class ChefVault::Actor

Attributes

key_string[RW]
name[R]
type[R]

Public Class Methods

new(actor_type, actor_name) click to toggle source
# File lib/chef-vault/actor.rb, line 26
def initialize(actor_type, actor_name)
  if actor_type != "clients" && actor_type != "admins"
    raise "You must pass either 'clients' or 'admins' as the first argument to ChefVault::Actor.new."
  end

  @type = actor_type
  @name = actor_name
end

Public Instance Methods

api() click to toggle source

@private

# File lib/chef-vault/actor.rb, line 93
def api
  @api ||= ChefVault::ChefApi.new
end
chef_api_client() click to toggle source

Use API V0 to load the public_key directly from the user object using the chef-client code.

# File lib/chef-vault/actor.rb, line 99
def chef_api_client
  @chef_api_client ||= begin
                         require "chef/api_client"
                         Chef::ApiClient
                       end
end
chef_user() click to toggle source

Similar thing as above but for client.

# File lib/chef-vault/actor.rb, line 107
def chef_user
  @chef_user ||= begin
                   require "chef/user"
                   Chef::User
                 end
end
get_admin_key() click to toggle source
# File lib/chef-vault/actor.rb, line 39
def get_admin_key
  # chef vault currently only supports using the default key
  get_key("users")
rescue Net::HTTPClientException => http_error
  # if we failed to find an admin key, attempt to load a client key by the same name
  case http_error.response.code
  when "403"
    print_forbidden_error
    raise http_error
  when "404"
    begin
      ChefVault::Log.warn "The default key for #{name} not found in users, trying client keys."
      get_key("clients")
    rescue Net::HTTPClientException => http_error
      case http_error.response.code
      when "404"
        raise ChefVault::Exceptions::AdminNotFound,
          "FATAL: Could not find default key for #{name} in users or clients!"
      when "403"
        print_forbidden_error
        raise http_error
      else
        raise http_error
      end
    end
  else
    raise http_error
  end
end
get_client_key() click to toggle source
# File lib/chef-vault/actor.rb, line 69
def get_client_key
  get_key("clients")
rescue Net::HTTPClientException => http_error
  if http_error.response.code.eql?("403")
    print_forbidden_error
    raise http_error
  elsif http_error.response.code.eql?("404")
    raise ChefVault::Exceptions::ClientNotFound,
      "#{name} is not a valid chef client and/or node"
  else
    raise http_error
  end
end
get_key(request_actor_type) click to toggle source
# File lib/chef-vault/actor.rb, line 114
def get_key(request_actor_type)
  api.org_scoped_rest_v1.get("#{request_actor_type}/#{name}/keys/default").fetch("public_key")
# If the keys endpoint doesn't exist, try getting it directly from the V0 chef object.
rescue Net::HTTPClientException => http_error
  raise http_error unless http_error.response.code.eql?("404")

  if request_actor_type.eql?("clients")
    chef_api_client.load(name).public_key
  else
    chef_user.load(name).public_key
  end
end
is_admin?() click to toggle source
# File lib/chef-vault/actor.rb, line 87
def is_admin?
  type == "admins"
end
is_client?() click to toggle source
# File lib/chef-vault/actor.rb, line 83
def is_client?
  type == "clients"
end
key() click to toggle source
# File lib/chef-vault/actor.rb, line 35
def key
  @key ||= is_admin? ? get_admin_key : get_client_key
end
print_forbidden_error() click to toggle source