Class: Chef::EncryptedAttribute::RemoteNodes

Inherits:
Object
  • Object
show all
Extended by:
SearchHelper
Defined in:
lib/chef/encrypted_attribute/remote_nodes.rb

Overview

Helpers to search nodes remotely and get it's public keys.

Class Method Summary collapse

Methods included from SearchHelper

assert_normal_search_response, assert_partial_search_response, assert_search_keys, catch_search_exceptions, empty_search?, escape, escape_query, filter_normal_search_response, filter_partial_search_response, generate_partial_search_keys, normal_search, parse_normal_search_response, parse_normal_search_row_attribute, parse_partial_search_response, partial_search, query, search, search_by_name, valid_search_keys?, valid_search_keys_key?, valid_search_keys_value?

Class Method Details

.cacheCacheLru

Remote nodes search results cache.

You can disable it setting it's size to zero:

Chef::EncryptedAttribute::RemoteNodes.cache.max_size(0)

Returns:

  • (CacheLru)

    Remote nodes LRU cache.



40
41
42
 
# File 'lib/chef/encrypted_attribute/remote_nodes.rb', line 40

def self.cache
  @@cache ||= Chef::EncryptedAttribute::CacheLru.new
end

.get_public_key(node) ⇒ String

Gets remote node public key.

It first tries to read the key from the node['public_key'] attribute.

If the "public_key" attribute does not exist, it tries to read the node client key directly using the Chef API (this require admin privileges).

Parameters:

  • node (Chef::Node)

    Chef node object.

Returns:

  • (String)

    Chef client public key as string.

Raises:

  • (InsufficientPrivileges)

    if you lack enoght privileges to read the keys from the Chef Server.

  • (ClientNotFound)

    if client does not exist.

  • (Net::HTTPServerException)

    for Chef Server HTTP errors.



58
59
60
61
62
63
64
65
66
67
 
# File 'lib/chef/encrypted_attribute/remote_nodes.rb', line 58

def self.get_public_key(node)
  return node['public_key'] unless node['public_key'].nil?
  RemoteClients.get_public_key(node['name'])
rescue Net::HTTPServerException => e
  raise e unless e.response.code == '403'
  raise InsufficientPrivileges,
        "You cannot read #{node['name']} client key. Consider including "\
        'the encrypted_attributes::expose_key recipe in the '\
        "#{node['name']} node run list."
end

.search_public_keys(search = '*:*', rows = 1000, partial_search = true) ⇒ Array<String>

Searches for node client public keys.

It first tries to read the key from the node['public_key'] attribute.

If the "public_key" attribute does not exist, it tries to read the node client key directly using the Chef API (this require admin privileges).

Parameters:

  • search (Array<String>, String) (defaults to: '*:*')

    search queries to perform, the query result will be OR-ed.

  • rows (Integer) (defaults to: 1000)

    maximum number of rows to return in searches.

  • partial_search (Boolean) (defaults to: true)

    whether to use partial search.

Returns:

  • (Array<String>)

    list of public keys.

Raises:



89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'lib/chef/encrypted_attribute/remote_nodes.rb', line 89

def self.search_public_keys(
      search = '*:*', rows = 1000, partial_search = true
)
  escaped_query = escape_query(search)
  return cache[escaped_query] if cache.key?(escaped_query)
  cache[escaped_query] =
    search(
      :node, search,
      { 'name' => %w(name), 'public_key' => %w(public_key) },
      rows, partial_search
    ).map { |node| get_public_key(node) }.compact
end