class Chef::Key

Class for interacting with a chef key object. Can be used to create new keys, save to server, load keys from server, list keys, delete keys, etc.

@author Tyler Cloke

@attr [String] actor the name of the client or user that this key is for @attr [String] name the name of the key @attr [String] #public_key the RSA string of this key @attr [String] #private_key the RSA string of the private key if returned via a POST or PUT @attr [String] #expiration_date the ISO formatted string YYYY-MM-DDTHH:MM:SSZ, i.e. 2020-12-24T21:00:00Z @attr [String] rest Chef::ServerAPI object, initialized and cached via #chef_rest method @attr [string] #api_base either “users” or “clients”, initialized and cached via #api_base method

@attr_reader [String] #actor_field_name must be either 'client' or 'user'

Attributes

actor_field_name[R]

Public Class Methods

from_hash(key_hash) click to toggle source
# File lib/chef/key.rb, line 205
def from_hash(key_hash)
  if key_hash.has_key?("user")
    key = Chef::Key.new(key_hash["user"], "user")
  elsif key_hash.has_key?("client")
    key = Chef::Key.new(key_hash["client"], "client")
  else
    raise Chef::Exceptions::MissingKeyAttribute, "The hash passed to from_hash does not contain the key 'user' or 'client'. Please pass a hash that defines one of those keys."
  end
  key.name key_hash["name"] if key_hash.key?("name")
  key.public_key key_hash["public_key"] if key_hash.key?("public_key")
  key.private_key key_hash["private_key"] if key_hash.key?("private_key")
  key.create_key key_hash["create_key"] if key_hash.key?("create_key")
  key.expiration_date key_hash["expiration_date"] if key_hash.key?("expiration_date")
  key
end
from_json(json) click to toggle source
# File lib/chef/key.rb, line 221
def from_json(json)
  Chef::Key.from_hash(Chef::JSONCompat.from_json(json))
end
generate_fingerprint(public_key) click to toggle source
# File lib/chef/key.rb, line 245
def generate_fingerprint(public_key)
  openssl_key_object = OpenSSL::PKey::RSA.new(public_key)
  data_string = OpenSSL::ASN1::Sequence([
    OpenSSL::ASN1::Integer.new(openssl_key_object.public_key.n),
    OpenSSL::ASN1::Integer.new(openssl_key_object.public_key.e),
  ])
  OpenSSL::Digest::SHA1.hexdigest(data_string.to_der).scan(/../).join(":")
end
list(keys, actor, load_method_symbol, inflate) click to toggle source
# File lib/chef/key.rb, line 254
def list(keys, actor, load_method_symbol, inflate)
  if inflate
    keys.inject({}) do |key_map, result|
      name = result["name"]
      key_map[name] = Chef::Key.send(load_method_symbol, actor, name)
      key_map
    end
  else
    keys
  end
end
list_by_client(actor, inflate = false) click to toggle source
# File lib/chef/key.rb, line 230
def list_by_client(actor, inflate = false)
  keys = Chef::ServerAPI.new(Chef::Config[:chef_server_url]).get("clients/#{actor}/keys")
  list(keys, actor, :load_by_client, inflate)
end
list_by_user(actor, inflate = false) click to toggle source
# File lib/chef/key.rb, line 225
def list_by_user(actor, inflate = false)
  keys = Chef::ServerAPI.new(Chef::Config[:chef_server_root]).get("users/#{actor}/keys")
  list(keys, actor, :load_by_user, inflate)
end
load_by_client(actor, key_name) click to toggle source
# File lib/chef/key.rb, line 240
def load_by_client(actor, key_name)
  response = Chef::ServerAPI.new(Chef::Config[:chef_server_url]).get("clients/#{actor}/keys/#{key_name}")
  Chef::Key.from_hash(response.merge({ "client" => actor }))
end
load_by_user(actor, key_name) click to toggle source
# File lib/chef/key.rb, line 235
def load_by_user(actor, key_name)
  response = Chef::ServerAPI.new(Chef::Config[:chef_server_root]).get("users/#{actor}/keys/#{key_name}")
  Chef::Key.from_hash(response.merge({ "user" => actor }))
end
new(actor, actor_field_name) click to toggle source
# File lib/chef/key.rb, line 45
def initialize(actor, actor_field_name)
  # Actor that the key is for, either a client or a user.
  @actor = actor

  unless actor_field_name == "user" || actor_field_name == "client"
    raise Chef::Exceptions::InvalidKeyArgument, "the second argument to initialize must be either 'user' or 'client'"
  end

  @actor_field_name = actor_field_name

  @name = nil
  @public_key = nil
  @private_key = nil
  @expiration_date = nil
  @create_key = nil
end

