diff options
| -rw-r--r-- | lib/chef/knife/data_bag_create.rb | 27 | ||||
| -rw-r--r-- | lib/chef/knife/data_bag_edit.rb | 17 | ||||
| -rw-r--r-- | lib/chef/knife/data_bag_show.rb | 18 | ||||
| -rw-r--r-- | spec/unit/knife/data_bag_create_spec.rb | 8 | ||||
| -rw-r--r-- | spec/unit/knife/data_bag_edit_spec.rb | 8 | ||||
| -rw-r--r-- | spec/unit/knife/data_bag_show_spec.rb | 8 |
6 files changed, 56 insertions, 30 deletions
diff --git a/lib/chef/knife/data_bag_create.rb b/lib/chef/knife/data_bag_create.rb index bc49c68448..e8ca479fe4 100644 --- a/lib/chef/knife/data_bag_create.rb +++ b/lib/chef/knife/data_bag_create.rb @@ -42,6 +42,11 @@ class Chef :description => "A file containing the secret key to use to encrypt data bag item values", :proc => Proc.new { |sf| Chef::Config[:knife][:secret_file] = sf } + option :encrypted, + :long => "--encrypted", + :description => "Only encrypt data bag when specified.", + :proc => Proc.new { |e| Chef::Config[:knife][:encrypted] = e } + def read_secret if config[:secret] config[:secret] @@ -51,11 +56,15 @@ class Chef end def use_encryption - if config[:secret] && config[:secret_file] - ui.fatal("please specify only one of --secret, --secret-file") - exit(1) + if config[:encrypted] + if config[:secret] && config[:secret_file] + ui.fatal("please specify only one of --secret, --secret-file") + exit(1) + end + config[:secret] || config[:secret_file] + else + false end - config[:secret] || config[:secret_file] end def run @@ -87,11 +96,11 @@ class Chef if @data_bag_item_name create_object({ "id" => @data_bag_item_name }, "data_bag_item[#{@data_bag_item_name}]") do |output| item = Chef::DataBagItem.from_hash( - if use_encryption - Chef::EncryptedDataBagItem.encrypt_data_bag_item(output, read_secret) - else - output - end) + if use_encryption + Chef::EncryptedDataBagItem.encrypt_data_bag_item(output, read_secret) + else + output + end) item.data_bag(@data_bag_name) rest.post_rest("data/#{@data_bag_name}", item) end diff --git a/lib/chef/knife/data_bag_edit.rb b/lib/chef/knife/data_bag_edit.rb index b3f53af919..2486edd5dd 100644 --- a/lib/chef/knife/data_bag_edit.rb +++ b/lib/chef/knife/data_bag_edit.rb @@ -42,6 +42,11 @@ class Chef :description => "A file containing the secret key to use to encrypt data bag item values", :proc => Proc.new { |sf| Chef::Config[:knife][:secret_file] = sf } + option :encrypted, + :long => "--encrypted", + :description => "Only encrypt data bag when specified.", + :proc => Proc.new { |e| Chef::Config[:knife][:encrypted] = e } + def read_secret if config[:secret] config[:secret] @@ -51,11 +56,15 @@ class Chef end def use_encryption - if config[:secret] && config[:secret_file] - stdout.puts "please specify only one of --secret, --secret-file" - exit(1) + if config[:encrypted] + if config[:secret] && config[:secret_file] + ui.fatal("please specify only one of --secret, --secret-file") + exit(1) + end + config[:secret] || config[:secret_file] + else + false end - config[:secret] || config[:secret_file] end def load_item(bag, item_name) diff --git a/lib/chef/knife/data_bag_show.rb b/lib/chef/knife/data_bag_show.rb index 519859ca2d..c236bea53b 100644 --- a/lib/chef/knife/data_bag_show.rb +++ b/lib/chef/knife/data_bag_show.rb @@ -42,6 +42,11 @@ class Chef :description => "A file containing the secret key to use to decrypt data bag item values", :proc => Proc.new { |sf| Chef::Config[:knife][:secret_file] = sf } + option :encrypted, + :long => "--encrypted", + :description => "Only encrypt data bag when specified.", + :proc => Proc.new { |e| Chef::Config[:knife][:encrypted] = e } + def read_secret if config[:secret] config[:secret] @@ -51,11 +56,15 @@ class Chef end def use_encryption - if config[:secret] && config[:secret_file] - stdout.puts "please specify only one of --secret, --secret-file" - exit(1) + if config[:encrypted] + if