Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Here is how to pass sensitive data to a template and yet make it easy to dynamically add non-sensitive attributes.
- Have non-sensitive attributes follow this pattern: `node[‘cookbook’][‘collection’][‘value_1’] = ‘value1’` where collection contains a collection of one or more attributes (one level deep). e.g.,
- ```ruby
- default['mycookbook']['conf']['db_driver'] = 'com.mysql.jdbc.Driver'
- default['mycookbook']['conf']['db_user'] = 'db_user'
- default['mycookbook']['conf']['db_pass'] = nil
- ```
- Next step is create a separate hash, e.g.,
- ```ruby
- conf = {}.merge(node['mycookbook']['conf']) # a workaround for Chef dsl not supporting clone or deep copy
- ```
- Then merge sensitive values the separate hash, e.g.,
- ```ruby
- conf.merge!(
- db_pass: mysql_data_bag[node['mycookbook']['conf']['db_user']],
- ...
- )
- ```
- Finally pass the separate hash to template:
- ```ruby
- template "#{app_path}/WEB-INF/application/conf/application.conf" do
- local true
- source "#{app_path}/WEB-INF/application/conf/application.conf.erb"
- variables conf
- mode ‘0600'
- owner user
- group group
- sensitive true
- action :create
- end
- ```
- The erb file has the following values get overwritten:
- ```
- db.url=<%= @db_url %>
- db.user=<%= @db_user %>
- db.pass=<%= @db_pass %>
- ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
