1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
require "ffi_yajl"
require "chef_zero/endpoints/rest_list_endpoint"
module ChefZero
module Endpoints
# /users, /organizations/ORG/clients or /organizations/ORG/users
class ActorsEndpoint < RestListEndpoint
def get(request)
response = super(request)
# apply query filters: if one applies, stop processing rest
# (precendence matches chef-server: https://github.com/chef/chef-server/blob/268a0c9/src/oc_erchef/apps/chef_objects/src/chef_user.erl#L554-L559)
if value = request.query_params["external_authentication_uid"]
response[2] = filter("external_authentication_uid", value, request, response[2])
elsif value = request.query_params["email"]
response[2] = filter("email", value, request, response[2], insensitive: true)
end
if request.query_params["verbose"]
results = parse_json(response[2])
results.each do |name, url|
record = get_data(request, request.rest_path + [ name ], :nil)
if record
record = parse_json(record)
record = ChefData::DataNormalizer.normalize_user(record, name, identity_keys, server.options[:osc_compat])
results[name] = record
end
end
response[2] = to_json(results)
end
response
end
def post(request)
# First, find out if the user actually posted a public key. If not, make
# one.
request_body = parse_json(request.body)
public_key = request_body["public_key"]
skip_key_create = !request.api_v0? && !request_body["create_key"]
if !public_key && !skip_key_create
private_key, public_key = server.gen_key_pair
request_body["public_key"] = public_key
request.body = to_json(request_body)
elsif skip_key_create
request_body["public_key"] = nil
request.body = to_json(request_body)
end
result = super(request)
if result[0] == 201
# If we generated a key, stuff it in the response.
user_data = parse_json(result[2])
key_data = {}
key_data["private_key"] = private_key if private_key
key_data["public_key"] = public_key unless request.rest_path[0] == "users"
response =
if request.api_v0?
user_data.merge!(key_data)
elsif skip_key_create && !public_key
user_data
else
actor_name = request_body["name"] || request_body["username"] || request_body["clientname"]
relpath_to_default_key = [ actor_name, "keys", "default" ]
key_data["uri"] = build_uri(request.base_uri, request.rest_path + relpath_to_default_key)
key_data["public_key"] = public_key
key_data["name"] = "default"
key_data["expiration_date"] = "infinity"
user_data["chef_key"] = key_data
user_data
end
json_response(201, response)
else
result
end
end
private
def filter(key, value, request, resp, opts = {})
results = parse_json(resp)
new_results = {}
results.each do |name, url|
record = get_data(request, request.rest_path + [ name ], :nil)
if record
record = parse_json(record)
new_results[name] = url if record[key] && is_equal(record[key], value, opts[:insensitive])
end
end
to_json(new_results)
end
def is_equal(a, b, ignore_case)
ignore_case ? a.casecmp(b).zero? : a == b
end
end
end
end
|