Class: Puppet::Indirector::SslFile

Inherits:

Terminus

• Object
• Terminus
• Puppet::Indirector::SslFile

Defined in:

lib/puppet/indirector/ssl_file.rb

Direct Known Subclasses

SSL::Certificate::Ca, SSL::Certificate::File, SSL::CertificateRequest::Ca, SSL::CertificateRequest::File, SSL::CertificateRevocationList::Ca, SSL::CertificateRevocationList::File, SSL::Key::Ca, SSL::Key::File

Constant Summary

Constants included from Util

Util::AbsolutePathPosix, Util::AbsolutePathWindows, Util::DEFAULT_POSIX_MODE, Util::DEFAULT_WINDOWS_MODE

Constants included from Util::POSIX

Util::POSIX::LOCALE_ENV_VARS, Util::POSIX::USER_ENV_VARS

Constants included from Util::SymbolicFileMode

Util::SymbolicFileMode::SetGIDBit, Util::SymbolicFileMode::SetUIDBit, Util::SymbolicFileMode::StickyBit, Util::SymbolicFileMode::SymbolicMode, Util::SymbolicFileMode::SymbolicSpecialToBit

Constants included from Util::Docs

Util::Docs::HEADER_LEVELS

Class Attribute Summary

• .ca_setting ⇒ Object readonly

  Returns the value of attribute ca_setting.

• .directory_setting ⇒ Object readonly

  Returns the value of attribute directory_setting.

• .file_setting ⇒ Object readonly

  Returns the value of attribute file_setting.

Attributes included from Util::Docs

#doc, #nodoc

Class Method Summary

• .ca_location ⇒ Object

  The full path to a ca file we would be managing.

• .collection_directory ⇒ Object

  The full path to where we should store our files.

• .file_location ⇒ Object

  The full path to an individual file we would be managing.

• .store_at(setting) ⇒ Object

  Specify a single file location for storing just one file.

• .store_ca_at(setting) ⇒ Object

  Specify where a specific ca file should be stored.

• .store_in(setting) ⇒ Object

  Specify the directory in which multiple files are stored.

Instance Method Summary

• #ca?(name) ⇒ Boolean

  We assume that all files named ‘ca’ are pointing to individual ca files, rather than normal host files.

• #destroy(request) ⇒ Object

  Remove our file.

• #find(request) ⇒ Object

  Find the file on disk, returning an instance of the model.

• #initialize ⇒ SslFile constructor

  A new instance of SslFile.

• #path(name) ⇒ Object
• #save(request) ⇒ Object

  Save our file to disk.

• #search(request) ⇒ Object

  Search for more than one file.

Methods inherited from Terminus

abstract_terminus?, #allow_remote_requests?, const2name, #indirection, indirection_name, inherited, mark_as_abstract_terminus, #model, model, #name, name2const, register_terminus_class, terminus_class, terminus_classes, #terminus_type, #validate, #validate_key, #validate_model

Methods included from Util::InstanceLoader

#instance_docs, #instance_hash, #instance_load, #instance_loader, #instance_loading?, #loaded_instance, #loaded_instances

Methods included from Util

absolute_path?, benchmark, chuser, clear_environment, default_env, deterministic_rand, deterministic_rand_int, exit_on_fail, get_env, get_environment, logmethods, merge_environment, path_to_uri, pretty_backtrace, replace_file, safe_posix_fork, set_env, symbolizehash, thinmark, uri_encode, uri_query_encode, uri_to_path, which, withenv, withumask

Methods included from Util::POSIX

#get_posix_field, #gid, #idfield, #methodbyid, #methodbyname, #search_posix_field, #uid

Methods included from Util::SymbolicFileMode

#normalize_symbolic_mode, #symbolic_mode_to_int, #valid_symbolic_mode?

Methods included from Util::Docs

#desc, #dochook, #doctable, #markdown_definitionlist, #markdown_header, #nodoc?, #pad, scrub

Constructor Details

#initialize ⇒ SslFile

Returns a new instance of SslFile.

# File 'lib/puppet/indirector/ssl_file.rb', line 49

def initialize
  Puppet.settings.use(:main, :ssl)

  (collection_directory || file_location) or raise Puppet::DevError, "No file or directory setting provided; terminus #{self.class.name} cannot function"
end

Class Attribute Details

.ca_setting ⇒ Object (readonly)

Returns the value of attribute ca_setting.

# File 'lib/puppet/indirector/ssl_file.rb', line 21

def ca_setting
  @ca_setting
end

.directory_setting ⇒ Object (readonly)

Returns the value of attribute directory_setting.

