[chef] Encrypted data bag fixtures in cookbooks

[Roland Moriz < >]

Hi,

I've two questions regarding data bag handling in the case of fixtures for 
cookbook development:

1.) fixture data bag management in cookbooks

Some of our company cookbooks are using encrypted data bags. As we use 
test-kitchen (and ChefSpec) we also have some plain-json and encrypted data 
bag fixtures:

E.g.

```
example_cookbook/test/fixtures/data_bags/certificates/website.json
example_cookbook/test/fixtures/data_bags/users/alice.json
example_cookbook/test/fixtures/data_bags/users/bob.json

# with an example secret in:
example-cookbook/test/integration/encrypted_data_bag_secret
```


But it’s very cumbersome to manage these encrypted data bags, so we currently 
use https://github.com/thbishop/knife-solo_data_bag for that:

```
knife solo data bag edit --secret-file 
./test/integration/encrypted_data_bag_secret --data-bag-path 
./test/fixtures/data_bags users bob
```

However, I’m aware of the --local-mode/-z switch of the regular „knife data 
bag create“ command and the general movement towards "chef-zero". 
Unfortunately I could not find a way to specify the data bag path, and my 
knife.rb settings seems to be ignored:

example_cookbook/.chef/knife.rb:

```
knife[:secret_file]   = 
File.expand_path('../../test/integration/encrypted_data_bag_secret', __FILE__)
knife[:data_bag_path] = File.expand_path('../../test/fixtures/data_bags', 
__FILE__)
```

Created data bags will always go to:

```
example_cookbook/data_bags/<bag>/<item>.json
```

Shouldn't knife in chef-zero/local-mode consider the knife[:data_bag_path] 
option?


2.) case by case encryption

Gladly knife[:secret_file] will be honored in both cases and *every* data bag 
item will be encrypted. That's nice but usually we don't want to.
I guess there is a missing switch to enable/disable encryption. Using 
"--secret-file ./test/integration/encrypted_data_bag_secret" and remove the
default option isn’t very convenient.



thanks in advance
Roland