1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
require "ffi_yajl"
require "chef_zero/endpoints/rest_object_endpoint"
require "chef_zero/chef_data/data_normalizer"
module ChefZero
module Endpoints
# /organizations/ORG/clients/NAME
# /organizations/ORG/users/NAME
# /users/NAME
class ActorEndpoint < RestObjectEndpoint
def get(request)
result = super
user_data = parse_json(result[2])
user_data.delete("public_key") unless request.api_v0?
json_response(200, user_data)
end
def delete(request)
result = super
if request.rest_path[0] == "users"
list_data(request, [ "organizations" ]).each do |org|
begin
delete_data(request, [ "organizations", org, "users", request.rest_path[1] ], :data_store_exceptions)
rescue DataStore::DataNotFoundError
end
end
end
delete_actor_keys!(request)
result
end
def put(request)
# Find out if we're updating the public key.
request_body = FFI_Yajl::Parser.parse(request.body, :create_additions => false)
if request_body["public_key"].nil?
# If public_key is null, then don't overwrite it. Weird patchiness.
body_modified = true
request_body.delete("public_key")
else
updating_public_key = true
end
# Generate private_key if requested.
if request_body.key?("private_key")
body_modified = true
if request_body.delete("private_key")
private_key, public_key = server.gen_key_pair
updating_public_key = true
request_body["public_key"] = public_key
end
end
# Put modified body back in `request.body`
request.body = to_json(request_body) if body_modified
# PUT /clients is patchy
request.body = patch_request_body(request)
result = super(request)
# Inject private_key into response, delete public_key/password if applicable
if result[0] == 200 || result[0] == 201
client_or_user_name = identity_key_value(request) || request.rest_path[-1]
if is_rename?(request)
rename_keys!(request, client_or_user_name)
end
if request.rest_path[0] == "users"
response = {
"uri" => build_uri(request.base_uri, [ "users", client_or_user_name ]),
}
else
response = parse_json(result[2])
end
if client?(request)
response["private_key"] = private_key ? private_key : false
else
response["private_key"] = private_key if private_key
response.delete("public_key") unless updating_public_key
end
response.delete("password")
json_response(result[0], response)
else
result
end
end
def populate_defaults(request, response_json)
response = parse_json(response_json)
populated_response =
if client?(request)
ChefData::DataNormalizer.normalize_client(
response,
response["name"] || request.rest_path[-1],
request.rest_path[1]
)
else
ChefData::DataNormalizer.normalize_user(
response,
response["username"] || request.rest_path[-1],
identity_keys,
server.options[:osc_compat],
request.method
)
end
to_json(populated_response)
end
private
# Move key data to new path
def rename_keys!(request, new_client_or_user_name)
orig_keys_path = keys_path_base(request)
new_keys_path = orig_keys_path.dup
.tap { |path| path[-2] = new_client_or_user_name }
key_names = list_data_or_else(request, orig_keys_path, nil)
return unless key_names # No keys to move
key_names.each do |key_name|
# Get old data
orig_path = [ *orig_keys_path, key_name ]
data = get_data(request, orig_path, :data_store_exceptions)
# Copy data to new path
create_data(
request,
new_keys_path, key_name,
data,
:create_dir
)
end
# Delete original data
delete_data_dir(request, orig_keys_path, :recursive, :data_store_exceptions)
end
def delete_actor_keys!(request)
path = keys_path_base(request)[0..-2]
delete_data_dir(request, path, :recursive, :data_store_exceptions)
rescue DataStore::DataNotFoundError
end
def client?(request, rest_path = nil)
rest_path ||= request.rest_path
request.rest_path[2] == "clients"
end
# Return the data store keys path for the request client or user, e.g.
#
# /organizations/ORG/clients/CLIENT -> /organizations/ORG/client_keys/CLIENT/keys
# /organizations/ORG/users/USER -> /organizations/ORG/user_keys/USER/keys
# /users/USER -> /user_keys/USER
#
def keys_path_base(request, client_or_user_name = nil)
rest_path = (rest_path || request.rest_path).dup
rest_path = rest_path.dup
case rest_path[-2]
when "users"
rest_path[-2] = "user_keys"
when "clients"
rest_path[-2] = "client_keys"
else
raise "Unexpected URL #{rest_path.join("/")}: cannot determine key path"
end
rest_path << "keys"
rest_path
end
end
end
end
|