc..e1ad606c80 100644 --- a/lib/chef/knife/core/bootstrap_context.rb +++ b/lib/chef/knife/core/bootstrap_context.rb @@ -51,9 +51,9 @@ class Chef end def encrypted_data_bag_secret - @config[:secret] || begin - if @config[:secret_file] && File.exist?(@config[:secret_file]) - IO.read(File.expand_path(@config[:secret_file])) + knife_config[:secret] || begin + if knife_config[:secret_file] && File.exist?(knife_config[:secret_file]) + IO.read(File.expand_path(knife_config[:secret_file])) elsif @chef_config[:encrypted_data_bag_secret] && File.exist?(@chef_config[:encrypted_data_bag_secret]) IO.read(File.expand_path(@chef_config[:encrypted_data_bag_secret])) end diff --git a/lib/chef/knife/data_bag_create.rb b/lib/chef/knife/data_bag_create.rb index e644ab78d3..55c1c71798 100644 --- a/lib/chef/knife/data_bag_create.rb +++ b/lib/chef/knife/data_bag_create.rb @@ -32,13 +32,15 @@ class Chef category "data bag" option :secret, - :short => "-s SECRET", - :long => "--secret ", - :description => "The secret key to use to encrypt data bag item values" + :short => "-s SECRET", + :long => "--secret ", + :description => "The secret key to use to encrypt data bag item values", + :proc => Proc.new { |s| Chef::Config[:knife][:secret] = s } option :secret_file, - :long => "--secret-file SECRET_FILE", - :description => "A file containing the secret key to use to encrypt data bag item values" + :long => "--secret-file SECRET_FILE", + :description => "A file containing the secret key to use to encrypt data bag item values", + :proc => Proc.new { |sf| Chef::Config[:knife][:secret_file] = sf } def read_secret if config[:secret] diff --git a/lib/chef/knife/data_bag_edit.rb b/lib/chef/knife/data_bag_edit.rb index fb4173b139..b3f53af919 100644 --- a/lib/chef/knife/data_bag_edit.rb +++ b/lib/chef/knife/data_bag_edit.rb @@ -32,13 +32,15 @@ class Chef category "data bag" option :secret, - :short => "-s SECRET", - :long => "--secret ", - :description => "The secret key to use to encrypt data bag item values" + :short => "-s SECRET", + :long => "--secret ", + :description => "The secret key to use to encrypt data bag item values", + :proc => Proc.new { |s| Chef::Config[:knife][:secret] = s } option :secret_file, - :long => "--secret-file SECRET_FILE", - :description => "A file containing the secret key to use to encrypt data bag item values" + :long => "--secret-file SECRET_FILE", + :description => "A file containing the secret key to use to encrypt data bag item values", + :proc => Proc.new { |sf| Chef::Config[:knife][:secret_file] = sf } def read_secret if config[:secret] diff --git a/lib/chef/knife/data_bag_from_file.rb b/lib/chef/knife/data_bag_from_file.rb index 275cbeac52..4c90fe6c6c 100644 --- a/lib/chef/knife/data_bag_from_file.rb +++ b/lib/chef/knife/data_bag_from_file.rb @@ -35,18 +35,20 @@ class Chef category "data bag" option :secret, - :short => "-s SECRET", - :long => "--secret ", - :description => "The secret key to use to encrypt data bag item values" + :short => "-s SECRET", + :long => "--secret ", + :description => "The secret key to use to encrypt data bag item values", + :proc => Proc.new { |s| Chef::Config[:knife][:secret] = s } option :secret_file, - :long => "--secret-file SECRET_FILE", - :description => "A file containing the secret key to use to encrypt data bag item values" + :long => "--secret-file SECRET_FILE", + :description => "A file containing the secret key to use to encrypt data bag item values", + :proc => Proc.new { |sf| Chef::Config[:knife][:secret_file] = sf } option :all, - :short => "-a", - :long => "--all", - :description => "Upload all data bags or all items for specified data bags" + :short => "-a", + :long => "--all", + :description => "Upload all data bags or all items for specified data bags" def read_secret if config[:secret] diff --git a/lib/chef/knife/data_bag_show.rb b/lib/chef/knife/data_bag_show.rb index 435763b0b0..519859ca2d 100644 --- a/lib/chef/knife/data_bag_show.rb +++ b/lib/chef/knife/data_bag_show.rb @@ -32,13 +32,15 @@ class Chef category "data bag" option :secret, - :short => "-s SECRET", - :long => "--secret ", - :description => "The secret key to use to decrypt data bag item values" + :short => "-s SECRET", + :long => "--secret ", + :description => "The secret key to use to decrypt data bag item values", + :proc => Proc.new { |s| Chef::Config[:knife][:secret] = s } option :secret_file, - :long => "--secret-file SECRET_FILE", - :description => "A file containing the secret key to use to decrypt data bag item values" + :long => "--secret-file SECRET_FILE", + :description => "A file containing the secret key to use to decrypt data bag item values", + :proc => Proc.new { |sf| Chef::Config[:knife][:secret_file] = sf } def read_secret if config[:secret] diff --git a/spec/unit/knife/core/bootstrap_context_spec.rb b/spec/unit/knife/core/bootstrap_context_spec.rb index 808a6f27ad..47261e2068 100644 --- a/spec/unit/knife/core/bootstrap_context_spec.rb +++ b/spec/unit/knife/core/bootstrap_context_spec.rb @@ -118,14 +118,22 @@ EXPECTED describe "when an encrypted_data_bag_secret is provided" do context "via config[:secret]" do - let(:config){ {:secret => "supersekret" }} + let(:chef_config) do + { + :knife => {:secret => "supersekret" } + } + end it "reads the encrypted_data_bag_secret" do bootstrap_context.encrypted_data_bag_secret.should eq "supersekret" end end context "via config[:secret_file]" do - let(:config){ {:secret_file => secret_file}} + let(:chef_config) do + { + :knife => {:secret_file => secret_file} + } + end it "reads the encrypted_data_bag_secret" do bootstrap_context.encrypted_data_bag_secret.should eq IO.read(secret_file) end |