From 8cfcc28db1acc7594dbbf76b846f4964f40f9e63 Mon Sep 17 00:00:00 2001
From: Eric Williams <eric@subcritical.org>
Date: Mon, 25 Feb 2019 19:09:39 +0000
Subject: Enable encrypted_data_bag_secret support for Chef

Encrypted data bags require a secrets file to be present to
decrypt, and the location of the file must be configured the
Chef client configuration file, client.rb.

This update enables cloud-init's chef module to update that
setting in client.rb.

LP: #1817082
---
 templates/chef_client.rb.tmpl | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'templates')

diff --git a/templates/chef_client.rb.tmpl b/templates/chef_client.rb.tmpl
index cbb6b15f..99978d3b 100644
--- a/templates/chef_client.rb.tmpl
+++ b/templates/chef_client.rb.tmpl
@@ -1,6 +1,6 @@
 ## template:jinja
 {#
-This file is only utilized if the module 'cc_chef' is enabled in 
+This file is only utilized if the module 'cc_chef' is enabled in
 cloud-config. Specifically, in order to enable it
 you need to add the following to config:
   chef:
@@ -56,3 +56,6 @@ pid_file               "{{pid_file}}"
 {% if show_time %}
 Chef::Log::Formatter.show_time = true
 {% endif %}
+{% if encrypted_data_bag_secret %}
+encrypted_data_bag_secret "{{encrypted_data_bag_secret}}"
+{% endif %}
-- 
cgit v1.2.3