From 7c89ef3de24f989d82279865338d95d8826321a4 Mon Sep 17 00:00:00 2001
From: Jamie Winsor <jamie@enmasse.com>
Date: Sun, 26 Jun 2011 22:30:39 -0700
Subject: [PATCH] Add support for Chef encrypted data bags:
 http://wiki.opscode.com/display/chef/Encrypted+Data+Bags

Add two configuration options to chef_server provision:
  encrypted_data_bag_secret_key_path - the location of your encrypted secret key on your local machine
  encrypted_data_bag_secret - the location you wish to place the key on the target machine and the value of Chef::Config[:encrypted_data_bag_secret]. Default value of "/etc/chef/encrypted_data_bag".
---
 lib/vagrant/provisioners/chef_server.rb       | 17 ++++++++++++++++-
 templates/chef_server_client.erb              |  2 ++
 templates/locales/en.yml                      |  1 +
 test/vagrant/provisioners/chef_server_test.rb |  3 ++-
 4 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/lib/vagrant/provisioners/chef_server.rb b/lib/vagrant/provisioners/chef_server.rb
index 50e41a547..969572db2 100644
--- a/lib/vagrant/provisioners/chef_server.rb
+++ b/lib/vagrant/provisioners/chef_server.rb
@@ -15,6 +15,8 @@ module Vagrant
         attr_accessor :file_cache_path
         attr_accessor :file_backup_path
         attr_accessor :environment
+        attr_accessor :encrypted_data_bag_secret_key_path
+        attr_accessor :encrypted_data_bag_secret
 
         def initialize
           super
@@ -23,6 +25,8 @@ module Vagrant
           @client_key_path = "/etc/chef/client.pem"
           @file_cache_path = "/srv/chef/file_store"
           @file_backup_path = "/srv/chef/cache"
+          @encrypted_data_bag_secret_key_path = nil
+          @encrypted_data_bag_secret = "/etc/chef/encrypted_data_bag_secret"
         end
 
         def validate(errors)
@@ -45,6 +49,7 @@ module Vagrant
         chown_provisioning_folder
         create_client_key_folder
         upload_validation_key
+        upload_encrypted_data_bag_secret if config.encrypted_data_bag_secret_key_path
         setup_json
         setup_server_config
         run_chef_client
@@ -63,6 +68,11 @@ module Vagrant
         env.ui.info I18n.t("vagrant.provisioners.chef.upload_validation_key")
         vm.ssh.upload!(validation_key_path, guest_validation_key_path)
       end
+      
+      def upload_encrypted_data_bag_secret
+        env.ui.info I18n.t("vagrant.provisioners.chef.upload_encrypted_data_bag_secret_key")
+        vm.ssh.upload!(encrypted_data_bag_secret_key_path, config.encrypted_data_bag_secret)
+      end
 
       def setup_server_config
         setup_config("chef_server_client", "client.rb", {
@@ -73,7 +83,8 @@ module Vagrant
           :client_key => config.client_key_path,
           :file_cache_path => config.file_cache_path,
           :file_backup_path => config.file_backup_path,
-          :environment => config.environment
+          :environment => config.environment,
+          :encrypted_data_bag_secret => config.encrypted_data_bag_secret
         })
       end
 
@@ -96,6 +107,10 @@ module Vagrant
       def validation_key_path
         File.expand_path(config.validation_key_path, env.root_path)
       end
+      
+      def encrypted_data_bag_secret_key_path
+        File.expand_path(config.encrypted_data_bag_secret_key_path, env.root_path)
+      end
 
       def guest_validation_key_path
         File.join(config.provisioning_path, "validation.pem")
diff --git a/templates/chef_server_client.erb b/templates/chef_server_client.erb
index 5d146f297..44c24fe26 100644
--- a/templates/chef_server_client.erb
+++ b/templates/chef_server_client.erb
@@ -10,6 +10,8 @@ validation_client_name "<%= validation_client_name %>"
 validation_key         "<%= validation_key %>"
 client_key             "<%= client_key %>"
 
+encrypted_data_bag_secret "<%= encrypted_data_bag_secret %>"
+
 <% unless environment.nil? %>
 environment        "<%= environment %>"
 <% end %>
diff --git a/templates/locales/en.yml b/templates/locales/en.yml
index e310ebedc..08966db1e 100644
--- a/templates/locales/en.yml
+++ b/templates/locales/en.yml
@@ -465,6 +465,7 @@ en:
         json: "Generating chef JSON and uploading..."
         client_key_folder: "Creating folder to hold client key..."
         upload_validation_key: "Uploading chef client validation key..."
+        upload_encrypted_data_bag_secret_key: "Uploading chef encrypted data bag secret key..."
         running_client: "Running chef-client..."
         running_solo: "Running chef-solo..."
         invalid_provisioner: "Vagrant::Provisioners::Chef is not a valid provisioner! Use ChefSolo or ChefServer instead."
diff --git a/test/vagrant/provisioners/chef_server_test.rb b/test/vagrant/provisioners/chef_server_test.rb
index cafcb91b2..04c69a66f 100644
--- a/test/vagrant/provisioners/chef_server_test.rb
+++ b/test/vagrant/provisioners/chef_server_test.rb
@@ -162,7 +162,8 @@ class ChefServerProvisionerTest < Test::Unit::TestCase
         :client_key => @config.client_key_path,
         :file_cache_path => @config.file_cache_path,
         :file_backup_path => @config.file_backup_path,
-        :environment => @config.environment
+        :environment => @config.environment,
+        :encrypted_data_bag_secret => @config.encrypted_data_bag_secret
       })
 
       @action.setup_server_config