class Chef::Knife::Bootstrap::ChefVaultHandler

def bootstrap_vault_file

Returns:
  • (String) - JSON text in a file representing the chef vault items 
def bootstrap_vault_file
  config[:bootstrap_vault_file]
end

def bootstrap_vault_item

Returns:
  • (Hash) - Ruby object representing the chef vault items to create 
def bootstrap_vault_item
  config[:bootstrap_vault_item]
end

def bootstrap_vault_json

Returns:
  • (String) - string with serialized JSON representing the chef vault items 
def bootstrap_vault_json
  config[:bootstrap_vault_json]
end

def doing_chef_vault?

Returns:
  • (Boolean) - if we've got chef vault options to act on or not 
def doing_chef_vault?
  !!(bootstrap_vault_json || bootstrap_vault_file || bootstrap_vault_item)
end

def initialize(config: {}, knife_config: nil, ui: nil)

Parameters:
  • ui (Chef::Knife::UI) -- ui object for output
  • config (Hash) -- knife merged config, typically @config 
def initialize(config: {}, knife_config: nil, ui: nil)
  @config = config
  unless knife_config.nil?
    @config = knife_config
    Chef.deprecated(:knife_bootstrap_apis, "The knife_config option to the Bootstrap::ClientBuilder object is deprecated and has been renamed to just 'config'")
  end
  @ui = ui
end

def load_chef_bootstrap_vault_item(vault, item)

Returns:
  • (ChefVault::Item) - ChefVault::Item object

Parameters:
  • item (String) -- name of the chef-vault encrypted item
  • vault (String) -- name of the chef-vault encrypted data bag 
def load_chef_bootstrap_vault_item(vault, item)
  ChefVault::Item.load(vault, item)
end

def require_chef_vault!

Helper to very lazily require the chef-vault gem 
def require_chef_vault!
  @require_chef_vault ||=
    begin
      error_message = "Knife bootstrap requires version 2.6.0 or higher of the chef-vault gem to configure vault items"
      require "chef-vault"
      if Gem::Version.new(ChefVault::VERSION) < Gem::Version.new("2.6.0")
        raise error_message
      end
      true
    rescue LoadError
      raise error_message
    end
end

def run(client)

Parameters:
  • client (Chef::ApiClient) -- vault client 
def run(client)
  return unless doing_chef_vault?
  sanity_check
  @client = client
  update_bootstrap_vault_json!
end

def sanity_check

warn if the user has given mutual conflicting options 
def sanity_check
  if bootstrap_vault_item && (bootstrap_vault_json || bootstrap_vault_file)
    ui.warn "--vault-item given with --vault-list or --vault-file, ignoring the latter"
  end
  if bootstrap_vault_json && bootstrap_vault_file
    ui.warn "--vault-list given with --vault-file, ignoring the latter"
  end
end

def update_bootstrap_vault_json!


}
"vault2": [ "item1", "item2", "item2" ]
"vault1": "item",
{

or an Array of Strings:
Iterate through all the vault items to update. Items may be either a String 
def update_bootstrap_vault_json!
  vault_json.each do |vault, items|
    [ items ].flatten.each do |item|
      update_vault(vault, item)
    end
  end
end

def update_vault(vault, item)

Parameters:
  • item (String) -- name of the chef-vault encrypted item
  • vault (String) -- name of the chef-vault encrypted data bag 
def update_vault(vault, item)
  require_chef_vault!
  bootstrap_vault_item = load_chef_bootstrap_vault_item(vault, item)
  bootstrap_vault_item.clients(client)
  bootstrap_vault_item.save
end

def vault_json

Returns:
  • (Hash) - deserialized ruby hash with all the vault items 
def vault_json
  @vault_json ||=
    if bootstrap_vault_item
      bootstrap_vault_item
    else
      json = bootstrap_vault_json || File.read(bootstrap_vault_file)
      Chef::JSONCompat.from_json(json)
    end
end