diff options
Diffstat (limited to 'chef/lib/chef/encrypted_data_bag_item.rb')
| -rw-r--r-- | chef/lib/chef/encrypted_data_bag_item.rb | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/chef/lib/chef/encrypted_data_bag_item.rb b/chef/lib/chef/encrypted_data_bag_item.rb index 87c39dd6f2..048ab8d57e 100644 --- a/chef/lib/chef/encrypted_data_bag_item.rb +++ b/chef/lib/chef/encrypted_data_bag_item.rb @@ -1,6 +1,6 @@ # # Author:: Seth Falcon (<seth@opscode.com>) -# Copyright:: Copyright 2010 Opscode, Inc. +# Copyright:: Copyright 2010-2011 Opscode, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,6 +20,7 @@ require 'base64' require 'openssl' require 'chef/data_bag_item' require 'yaml' +require 'open-uri' # An EncryptedDataBagItem represents a read-only data bag item where # all values, except for the value associated with the id key, have @@ -56,7 +57,7 @@ class Chef::EncryptedDataBagItem def [](key) value = @enc_hash[key] - if key == "id" + if key == "id" || value.nil? value else self.class.decrypt_value(value, @secret) @@ -103,10 +104,22 @@ class Chef::EncryptedDataBagItem def self.load_secret(path=nil) path = path || Chef::Config[:encrypted_data_bag_secret] || DEFAULT_SECRET_FILE - if !File.exists?(path) - raise Errno::ENOENT, "file not found '#{path}'" - end - secret = IO.read(path).strip + secret = case path + when /^\w+:\/\// + # We have a remote key + begin + Kernel.open(path).read.strip + rescue Errno::ECONNREFUSED + raise ArgumentError, "Remote key not available from '#{path}'" + rescue OpenURI::HTTPError + raise ArgumentError, "Remote key not found at '#{path}'" + end + else + if !File.exists?(path) + raise Errno::ENOENT, "file not found '#{path}'" + end + IO.read(path).strip + end if secret.size < 1 raise ArgumentError, "invalid zero length secret in '#{path}'" end |