/usr/share/chef-server-api/app/controllers/clients.rb is in chef-server-api 10.12.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 | #
# Author:: Adam Jacob (<adam@opscode.com>)
# Author:: Nuo Yan (<nuo@opscode.com>)
# Copyright:: Copyright (c) 2008 Opscode, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require 'chef/api_client'
class Clients < Application
provides :json
before :authenticate_every
before :is_admin, :only => [ :index, :update, :destroy ]
before :is_admin_or_validator, :only => [ :create ]
before :admin_or_requesting_node, :only => [ :show ]
# GET /clients
def index
@list = Chef::ApiClient.cdb_list(true)
display(@list.inject({}) { |result, element| result[element.name] = absolute_url(:client, :id => element.name); result })
end
# GET /clients/:id
def show
begin
@client = Chef::ApiClient.cdb_load(params[:id])
rescue Chef::Exceptions::CouchDBNotFound => e
raise NotFound, "Cannot load client #{params[:id]}"
end
#display({ :name => @client.name, :admin => @client.admin, :public_key => @client.public_key })
display @client
end
# POST /clients
def create
exists = true
if params.has_key?(:inflated_object)
params[:name] ||= params[:inflated_object].name
params[:admin] ||= params[:inflated_object].admin
end
# We can only create clients if we're the admin or the validator.
# But only allow creating admin clients if we're already an admin.
if params[:admin] == true && @auth_user.admin != true
raise Forbidden, "You are not allowed to take this action."
end
begin
Chef::ApiClient.cdb_load(params[:name])
rescue Chef::Exceptions::CouchDBNotFound
exists = false
end
raise Conflict, "Client already exists" if exists
@client = Chef::ApiClient.new
@client.name(params[:name])
@client.admin(params[:admin]) if params[:admin]
@client.create_keys
@client.cdb_save
self.status = 201
headers['Location'] = absolute_url(:client, @client.name)
display({ :uri => absolute_url(:client, @client.name), :private_key => @client.private_key })
end
# PUT /clients/:id
def update
if params.has_key?(:inflated_object)
params[:private_key] ||= params[:inflated_object].private_key
params[:admin] ||= params[:inflated_object].admin
end
begin
@client = Chef::ApiClient.cdb_load(params[:id])
rescue Chef::Exceptions::CouchDBNotFound => e
raise NotFound, "Cannot load client #{params[:id]}"
end
@client.admin(params[:admin]) unless params[:admin].nil?
results = { :name => @client.name, :admin => @client.admin }
if params[:private_key] == true
@client.create_keys
results[:private_key] = @client.private_key
end
@client.cdb_save
display(results)
end
# DELETE /clients/:id
def destroy
begin
@client = Chef::ApiClient.cdb_load(params[:id])
rescue Chef::Exceptions::CouchDBNotFound => e
raise NotFound, "Cannot load client #{params[:id]}"
end
@client.cdb_destroy
display({ :name => @client.name })
end
end
|