From 8cfcc28db1acc7594dbbf76b846f4964f40f9e63 Mon Sep 17 00:00:00 2001
From: Eric Williams <eric@subcritical.org>
Date: Mon, 25 Feb 2019 19:09:39 +0000
Subject: Enable encrypted_data_bag_secret support for Chef

Encrypted data bags require a secrets file to be present to
decrypt, and the location of the file must be configured the
Chef client configuration file, client.rb.

This update enables cloud-init's chef module to update that
setting in client.rb.

LP: #1817082
---
 cloudinit/config/cc_chef.py | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'cloudinit')

diff --git a/cloudinit/config/cc_chef.py b/cloudinit/config/cc_chef.py
index 46abedd1..a6240306 100644
--- a/cloudinit/config/cc_chef.py
+++ b/cloudinit/config/cc_chef.py
@@ -51,6 +51,7 @@ file).
 
     chef:
       client_key:
+      encrypted_data_bag_secret:
       environment:
       file_backup_path:
       file_cache_path:
@@ -114,6 +115,7 @@ CHEF_RB_TPL_DEFAULTS = {
     'file_backup_path': "/var/backups/chef",
     'pid_file': "/var/run/chef/client.pid",
     'show_time': True,
+    'encrypted_data_bag_secret': None,
 }
 CHEF_RB_TPL_BOOL_KEYS = frozenset(['show_time'])
 CHEF_RB_TPL_PATH_KEYS = frozenset([
@@ -124,6 +126,7 @@ CHEF_RB_TPL_PATH_KEYS = frozenset([
     'json_attribs',
     'file_cache_path',
     'pid_file',
+    'encrypted_data_bag_secret',
 ])
 CHEF_RB_TPL_KEYS = list(CHEF_RB_TPL_DEFAULTS.keys())
 CHEF_RB_TPL_KEYS.extend(CHEF_RB_TPL_BOOL_KEYS)
-- 
cgit v1.2.3