class Chef::EncryptedAttribute::RemoteUsers

Helpers to get remote Chef Users keys.

@note This class methods require admin privileges.

Public Class Methods

all_public_keys() click to toggle source

Gets all Chef users public keys.

@note This method requires admin privileges.

@return [Array<String>] public key list. @api private

# File lib/chef/encrypted_attribute/remote_users.rb, line 105
def self.all_public_keys
  # Chef::User.list(inflate=true) has a bug (fixed in 11.14.0)
  # https://tickets.chef.io/browse/CHEF-5328
  get_users_public_keys(Chef::User.list.keys)
end
cache() click to toggle source

Remote users public keys cache.

You can disable it setting it's size to zero:

“`ruby Chef::EncryptedAttribute::RemoteUsers.cache.max_size(0) “`

@return [CacheLru] Remote users LRU cache.

# File lib/chef/encrypted_attribute/remote_users.rb, line 39
def self.cache
  @@cache ||= Chef::EncryptedAttribute::CacheLru.new
end
get_public_keys(users = []) click to toggle source

Gets some Chef users public keys.

@note This method requires admin privileges.

@param users [Array<String>, '*'] user list. Use `'*'` to get all users

public keys.

@return [Array<String>] public key list. @raise [ArgumentError] if user list is wrong.

# File lib/chef/encrypted_attribute/remote_users.rb, line 51
def self.get_public_keys(users = [])
  if users == '*' # users are [a-z0-9\-_]+, cannot be *
    cache.key?('*') ? cache['*'] : cache['*'] = all_public_keys
  elsif users.is_a?(Array)
    get_users_public_keys(users)
  elsif !users.nil?
    fail ArgumentError,
         "#{self.class}##{__method__} users argument must be an array "\
         'or "*".'
  end
end
get_user_public_key(name) click to toggle source

Reads a Chef user public key.

@note This method requires admin privileges.

@param name [String] user name. @return [String] user public key as string. @raise [InsufficientPrivileges] if you lack enough privileges to read

the keys from the Chef Server.

@api private

# File lib/chef/encrypted_attribute/remote_users.rb, line 72
def self.get_user_public_key(name)
  return cache[name] if cache.key?(name)
  user = Chef::User.load(name)
  cache[name] = user.public_key
rescue Net::HTTPServerException => e
  case e.response.code
  when '403'
    raise InsufficientPrivileges,
          'Your node needs admin privileges to be able to work with '\
          'Chef Users.'
  when '404' then raise UserNotFound, "Chef User not found: \"#{name}\"."
  else
    raise e
  end
end
get_users_public_keys(users) click to toggle source

Gets some Chef users public keys.

@note This method requires admin privileges.

@param users [Array<String>] user list. @return [Array<String>] public key list. @api private

# File lib/chef/encrypted_attribute/remote_users.rb, line 95
def self.get_users_public_keys(users)
  users.map { |n| get_user_public_key(n) }
end