Class: Puppet::Indirector::SslFile

Inherits:

Terminus

• Object
• Terminus
• Puppet::Indirector::SslFile

Defined in:

lib/vendor/puppet/indirector/ssl_file.rb

Direct Known Subclasses

SSL::Certificate::Ca, SSL::Certificate::File, SSL::CertificateRequest::Ca, SSL::CertificateRequest::File, SSL::CertificateRevocationList::Ca, SSL::CertificateRevocationList::File, SSL::Key::Ca, SSL::Key::File

Constant Summary

Constants included from Util

Util::AbsolutePathPosix, Util::AbsolutePathWindows

Constants included from Util::Docs

Util::Docs::HEADER_LEVELS

Class Attribute Summary

• .ca_setting ⇒ Object readonly

  Returns the value of attribute ca_setting.

• .directory_setting ⇒ Object readonly

  Returns the value of attribute directory_setting.

• .file_setting ⇒ Object readonly

  Returns the value of attribute file_setting.

Attributes included from Util::Docs

#doc, #nodoc

Class Method Summary

• .ca_location ⇒ Object

  The full path to a ca file we would be managing.

• .collection_directory ⇒ Object

  The full path to where we should store our files.

• .file_location ⇒ Object

  The full path to an individual file we would be managing.

• .store_at(setting) ⇒ Object

  Specify a single file location for storing just one file.

• .store_ca_at(setting) ⇒ Object

  Specify where a specific ca file should be stored.

• .store_in(setting) ⇒ Object

  Specify the directory in which multiple files are stored.

Instance Method Summary

• #ca?(name) ⇒ Boolean

  We assume that all files named ‘ca’ are pointing to individual ca files, rather than normal host files.

• #destroy(request) ⇒ Object

  Remove our file.

• #find(request) ⇒ Object

  Find the file on disk, returning an instance of the model.

• #initialize ⇒ SslFile constructor

  A new instance of SslFile.

• #path(name) ⇒ Object
• #save(request) ⇒ Object

  Save our file to disk.

• #search(request) ⇒ Object

  Search for more than one file.

Methods inherited from Terminus

abstract_terminus?, const2name, #indirection, indirection_name, inherited, mark_as_abstract_terminus, #model, model, #name, name2const, register_terminus_class, terminus_class, terminus_classes, #terminus_type

Methods included from Util::InstanceLoader

#instance_docs, #instance_hash, #instance_load, #instance_loader, #instance_loading?, #loaded_instance, #loaded_instances

Methods included from Util

absolute_path?, activerecord_version, benchmark, binread, chuser, classproxy, #execfail, #execpipe, execute, execute_posix, execute_windows, logmethods, memory, path_to_uri, proxy, replace_file, safe_posix_fork, symbolize, symbolizehash, symbolizehash!, synchronize_on, thinmark, #threadlock, uri_to_path, wait_for_output, which, withumask

Methods included from Util::POSIX

#get_posix_field, #gid, #idfield, #methodbyid, #methodbyname, #search_posix_field, #uid

Methods included from Util::Docs

#desc, #dochook, #doctable, #markdown_definitionlist, #markdown_header, #nodoc?, #pad, scrub

Constructor Details

#initialize ⇒ SslFile

Returns a new instance of SslFile.

# File 'lib/vendor/puppet/indirector/ssl_file.rb', line 49

def initialize
  Puppet.settings.use(:main, :ssl)

  (collection_directory || file_location) or raise Puppet::DevError, "No file or directory setting provided; terminus #{self.class.name} cannot function"
end

Class Attribute Details

.ca_setting ⇒ Object (readonly)

Returns the value of attribute ca_setting.

# File 'lib/vendor/puppet/indirector/ssl_file.rb', line 21

def ca_setting
  @ca_setting
end

.directory_setting ⇒ Object (readonly)

Returns the value of attribute directory_setting.

# File 'lib/vendor/puppet/indirector/ssl_file.rb', line 21

def directory_setting
  @directory_setting
end

.file_setting ⇒ Object (readonly)

Returns the value of attribute file_setting.

# File 'lib/vendor/puppet/indirector/ssl_file.rb', line 21

def file_setting
  @file_setting
end

Class Method Details

.ca_location ⇒ Object

The full path to a ca file we would be managing.

