Merge pull request #625 from matheeeny/encrypted-data-bags
provisioner/chef-solo: add support for chef-solo encrypted data bags
This commit is contained in:
Mitchell Hashimoto
commit
41ff27f4aa
|
|
@ -23,6 +23,7 @@ type Config struct {
|
||||||
CookbookPaths []string `mapstructure:"cookbook_paths"`
|
CookbookPaths []string `mapstructure:"cookbook_paths"`
|
||||||
RolesPath string `mapstructure:"roles_path"`
|
RolesPath string `mapstructure:"roles_path"`
|
||||||
DataBagsPath string `mapstructure:"data_bags_path"`
|
DataBagsPath string `mapstructure:"data_bags_path"`
|
||||||
|
EncryptedDataBagSecret string `mapstructure:"encrypted_data_bag_secret"`
|
||||||
EnvironmentsPath string `mapstructure:"environments_path"`
|
EnvironmentsPath string `mapstructure:"environments_path"`
|
||||||
ExecuteCommand string `mapstructure:"execute_command"`
|
ExecuteCommand string `mapstructure:"execute_command"`
|
||||||
InstallCommand string `mapstructure:"install_command"`
|
InstallCommand string `mapstructure:"install_command"`
|
||||||
|
|
@ -43,6 +44,7 @@ type Provisioner struct {
|
||||||
type ConfigTemplate struct {
|
type ConfigTemplate struct {
|
||||||
CookbookPaths string
|
CookbookPaths string
|
||||||
DataBagsPath string
|
DataBagsPath string
|
||||||
|
EncryptedDataBagSecret string
|
||||||
RolesPath string
|
RolesPath string
|
||||||
EnvironmentsPath string
|
EnvironmentsPath string
|
||||||
ChefEnvironment string
|
ChefEnvironment string
|
||||||
|
|
@ -51,6 +53,7 @@ type ConfigTemplate struct {
|
||||||
// mean time, we do this.
|
// mean time, we do this.
|
||||||
// TODO(mitchellh): Remove when Go 1.2 is released
|
// TODO(mitchellh): Remove when Go 1.2 is released
|
||||||
HasDataBagsPath bool
|
HasDataBagsPath bool
|
||||||
|
HasEncryptedDataBagSecret bool
|
||||||
HasRolesPath bool
|
HasRolesPath bool
|
||||||
HasEnvironmentsPath bool
|
HasEnvironmentsPath bool
|
||||||
}
|
}
|
||||||
|
|
@ -99,6 +102,7 @@ func (p *Provisioner) Prepare(raws ...interface{}) error {
|
||||||
templates := map[string]*string{
|
templates := map[string]*string{
|
||||||
"config_template": &p.config.ConfigTemplate,
|
"config_template": &p.config.ConfigTemplate,
|
||||||
"data_bags_path": &p.config.DataBagsPath,
|
"data_bags_path": &p.config.DataBagsPath,
|
||||||
|
"encrypted_data_bag_secret": &p.config.EncryptedDataBagSecret,
|
||||||
"roles_path": &p.config.RolesPath,
|
"roles_path": &p.config.RolesPath,
|
||||||
"staging_dir": &p.config.StagingDir,
|
"staging_dir": &p.config.StagingDir,
|
||||||
"environments_path": &p.config.EnvironmentsPath,
|
"environments_path": &p.config.EnvironmentsPath,
|
||||||
|
|
@ -181,6 +185,15 @@ func (p *Provisioner) Prepare(raws ...interface{}) error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if p.config.EncryptedDataBagSecret != "" {
|
||||||
|
pFileInfo, err := os.Stat(p.config.EncryptedDataBagSecret)
|
||||||
|
|
||||||
|
if err != nil || pFileInfo.IsDir() {
|
||||||
|
errs = packer.MultiErrorAppend(
|
||||||
|
errs, fmt.Errorf("Bad encrypted data bag secret '%s': %s", p.config.EncryptedDataBagSecret, err))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if p.config.EnvironmentsPath != "" {
|
if p.config.EnvironmentsPath != "" {
|
||||||
pFileInfo, err := os.Stat(p.config.EnvironmentsPath)
|
pFileInfo, err := os.Stat(p.config.EnvironmentsPath)
|
||||||
|
|
||||||
|
|
@ -244,6 +257,14 @@ func (p *Provisioner) Provision(ui packer.Ui, comm packer.Communicator) error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
encryptedDataBagSecret := ""
|
||||||
|
if p.config.EncryptedDataBagSecret != "" {
|
||||||
|
encryptedDataBagSecret = fmt.Sprintf("%s/encrypted_data_bag_secret", p.config.StagingDir)
|
||||||
|
if err := p.uploadFile(ui, comm, encryptedDataBagSecret, p.config.EncryptedDataBagSecret); err != nil {
|
||||||
|
