Class: Chef::HTTP::Authenticator

Inherits:
Object
  • Object
show all
Defined in:
lib/chef/http/authenticator.rb

Constant Summary collapse

DEFAULT_SERVER_API_VERSION = 
"1".freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(opts = {}) ⇒ Authenticator

Returns a new instance of Authenticator.



38
39
40
41
42
43
44
45
46
 
# File 'lib/chef/http/authenticator.rb', line 38

def initialize(opts = {})
  @raw_key = nil
  @sign_request = true
  @signing_key_filename = opts[:signing_key_filename]
  @key = load_signing_key(opts[:signing_key_filename], opts[:raw_key])
  @auth_credentials = AuthCredentials.new(opts[:client_name], @key, use_ssh_agent: opts[:ssh_agent_signing])
  @version_class = opts[:version_class]
  @api_version = opts[:api_version]
end

Instance Attribute Details

#api_versionObject (readonly)

Returns the value of attribute api_version.



34
35
36
 
# File 'lib/chef/http/authenticator.rb', line 34

def api_version
  @api_version
end

#attr_namesObject (readonly)

Returns the value of attribute attr_names.



31
32
33
 
# File 'lib/chef/http/authenticator.rb', line 31

def attr_names
  @attr_names
end

#auth_credentialsObject (readonly)

Returns the value of attribute auth_credentials.



32
33
34
 
# File 'lib/chef/http/authenticator.rb', line 32

def auth_credentials
  @auth_credentials
end

#raw_keyObject (readonly)

Returns the value of attribute raw_key.



30
31
32
 
# File 'lib/chef/http/authenticator.rb', line 30

def raw_key
  @raw_key
end

#sign_requestObject

Returns the value of attribute sign_request.



36
37
38
 
# File 'lib/chef/http/authenticator.rb', line 36

def sign_request
  @sign_request
end

#signing_key_filenameObject (readonly)

Returns the value of attribute signing_key_filename.



29
30
31
 
# File 'lib/chef/http/authenticator.rb', line 29

def signing_key_filename
  @signing_key_filename
end

#version_classObject (readonly)

Returns the value of attribute version_class.



33
34
35
 
# File 'lib/chef/http/authenticator.rb', line 33

def version_class
  @version_class
end

Instance Method Details

#authentication_headers(method, url, json_body = nil, headers = nil) ⇒ Object 



105
106
107
108
109
110
111
112
113
114
115
 
# File 'lib/chef/http/authenticator.rb', line 105

def authentication_headers(method, url, json_body = nil, headers = nil)
  request_params = {
    http_method: method,
    path: url.path,
    body: json_body,
    host: "#{url.host}:#{url.port}",
    headers: headers,
  }
  request_params[:body] ||= ""
  auth_credentials.signature_headers(request_params)
end

#client_nameObject 



80
81
82
 
# File 'lib/chef/http/authenticator.rb', line 80

def client_name
  @auth_credentials.client_name
end

#handle_request(method, url, headers = {}, data = false) ⇒ Object 



48
49
50
51
52
 
# File 'lib/chef/http/authenticator.rb', line 48

def handle_request(method, url, headers = {}, data = false)
  headers["X-Ops-Server-API-Version"] = request_version
  headers.merge!(authentication_headers(method, url, data, headers)) if sign_requests?
  [method, url, headers, data]
end

#handle_response(http_response, rest_request, return_value) ⇒ Object 



54
55
56
 
# File 'lib/chef/http/authenticator.rb', line 54

def handle_response(http_response, rest_request, return_value)
  [http_response, rest_request, return_value]
end

#handle_stream_complete(http_response, rest_request, return_value) ⇒ Object 



62
63
64
 
# File 'lib/chef/http/authenticator.rb', line 62

def handle_stream_complete(http_response, rest_request, return_value)
  [http_response, rest_request, return_value]
end

#load_signing_key(key_file, raw_key = nil) ⇒ Object 



84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
 
# File 'lib/chef/http/authenticator.rb', line 84

def load_signing_key(key_file, raw_key = nil)
  if !!key_file
    @raw_key = IO.read(key_file).strip
  elsif !!raw_key
    @raw_key = raw_key.strip
  else
    return nil
  end
  # Pass in '' as the passphrase to avoid OpenSSL prompting on the TTY if
  # given an encrypted key. This also helps if using a single file for
  # both the public and private key with ssh-agent mode.
  @key = OpenSSL::PKey::RSA.new(@raw_key, "")
rescue SystemCallError, IOError => e
  Chef::Log.warn "Failed to read the private key #{key_file}: #{e.inspect}"
  raise Chef::Exceptions::PrivateKeyMissing, "I cannot read #{key_file}, which you told me to use to sign requests!"
rescue OpenSSL::PKey::RSAError
  msg = "The file #{key_file} or :raw_key option does not contain a correctly formatted private key or the key is encrypted.\n"
  msg << "The key file should begin with '-----BEGIN RSA PRIVATE KEY-----' and end with '-----END RSA PRIVATE KEY-----'"
  raise Chef::Exceptions::InvalidPrivateKey, msg
end

#request_versionObject 



66
67
68
69
70
71
72
73
74
 
# File 'lib/chef/http/authenticator.rb', line 66

def request_version
  if version_class
    version_class.best_request_version
  elsif api_version
    api_version
  else
    DEFAULT_SERVER_API_VERSION
  end
end

#sign_requests?Boolean

Returns:

  • (Boolean) 


76
77
78
 
# File 'lib/chef/http/authenticator.rb', line 76

def sign_requests?
  auth_credentials.sign_requests? && @sign_request
end

#stream_response_handler(response) ⇒ Object 



58
59
60
 
# File 'lib/chef/http/authenticator.rb', line 58

def stream_response_handler(response)
  nil
end