For backwards compatibility, Chef implements decryption/deserialization for older encrypted data bag item formats in addition to the current version. Each decryption/deserialization strategy is implemented as a class in this namespace. For convenience the factory method +Decryptor.for()+ can be used to create an instance of the appropriate strategy for the given encrypted data bag value.
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 68 def self.assert_format_version_acceptable!(format_version) unless format_version.kind_of?(Integer) and format_version >= Chef::Config[:data_bag_decrypt_minimum_version] raise UnacceptableEncryptedDataBagItemFormat, "The encrypted data bag item has format version `#{format_version}', " + "but the config setting 'data_bag_decrypt_minimum_version' requires version `#{Chef::Config[:data_bag_decrypt_minimum_version]}'" end end
Detects the encrypted data bag item format version and instantiates a decryptor object for that version. Call for_decrypted_item on the resulting object to decrypt and deserialize it.
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 44 def self.for(encrypted_value, key) format_version = format_version_of(encrypted_value) assert_format_version_acceptable!(format_version) case format_version when 2 Version2Decryptor.new(encrypted_value, key) when 1 Version1Decryptor.new(encrypted_value, key) when 0 Version0Decryptor.new(encrypted_value, key) else raise UnsupportedEncryptedDataBagItemFormat, "This version of chef does not support encrypted data bag item format version '#{format_version}'" end end
Generated with the Darkfish Rdoc Generator 2.