Class: Ridley::Middleware::ChefAuth

Inherits:

Faraday::Middleware

• Object
• Faraday::Middleware
• Ridley::Middleware::ChefAuth

Extended by:

Mixlib::Authentication

Includes:

Logging

Defined in:

lib/ridley/middleware/chef_auth.rb

Instance Attribute Summary

• #client_key ⇒ Object readonly

  Returns the value of attribute client_key.

• #client_name ⇒ Object readonly

  Returns the value of attribute client_name.

Class Method Summary

• .authentication_headers(client_name, client_key, options = {}) ⇒ Object

  Generate authentication headers for a request to a Chef Server.

• .signing_object(client_name, options = {}) ⇒ SigningObject

  Create a signing object for a Request to a Chef Server.

Instance Method Summary

• #call(env) ⇒ Object
• #initialize(app, client_name, client_key) ⇒ ChefAuth constructor

  A new instance of ChefAuth.

Methods included from Logging

logger, #logger, set_logger

Constructor Details

#initialize(app, client_name, client_key) ⇒ ChefAuth

Returns a new instance of ChefAuth.

# File 'lib/ridley/middleware/chef_auth.rb', line 53

def initialize(app, client_name, client_key)
  super(app)
  @client_name = client_name
  @client_key  = client_key
end

Instance Attribute Details

#client_key ⇒ Object (readonly)

Returns the value of attribute client_key.

# File 'lib/ridley/middleware/chef_auth.rb', line 51

def client_key
  @client_key
end

#client_name ⇒ Object (readonly)

Returns the value of attribute client_name.

# File 'lib/ridley/middleware/chef_auth.rb', line 50

def client_name
  @client_name
end

Class Method Details

.authentication_headers(client_name, client_key, options = {}) ⇒ Object

Generate authentication headers for a request to a Chef Server

Parameters:

• client_name (String)
• client_key (String) —

  the path OR actual client key

• options (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (options):

• :host (String)

See Also:

• for options

# File 'lib/ridley/middleware/chef_auth.rb', line 18

def authentication_headers(client_name, client_key, options = {})
  contents = File.exists?(client_key) ? File.read(client_key) : client_key.to_s
  rsa_key = OpenSSL::PKey::RSA.new(contents)

  headers = signing_object(client_name, options).sign(rsa_key).merge(host: options[:host])
  headers.inject({}) { |memo, kv| memo["#{kv[0].to_s.upcase}"] = kv[1];memo }
end

.signing_object(client_name, options = {}) ⇒ SigningObject

Create a signing object for a Request to a Chef Server

Parameters:

• client_name (String)
• options (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (options):

• :http_method (String)
• :path (String)
• :body (String)
• :timestamp (Time)

Returns:

• (SigningObject)

# File 'lib/ridley/middleware/chef_auth.rb', line 36

def signing_object(client_name, options = {})
  options = options.reverse_merge(
    body: String.new,
    timestamp: Time.now.utc.iso8601
  )
  options[:user_id]       = client_name
  options[:proto_version] = "1.0"

  SignedHeaderAuth.signing_object(options)
end

Instance Method Details

#call(env) ⇒ Object

# File 'lib/ridley/middleware/chef_auth.rb', line 59

def call(env)
  signing_options = {
    http_method: env[:method],
    host: "#{env[:url].host}:#{env[:url].port}",
    path: env[:url].path,
    body: env[:body] || ''
  }
  authentication_headers = self.class.authentication_headers(client_name, client_key, signing_options)

  env[:request_headers] = default_headers.merge(env[:request_headers]).merge(authentication_headers)
  env[:request_headers] = env[:request_headers].merge('Content-Length' => env[:body].bytesize.to_s) if env[:body]

  log.debug { "==> performing authenticated Chef request as '#{client_name}'"}
  log.debug { "request env: #{env}"}

  @app.call(env)
end