diff options
author | Jay Mundrawala <jdmundrawala@gmail.com> | 2015-11-19 09:36:12 -0800 |
---|---|---|
committer | Jay Mundrawala <jdmundrawala@gmail.com> | 2015-11-19 09:36:12 -0800 |
commit | c3825f6d5293eddcdbd3c49e48e10a34ad3b6d36 (patch) | |
tree | c062818c2c0fd211f97f4c2c1658f82c2b806a44 | |
parent | 09cd994c9094054d5a9efe8c2f7efbdf22cd7d64 (diff) | |
download | chef-jdm/sign-v1.3.tar.gz |
Add sign v1.3jdm/sign-v1.3
-rw-r--r-- | Gemfile | 1 | ||||
-rw-r--r-- | chef-config/lib/chef-config/config.rb | 8 | ||||
-rw-r--r-- | lib/chef/client.rb | 8 | ||||
-rw-r--r-- | lib/chef/http/authenticator.rb | 12 | ||||
-rw-r--r-- | lib/chef/knife.rb | 6 |
5 files changed, 17 insertions, 18 deletions
@@ -4,6 +4,7 @@ gemspec :name => "chef" gem "activesupport", "< 4.0.0", :group => :compat_testing, :platform => "ruby" gem 'chef-config', path: "chef-config" if File.exists?(__FILE__ + '../chef-config') +gem 'mixlib-authentication', git: 'https://github.com/chef/mixlib-authentication', branch: 'jdm/sign-v1.3-x-ops-server-api-version' group(:docgen) do gem "yard" diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb index 4e9355192a..755ec85a93 100644 --- a/chef-config/lib/chef-config/config.rb +++ b/chef-config/lib/chef-config/config.rb @@ -446,7 +446,13 @@ module ChefConfig # # In the future, this configuration option may be replaced with an # automatic negotiation scheme. - default :authentication_protocol_version, "1.0" + default :authentication_protocol_version do + if OpenSSL::OPENSSL_FIPS + "1.3" + else + "1.1" + end + end # This key will be used to sign requests to the Chef server. This location # must be writable by Chef during initial setup when generating a client diff --git a/lib/chef/client.rb b/lib/chef/client.rb index b2a00a7d01..3cf92b2a9a 100644 --- a/lib/chef/client.rb +++ b/lib/chef/client.rb @@ -567,14 +567,6 @@ class Chef raise Chef::Exceptions::CannotDetermineNodeName unless name - # node names > 90 bytes only work with authentication protocol >= 1.1 - # see discussion in config.rb. - # TODO use a computed default in Chef::Config to determine this instead of - # setting it. - if name.bytesize > 90 - Chef::Config[:authentication_protocol_version] = "1.1" - end - name end diff --git a/lib/chef/http/authenticator.rb b/lib/chef/http/authenticator.rb index bffa9c4b3a..1bcc5c8619 100644 --- a/lib/chef/http/authenticator.rb +++ b/lib/chef/http/authenticator.rb @@ -47,8 +47,8 @@ class Chef end def handle_request(method, url, headers={}, data=false) - headers.merge!(authentication_headers(method, url, data)) if sign_requests? headers.merge!({'X-Ops-Server-API-Version' => @api_version}) + headers.merge!(authentication_headers(method, url, data, headers)) if sign_requests? [method, url, headers, data] end @@ -90,8 +90,14 @@ class Chef raise Chef::Exceptions::InvalidPrivateKey, msg end - def authentication_headers(method, url, json_body=nil) - request_params = {:http_method => method, :path => url.path, :body => json_body, :host => "#{url.host}:#{url.port}"} + def authentication_headers(method, url, json_body=nil, headers=nil) + request_params = { + :http_method => method, + :path => url.path, + :body => json_body, + :host => "#{url.host}:#{url.port}", + :headers => headers + } request_params[:body] ||= "" auth_credentials.signature_headers(request_params) end diff --git a/lib/chef/knife.rb b/lib/chef/knife.rb index 6fa29bea16..59e15d492b 100644 --- a/lib/chef/knife.rb +++ b/lib/chef/knife.rb @@ -385,12 +385,6 @@ class Chef Mixlib::Log::Formatter.show_time = false Chef::Log.init(Chef::Config[:log_location]) Chef::Log.level(Chef::Config[:log_level] || :error) - - if Chef::Config[:node_name] && Chef::Config[:node_name].bytesize > 90 - # node names > 90 bytes only work with authentication protocol >= 1.1 - # see discussion in config.rb. - Chef::Config[:authentication_protocol_version] = "1.1" - end end def configure_chef |