# File 'lib/vendor/puppet/indirector/ssl_file.rb', line 37

def self.ca_location
  return nil unless ca_setting
  Puppet.settings[ca_setting]
end

.collection_directory ⇒ Object

The full path to where we should store our files.

# File 'lib/vendor/puppet/indirector/ssl_file.rb', line 25

def self.collection_directory
  return nil unless directory_setting
  Puppet.settings[directory_setting]
end

.file_location ⇒ Object

The full path to an individual file we would be managing.

# File 'lib/vendor/puppet/indirector/ssl_file.rb', line 31

def self.file_location
  return nil unless file_setting
  Puppet.settings[file_setting]
end

.store_at(setting) ⇒ Object

Specify a single file location for storing just one file. This is used for things like the CRL.

# File 'lib/vendor/puppet/indirector/ssl_file.rb', line 11

def self.store_at(setting)
  @file_setting = setting
end

.store_ca_at(setting) ⇒ Object

Specify where a specific ca file should be stored.

# File 'lib/vendor/puppet/indirector/ssl_file.rb', line 16

def self.store_ca_at(setting)
  @ca_setting = setting
end

.store_in(setting) ⇒ Object

Specify the directory in which multiple files are stored.

# File 'lib/vendor/puppet/indirector/ssl_file.rb', line 5

def self.store_in(setting)
  @directory_setting = setting
end

Instance Method Details

#ca?(name) ⇒ Boolean

We assume that all files named ‘ca’ are pointing to individual ca files, rather than normal host files. It’s a bit hackish, but all the other solutions seemed even more hackish.

Returns:

• (Boolean)

# File 'lib/vendor/puppet/indirector/ssl_file.rb', line 45

def ca?(name)
  name == Puppet::SSL::Host.ca_name
end

#destroy(request) ⇒ Object

Remove our file.

# File 'lib/vendor/puppet/indirector/ssl_file.rb', line 71

def destroy(request)
  path = path(request.key)
  return false unless FileTest.exist?(path)

  Puppet.notice "Removing file #{model} #{request.key} at '#{path}'"
  begin
    File.unlink(path)
  rescue => detail
    raise Puppet::Error, "Could not remove #{request.key}: #{detail}"
  end
end

#find(request) ⇒ Object

Find the file on disk, returning an instance of the model.

# File 'lib/vendor/puppet/indirector/ssl_file.rb', line 84

def find(request)
  path = path(request.key)

  return nil unless FileTest.exist?(path) or rename_files_with_uppercase(path)

  result = model.new(request.key)
  result.read(path)
  result
end

#path(name) ⇒ Object

# File 'lib/vendor/puppet/indirector/ssl_file.rb', line 55

def path(name)
  if name =~ Puppet::Indirector::BadNameRegexp then
    Puppet.crit("directory traversal detected in #{self.class}: #{name.inspect}")
    raise ArgumentError, "invalid key"
  end

  if ca?(name) and ca_location
    ca_location
  elsif collection_directory
    File.join(collection_directory, name.to_s + ".pem")
  else
    file_location
  end
end

#save(request) ⇒ Object

Save our file to disk.

Raises:

• (Puppet::Error)

# File 'lib/vendor/puppet/indirector/ssl_file.rb', line 95

def save(request)
  path = path(request.key)
  dir = File.dirname(path)

  raise Puppet::Error.new("Cannot save #{request.key}; parent directory #{dir} does not exist") unless FileTest.directory?(dir)
  raise Puppet::Error.new("Cannot save #{request.key}; parent directory #{dir} is not writable") unless FileTest.writable?(dir)

  write(request.key, path) { |f| f.print request.instance.to_s }
end

#search(request) ⇒ Object

Search for more than one file. At this point, it just returns an instance for every file in the directory.

# File 'lib/vendor/puppet/indirector/ssl_file.rb', line 107

def search(request)
  dir = collection_directory
  Dir.entries(dir).reject { |file| file !~ /\.pem$/ }.collect do |file|
    name = file.sub(/\.pem$/, '')
    result = model.new(name)
    result.read(File.join(dir, file))
    result
  end
end