Class: ChefAPI::Resource::Client

Inherits:
Base
  • Object
show all
Includes:
AclAble
Defined in:
lib/chef-api/resources/client.rb

Instance Attribute Summary

Attributes inherited from Base

#associations

Class Method Summary collapse

Instance Method Summary collapse

Methods included from AclAble

#acl, #acl_path, #load_acl, #save!

Methods inherited from Base

#_attributes, #_prefix, all, #attribute?, build, classname, collection, collection_path, connection, count, create, delete, #destroy, destroy, destroy_all, #diff, #dirty?, each, #errors, exists?, expanded_collection_path, fetch, from_json, from_url, has_many, #id, #ignore_attribute?, #inspect, inspect, list, #new_resource?, post, #primary_key, protect, #protected?, protected_resources, put, #reload!, resource_path, #resource_path, #save, #save!, schema, #to_hash, #to_json, to_s, #to_s, type, #update, update, #update_attribute, #valid?, #validate!, #validators

Constructor Details

#initialize(attributes = {}, prefix = {}) ⇒ Client

Override the loading of the client. Since HEC and EC both return certificate, but OPC and CZ both use public_key. In order to normalize this discrepancy, the intializer converts the response from the server OPC format. HEC and EC both handle putting a public key to the server instead of a certificate.

See Also:


50
51
52
53
54
55
56
57
58
# File 'lib/chef-api/resources/client.rb', line 50

def initialize(attributes = {}, prefix = {})
  if certificate = attributes.delete(:certificate) ||
      attributes.delete("certificate")
    x509 = OpenSSL::X509::Certificate.new(certificate)
    attributes[:public_key] = x509.public_key.to_pem
  end

  super
end

Class Method Details

.from_file(path) ⇒ Resource::Client

Load the client from a .pem file on disk. Lots of assumptions are made here.

Parameters:

  • path (String)

    the path to the client on disk

Returns:


29
30
31
32
33
34
35
36
37
38
# File 'lib/chef-api/resources/client.rb', line 29

def from_file(path)
  name, key = Util.safe_read(path)

  if client = fetch(name)
    client.private_key = key
    client
  else
    new(name: name, private_key: key)
  end
end

Instance Method Details

#regenerate_keysself

Note:

For security reasons, you should perform this operation sparingly! The resulting private key is committed to this object, meaning it is saved to memory somewhere. You should set this resource's private_key to nil after you have committed it to disk and perform a manual GC to be ultra-secure.

Note:

Regenerating the private key also regenerates the public key!

Generate a new RSA private key for this API client.

Examples:

Regenerate the private key

key = client.regenerate_key
key #=> "-----BEGIN PRIVATE KEY-----\nMIGfMA0GCS..."

Returns:

  • (self)

    the current resource with the new public and private key attributes

Raises:


78
79
80
81
82
83
# File 'lib/chef-api/resources/client.rb', line 78

def regenerate_keys
  raise Error::CannotRegenerateKey if new_resource?

  update(private_key: true).save!
  self
end