1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
#
# Author:: Adam Jacob (<adam@opscode.com>)
# Author:: Nuo Yan (<nuo@opscode.com>)
# Copyright:: Copyright (c) 2008 Opscode, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require 'chef/api_client'
class Clients < Application
provides :json
before :authenticate_every
before :is_admin, :only => [ :index, :update ]
before :is_admin_or_validator, :only => [ :create ]
before :admin_or_requesting_node, :only => [ :show, :destroy ]
# GET /clients
def index
@list = Chef::ApiClient.cdb_list(true)
display(@list.inject({}) { |result, element| result[element.name] = absolute_url(:client, :id => element.name); result })
end
# GET /clients/:id
def show
begin
@client = Chef::ApiClient.cdb_load(params[:id])
rescue Chef::Exceptions::CouchDBNotFound => e
raise NotFound, "Cannot load client #{params[:id]}"
end
#display({ :name => @client.name, :admin => @client.admin, :public_key => @client.public_key })
display @client
end
# POST /clients
def create
exists = true
if params.has_key?(:inflated_object)
params[:name] ||= params[:inflated_object].name
params[:admin] ||= params[:inflated_object].admin
end
# We can only create clients if we're the admin or the validator.
# But only allow creating admin clients if we're already an admin.
if params[:admin] == true && @auth_user.admin != true
raise Forbidden, "You are not allowed to take this action."
end
begin
Chef::ApiClient.cdb_load(params[:name])
rescue Chef::Exceptions::CouchDBNotFound
exists = false
end
raise Conflict, "Client already exists" if exists
@client = Chef::ApiClient.new
@client.name(params[:name])
@client.admin(params[:admin]) if params[:admin]
@client.create_keys
@client.cdb_save
self.status = 201
headers['Location'] = absolute_url(:client, @client.name)
display({ :uri => absolute_url(:client, @client.name), :private_key => @client.private_key })
end
# PUT /clients/:id
def update
if params.has_key?(:inflated_object)
params[:private_key] ||= params[:inflated_object].private_key
params[:admin] ||= params[:inflated_object].admin
end
begin
@client = Chef::ApiClient.cdb_load(params[:id])
rescue Chef::Exceptions::CouchDBNotFound => e
raise NotFound, "Cannot load client #{params[:id]}"
end
@client.admin(params[:admin]) unless params[:admin].nil?
results = { :name => @client.name, :admin => @client.admin }
if params[:private_key] == true
@client.create_keys
results[:private_key] = @client.private_key
end
@client.cdb_save
display(results)
end
# DELETE /clients/:id
def destroy
begin
@client = Chef::ApiClient.cdb_load(params[:id])
rescue Chef::Exceptions::CouchDBNotFound => e
raise NotFound, "Cannot load client #{params[:id]}"
end
@client.cdb_destroy
display({ :name => @client.name })
end
end
|