return fmt.Errorf("Error uploading encrypted data bag secret: %s", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
environmentsPath := ""
|
environmentsPath := ""
|
||||||
if p.config.EnvironmentsPath != "" {
|
if p.config.EnvironmentsPath != "" {
|
||||||
environmentsPath = fmt.Sprintf("%s/environments", p.config.StagingDir)
|
environmentsPath = fmt.Sprintf("%s/environments", p.config.StagingDir)
|
||||||
|
|
@ -252,7 +273,7 @@ func (p *Provisioner) Provision(ui packer.Ui, comm packer.Communicator) error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
configPath, err := p.createConfig(ui, comm, cookbookPaths, rolesPath, dataBagsPath, environmentsPath, p.config.ChefEnvironment)
|
configPath, err := p.createConfig(ui, comm, cookbookPaths, rolesPath, dataBagsPath, encryptedDataBagSecret, environmentsPath, p.config.ChefEnvironment)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error creating Chef config file: %s", err)
|
return fmt.Errorf("Error creating Chef config file: %s", err)
|
||||||
}
|
}
|
||||||
|
|
@ -289,7 +310,17 @@ func (p *Provisioner) uploadDirectory(ui packer.Ui, comm packer.Communicator, ds
|
||||||
return comm.UploadDir(dst, src, nil)
|
return comm.UploadDir(dst, src, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *Provisioner) createConfig(ui packer.Ui, comm packer.Communicator, localCookbooks []string, rolesPath string, dataBagsPath string, environmentsPath string, chefEnvironment string) (string, error) {
|
func (p *Provisioner) uploadFile(ui packer.Ui, comm packer.Communicator, dst string, src string) error {
|
||||||
|
f, err := os.Open(src)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
defer f.Close()
|
||||||
|
|
||||||
|
return comm.Upload(dst, f)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *Provisioner) createConfig(ui packer.Ui, comm packer.Communicator, localCookbooks []string, rolesPath string, dataBagsPath string, encryptedDataBagSecret string, environmentsPath string, chefEnvironment string) (string, error) {
|
||||||
ui.Message("Creating configuration file 'solo.rb'")
|
ui.Message("Creating configuration file 'solo.rb'")
|
||||||
|
|
||||||
cookbook_paths := make([]string, len(p.config.RemoteCookbookPaths)+len(localCookbooks))
|
cookbook_paths := make([]string, len(p.config.RemoteCookbookPaths)+len(localCookbooks))
|
||||||
|
|
@ -323,9 +354,11 @@ func (p *Provisioner) createConfig(ui packer.Ui, comm packer.Communicator, local
|
||||||
CookbookPaths: strings.Join(cookbook_paths, ","),
|
CookbookPaths: strings.Join(cookbook_paths, ","),
|
||||||
RolesPath: rolesPath,
|
RolesPath: rolesPath,
|
||||||
DataBagsPath: dataBagsPath,
|
DataBagsPath: dataBagsPath,
|
||||||
|
EncryptedDataBagSecret: encryptedDataBagSecret,
|
||||||
EnvironmentsPath: environmentsPath,
|
EnvironmentsPath: environmentsPath,
|
||||||
HasRolesPath: rolesPath != "",
|
HasRolesPath: rolesPath != "",
|
||||||
HasDataBagsPath: dataBagsPath != "",
|
HasDataBagsPath: dataBagsPath != "",
|
||||||
|
HasEncryptedDataBagSecret: encryptedDataBagSecret != "",
|
||||||
HasEnvironmentsPath: environmentsPath != "",
|
HasEnvironmentsPath: environmentsPath != "",
|
||||||
ChefEnvironment: chefEnvironment,
|
ChefEnvironment: chefEnvironment,
|
||||||
})
|
})
|
||||||
|
|
@ -485,6 +518,9 @@ role_path "{{.RolesPath}}"
|
||||||
{{if .HasDataBagsPath}}
|
{{if .HasDataBagsPath}}
|
||||||
data_bag_path "{{.DataBagsPath}}"
|
data_bag_path "{{.DataBagsPath}}"
|
||||||
{{end}}
|
{{end}}
|
||||||
|
{{if .HasEncryptedDataBagSecret}}
|
||||||
|
encrypted_data_bag_secret "{{.EncryptedDataBagSecret}}"
|
||||||
|
{{end}}
|
||||||
{{if .HasEnvironmentsPath}}
|
{{if .HasEnvironmentsPath}}
|
||||||
environments_path "{{.EnvironmentsPath}}"
|
environments_path "{{.EnvironmentsPath}}"
|
||||||
chef_environment "{{.ChefEnvironment}}"
|
chef_environment "{{.ChefEnvironment}}"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue