# Description: Chef-Vault VaultBase module # Copyright 2013-15, Nordstrom, Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # http://www.apache.org/licenses/LICENSE-2.0 # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. require "chef/knife" require "chef-vault" class Chef class Knife module VaultBase def self.included(includer) includer.class_eval do deps do require "chef/search/query" require File.expand_path("../mixin/compat", __FILE__) require File.expand_path("../mixin/helper", __FILE__) include ChefVault::Mixin::KnifeCompat include ChefVault::Mixin::Helper end option :vault_mode, :short => "-M MODE", :long => "--mode MODE", :description => "Chef mode to run in default - solo", :proc => proc { |i| Chef::Config[:knife][:vault_mode] = i } end end def show_usage super exit 1 end private def bag_is_vault?(bagname) bag = Chef::DataBag.load(bagname) # vaults have at even number of keys >= 2 return false unless bag.keys.size >= 2 && 0 == bag.keys.size % 2 # partition into those that end in _keys keylike, notkeylike = split_vault_keys(bag) # there must be an equal number of keyline and not-keylike items return false unless keylike.size == notkeylike.size # strip the _keys suffix and check if the sets match keylike.map! { |k| k.gsub(/_keys$/, "") } return false unless keylike.sort == notkeylike.sort # it's (probably) a vault true end def split_vault_keys(bag) # partition into those that end in _keys bag.keys.partition { |k| k =~ /_keys$/ } end end end end