Class: Puppet::Context::TrustedInformation Private

Inherits:
Object
  • Object
show all
Defined in:
lib/puppet/context/trusted_information.rb

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(authenticated, certname, extensions, external = {}) ⇒ TrustedInformation

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a new instance of TrustedInformation.



34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/puppet/context/trusted_information.rb', line 34

def initialize(authenticated, certname, extensions, external = {})
  @authenticated = authenticated.freeze
  @certname = certname.freeze
  @extensions = extensions.freeze
  if @certname
    hostname, domain = @certname.split('.', 2)
  else
    hostname = nil
    domain = nil
  end
  @hostname = hostname.freeze
  @domain = domain.freeze
  @external = external.is_a?(Proc) ? external : external.freeze
end

Instance Attribute Details

#authenticatedString, Boolean (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

one of ‘remote’, ‘local’, or false, where ‘remote’ is authenticated via cert, ‘local’ is trusted by virtue of running on the same machine (not a remote request), and false is an unauthenticated remote request.

Returns:

  • (String, Boolean) 


12
13
14
 
# File 'lib/puppet/context/trusted_information.rb', line 12

def authenticated
  @authenticated
end

#certnameString (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The validated certificate name used for the request

Returns:

  • (String) 


17
18
19
 
# File 'lib/puppet/context/trusted_information.rb', line 17

def certname
  @certname
end

#domainString (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The domain name derived from the validated certificate name

Returns:

  • (String) 


27
28
29
 
# File 'lib/puppet/context/trusted_information.rb', line 27

def domain
  @domain
end

#extensionsHash{Object => Object} (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Extra information that comes from the trusted certificate’s extensions.

Returns:



22
23
24
 
# File 'lib/puppet/context/trusted_information.rb', line 22

def extensions
  @extensions
end

#hostnameString (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The hostname derived from the validated certificate name

Returns:

  • (String) 


32
33
34
 
# File 'lib/puppet/context/trusted_information.rb', line 32

def hostname
  @hostname
end

Class Method Details

.local(node) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



67
68
69
70
71
72
73
 
# File 'lib/puppet/context/trusted_information.rb', line 67

def self.local(node)
  # Always trust local data by picking up the available parameters.
  client_cert = node ? node.parameters['clientcert'] : nil
  external = proc { retrieve_trusted_external(client_cert) }

  new('local', client_cert, {}, external)
end

.remote(authenticated, node_name, certificate) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'lib/puppet/context/trusted_information.rb', line 49

def self.remote(authenticated, node_name, certificate)
  external = proc { retrieve_trusted_external(node_name) }

  if authenticated
    extensions = {}
    if certificate.nil?
      Puppet.info(_('TrustedInformation expected a certificate, but none was given.'))
    else
      extensions = certificate.custom_extensions.to_h do |ext|
        [ext['oid'].freeze, ext['value'].freeze]
      end
    end
    new('remote', node_name, extensions, external)
  else
    new(false, nil, {}, external)
  end
end

Instance Method Details

#externalHash

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Additional external facts loaded through ‘trusted_external_command`.

Returns:

  • (Hash) 


78
79
80
81
82
83
 
# File 'lib/puppet/context/trusted_information.rb', line 78

def external
  if @external.is_a?(Proc)
    @external = @external.call.freeze
  end
  @external
end

#to_hObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



112
113
114
115
116
117
118
119
120
121
 
# File 'lib/puppet/context/trusted_information.rb', line 112

def to_h
  {
    'authenticated' => authenticated,
    'certname' => certname,
    'extensions' => extensions,
    'hostname' => hostname,
    'domain' => domain,
    'external' => external,
  }.freeze
end