1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
#
# Author:: Adam Jacob (<adam@opscode.com>)
# Author:: Seth Falcon (<seth@opscode.com>)
# Copyright:: Copyright (c) 2009-2010 Opscode, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require 'chef/knife'
class Chef
class Knife
class DataBagCreate < Knife
deps do
require 'chef/data_bag'
require 'chef/encrypted_data_bag_item'
end
banner "knife data bag create BAG [ITEM] (options)"
category "data bag"
option :secret,
:short => "-s SECRET",
:long => "--secret ",
:description => "The secret key to use to encrypt data bag item values",
:proc => Proc.new { |s| Chef::Config[:knife][:secret] = s }
option :secret_file,
:long => "--secret-file SECRET_FILE",
:description => "A file containing the secret key to use to encrypt data bag item values",
:proc => Proc.new { |sf| Chef::Config[:knife][:secret_file] = sf }
option :encrypt,
:long => "--encrypt",
:description => "Only encrypt data bag when specified.",
:boolean => true,
:default => false
def read_secret
if config[:secret]
config[:secret]
elsif config[:secret_file]
Chef::EncryptedDataBagItem.load_secret(config[:secret_file])
elsif secret = knife_config[:secret] || Chef::Config[:secret]
secret
else
secret_file = knife_config[:secret_file] || Chef::Config[:secret_file]
Chef::EncryptedDataBagItem.load_secret(secret_file)
end
end
def knife_config
Chef::Config.key?(:knife) ? Chef::Config[:knife] : {}
end
def has_secret?
knife_config[:secret] || Chef::Config[:secret]
end
def has_secret_file?
knife_config[:secret_file] || Chef::Config[:secret_file]
end
def use_encryption
# Ensure only one of --secret and --secret-file has been given.
if config[:secret] && config[:secret_file]
ui.fatal("Please specify only one of --secret, --secret-file")
exit(1)
end
return true if config[:secret] || config[:secret_file]
if config[:encrypt]
unless has_secret? || has_secret_file?
ui.fatal("No secret or secret_file specified in config, unable to encrypt item.")
exit(1)
end
return true
else
return false
end
end
def run
@data_bag_name, @data_bag_item_name = @name_args
if @data_bag_name.nil?
show_usage
ui.fatal("You must specify a data bag name")
exit 1
end
begin
Chef::DataBag.validate_name!(@data_bag_name)
rescue Chef::Exceptions::InvalidDataBagName => e
ui.fatal(e.message)
exit(1)
end
# create the data bag
begin
rest.post_rest("data", { "name" => @data_bag_name })
ui.info("Created data_bag[#{@data_bag_name}]")
rescue Net::HTTPServerException => e
raise unless e.to_s =~ /^409/
ui.info("Data bag #{@data_bag_name} already exists")
end
# if an item is specified, create it, as well
if @data_bag_item_name
create_object({ "id" => @data_bag_item_name }, "data_bag_item[#{@data_bag_item_name}]") do |output|
item = Chef::DataBagItem.from_hash(
if use_encryption
Chef::EncryptedDataBagItem.encrypt_data_bag_item(output, read_secret)
else
output
end)
item.data_bag(@data_bag_name)
rest.post_rest("data/#{@data_bag_name}", item)
end
end
end
end
end
end
|