class Chef::EncryptedAttribute::RemoteNodes

Helpers to search nodes remotely and get it's public keys.

Public Class Methods

cache() click to toggle source

Remote nodes search results cache.

You can disable it setting it's size to zero:

“`ruby Chef::EncryptedAttribute::RemoteNodes.cache.max_size(0) “`

@return [CacheLru] Remote nodes LRU cache.

# File lib/chef/encrypted_attribute/remote_nodes.rb, line 40
def self.cache
  @@cache ||= Chef::EncryptedAttribute::CacheLru.new
end
get_public_key(node) click to toggle source

Gets remote node public key.

It first tries to read the key from the `node` attribute.

If the `“public_key”` attribute does not exist, it tries to read the node client key directly using the Chef API (this require admin privileges).

@param node [Chef::Node] Chef node object. @return [String] Chef client public key as string. @raise [InsufficientPrivileges] if you lack enoght privileges to read

the keys from the Chef Server.

@raise [ClientNotFound] if client does not exist. @raise [Net::HTTPServerException] for Chef Server HTTP errors.

# File lib/chef/encrypted_attribute/remote_nodes.rb, line 58
def self.get_public_key(node)
  return node['public_key'] unless node['public_key'].nil?
  RemoteClients.get_public_key(node['name'])
rescue Net::HTTPServerException => e
  raise e unless e.response.code == '403'
  raise InsufficientPrivileges,
        "You cannot read #{node['name']} client key. Consider including "\
        'the encrypted_attributes::expose_key recipe in the '\
        "#{node['name']} node run list."
end
search_public_keys( search = '*:*', rows = 1000, partial_search = true ) click to toggle source

Searches for node client public keys.

It first tries to read the key from the `node` attribute.

If the `“public_key”` attribute does not exist, it tries to read the node client key directly using the Chef API (this require admin privileges).

@param search [Array<String>, String] search queries to perform, the

query result will be *OR*-ed.

@param rows [Integer] maximum number of rows to return in searches. @param partial_search [Boolean] whether to use partial search. @return [Array<String>] list of public keys. @raise [InsufficientPrivileges] if you lack enough privileges to read

the keys from the Chef Server.

@raise [ClientNotFound] if client does not exist. @raise [Net::HTTPServerException] for Chef Server HTTP errors. @raise [SearchFailure] if there is a Chef search error. @raise [SearchFatalError] if the Chef search response is wrong. @raise [InvalidSearchKeys] if search keys structure is wrong.

# File lib/chef/encrypted_attribute/remote_nodes.rb, line 89
def self.search_public_keys(
      search = '*:*', rows = 1000, partial_search = true
)
  escaped_query = escape_query(search)
  return cache[escaped_query] if cache.key?(escaped_query)
  cache[escaped_query] =
    search(
      :node, search,
      { 'name' => %w(name), 'public_key' => %w(public_key) },
      rows, partial_search
    ).map { |node| get_public_key(node) }.compact
end