Move default keys logic into ActorDefaultKeyEndpoint; fix #putjr/pedant-keys-2

1 files changed, 70 insertions, 0 deletions

diff --git a/lib/chef_zero/endpoints/actor_default_key_endpoint.rb b/lib/chef_zero/endpoints/actor_default_key_endpoint.rb
new file mode 100644
index 0000000..f63ffb9
--- /dev/null
+++ b/lib/chef_zero/endpoints/actor_default_key_endpoint.rb
@@ -0,0 +1,70 @@
+require 'chef_zero/rest_base'
+
+module ChefZero
+  module Endpoints
+    # ActorDefaultKeyEndpoint
+    #
+    # This class handles DELETE/GET/PUT requests for client/user default public
+    # keys, i.e. requests with identity key "default". All others are handled
+    # by ActorKeyEndpoint.
+    #
+    # Default public keys are stored with the actor (client or user) instead of
+    # under user/client_keys. Handling those in a separate endpoint offloads
+    # the branching logic onto the router rather than branching in every
+    # endpoint method (`if request.rest_path[-1] == "default" ...`).
+    #
+    # /users/USER/keys/default
+    # /organizations/ORG/clients/CLIENT/keys/default
+    class ActorDefaultKeyEndpoint < RestBase
+      DEFAULT_PUBLIC_KEY_NAME = "default".freeze
+
+      def get(request)
+        # 404 if actor doesn't exist
+        actor_data = get_actor_data(request)
+        json_response(200, default_public_key_from_actor(actor_data))
+      end
+
+      def delete(request)
+        path = actor_path(request)
+        actor_data = get_actor_data(request) # 404 if actor doesn't exist
+
+        default_public_key = delete_actor_default_public_key!(request, path, actor_data)
+        json_response(200, default_public_key)
+      end
+
+      def put(request)
+        # 404 if actor doesn't exist
+        actor_data = get_actor_data(request)
+
+        new_public_key = parse_json(request.body)["public_key"]
+        actor_data["public_key"] = new_public_key
+
+        set_data(request, actor_path(request), to_json(actor_data))
+      end
+
+      private
+
+      def actor_path(request)
+        return request.rest_path[0..3] if request.rest_path[2] == "clients"
+        request.rest_path[0..1]
+      end
+
+      def get_actor_data(request)
+        path = actor_path(request)
+        parse_json(get_data(request, path))
+      end
+
+      def default_public_key_from_actor(actor_data)
+        { "name" => DEFAULT_PUBLIC_KEY_NAME,
+          "public_key" => actor_data["public_key"],
+          "expiration_date" => "infinity" }
+      end
+
+      def delete_actor_default_public_key!(request, path, actor_data)
+        new_actor_data = actor_data.merge("public_key" => nil)
+        set_data(request, path, to_json(new_actor_data))
+        default_public_key_from_actor(actor_data)
+      end
+    end
+  end
+end