summaryrefslogtreecommitdiff
path: root/lib/chef/api_client_v1.rb
blob: 80f0d2517c94be9cc007828ead6b4ca9e0c65ad2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
#
# Author:: Adam Jacob (<adam@chef.io>)
# Author:: Nuo Yan (<nuo@chef.io>)
# Copyright:: Copyright (c) 2008, 2015 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

require 'chef/config'
require 'chef/mixin/params_validate'
require 'chef/mixin/from_file'
require 'chef/mash'
require 'chef/json_compat'
require 'chef/search/query'
require 'chef/exceptions'
require 'chef/mixin/api_version_request_handling'
require 'chef/server_api'
require 'chef/api_client'

# COMPATIBILITY NOTE
#
# This ApiClientV1 code attempts to make API V1 requests and falls back to
# API V0 requests when it fails. New development should occur here instead
# of Chef::ApiClient as this will replace that namespace when Chef 13 is released.
#
# If you need to default to API V0 behavior (i.e. you need GET client to return
# a public key, etc), please use Chef::ApiClient and update your code to support
# API V1 before you pull in Chef 13.
class Chef
  class ApiClientV1

    include Chef::Mixin::FromFile
    include Chef::Mixin::ParamsValidate
    include Chef::Mixin::ApiVersionRequestHandling

    SUPPORTED_API_VERSIONS = [0,1]

    # Create a new Chef::ApiClientV1 object.
    def initialize
      @name = ''
      @public_key = nil
      @private_key = nil
      @admin = false
      @validator = false
      @create_key = nil
    end

    def chef_rest_v0
      @chef_rest_v0 ||= Chef::ServerAPI.new(Chef::Config[:chef_server_url], {:api_version => "0", :inflate_json_class => false})
    end

    def chef_rest_v1
      @chef_rest_v1 ||= Chef::ServerAPI.new(Chef::Config[:chef_server_url], {:api_version => "1", :inflate_json_class => false})
    end

    def self.http_api
      Chef::ServerAPI.new(Chef::Config[:chef_server_url], {:api_version => "1", :inflate_json_class => false})
    end

    # Gets or sets the client name.
    #
    # @params [Optional String] The name must be alpha-numeric plus - and _.
    # @return [String] The current value of the name.
    def name(arg=nil)
      set_or_return(
        :name,
        arg,
        :regex => /^[\-[:alnum:]_\.]+$/
      )
    end

    # Gets or sets whether this client is an admin.
    #
    # @params [Optional True/False] Should be true or false - default is false.
    # @return [True/False] The current value
    def admin(arg=nil)
      set_or_return(
        :admin,
        arg,
        :kind_of => [ TrueClass, FalseClass ]
      )
    end

    # Gets or sets the public key.
    #
    # @params [Optional String] The string representation of the public key.
    # @return [String] The current value.
    def public_key(arg=nil)
      set_or_return(
        :public_key,
        arg,
        :kind_of => String
      )
    end

    # Gets or sets whether this client is a validator.
    #
    # @params [Boolean] whether or not the client is a validator.  If
    #   `nil`, retrieves the already-set value.
    # @return [Boolean] The current value
    def validator(arg=nil)
      set_or_return(
        :validator,
        arg,
        :kind_of => [TrueClass, FalseClass]
      )
    end

    # Private key. The server will return it as a string.
    # Set to true under API V0 to have the server regenerate the default key.
    #
    # @params [Optional String] The string representation of the private key.
    # @return [String] The current value.
    def private_key(arg=nil)
      set_or_return(
        :private_key,
        arg,
        :kind_of => [String, TrueClass, FalseClass]
      )
    end

    # Used to ask server to generate key pair under api V1
    #
    # @params [Optional True/False] Should be true or false - default is false.
    # @return [True/False] The current value
    def create_key(arg=nil)
      set_or_return(
        :create_key,
        arg,
        :kind_of => [ TrueClass, FalseClass ]
      )
    end

    # The hash representation of the object. Includes the name and public_key.
    # Private key is included if available.
    #
    # @return [Hash]
    def to_hash
      result = {
        "name" => @name,
        "validator" => @validator,
        "admin" => @admin,
        "chef_type" => "client"
      }
      result["private_key"] = @private_key unless @private_key.nil?
      result["public_key"] = @public_key unless @public_key.nil?
      result["create_key"] = @create_key unless @create_key.nil?
      result
    end