config[:secret] && config[:secret_file] + ui.fatal("please specify only one of --secret, --secret-file") + exit(1) + end + config[:secret] || config[:secret_file] + else + false end - config[:secret] || config[:secret_file] end def run @@ -80,4 +89,3 @@ class Chef end end end - diff --git a/spec/unit/knife/data_bag_create_spec.rb b/spec/unit/knife/data_bag_create_spec.rb index 984be8e58a..2656b2b9b4 100644 --- a/spec/unit/knife/data_bag_create_spec.rb +++ b/spec/unit/knife/data_bag_create_spec.rb @@ -100,16 +100,16 @@ describe Chef::Knife::DataBagCreate do @secret_file.unlink end - it "creates an encrypted data bag item via --secret" do - @knife.stub(:config).and_return({:secret => @secret}) + it "creates an encrypted data bag item via --secret and --encrypted" do + @knife.stub(:config).and_return({:secret => @secret, :encrypted => true}) @knife.run end - it "creates an encrypted data bag item via --secret_file" do + it "creates an encrypted data bag item via --secret_file and --encrypted" do secret_file = Tempfile.new("encrypted_data_bag_secret_file_test") secret_file.puts(@secret) secret_file.flush - @knife.stub(:config).and_return({:secret_file => secret_file.path}) + @knife.stub(:config).and_return({:secret_file => secret_file.path, :encrypted => true}) @knife.run end end diff --git a/spec/unit/knife/data_bag_edit_spec.rb b/spec/unit/knife/data_bag_edit_spec.rb index 866ca99174..ba931c1883 100644 --- a/spec/unit/knife/data_bag_edit_spec.rb +++ b/spec/unit/knife/data_bag_edit_spec.rb @@ -74,16 +74,16 @@ describe Chef::Knife::DataBagEdit do @secret_file.unlink end - it "decrypts and encrypts via --secret" do - @knife.stub(:config).and_return({:secret => @secret}) + it "decrypts and encrypts via --secret and --encrypted" do + @knife.stub(:config).and_return({:secret => @secret, :encrypted => true}) @knife.should_receive(:edit_data).with(@plain_data).and_return(@edited_data) @rest.should_receive(:put_rest).with("data/bag_name/item_name", @enc_edited_data).ordered @knife.run end - it "decrypts and encrypts via --secret_file" do - @knife.stub(:config).and_return({:secret_file => @secret_file.path}) + it "decrypts and encrypts via --secret_file and --encrypted" do + @knife.stub(:config).and_return({:secret_file => @secret_file.path, :encrypted => true}) @knife.should_receive(:edit_data).with(@plain_data).and_return(@edited_data) @rest.should_receive(:put_rest).with("data/bag_name/item_name", @enc_edited_data).ordered diff --git a/spec/unit/knife/data_bag_show_spec.rb b/spec/unit/knife/data_bag_show_spec.rb index 4aa642fc4b..ac368ed6da 100644 --- a/spec/unit/knife/data_bag_show_spec.rb +++ b/spec/unit/knife/data_bag_show_spec.rb @@ -91,8 +91,8 @@ describe Chef::Knife::DataBagShow do @secret_file.unlink end - it "prints the decrypted contents of an item when given --secret" do - allow(@knife).to receive(:config).and_return({:secret => @secret}) + it "prints the decrypted contents of an item when given --secret and --encrypted" do + allow(@knife).to receive(:config).and_return({:secret => @secret, :encrypted => true}) expect(Chef::EncryptedDataBagItem).to receive(:load). with('bag_name', 'item_name', @secret). and_return(Chef::EncryptedDataBagItem.new(@enc_data, @secret)) @@ -100,8 +100,8 @@ describe Chef::Knife::DataBagShow do expect(Chef::JSONCompat.from_json(@stdout.string)).to eq(@plain_data) end - it "prints the decrypted contents of an item when given --secret_file" do - allow(@knife).to receive(:config).and_return({:secret_file => @secret_file.path}) + it "prints the decrypted contents of an item when given --secret_file and --encrypted" do + allow(@knife).to receive(:config).and_return({:secret_file => @secret_file.path, :encrypted => true}) expect(Chef::EncryptedDataBagItem).to receive(:load). with('bag_name', 'item_name', @secret). and_return(Chef::EncryptedDataBagItem.new(@enc_data, @secret)) |