Class: Chef::SecretFetcher::Base

Inherits:
Object
  • Object
show all
Defined in:
lib/chef/secret_fetcher/base.rb

Direct Known Subclasses

AWSSecretsManager, AzureKeyVault, Example, HashiVault

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(config, run_context) ⇒ Base

Initialize a new SecretFetcher::Base

will vary based on implementation, and are validated in ‘validate!`.

Parameters:

  • config (Hash)

    Configuration hash. Expected configuration keys and values



36
37
38
39
# File 'lib/chef/secret_fetcher/base.rb', line 36

def initialize(config, run_context)
  @config = config
  @run_context = run_context
end

Instance Attribute Details

#configObject (readonly)

Returns the value of attribute config.



27
28
29
# File 'lib/chef/secret_fetcher/base.rb', line 27

def config
  @config
end

#run_contextObject (readonly)

Note that this is only available in the context of a recipe. Since that’s the only place it’s intended to be used, that’s probably OK.



30
31
32
# File 'lib/chef/secret_fetcher/base.rb', line 30

def run_context
  @run_context
end

Instance Method Details

#do_fetch(identifier, version) ⇒ Object

Called to fetch the secret identified by ‘identifier’. Implementations should expect that ‘validate!` has been invoked before `do_fetch`.

When invoked via DSL, this is pre-verified to be not nil/not empty string. The expected data type and form can vary by implementation. provided, implementations are expected to fetch the most recent version of the secret by default.

will vary implementation.

Parameters:

  • identifier (Object)

    Unique identifier of the secret to be retrieved.

  • version (Object)

    Optional version of the secret to be retrieved. If not

Returns:

  • (Object)

    The secret as returned from the implementation. The data type

Raises:



73
# File 'lib/chef/secret_fetcher/base.rb', line 73

def do_fetch(identifier, version); raise NotImplementedError.new; end

#fetch(name, version = nil) ⇒ Object

Note:
  • the name parameter will probably see a narrowing of type as we learn more about different integrations.

Fetch the named secret by invoking implementation-specific [Chef::SecretFetcher::Base#do_fetch]

Parameters:

  • name (Object)

    the name or identifier of the secret.

  • version (Object) (defaults to: nil)

    Optional version of the secret to fetch.

Returns:

  • (Object)

    the fetched secret

Raises:



49
50
51
52
53
# File 'lib/chef/secret_fetcher/base.rb', line 49

def fetch(name, version = nil)
  raise Chef::Exceptions::Secret::MissingSecretName.new if name.to_s == ""

  do_fetch(name, version)
end

#validate!Object

Validate that the instance is correctly configured.



57
# File 'lib/chef/secret_fetcher/base.rb', line 57

def validate!; end