Git Product home page Git Product logo

data-bag-merge's Introduction

data-bag-merge Cookbook

This cookbook gives you the ability to store environment and node configuration in data bags (including encrypted ones).

No cookbook would then need changing to support getting credentials from data bag, as it will be able to read the merged attributes from the data bag.

Encrypting sensitive environment and node configuration is important, as you shouldn't allow anyone to access this information, including VCS (Version control systems)

The encryption secret key can then be stored elsewhere, and data bags decrypted by it at the point of chef converge.

Attributes

data-bag-merge::environment

Key Type Description Default
['data-bag-merge']['environments']['data_bag_name'] String Name of the data bag to fetch environment data from environments
['data-bag-merge']['environments']['encrypted'] String Flag to determine whether to try to access as an encrypted data bag true
['data-bag-merge']['environments']['bag_format'] String Option to change style of attributes (default/override/default_override)', default_override
['data-bag-merge']['environments']['secret_path'] String Optional path to the secret file that decrypts the encrypted data bag, nil will use the path supplied in the chef config nil

data-bag-merge::node

Key Type Description Default
['data-bag-merge']['nodes']['data_bag_name'] String Name of the data bag to fetch node data from nodes
['data-bag-merge']['nodes']['encrypted'] String Flag to determine whether to try to access as an encrypted data bag true
['data-bag-merge']['nodes']['bag_format'] String Option to change style of attributes (default/override/default_override)', default_override
['data-bag-merge']['nodes']['secret_path'] String Optional path to the secret file that decrypts the encrypted data bag, nil will use the path supplied in the chef config nil

Usage

data-bag-merge::environment

Include data-bag-merge::environment in your node's run_list at the very top of the run-list and define the node's environment

Node

{
  "name":"my_node",
  "environment": "production",
  "run_list": [
    "recipe[data-bag-merge::environment]"
  ],
  "item_with_normal": "normal value",
  "item_with_override": "normal value"
}

Encrypted Data Bag environments/production

{
  "id": "production",
  "default_attributes": {
    "item_with_default": "default value",
    "item_with_normal": "default value"
  },
  "override_attributes": {
    "item_with_override": "override value"
  }
}

Result

{
  "item_with_default": "default value",
  "item_with_normal": "normal value",
  "item_with_override": "override value"
}

This will access the data bag environments/production, merging it's data into the node's defaults.

data-bag-merge::node

Include data-bag-merge::node in your node's run_list at the very top of the run-list and define the node's environment

Node

{
  "name":"my_node",
  "environment": "production",
  "run_list": [
    "recipe[data-bag-merge::node]"
  ],
  "item_with_normal": "normal value",
  "item_with_override": "normal value"
}

Encrypted Data Bag nodes/my_node

{
  "id": "production",
  "default_attributes": {
    "item_with_default": "default value",
    "item_with_normal": "default value"
  },
  "override_attributes": {
    "item_with_override": "override value"
  }
}

Result

{
  "item_with_default": "default value",
  "item_with_normal": "normal value",
  "item_with_override": "override value"
}

This will access the data bag nodes/my_node, merging it's data into the node's defaults.

definitions

Chef definitions are provided for additionally providing custom data bag merges

e.g.

data_bag_merge "my-custom-bag/my-bag-item"

encrypted_data_bag_merge "my-custom-bag/my-bag-item"

The following additional attributes are supported:

data_bag_merge "custom" do
  data_bag "my-custom-bag"        # The data bag to get the data from
  item 'my-bag-item'              # The data bag item to get the data from
  bag_format 'default'            # The format of the data
                                  # 'default' - merge all keys into node.default
                                  # 'override' - merge all keys into node.override
                                  # 'default_override' 
                                  #   - merge all keys in 'default_attributes'
                                  #     into node.default
                                  #   - merge all keys in 'override_attributes'
                                  #     into node.override
end

encrypted_data_bag_merge "custom" do
  data_bag "my-custom-bag"        # The data bag to get the data from
  item 'my-bag-item'              # The data bag item to get the data from
  secret_path nil                 # The path to the secret key.
                                  # nil - default chef encrypted_data_bag_key setting
  bag_format 'default'            # The format of the data
                                  # 'default' - merge all keys into node.default
                                  # 'override' - merge all keys into node.override
                                  # 'default_override' 
                                  #   - merge all keys in 'default_attributes'
                                  #     into node.default
                                  #   - merge all keys in 'override_attributes'
                                  #     into node.override
end

Contributing

  1. Fork the repository on Github
  2. Create a named feature branch (like add_component_x)
  3. Write your change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request using Github

License and Authors

License: MIT Authors: Andy Thompson

data-bag-merge's People

Contributors

andytson avatar kierenevans avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.