1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
|
require 'ffi_yajl'
require 'chef_zero/endpoints/rest_object_endpoint'
require 'chef_zero/chef_data/data_normalizer'
module ChefZero
module Endpoints
# /organizations/ORG/clients/NAME
# /organizations/ORG/users/NAME
# /users/NAME
class ActorEndpoint < RestObjectEndpoint
DEFAULT_PUBLIC_KEY_NAME = "default"
DEFAULT_PUBLIC_KEY_EXPIRATION_DATE = "infinity"
def delete(request)
result = super
username = request.rest_path[1]
if request.rest_path[0] == 'users'
list_data(request, [ 'organizations' ]).each do |org|
begin
delete_data(request, [ 'organizations', org, 'users', username ], :data_store_exceptions)
rescue DataStore::DataNotFoundError
end
end
begin
path = [ 'user_keys', username ]
delete_data_dir(request, path, :data_store_exceptions)
rescue DataStore::DataNotFoundError
end
end
result
end
def put(request)
# Find out if we're updating the public key.
request_body = FFI_Yajl::Parser.parse(request.body, :create_additions => false)
public_key = request_body.delete('public_key')
if public_key.nil?
# If public_key is null, then don't overwrite it. Weird patchiness.
body_modified = true
else
updating_public_key = true
end
# Generate private_key if requested.
if request_body.key?('private_key')
body_modified = true
if request_body.delete('private_key')
private_key, public_key = server.gen_key_pair
updating_public_key = true
end
end
# Put modified body back in `request.body`
request.body = FFI_Yajl::Encoder.encode(request_body, :pretty => true) if body_modified
# PUT /clients is patchy
request.body = patch_request_body(request, except: :public_key)
result = super(request)
# Inject private_key into response, delete public_key/password if applicable
if result[0] == 200 || result[0] == 201
username = identity_key_value(request) || request.rest_path[-1]
# TODO Implement for clients
if request.rest_path[2] != 'clients' && is_rename?(request)
rename_user_keys!(request, username)
end
if request.rest_path[0] == 'users'
response = {
'uri' => build_uri(request.base_uri, [ 'users', username ])
}
else
response = FFI_Yajl::Parser.parse(result[2], :create_additions => false)
end
if request.rest_path[2] == 'clients'
response['private_key'] = private_key ? private_key : false
else
response['private_key'] = private_key if private_key
if updating_public_key
update_user_default_key!(request, public_key)
end
end
if request.rest_path[2] == 'users' && !updating_public_key
response.delete('public_key')
end
response.delete('password')
json_response(result[0], response)
else
result
end
end
private
def populate_defaults(request, response_json)
response = FFI_Yajl::Parser.parse(response_json, :create_additions => false)
response =
if request.rest_path[2] == 'clients'
ChefData::DataNormalizer.normalize_client(response, request.rest_path[3], request.rest_path[1])
else
public_key = get_user_default_public_key(request, response['username'])
if public_key
response['public_key'] = public_key
end
ChefData::DataNormalizer.normalize_user(response, request.rest_path[3], identity_keys, server.options[:osc_compat], request.method)
end
FFI_Yajl::Encoder.encode(response, :pretty => true)
end
# Returns the user's default public_key from user_keys store
def get_user_default_public_key(request, username)
path = [ "user_keys", username, "keys", DEFAULT_PUBLIC_KEY_NAME ]
key_json = get_data(request, path, :nil)
return unless key_json
key_data = FFI_Yajl::Parser.parse(key_json, create_additions: false)
key_data && key_data["public_key"]
end
# Move key data to new path
def rename_user_keys!(request, new_username)
orig_username = request.rest_path[-1]
orig_user_keys_path = [ 'user_keys', orig_username, 'keys' ]
new_user_keys_path = [ 'user_keys', new_username, 'keys' ]
user_key_names = list_data(request, orig_user_keys_path, :data_store_exceptions)
user_key_names.each do |key_name|
# Get old data
orig_path = orig_user_keys_path + [ key_name ]
data = get_data(request, orig_path, :data_store_exceptions)
# Copy data to new path
create_data(
request,
new_user_keys_path, key_name,
data,
:create_dir
)
end
# Delete original data
delete_data_dir(request, orig_user_keys_path, :data_store_exceptions)
end
def update_user_default_key!(request, public_key)
username = request.rest_path[1]
path = [ "user_keys", username, "keys", DEFAULT_PUBLIC_KEY_NAME ]
data = FFI_Yajl::Encoder.encode(
"name" => DEFAULT_PUBLIC_KEY_NAME,
"public_key" => public_key,
"expiration_date" => DEFAULT_PUBLIC_KEY_EXPIRATION_DATE
)
set_data(request, path, data, :create, :data_store_exceptions)
end
end
end
end
|