# File 'lib/puppet/indirector/ssl_file.rb', line 21

def directory_setting
  @directory_setting
end

.file_setting ⇒ Object (readonly)

Returns the value of attribute file_setting.

# File 'lib/puppet/indirector/ssl_file.rb', line 21

def file_setting
  @file_setting
end

Class Method Details

.ca_location ⇒ Object

The full path to a ca file we would be managing.

# File 'lib/puppet/indirector/ssl_file.rb', line 37

def self.ca_location
  return nil unless ca_setting
  Puppet.settings[ca_setting]
end

.collection_directory ⇒ Object

The full path to where we should store our files.

# File 'lib/puppet/indirector/ssl_file.rb', line 25

def self.collection_directory
  return nil unless directory_setting
  Puppet.settings[directory_setting]
end

.file_location ⇒ Object

The full path to an individual file we would be managing.

# File 'lib/puppet/indirector/ssl_file.rb', line 31

def self.file_location
  return nil unless file_setting
  Puppet.settings[file_setting]
end

.store_at(setting) ⇒ Object

Specify a single file location for storing just one file. This is used for things like the CRL.

# File 'lib/puppet/indirector/ssl_file.rb', line 11

def self.store_at(setting)
  @file_setting = setting
end

.store_ca_at(setting) ⇒ Object

Specify where a specific ca file should be stored.

# File 'lib/puppet/indirector/ssl_file.rb', line 16

def self.store_ca_at(setting)
  @ca_setting = setting
end

.store_in(setting) ⇒ Object

Specify the directory in which multiple files are stored.

# File 'lib/puppet/indirector/ssl_file.rb', line 5

def self.store_in(setting)
  @directory_setting = setting
end

Instance Method Details

#ca?(name) ⇒ Boolean

We assume that all files named ‘ca’ are pointing to individual ca files, rather than normal host files. It’s a bit hackish, but all the other solutions seemed even more hackish.

Returns:

• (Boolean)

# File 'lib/puppet/indirector/ssl_file.rb', line 45

def ca?(name)
  name == Puppet::SSL::Host.ca_name
end

#destroy(request) ⇒ Object

Remove our file.

# File 'lib/puppet/indirector/ssl_file.rb', line 71

def destroy(request)
  path = Puppet::FileSystem.pathname(path(request.key))
  return false unless Puppet::FileSystem.exist?(path)

  Puppet.notice _("Removing file %{model} %{request} at '%{path}'") % { model: model, request: request.key, path: path }
  begin
    Puppet::FileSystem.unlink(path)
  rescue => detail
    raise Puppet::Error, _("Could not remove %{request}: %{detail}") % { request: request.key, detail: detail }, detail.backtrace
  end
end

#find(request) ⇒ Object

Find the file on disk, returning an instance of the model.

# File 'lib/puppet/indirector/ssl_file.rb', line 84

def find(request)
  filename = rename_files_with_uppercase(path(request.key))

  filename ? create_model(request.key, filename) : nil
end

#path(name) ⇒ Object

# File 'lib/puppet/indirector/ssl_file.rb', line 55

def path(name)
  if name =~ Puppet::Indirector::BadNameRegexp then
    Puppet.crit(_("directory traversal detected in %{indirection}: %{name}") % { indirection: self.class, name: name.inspect })
    raise ArgumentError, _("invalid key")
  end

  if ca?(name) and ca_location
    ca_location
  elsif collection_directory
    File.join(collection_directory, name.to_s + ".pem")
  else
    file_location
  end
end

#save(request) ⇒ Object

Save our file to disk.

Raises:

• (Puppet::Error)

# File 'lib/puppet/indirector/ssl_file.rb', line 91

def save(request)
  path = path(request.key)
  dir = File.dirname(path)

  raise Puppet::Error.new(_("Cannot save %{request}; parent directory %{dir} does not exist") % { request: request.key, dir: dir }) unless FileTest.directory?(dir)
  raise Puppet::Error.new(_("Cannot save %{request}; parent directory %{dir} is not writable") % { request: request.key, dir: dir }) unless FileTest.writable?(dir)

  write(request.key, path) { |f| f.print request.instance.to_s }
end

#search(request) ⇒ Object

Search for more than one file. At this point, it just returns an instance for every file in the directory.

# File 'lib/puppet/indirector/ssl_file.rb', line 103

def search(request)
  dir = collection_directory
  Dir.entries(dir).
    select  { |file| file =~ /\.pem$/ }.
    collect { |file| create_model(file.sub(/\.pem$/, ''), File.join(dir, file)) }.
    compact
end