Module: Chef::DSL::ChefVault

Includes:

DataQuery

Included in:

Universal

Defined in:

lib/chef/dsl/chef_vault.rb

Instance Method Summary

• #chef_vault(bag) ⇒ Array

  Helper method that allows for listing the ids of a vault in a recipe.

• #chef_vault_item(bag, id) ⇒ Object

  Helper method which provides a Recipe/Resource DSL for wrapping creation of ChefVault::Item.

• #chef_vault_item_for_environment(bag, id) ⇒ Hash

  Helper method which provides an environment wrapper for a data bag.

Methods included from DataQuery

#data_bag, #data_bag_item, #search, #tagged?

Methods included from EncryptedDataBagItem::CheckEncrypted

#encrypted?

Instance Method Details

#chef_vault(bag) ⇒ Array

Helper method that allows for listing the ids of a vault in a recipe. This method is needed because data_bag() returns the keys along with the items, so this method strips out the keys for users so that they don’t have to do it in their recipes.

Examples:

ids = chef_vault('secrets')
log 'Yeah buddy!' if ids[0] == 'bacon'

Parameters:

• bag (String) —

  Name of the data bag to load from.

Returns:

• (Array)

# File 'lib/chef/dsl/chef_vault.rb', line 58

def chef_vault(bag)
  raise "'#{bag}' is not a vault" unless Chef::DataBag.list.include? bag

  pattern = Regexp.new(/_keys$/).freeze
  data_bag(bag).each_with_object([]) do |id, acc|
    acc << id unless pattern.match?(id)
  end
end

#chef_vault_item(bag, id) ⇒ Object

Note:

Helper method which provides a Recipe/Resource DSL for wrapping creation of ChefVault::Item. Falls back to normal data bag item loading if the item is not actually a Chef Vault item. This is controlled via node[‘databag_fallback’].

Examples:

item = chef_vault_item('secrets', 'bacon')
log 'Yeah buddy!' if item['_default']['type']

Parameters:

• bag (String) —

  Name of the data bag to load from.

• id (String) —

  Identifier of the data bag item to load.

# File 'lib/chef/dsl/chef_vault.rb', line 39

def chef_vault_item(bag, id)
  if ::ChefVault::Item.vault?(bag, id)
    ::ChefVault::Item.load(bag, id)
  elsif node["chef-vault"]["databag_fallback"]
    data_bag_item(bag, id)
  else
    raise "Trying to load a regular data bag item #{id} from #{bag}, and databag_fallback is disabled"
  end
end

#chef_vault_item_for_environment(bag, id) ⇒ Hash

Helper method which provides an environment wrapper for a data bag. This allows for easy access to current environment secrets inside of an item.

Examples:

item = chef_vault_item_for_environment('secrets', 'bacon')
log 'Yeah buddy!' if item['type'] == 'applewood_smoked'

Parameters:

• bag (String) —

  Name of the data bag to load from.

• id (String) —

  Identifier of the data bag item to load.

Returns:

• (Hash)

# File 'lib/chef/dsl/chef_vault.rb', line 76

def chef_vault_item_for_environment(bag, id)
  item = chef_vault_item(bag, id)
  return {} unless item[node.chef_environment]

  item[node.chef_environment]
end