Class: Chef::SecretFetcher::Base

Inherits:

Object

• Object
• Chef::SecretFetcher::Base

Defined in:

lib/chef/secret_fetcher/base.rb

Direct Known Subclasses

AWSSecretsManager, AzureKeyVault, Example, HashiVault

Instance Attribute Summary

• #config ⇒ Object readonly

  Returns the value of attribute config.

• #run_context ⇒ Object readonly

  Note that this is only available in the context of a recipe.

Instance Method Summary

• #do_fetch(identifier, version) ⇒ Object

  Called to fetch the secret identified by ‘identifier’.

• #fetch(name, version = nil) ⇒ Object

  Fetch the named secret by invoking implementation-specific [Chef::SecretFetcher::Base#do_fetch].

• #initialize(config, run_context) ⇒ Base constructor

  Initialize a new SecretFetcher::Base.

• #validate! ⇒ Object

  Validate that the instance is correctly configured.

Constructor Details

#initialize(config, run_context) ⇒ Base

Initialize a new SecretFetcher::Base

will vary based on implementation, and are validated in ‘validate!`.

Parameters:

• config (Hash) —

  Configuration hash. Expected configuration keys and values

# File 'lib/chef/secret_fetcher/base.rb', line 36

def initialize(config, run_context)
  @config = config
  @run_context = run_context
end

Instance Attribute Details

#config ⇒ Object (readonly)

Returns the value of attribute config.

# File 'lib/chef/secret_fetcher/base.rb', line 27

def config
  @config
end

#run_context ⇒ Object (readonly)

Note that this is only available in the context of a recipe. Since that’s the only place it’s intended to be used, that’s probably OK.

# File 'lib/chef/secret_fetcher/base.rb', line 30

def run_context
  @run_context
end

Instance Method Details

#do_fetch(identifier, version) ⇒ Object

Called to fetch the secret identified by ‘identifier’. Implementations should expect that ‘validate!` has been invoked before `do_fetch`.

When invoked via DSL, this is pre-verified to be not nil/not empty string. The expected data type and form can vary by implementation. provided, implementations are expected to fetch the most recent version of the secret by default.

will vary implementation.

Parameters:

• identifier (Object) —

  Unique identifier of the secret to be retrieved.

• version (Object) —

  Optional version of the secret to be retrieved. If not

Returns:

• (Object) —

  The secret as returned from the implementation. The data type

Raises:

• (Chef::Exceptions::Secret::FetchFailed) —

  if the secret could not be fetched

# File 'lib/chef/secret_fetcher/base.rb', line 73

def do_fetch(identifier, version); raise NotImplementedError.new; end

#fetch(name, version = nil) ⇒ Object

Note:

• the name parameter will probably see a narrowing of type as we learn more about different integrations.

Fetch the named secret by invoking implementation-specific [Chef::SecretFetcher::Base#do_fetch]

Parameters:

• name (Object) —

  the name or identifier of the secret.

• version (Object) (defaults to: nil) —

  Optional version of the secret to fetch.

Returns:

• (Object) —

  the fetched secret

Raises:

• (Chef::Exceptions::Secret::MissingSecretName) —

  when secret name is not provided

• (Chef::Exceptions::Secret::FetchFailed) —

  when the underlying attempt to fetch the secret fails.

# File 'lib/chef/secret_fetcher/base.rb', line 49

def fetch(name, version = nil)
  raise Chef::Exceptions::Secret::MissingSecretName.new if name.to_s == ""

  do_fetch(name, version)
end

#validate! ⇒ Object

Validate that the instance is correctly configured.

Raises:

• (Chef::Exceptions::Secret::ConfigurationInvalid) —

  if it is not.

# File 'lib/chef/secret_fetcher/base.rb', line 57

def validate!; end