Module: Chef::EncryptedDataBagItem::Assertions
- Included in:
- Decryptor, Decryptor::Version0Decryptor, Encryptor::Version1Encryptor, Encryptor::Version3Encryptor
- Defined in:
- lib/chef/encrypted_data_bag_item/assertions.rb,
lib/chef/encrypted_data_bag_item/encrypted_data_bag_item_assertions.rb
Instance Method Summary collapse
- #assert_aead_requirements_met!(algorithm) ⇒ Object
- #assert_format_version_acceptable!(format_version) ⇒ Object
- #assert_requirements_met! ⇒ Object
- #assert_valid_cipher!(requested_cipher, algorithm) ⇒ Object
Instance Method Details
#assert_aead_requirements_met!(algorithm) ⇒ Object
46 47 48 49 50 |
# File 'lib/chef/encrypted_data_bag_item/assertions.rb', line 46 def assert_aead_requirements_met!(algorithm) unless OpenSSL::Cipher.ciphers.include?(algorithm) raise EncryptedDataBagRequirementsFailure, "The used Encrypted Data Bags version requires an OpenSSL version with \"#{algorithm}\" algorithm support" end end |
#assert_format_version_acceptable!(format_version) ⇒ Object
29 30 31 32 33 34 35 |
# File 'lib/chef/encrypted_data_bag_item/assertions.rb', line 29 def assert_format_version_acceptable!(format_version) unless format_version.is_a?(Integer) && format_version >= Chef::Config[:data_bag_decrypt_minimum_version] raise UnacceptableEncryptedDataBagItemFormat, "The encrypted data bag item has format version `#{format_version}', " + "but the config setting 'data_bag_decrypt_minimum_version' requires version `#{Chef::Config[:data_bag_decrypt_minimum_version]}'" end end |
#assert_requirements_met! ⇒ Object
26 27 28 29 30 31 32 33 |
# File 'lib/chef/encrypted_data_bag_item/encrypted_data_bag_item_assertions.rb', line 26 def assert_requirements_met! unless OpenSSL::Cipher.method_defined?(:auth_data=) raise EncryptedDataBagRequirementsFailure, "The used Encrypted Data Bags version requires Ruby >= 2.0" end unless OpenSSL::Cipher.ciphers.include?(algorithm) raise EncryptedDataBagRequirementsFailure, "The used Encrypted Data Bags version requires an OpenSSL version with \"#{algorithm}\" algorithm support" end end |
#assert_valid_cipher!(requested_cipher, algorithm) ⇒ Object
37 38 39 40 41 42 43 44 |
# File 'lib/chef/encrypted_data_bag_item/assertions.rb', line 37 def assert_valid_cipher!(requested_cipher, algorithm) # In the future, chef may support configurable ciphers. For now, only # aes-256-cbc and aes-256-gcm are supported. unless requested_cipher == algorithm raise UnsupportedCipher, "Cipher '#{requested_cipher}' is not supported by this version of Chef. Available ciphers: ['#{ALGORITHM}', '#{AEAD_ALGORITHM}']" end end |