Sha256: 8c6e4bf1d635aa4e59e4eca304808001d316418da66255b03b7bd176975d83e0
Contents?: true
Size: 1.9 KB
Versions: 1
Compression:
Stored size: 1.9 KB
Contents
# Description: Chef-Vault VaultRotateAllKeys class # Copyright 2013-15, Nordstrom, Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # http://www.apache.org/licenses/LICENSE-2.0 # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. require 'chef/knife/vault_base' class Chef class Knife class VaultRotateAllKeys < Knife include Chef::Knife::VaultBase banner "knife vault rotate all keys" option :clean_unknown_clients, :long => '--clean-unknown-clients', :description => 'Remove unknown clients during key rotation' def run clean_unknown_clients = config[:clean_unknown_clients] set_mode(config[:vault_mode]) rotate_all_keys(clean_unknown_clients) end private def rotate_all_keys(clean_unknown_clients=false) vaults = Chef::DataBag.list.keys vaults.each { |vault| rotate_vault_keys(vault, clean_unknown_clients) } end def rotate_vault_keys(vault, clean_unknown_clients) vault_items(vault).each do |item| rotate_vault_item_keys(vault, item, clean_unknown_clients) end end def vault_items(vault) Chef::DataBag.load(vault).keys.each_with_object([]) do |key, array| array << key.sub('_keys', '') if key.match(/.+_keys$/) end end def rotate_vault_item_keys(vault, item, clean_unknown_clients) puts "Rotating keys for: #{vault} #{item}" ChefVault::Item.load(vault, item).rotate_keys!(clean_unknown_clients) end end end end
Version data entries
1 entries across 1 versions & 1 rubygems
Version | Path |
---|---|
chef-vault-2.5.0 | lib/chef/knife/vault_rotate_all_keys.rb |