class Ncio::HttpClient

HttpClient provides a Net::HTTP instance pre-configured to communicate with the Puppet Node Classification Service. The client will return Ruby native objects where possible, parsing JSON responses from the service.

This client implements v1 of the [Node Classification API](docs.puppet.com/pe/2016.1/nc_index.html).

Constants

OPTION_DEFAULTS

Attributes

cacert[R]
cert[R]
host[R]
key[R]
port[R]
protocol[R]
use_ssl[R]

Public Class Methods

new(opts = {}) click to toggle source

initialize a new HttpClient instance

@param [Hash] opts Options

@option opts [String] :host The API host, e.g. `“master1.puppet.vm”`.

Defaults to the local hostname returned by `Socket.gethostname`

@option opts [Fixnum] :port The API tcp port, Defaults to `4433`

@option opts [String] :cert The path to the PEM encoded client

certificate.  Defaults to
`"/etc/puppetlabs/puppet/ssl/certs/$FQDN.pem"`

@option opts [String] :key The path to the PEM encoded RSA private key

used for the SSL client connection.  Defaults to
`"/etc/puppetlabs/puppet/ssl/private_keys/$FQDN.pem"`

@option opts [String] :cacert The path to the PEM encoded CA certificate

used to authenticate the service URL.  Defaults to
`"/etc/puppetlabs/puppet/ssl/certs/ca.pem"`
# File lib/ncio/http_client.rb, line 56
def initialize(opts = {})
  opts = OPTION_DEFAULTS.merge(opts)
  @use_ssl = opts[:use_ssl]
  @host = opts[:host]
  @port = opts[:port]
  @cert = opts[:cert]
  @key = opts[:key]
  @cacert = opts[:cacert]
  @protocol = use_ssl ? 'https' : 'http'
end

Public Instance Methods

request(req, body = nil) click to toggle source

make a request, pass through to Net::HTTP#request

@param [Net::HTTPRequest] req The HTTP request, e.g. an instance of

`Net::HTTP::Get`, `Net::HTTP::Post`, or `Net::HTTP::Head`.

@param [String] body The request body, if any.

@return [Net::HTTPResponse] response

# File lib/ncio/http_client.rb, line 76
def request(req, body = nil)
  http.request(req, body)
end
uri() click to toggle source

Provide a URL to the endpoint this client connects to. This is intended to construct URL's and add query parameters easily.

@return [URI] the URI of the server this client connects to.

# File lib/ncio/http_client.rb, line 85
def uri
  return @uri if @uri
  @uri = URI("#{protocol}://#{host}:#{port}")
end

Private Instance Methods

http() click to toggle source

return a memoized HTTP object instance configured with the SSL client certificate and ready to authorize the peer service

TODO: Add revocation checking. See: [puppet/ssl/host.rb line 263](github.com/puppetlabs/puppet/blob/4.5.2/lib/puppet/ssl/host.rb#L263)

@return [Net::HTTP]

# File lib/ncio/http_client.rb, line 100
def http
  return @http if @http
  client = Net::HTTP.new(uri.host, uri.port)
  @http = if use_ssl
            setup_ssl(client)
          else
            client
          end
  @http
end
read_cert() click to toggle source

helper method to stub the cert in the tests

# File lib/ncio/http_client.rb, line 140
def read_cert
  File.read(cert)
end
read_key() click to toggle source

helper method to stub the cert in the tests

# File lib/ncio/http_client.rb, line 145
def read_key
  File.read(key)
end
setup_ssl(http) click to toggle source

Configure this client to use SSL

@param [Net::HTTP] http The http instance to configure to use SSL

@return [Net::HTTP] configured with SSL certificates passed to initializer.

# File lib/ncio/http_client.rb, line 118
def setup_ssl(http)
  http.use_ssl = true
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
  # Setup the SSL store used for this connection
  ssl_store = ssl_store()
  ssl_store.purpose = OpenSSL::X509::PURPOSE_ANY
  ssl_store.add_file(cacert)
  http.cert_store = ssl_store
  # PEM files
  http.cert = OpenSSL::X509::Certificate.new(read_cert)
  http.key = OpenSSL::PKey::RSA.new(read_key)
  http.ca_file = cacert
  http
end
ssl_store() click to toggle source

helper method to stub the OpenSSL Store

# File lib/ncio/http_client.rb, line 134
def ssl_store
  OpenSSL::X509::Store.new
end