Merge pull request #243 from halida/master

add remove_data_bags, Fix issue #242

README.md

@@ -203,6 +203,14 @@ This will put the encrypted_data_bag_secret in `/etc/chef/encrypted_data_bag_sec
 Chef-solo will automatically use it wherever you use `Chef::EncryptedDataBagItem.load` in your recipes.
 It will also remove the `/etc/chef/encrypted_data_bag_secret` file from the node at the end of the run.
 
+If you are not comfortable about leaving data bags in the remote node, which will leak sensitive information, you can tell littlechef to delete them all at the end of the run:
+
+```ini
+[userinfo]
+remove_data_bags=true
+```
+
+
 ```ini
 [userinfo]
 autodeploy_chef=true

littlechef/chef.py

@@ -394,11 +394,18 @@ def _remove_remote_node_data_bag():
     if exists(node_data_bag_path):
         sudo("rm -rf {0}".format(node_data_bag_path))
 
+def _remove_remote_data_bags():
+    """Remove remote data bags, so it won't leak any sensitive information"""
+    data_bags_path = os.path.join(env.node_work_path, 'data_bags')
+    if exists(data_bags_path):
+        sudo("rm -rf {0}".format(data_bags_path))
 
 def _node_cleanup():
     if env.loglevel is not "debug":
         with hide('running', 'stdout'):
             _remove_remote_node_data_bag()
+            if env.remove_data_bags:
+                _remove_remote_data_bags()
             with settings(warn_only=True):
                 sudo("rm '/etc/chef/node.json'")
                 if env.encrypted_data_bag_secret:

littlechef/runner.py

@@ -444,6 +444,11 @@ def _readconfig():
     except (ConfigParser.NoOptionError, ConfigParser.NoSectionError):
         env.https_proxy = None
 
+    try:
+        env.remove_data_bags = config.get('userinfo', 'remove_data_bags')
+    except ConfigParser.NoOptionError:
+        env.remove_data_bags = False
+
     # Check for an encrypted_data_bag_secret file and set the env option
     try:
         env.encrypted_data_bag_secret = config.get('userinfo',