    # The JSON representation of the object.
    #
    # @return [String] the JSON string.
    def to_json(*a)
      Chef::JSONCompat.to_json(to_hash, *a)
    end

    def self.from_hash(o)
      client = Chef::ApiClientV1.new
      client.name(o["name"] || o["clientname"])
      client.admin(o["admin"])
      client.validator(o["validator"])
      client.private_key(o["private_key"]) if o.key?("private_key")
      client.public_key(o["public_key"]) if o.key?("public_key")
      client.create_key(o["create_key"]) if o.key?("create_key")
      client
    end

    def self.from_json(j)
      Chef::ApiClientV1.from_hash(Chef::JSONCompat.from_json(j))
    end

    def self.reregister(name)
      api_client = Chef::ApiClientV1.load(name)
      api_client.reregister
    end

    def self.list(inflate=false)
      if inflate
        response = Hash.new
        Chef::Search::Query.new.search(:client) do |n|
          n = self.from_hash(n) if n.instance_of?(Hash)
          response[n.name] = n
        end
        response
      else
        http_api.get("clients")
      end
    end

    # Load a client by name via the API
    def self.load(name)
      response = http_api.get("clients/#{name}")
      Chef::ApiClientV1.from_hash(response)
    end

    # Remove this client via the REST API
    def destroy
      chef_rest_v1.delete("clients/#{@name}")
    end

    # Save this client via the REST API, returns a hash including the private key
    def save
      begin
        update
      rescue Net::HTTPServerException => e
        # If that fails, go ahead and try and update it
        if e.response.code == "404"
          create
        else
          raise e
        end
      end
    end

    def reregister
      # Try API V0 and if it fails due to V0 not being supported, raise the proper error message.
      # reregister only supported in API V0 or lesser.
      reregistered_self = chef_rest_v0.put("clients/#{name}", { :name => name, :admin => admin, :validator => validator, :private_key => true })
      if reregistered_self.respond_to?(:[])
        private_key(reregistered_self["private_key"])
      else
        private_key(reregistered_self.private_key)
      end
      self
    rescue Net::HTTPServerException => e
      # if there was a 406 related to versioning, give error explaining that
      # only API version 0 is supported for reregister command
      if e.response.code == "406" && e.response["x-ops-server-api-version"]
        version_header = Chef::JSONCompat.from_json(e.response["x-ops-server-api-version"])
        min_version = version_header["min_version"]
        max_version = version_header["max_version"]
        error_msg = reregister_only_v0_supported_error_msg(max_version, min_version)
        raise Chef::Exceptions::OnlyApiVersion0SupportedForAction.new(error_msg)
      else
        raise e
      end
    end

    # Updates the client via the REST API
    def update
      # NOTE: API V1 dropped support for updating client keys via update (aka PUT),
      # but this code never supported key updating in the first place. Since
      # it was never implemented, we will simply ignore that functionality
      # as it is being deprecated.
      # Delete this comment after V0 support is dropped.
      payload = { :name => name }
      payload[:validator] = validator unless validator.nil?

      # DEPRECATION
      # This field is ignored in API V1, but left for backwards-compat,
      # can remove after API V0 is no longer supported.
      payload[:admin] = admin unless admin.nil?

      begin
        new_client = chef_rest_v1.put("clients/#{name}", payload)
      rescue Net::HTTPServerException => e
        # rescue API V0 if 406 and the server supports V0
        supported_versions = server_client_api_version_intersection(e, SUPPORTED_API_VERSIONS)
        raise e unless supported_versions && supported_versions.include?(0)
        new_client = chef_rest_v0.put("clients/#{name}", payload)
      end

      Chef::ApiClientV1.from_hash(new_client)
    end

    # Create the client via the REST API
    def create
      payload = {
        :name => name,
        :validator => validator,
        # this field is ignored in API V1, but left for backwards-compat,
        # can remove after OSC 11 support is finished?
        :admin => admin
      }
      begin
        # try API V1
        raise Chef::Exceptions::InvalidClientAttribute, "You cannot set both public_key and create_key for create." if !create_key.nil? && !public_key.nil?

        payload[:public_key] = public_key unless public_key.nil?
        payload[:create_key] = create_key unless create_key.nil?

        new_client = chef_rest_v1.post("clients", payload)

        # get the private_key out of the chef_key hash if it exists
        if new_client['chef_key']
          if new_client['chef_key']['private_key']
            new_client['private_key'] = new_client['chef_key']['private_key']
          end
          new_client['public_key'] = new_client['chef_key']['public_key']
          new_client.delete('chef_key')
        end

      rescue Net::HTTPServerException => e
        # rescue API V0 if 406 and the server supports V0
        supported_versions = server_client_api_version_intersection(e, SUPPORTED_API_VERSIONS)
        raise e unless supported_versions && supported_versions.include?(0)

        # under API V0, a key pair will always be created unless public_key is
        # passed on initial POST
        payload[:public_key] = public_key unless public_key.nil?

        new_client = chef_rest_v0.post("clients", payload)
      end
      Chef::ApiClientV1.from_hash(self.to_hash.merge(new_client))
    end

    # As a string
    def to_s
      "client[#{@name}]"
    end

  end
end