diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/chef/dsl/data_query.rb | 30 | ||||
-rw-r--r-- | lib/chef/encrypted_data_bag_item/encryptor.rb | 12 |
2 files changed, 15 insertions, 27 deletions
diff --git a/lib/chef/dsl/data_query.rb b/lib/chef/dsl/data_query.rb index d0de15ce1c..e99411d3df 100644 --- a/lib/chef/dsl/data_query.rb +++ b/lib/chef/dsl/data_query.rb @@ -87,39 +87,15 @@ class Chef return false unless data.is_a?(Hash) && data.has_key?("version") case data["version"] when 1 - version_1_encryptor_keys == data.keys.sort + Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor.encryptor_keys.sort == data.keys.sort when 2 - version_2_encryptor_keys == data.keys.sort + Chef::EncryptedDataBagItem::Encryptor::Version2Encryptor.encryptor_keys.sort == data.keys.sort when 3 - version_3_encryptor_keys == data.keys.sort + Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor.encryptor_keys.sort == data.keys.sort else false # version means something else... assume not encrypted. end end - - ### - # The below methods return arrays of keys that are assigned to encrypted - # data hashes when a data bag item gets encrypted. - ### - - # Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor#for_encrypted_item - # Keys added to the encrypted data hash. - def version_1_encryptor_keys - %w(encrypted_data iv cipher version).sort - end - - # Chef::EncryptedDataBagItem::Encryptor::Version2Encryptor#for_encrypted_item - # Keys added to the encrypted data hash. - def version_2_encryptor_keys - %w(encrypted_data hmac iv cipher version).sort - end - - # Chef::EncryptedDataBagItem::Encryptor::Version3Encryptor#for_encrypted_item - # Keys added to the encrypted data hash. - def version_3_encryptor_keys - %w(encrypted_data auth_tag iv cipher version).sort - end - end end end diff --git a/lib/chef/encrypted_data_bag_item/encryptor.rb b/lib/chef/encrypted_data_bag_item/encryptor.rb index 6bf340869a..034413c1bd 100644 --- a/lib/chef/encrypted_data_bag_item/encryptor.rb +++ b/lib/chef/encrypted_data_bag_item/encryptor.rb @@ -125,6 +125,10 @@ class Chef::EncryptedDataBagItem def serialized_data FFI_Yajl::Encoder.encode(:json_wrapper => plaintext_data) end + + def self.encryptor_keys + %w( encrypted_data iv version cipher ) + end end class Version2Encryptor < Version1Encryptor @@ -149,6 +153,10 @@ class Chef::EncryptedDataBagItem Base64.encode64(raw_hmac) end end + + def self.encryptor_keys + super + %w( hmac ) + end end class Version3Encryptor < Version1Encryptor @@ -207,6 +215,10 @@ class Chef::EncryptedDataBagItem end end + def self.encryptor_keys + super + %w( auth_tag ) + end + end end |