diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/chef/knife/bootstrap.rb | 2 | ||||
| -rw-r--r-- | lib/chef/knife/data_bag_secret_options.rb | 50 | ||||
| -rw-r--r-- | lib/chef/knife/data_bag_show.rb | 2 |
3 files changed, 31 insertions, 23 deletions
diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb index 6d628f0224..a992cf5779 100644 --- a/lib/chef/knife/bootstrap.rb +++ b/lib/chef/knife/bootstrap.rb @@ -239,7 +239,7 @@ class Chef def render_template template_file = find_template template = IO.read(template_file).chomp - secret = encryption_secret_provided?(false) ? read_secret : nil + secret = encryption_secret_provided_ignore_encrypt_flag? ? read_secret : nil context = Knife::Core::BootstrapContext.new(config, config[:run_list], Chef::Config, secret) Erubis::Eruby.new(template).evaluate(context) end diff --git a/lib/chef/knife/data_bag_secret_options.rb b/lib/chef/knife/data_bag_secret_options.rb index 238d09667c..766006089e 100644 --- a/lib/chef/knife/data_bag_secret_options.rb +++ b/lib/chef/knife/data_bag_secret_options.rb @@ -54,28 +54,12 @@ class Chef :default => false end - ## - # Determine if the user has specified an appropriate secret for encrypting data bag items. - # @returns boolean - def encryption_secret_provided?(need_encrypt_flag = true) - validate_secrets - - return true if has_cl_secret? || has_cl_secret_file? + def encryption_secret_provided? + base_encryption_secret_provided? + end - if need_encrypt_flag - if config[:encrypt] - unless knife_config[:secret] || knife_config[:secret_file] - ui.fatal("No secret or secret_file specified in config, unable to encrypt item.") - exit(1) - end - return true - end - return false - elsif knife_config[:secret] || knife_config[:secret_file] - # Certain situations (show and bootstrap) don't need a --encrypt flag to use the config file secret - return true - end - return false + def encryption_secret_provided_ignore_encrypt_flag? + base_encryption_secret_provided?(false) end def read_secret @@ -109,6 +93,30 @@ class Chef private + ## + # Determine if the user has specified an appropriate secret for encrypting data bag items. + # @returns boolean + def base_encryption_secret_provided?(need_encrypt_flag = true) + validate_secrets + + return true if has_cl_secret? || has_cl_secret_file? + + if need_encrypt_flag + if config[:encrypt] + unless knife_config[:secret] || knife_config[:secret_file] + ui.fatal("No secret or secret_file specified in config, unable to encrypt item.") + exit(1) + end + return true + end + return false + elsif knife_config[:secret] || knife_config[:secret_file] + # Certain situations (show and bootstrap) don't need a --encrypt flag to use the config file secret + return true + end + return false + end + def has_cl_secret? Chef::Config[:knife].has_key?(:cl_secret) end diff --git a/lib/chef/knife/data_bag_show.rb b/lib/chef/knife/data_bag_show.rb index 2f97d36ca3..36715286e8 100644 --- a/lib/chef/knife/data_bag_show.rb +++ b/lib/chef/knife/data_bag_show.rb @@ -36,7 +36,7 @@ class Chef def run display = case @name_args.length when 2 # Bag and Item names provided - secret = encryption_secret_provided?(false) ? read_secret : nil + secret = encryption_secret_provided_ignore_encrypt_flag? ? read_secret : nil raw_data = Chef::DataBagItem.load(@name_args[0], @name_args[1]).raw_data encrypted = encrypted?(raw_data) |