Add ability to pass encryption key as string to ChefApi

fpedrini · kamilbednarz · commit 105b22e13fc2 · 2018-09-05T23:44:23.000+02:00
diff --git a/chef/api.py b/chef/api.py
@@ -53,15 +53,16 @@ class ChefAPI(object):
 
         In order to use :class:`EncryptedDataBagItem` object it is necessary
         to specify either a path to a file containing the Chef secret key and
-        the Encrypted Databag version to be used (v1 by default)
+        the Encrypted Databag version to be used (v1 by default).
+        If both secret_file and secret_key are passed as argument, secret_key
+        will take precedence.
     """
 
     ruby_value_re = re.compile(r'#\{([^}]+)\}')
     env_value_re = re.compile(r'ENV\[(.+)\]')
     ruby_string_re = re.compile(r'^\s*(["\'])(.*?)\1\s*$')
 
-
-    def __init__(self, url, key, client, version='0.10.8', headers={}, ssl_verify=True, secret_file=None, encryption_version=1):
+    def __init__(self, url, key, client, version='0.10.8', headers={}, ssl_verify=True, secret_file=None, secret_key=None, encryption_version=1):
         self.url = url.rstrip('/')
         self.parsed_url = six.moves.urllib.parse.urlparse(self.url)
         if not isinstance(key, Key):
@@ -71,19 +72,23 @@ def __init__(self, url, key, client, version='0.10.8', headers={}, ssl_verify=Tr
         self.key = key
         self.client = client
         self.version = version
-        self.encryption_version = encryption_version
         self.headers = dict((k.lower(), v) for k, v in six.iteritems(headers))
+        self.encryption_version = encryption_version
         self.version_parsed = pkg_resources.parse_version(self.version)
         self.platform = self.parsed_url.hostname == 'api.opscode.com'
         self.ssl_verify = ssl_verify
         if not api_stack_value():
             self.set_default()
         self.encryption_key = None
+        # Read the secret key from the input file
         if secret_file is not None:
             self.secret_file = secret_file
             if os.path.exists(self.secret_file):
                 self.encryption_key = open(self.secret_file).read().strip()
-
+        if secret_key is not None:
+            if encryption_key is not None:
+                log.debug('Two encryption key found (file and parameter). The key passed as parameter will be used')
+            self.encryption_key = secret_key
 
     @classmethod
     def from_config_file(cls, path):
@@ -95,8 +100,8 @@ def from_config_file(cls, path):
             # Can't even read the config file
             log.debug('Unable to read config file "%s"', path)
             return
-        url = key_path = client_name = encryption_version = None
         ssl_verify = True
+        url = key_path = client_name = encryption_version = None
         for line in open(path):
             if not line.strip() or line.startswith('#'):
                 continue # Skip blanks and comments
