cookbook 'data-bag-merge', '= 0.2.0'
data-bag-merge (10) Versions 0.2.0 Follow1
Installs/Configures data-bag-merge
cookbook 'data-bag-merge', '= 0.2.0', :supermarket
knife supermarket install data-bag-merge
knife supermarket download data-bag-merge
data-bag-merge Cookbook
This cookbook gives you the ability to store environment and node configuration
in data bags (including encrypted ones).
No cookbook would then need changing to support getting credentials from data bag,
as it will be able to read the merged attributes from the data bag.
Encrypting sensitive environment and node configuration is important, as you
shouldn't allow anyone to access this information, including VCS (Version control systems)
The encryption secret key can then be stored elsewhere, and data bags decrypted
by it at the point of chef converge.
Attributes
data-bag-merge::environment
<table>
<tr>
<th>Key</th>
<th>Type</th>
<th>Description</th>
<th>Default</th>
</tr>
<tr>
<td><tt>['data-bag-merge']['environments']['data_bag_name']</tt></td>
<td>String</td>
<td>Name of the data bag to fetch environment data from</td>
<td><tt>environments</tt></td>
</tr>
<tr>
<td><tt>['data-bag-merge']['environments']['encrypted']</tt></td>
<td>String</td>
<td>Flag to determine whether to try to access as an encrypted data bag</td>
<td><tt>true</tt></td>
</tr>
<tr>
<td><tt>['data-bag-merge']['environments']['format']</tt></td>
<td>String</td>
<td>Option to change style of attributes (default/override/default_override)',</td>
<td><tt>default_override</tt></td>
</tr>
<tr>
<td><tt>['data-bag-merge']['environments']['secret_path']</tt></td>
<td>String</td>
<td>Optional path to the secret file that decrypts the encrypted data bag, nil will use the path supplied in the chef config</td>
<td><tt>nil</tt></td>
</tr>
</table>
data-bag-merge::node
<table>
<tr>
<th>Key</th>
<th>Type</th>
<th>Description</th>
<th>Default</th>
</tr>
<tr>
<td><tt>['data-bag-merge']['nodes']['data_bag_name']</tt></td>
<td>String</td>
<td>Name of the data bag to fetch node data from</td>
<td><tt>nodes</tt></td>
</tr>
<tr>
<td><tt>['data-bag-merge']['nodes']['encrypted']</tt></td>
<td>String</td>
<td>Flag to determine whether to try to access as an encrypted data bag</td>
<td><tt>true</tt></td>
</tr>
<tr>
<td><tt>['data-bag-merge']['nodes']['format']</tt></td>
<td>String</td>
<td>Option to change style of attributes (default/override/default_override)',</td>
<td><tt>default_override</tt></td>
</tr>
<tr>
<td><tt>['data-bag-merge']['nodes']['secret_path']</tt></td>
<td>String</td>
<td>Optional path to the secret file that decrypts the encrypted data bag, nil will use the path supplied in the chef config</td>
<td><tt>nil</tt></td>
</tr>
</table>
Usage
data-bag-merge::environment
Include data-bag-merge::environment
in your node's run_list
at the very top
of the run-list and define the node's environment
Node
{ "name":"my_node", "environment": "production", "run_list": [ "recipe[data-bag-merge::environment]" ], "item_with_normal": "normal value", "item_with_override": "normal value" }
Encrypted Data Bag environments/production
{ "id": "production", "default_attributes": { "item_with_default": "default value", "item_with_normal": "default value" }, "override_attributes": { "item_with_override": "override value" } }
Result
{ "item_with_default": "default value", "item_with_normal": "normal value", "item_with_override": "override value" }
This will access the data bag environments/production
, merging it's data into
the node's defaults.
data-bag-merge::node
Include data-bag-merge::node
in your node's run_list
at the very top of the
run-list and define the node's environment
Node
{ "name":"my_node", "environment": "production", "run_list": [ "recipe[data-bag-merge::node]" ], "item_with_normal": "normal value", "item_with_override": "normal value" }
Encrypted Data Bag nodes/my_node
{ "id": "production", "default_attributes": { "item_with_default": "default value", "item_with_normal": "default value" }, "override_attributes": { "item_with_override": "override value" } }
Result
{ "item_with_default": "default value", "item_with_normal": "normal value", "item_with_override": "override value" }
This will access the data bag nodes/my_node
, merging it's data into the node's
defaults.
definitions
Chef definitions are provided for additionally providing custom data bag merges
e.g.
encrypted_data_bag_merge "custom" do
data_bag "my-custom-bag"
item 'my-bag-item'
end
Contributing
- Fork the repository on Github
- Create a named feature branch (like
add_component_x
) - Write your change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request using Github
License and Authors
License: MIT
Authors: Andy Thompson
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Foodcritic Metric
0.2.0 failed this metric
FC015: Consider converting definition to a LWRP: /tmp/cook/4908d7b9fb3dd4dc716021d8/data-bag-merge/definitions/data_bag_merge.rb:1
FC015: Consider converting definition to a LWRP: /tmp/cook/4908d7b9fb3dd4dc716021d8/data-bag-merge/definitions/encrypted_data_bag_merge.rb:1
0.2.0 failed this metric
FC015: Consider converting definition to a LWRP: /tmp/cook/4908d7b9fb3dd4dc716021d8/data-bag-merge/definitions/encrypted_data_bag_merge.rb:1