summaryrefslogtreecommitdiff
path: root/lib/chef/encrypted_data_bag_item/assertions.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/chef/encrypted_data_bag_item/assertions.rb')
-rw-r--r--lib/chef/encrypted_data_bag_item/assertions.rb54
1 files changed, 54 insertions, 0 deletions
diff --git a/lib/chef/encrypted_data_bag_item/assertions.rb b/lib/chef/encrypted_data_bag_item/assertions.rb
new file mode 100644
index 0000000000..6e90008523
--- /dev/null
+++ b/lib/chef/encrypted_data_bag_item/assertions.rb
@@ -0,0 +1,54 @@
+#
+# Author:: Xabier de Zuazo (<xabier@onddo.com>)
+# Copyright:: Copyright (c) 2014 Onddo Labs, SL.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+class Chef::EncryptedDataBagItem
+
+ class EncryptedDataBagRequirementsFailure < StandardError
+ end
+
+ module Assertions
+
+ def assert_format_version_acceptable!(format_version)
+ unless format_version.kind_of?(Integer) and format_version >= Chef::Config[:data_bag_decrypt_minimum_version]
+ raise UnacceptableEncryptedDataBagItemFormat,
+ "The encrypted data bag item has format version `#{format_version}', " +
+ "but the config setting 'data_bag_decrypt_minimum_version' requires version `#{Chef::Config[:data_bag_decrypt_minimum_version]}'"
+ end
+ end
+
+ def assert_valid_cipher!(requested_cipher, algorithm)
+ # In the future, chef may support configurable ciphers. For now, only
+ # aes-256-cbc and aes-256-gcm are supported.
+ unless requested_cipher == algorithm
+ raise UnsupportedCipher,
+ "Cipher '#{requested_cipher}' is not supported by this version of Chef. Available ciphers: ['#{ALGORITHM}', '#{AEAD_ALGORITHM}']"
+ end
+ end
+
+ def assert_aead_requirements_met!(algorithm)
+ unless OpenSSL::Cipher::Cipher.method_defined?(:auth_data=)
+ raise EncryptedDataBagRequirementsFailure, "The used Encrypted Data Bags version requires Ruby >= 1.9"
+ end
+ unless OpenSSL::Cipher::Cipher.ciphers.include?(algorithm)
+ raise EncryptedDataBagRequirementsFailure, "The used Encrypted Data Bags version requires an OpenSSL version with \"#{algorithm}\" algorithm support"
+ end
+ end
+
+ end
+
+end
View Lorry Controller Status