Module: VaultPlugin::Authentication::Chef
- Defined in:
- lib/smart_proxy_vault/authentication/chef.rb
Instance Method Summary collapse
- #authenticate ⇒ Object
- #authorized? ⇒ Boolean
- #chefapi ⇒ Object
- #signature ⇒ Object
- #vault_client ⇒ Object
Instance Method Details
#authenticate ⇒ Object
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/smart_proxy_vault/authentication/chef.rb', line 37 def authenticate begin node = chefapi.clients.fetch vault_client rescue StandardError => e log_halt 401, 'Failed to authenticate to the Chef server: ' + e. end log_halt(401, "Could not find Chef client - #{vault_client}") if node.nil? rsa = OpenSSL::PKey::RSA.new node.public_key decoded_signature = Base64.decode64(signature) # The body should contain the public key of the node body = Digest::MD5.hexdigest rsa.public_key.to_s rsa.verify(OpenSSL::Digest::SHA512.new, decoded_signature, body) end |
#authorized? ⇒ Boolean
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
# File 'lib/smart_proxy_vault/authentication/chef.rb', line 14 def logger.info('Starting Chef client authentication for smart_proxy_vault') request.env.each do |key,value| logger.debug("header #{key}: #{value}") end if logger.level == 0 if vault_client.nil? || signature.nil? log_halt 401, "Failed to authenticate Chef client - #{vault_client}. Missing headers." end unless authenticate log_halt 401, "Failed to authenticate Chef client - #{vault_client}. Verification failed." end logger.info("Successfully authenticated Chef client - #{vault_client}") end |
#chefapi ⇒ Object
30 31 32 33 34 35 |
# File 'lib/smart_proxy_vault/authentication/chef.rb', line 30 def chefapi chefapi_settings = ::VaultPlugin::Plugin.settings.chef connection = ::ChefAPI::Connection.new(chefapi_settings) connection.ssl_verify = chefapi_settings[:ssl_verify] || false connection end |
#signature ⇒ Object
10 11 12 |
# File 'lib/smart_proxy_vault/authentication/chef.rb', line 10 def signature request.env['HTTP_X_VAULT_SIGNATURE'] || request.env['HTTP_X_VAULT_SIGNATURE'].chomp end |
#vault_client ⇒ Object
6 7 8 |
# File 'lib/smart_proxy_vault/authentication/chef.rb', line 6 def vault_client request.env['HTTP_X_VAULT_CLIENT'] end |