Public Instance Methods

actor(arg = nil) click to toggle source
# File lib/chef/key.rb, line 78
def actor(arg = nil)
  set_or_return(:actor, arg,
                :regex => /^[a-z0-9\-_]+$/)
end
api_base() click to toggle source
# File lib/chef/key.rb, line 70
def api_base
  @api_base ||= if @actor_field_name == "user"
                  "users"
                else
                  "clients"
                end
end
chef_rest() click to toggle source
# File lib/chef/key.rb, line 62
def chef_rest
  @rest ||= if @actor_field_name == "user"
              Chef::ServerAPI.new(Chef::Config[:chef_server_root])
            else
              Chef::ServerAPI.new(Chef::Config[:chef_server_url])
            end
end
create() click to toggle source
# File lib/chef/key.rb, line 134
def create
  # if public_key is undefined and create_key is false, we cannot create
  if @public_key.nil? && !@create_key
    raise Chef::Exceptions::MissingKeyAttribute, "either public_key must be defined or create_key must be true"
  end

  # defaults the key name to the fingerprint of the key
  if @name.nil?
    # if they didn't pass a public_key,
    #then they must supply a name because we can't generate a fingerprint
    unless @public_key.nil?
      @name = fingerprint
    else
      raise Chef::Exceptions::MissingKeyAttribute, "a name cannot be auto-generated if no public key passed, either pass a public key or supply a name"
    end
  end

  payload = { "name" => @name }
  payload["public_key"] = @public_key unless @public_key.nil?
  payload["create_key"] = @create_key if @create_key
  payload["expiration_date"] = @expiration_date unless @expiration_date.nil?
  result = chef_rest.post("#{api_base}/#{@actor}/keys", payload)
  # append the private key to the current key if the server returned one,
  # since the POST endpoint just returns uri and private_key if needed.
  new_key = to_hash
  new_key["private_key"] = result["private_key"] if result["private_key"]
  Chef::Key.from_hash(new_key)
end
create_key(arg = nil) click to toggle source
# File lib/chef/key.rb, line 107
def create_key(arg = nil)
  raise Chef::Exceptions::InvalidKeyAttribute, "you cannot set create_key to true if the public_key field exists" if arg == true && !@public_key.nil?
  set_or_return(:create_key, arg,
                :kind_of => [TrueClass, FalseClass])
end
delete_create_key() click to toggle source
# File lib/chef/key.rb, line 103
def delete_create_key
  @create_key = nil
end
delete_public_key() click to toggle source
# File lib/chef/key.rb, line 99
def delete_public_key
  @public_key = nil
end
destroy() click to toggle source
# File lib/chef/key.rb, line 196
def destroy
  if @name.nil?
    raise Chef::Exceptions::MissingKeyAttribute, "the name field must be populated when delete is called"
  end

  chef_rest.delete("#{api_base}/#{@actor}/keys/#{@name}")
end
expiration_date(arg = nil) click to toggle source
# File lib/chef/key.rb, line 113
def expiration_date(arg = nil)
  set_or_return(:expiration_date, arg,
                :regex => /^(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z|infinity)$/)
end
fingerprint() click to toggle source
# File lib/chef/key.rb, line 163
def fingerprint
  self.class.generate_fingerprint(@public_key)
end
name(arg = nil) click to toggle source
# File lib/chef/key.rb, line 83
def name(arg = nil)
  set_or_return(:name, arg,
                :kind_of => String)
end
private_key(arg = nil) click to toggle source
# File lib/chef/key.rb, line 94
def private_key(arg = nil)
  set_or_return(:private_key, arg,
                :kind_of => String)
end
public_key(arg = nil) click to toggle source
# File lib/chef/key.rb, line 88
def public_key(arg = nil)
  raise Chef::Exceptions::InvalidKeyAttribute, "you cannot set the public_key if create_key is true" if !arg.nil? && @create_key
  set_or_return(:public_key, arg,
                :kind_of => String)
end
save() click to toggle source
# File lib/chef/key.rb, line 186
def save
  create
rescue Net::HTTPServerException => e
  if e.response.code == "409"
    update
  else
    raise e
  end
end
to_hash() click to toggle source
# File lib/chef/key.rb, line 118
def to_hash
  result = {
    @actor_field_name => @actor,
  }
  result["name"] = @name if @name
  result["public_key"] = @public_key if @public_key
  result["private_key"] = @private_key if @private_key
  result["expiration_date"] = @expiration_date if @expiration_date
  result["create_key"] = @create_key if @create_key
  result
end
to_json(*a) click to toggle source
# File lib/chef/key.rb, line 130
def to_json(*a)
  Chef::JSONCompat.to_json(to_hash, *a)
end
update(put_name = nil) click to toggle source

set @name and pass put_name if you wish to update the name of an existing key put_name to @name

# File lib/chef/key.rb, line 168
def update(put_name = nil)
  if @name.nil? && put_name.nil?
    raise Chef::Exceptions::MissingKeyAttribute, "the name field must be populated or you must pass a name to update when update is called"
  end

  # If no name was passed, fall back to using @name in the PUT URL, otherwise
  # use the put_name passed. This will update the a key by the name put_name
  # to @name.
  put_name = @name if put_name.nil?

  new_key = chef_rest.put("#{api_base}/#{@actor}/keys/#{put_name}", to_hash)
  # if the server returned a public_key, remove the create_key field, as we now have a key
  if new_key["public_key"]
    delete_create_key
  end
  Chef::Key.from_hash(to_hash.merge(new_key))
end