Class: ChefAPI::Resource::Client
- Defined in:
- lib/chef-api/resources/client.rb
Instance Attribute Summary
Attributes inherited from Base
Class Method Summary collapse
-
.from_file(path) ⇒ Resource::Client
Load the client from a .pem file on disk.
Instance Method Summary collapse
-
#initialize(attributes = {}, prefix = {}) ⇒ Client
constructor
Override the loading of the client.
-
#regenerate_keys ⇒ self
Generate a new RSA private key for this API client.
Methods inherited from Base
#_attributes, #_prefix, all, #attribute?, build, classname, collection, collection_path, connection, count, create, delete, #destroy, destroy, destroy_all, #diff, #dirty?, each, #errors, exists?, expanded_collection_path, fetch, from_json, from_url, has_many, #id, #ignore_attribute?, inspect, #inspect, list, #new_resource?, post, #primary_key, protect, #protected?, protected_resources, put, #reload!, #resource_path, resource_path, #save, #save!, schema, #to_hash, #to_json, to_s, #to_s, type, #update, update, #update_attribute, #valid?, #validate!, #validators
Constructor Details
#initialize(attributes = {}, prefix = {}) ⇒ Client
Override the loading of the client. Since HEC and EC both return certificate
, but OPC and CZ both use public_key
. In order to normalize this discrepancy, the intializer converts the response from the server OPC format. HEC and EC both handle putting a public key to the server instead of a certificate.
49 50 51 52 53 54 55 56 57 |
# File 'lib/chef-api/resources/client.rb', line 49 def initialize(attributes = {}, prefix = {}) if certificate = attributes.delete(:certificate) || attributes.delete('certificate') x509 = OpenSSL::X509::Certificate.new(certificate) attributes[:public_key] = x509.public_key.to_pem end super end |
Class Method Details
.from_file(path) ⇒ Resource::Client
Load the client from a .pem file on disk. Lots of assumptions are made here.
28 29 30 31 32 33 34 35 36 37 |
# File 'lib/chef-api/resources/client.rb', line 28 def from_file(path) name, key = Util.safe_read(path) if client = fetch(name) client.private_key = key client else new(name: name, private_key: key) end end |
Instance Method Details
#regenerate_keys ⇒ self
For security reasons, you should perform this operation sparingly! The resulting private key is committed to this object, meaning it is saved to memory somewhere. You should set this resource’s private_key
to nil
after you have committed it to disk and perform a manual GC to be ultra-secure.
Regenerating the private key also regenerates the public key!
Generate a new RSA private key for this API client.
77 78 79 80 81 |
# File 'lib/chef-api/resources/client.rb', line 77 def regenerate_keys raise Error::CannotRegenerateKey if new_resource? update(private_key: true).save! self end |