/usr/lib/ruby/vendor_ruby/chef_zero/endpoints/actor_endpoint.rb is in chef-zero 5.1.1-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 | require "ffi_yajl"
require "chef_zero/endpoints/rest_object_endpoint"
require "chef_zero/chef_data/data_normalizer"
module ChefZero
module Endpoints
# /organizations/ORG/clients/NAME
# /organizations/ORG/users/NAME
# /users/NAME
class ActorEndpoint < RestObjectEndpoint
def get(request)
result = super
user_data = parse_json(result[2])
user_data.delete("public_key") unless request.api_v0?
json_response(200, user_data)
end
def delete(request)
result = super
if request.rest_path[0] == "users"
list_data(request, [ "organizations" ]).each do |org|
begin
delete_data(request, [ "organizations", org, "users", request.rest_path[1] ], :data_store_exceptions)
rescue DataStore::DataNotFoundError
end
end
end
delete_actor_keys!(request)
result
end
def put(request)
# Find out if we're updating the public key.
request_body = FFI_Yajl::Parser.parse(request.body)
if request_body["public_key"].nil?
# If public_key is null, then don't overwrite it. Weird patchiness.
body_modified = true
request_body.delete("public_key")
else
updating_public_key = true
end
# Generate private_key if requested.
if request_body.key?("private_key")
body_modified = true
if request_body.delete("private_key")
private_key, public_key = server.gen_key_pair
updating_public_key = true
request_body["public_key"] = public_key
end
end
# Put modified body back in `request.body`
request.body = to_json(request_body) if body_modified
# PUT /clients is patchy
request.body = patch_request_body(request)
result = super(request)
# Inject private_key into response, delete public_key/password if applicable
if result[0] == 200 || result[0] == 201
client_or_user_name = identity_key_value(request) || request.rest_path[-1]
if is_rename?(request)
rename_keys!(request, client_or_user_name)
end
if request.rest_path[0] == "users"
response = {
"uri" => build_uri(request.base_uri, [ "users", client_or_user_name ]),
}
else
response = parse_json(result[2])
end
if client?(request)
response["private_key"] = private_key ? private_key : false
else
response["private_key"] = private_key if private_key
response.delete("public_key") unless updating_public_key
end
response.delete("password")
json_response(result[0], response)
else
result
end
end
def populate_defaults(request, response_json)
response = parse_json(response_json)
populated_response =
if client?(request)
ChefData::DataNormalizer.normalize_client(
response,
response["name"] || request.rest_path[-1],
request.rest_path[1]
)
else
ChefData::DataNormalizer.normalize_user(
response,
response["username"] || request.rest_path[-1],
identity_keys,
server.options[:osc_compat],
request.method
)
end
to_json(populated_response)
end
private
# Move key data to new path
def rename_keys!(request, new_client_or_user_name)
orig_keys_path = keys_path_base(request)
new_keys_path = orig_keys_path.dup
.tap { |path| path[-2] = new_client_or_user_name }
key_names = list_data_or_else(request, orig_keys_path, nil)
return unless key_names # No keys to move
key_names.each do |key_name|
# Get old data
orig_path = [ *orig_keys_path, key_name ]
data = get_data(request, orig_path, :data_store_exceptions)
# Copy data to new path
create_data(
request,
new_keys_path, key_name,
data,
:create_dir
)
end
# Delete original data
delete_data_dir(request, orig_keys_path, :recursive, :data_store_exceptions)
end
def delete_actor_keys!(request)
path = keys_path_base(request)[0..-2]
delete_data_dir(request, path, :recursive, :data_store_exceptions)
rescue DataStore::DataNotFoundError
end
def client?(request, rest_path = nil)
rest_path ||= request.rest_path
request.rest_path[2] == "clients"
end
# Return the data store keys path for the request client or user, e.g.
#
# /organizations/ORG/clients/CLIENT -> /organizations/ORG/client_keys/CLIENT/keys
# /organizations/ORG/users/USER -> /organizations/ORG/user_keys/USER/keys
# /users/USER -> /user_keys/USER
#
def keys_path_base(request, client_or_user_name = nil)
rest_path = (rest_path || request.rest_path).dup
rest_path = rest_path.dup
case rest_path[-2]
when "users"
rest_path[-2] = "user_keys"
when "clients"
rest_path[-2] = "client_keys"
else
raise "Unexpected URL #{rest_path.join("/")}: cannot determine key path"
end
rest_path << "keys"
rest_path
end
end
end
end
|