Files

Class/Module Index [+]

Quicksearch

Chef::EncryptedDataBagItem::Decryptor

Decryptor

For backwards compatibility, Chef implements decryption/deserialization for
older encrypted data bag item formats in addition to the current version.
Each decryption/deserialization strategy is implemented as a class in this
namespace. For convenience the factory method +Decryptor.for()+ can be used
to create an instance of the appropriate strategy for the given encrypted
data bag value.

Public Class Methods

assert_format_version_acceptable!(format_version) click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 68
def self.assert_format_version_acceptable!(format_version)
  unless format_version.kind_of?(Integer) and format_version >= Chef::Config[:data_bag_decrypt_minimum_version]
    raise UnacceptableEncryptedDataBagItemFormat,
      "The encrypted data bag item has format version `#{format_version}', " +
      "but the config setting 'data_bag_decrypt_minimum_version' requires version `#{Chef::Config[:data_bag_decrypt_minimum_version]}'"
  end
end
for(encrypted_value, key) click to toggle source

Detects the encrypted data bag item format version and instantiates a decryptor object for that version. Call for_decrypted_item on the resulting object to decrypt and deserialize it.

# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 44
def self.for(encrypted_value, key)
  format_version = format_version_of(encrypted_value)
  assert_format_version_acceptable!(format_version)
  case format_version
  when 2
    Version2Decryptor.new(encrypted_value, key)
  when 1
    Version1Decryptor.new(encrypted_value, key)
  when 0
    Version0Decryptor.new(encrypted_value, key)
  else
    raise UnsupportedEncryptedDataBagItemFormat,
      "This version of chef does not support encrypted data bag item format version '#{format_version}'"
  end
end
format_version_of(encrypted_value) click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 60
def self.format_version_of(encrypted_value)
  if encrypted_value.respond_to?(:key?)
    encrypted_value["version"]
  else
    0
  end
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.