Class: ChefAPI::Resource::Client

Inherits:

Base

• Object
• Base
• ChefAPI::Resource::Client

Defined in:

lib/chef-api/resources/client.rb

Instance Attribute Summary

Attributes inherited from Base

#associations

Class Method Summary

• .from_file(path) ⇒ Resource::Client

  Load the client from a .pem file on disk.

Instance Method Summary

• #initialize(attributes = {}, prefix = {}) ⇒ Client constructor

  Override the loading of the client.

• #regenerate_keys ⇒ self

  Generate a new RSA private key for this API client.

Methods inherited from Base

#_attributes, #_prefix, all, #attribute?, build, classname, collection, collection_path, connection, count, create, delete, #destroy, destroy, destroy_all, #diff, #dirty?, each, #errors, exists?, expanded_collection_path, fetch, from_json, from_url, has_many, #id, #ignore_attribute?, inspect, #inspect, list, #new_resource?, post, #primary_key, protect, #protected?, protected_resources, put, #reload!, #resource_path, resource_path, #save, #save!, schema, #to_hash, #to_json, to_s, #to_s, type, #update, update, #update_attribute, #valid?, #validate!, #validators

Constructor Details

#initialize(attributes = {}, prefix = {}) ⇒ Client

Override the loading of the client. Since HEC and EC both return certificate, but OPC and CZ both use public_key. In order to normalize this discrepancy, the intializer converts the response from the server OPC format. HEC and EC both handle putting a public key to the server instead of a certificate.

See Also:

• Base#initialize

# File 'lib/chef-api/resources/client.rb', line 49

def initialize(attributes = {}, prefix = {})
  if certificate = attributes.delete(:certificate) ||
                   attributes.delete('certificate')
    x509 = OpenSSL::X509::Certificate.new(certificate)
    attributes[:public_key] = x509.public_key.to_pem
  end

  super
end

Class Method Details

.from_file(path) ⇒ Resource::Client

Load the client from a .pem file on disk. Lots of assumptions are made here.

Parameters:

• path (String) —

  the path to the client on disk

Returns:

• (Resource::Client)

# File 'lib/chef-api/resources/client.rb', line 28

def from_file(path)
  name, key = Util.safe_read(path)

  if client = fetch(name)
    client.private_key = key
    client
  else
    new(name: name, private_key: key)
  end
end

Instance Method Details

#regenerate_keys ⇒ self

Note:

For security reasons, you should perform this operation sparingly! The resulting private key is committed to this object, meaning it is saved to memory somewhere. You should set this resource’s private_key to nil after you have committed it to disk and perform a manual GC to be ultra-secure.

Note:

Regenerating the private key also regenerates the public key!

Generate a new RSA private key for this API client.

Examples:

Regenerate the private key

key = client.regenerate_key
key #=> "-----BEGIN PRIVATE KEY-----\nMIGfMA0GCS..."

Returns:

• (self) —

  the current resource with the new public and private key attributes

Raises:

• (Error::CannotRegenerateKey)

# File 'lib/chef-api/resources/client.rb', line 77

def regenerate_keys
  raise Error::CannotRegenerateKey if new_resource?
  update(private_key: true).save!
  self
end