Class: Chef::EncryptedAttribute::RemoteUsers

Inherits:

Object

• Object
• Chef::EncryptedAttribute::RemoteUsers

Defined in:

lib/chef/encrypted_attribute/remote_users.rb

Overview

Note:

This class methods require admin privileges.

Helpers to get remote Chef Users keys.

Class Method Summary

• .all_public_keys ⇒ Array<String> private

  Gets all Chef users public keys.

• .cache ⇒ CacheLru

  Remote users public keys cache.

• .get_public_keys(users = []) ⇒ Array<String>

  Gets some Chef users public keys.

• .get_user_public_key(name) ⇒ String private

  Reads a Chef user public key.

• .get_users_public_keys(users) ⇒ Array<String> private

  Gets some Chef users public keys.

Class Method Details

.all_public_keys ⇒ Array<String>

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This method requires admin privileges.

Gets all Chef users public keys.

Returns:

• (Array<String>) —

  public key list.

# File 'lib/chef/encrypted_attribute/remote_users.rb', line 105

def self.all_public_keys
  # Chef::User.list(inflate=true) has a bug (fixed in 11.14.0)
  # https://tickets.chef.io/browse/CHEF-5328
  get_users_public_keys(Chef::User.list.keys)
end

.cache ⇒ CacheLru

Remote users public keys cache.

You can disable it setting it's size to zero:

Chef::EncryptedAttribute::RemoteUsers.cache.max_size(0)

Returns:

• (CacheLru) —

  Remote users LRU cache.

# File 'lib/chef/encrypted_attribute/remote_users.rb', line 39

def self.cache
  @@cache ||= Chef::EncryptedAttribute::CacheLru.new
end

.get_public_keys(users = []) ⇒ Array<String>

Note:

This method requires admin privileges.

Gets some Chef users public keys.

Parameters:

• users (Array<String>, '*') (defaults to: []) —

  user list. Use '*' to get all users public keys.

Returns:

• (Array<String>) —

  public key list.

Raises:

• (ArgumentError) —

  if user list is wrong.

# File 'lib/chef/encrypted_attribute/remote_users.rb', line 51

def self.get_public_keys(users = [])
  if users == '*' # users are [a-z0-9\-_]+, cannot be *
    cache.key?('*') ? cache['*'] : cache['*'] = all_public_keys
  elsif users.is_a?(Array)
    get_users_public_keys(users)
  elsif !users.nil?
    fail ArgumentError,
         "#{self.class}##{__method__} users argument must be an array "\
         'or "*".'
  end
end

.get_user_public_key(name) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This method requires admin privileges.

Reads a Chef user public key.

Parameters:

• name (String) —

  user name.

Returns:

• (String) —

  user public key as string.

Raises:

• (InsufficientPrivileges) —

  if you lack enough privileges to read the keys from the Chef Server.

# File 'lib/chef/encrypted_attribute/remote_users.rb', line 72

def self.get_user_public_key(name)
  return cache[name] if cache.key?(name)
  user = Chef::User.load(name)
  cache[name] = user.public_key
rescue Net::HTTPServerException => e
  case e.response.code
  when '403'
    raise InsufficientPrivileges,
          'Your node needs admin privileges to be able to work with '\
          'Chef Users.'
  when '404' then raise UserNotFound, "Chef User not found: \"#{name}\"."
  else
    raise e
  end
end

.get_users_public_keys(users) ⇒ Array<String>

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This method requires admin privileges.

Gets some Chef users public keys.

Parameters:

• users (Array<String>) —

  user list.

Returns:

• (Array<String>) —

  public key list.

# File 'lib/chef/encrypted_attribute/remote_users.rb', line 95

def self.get_users_public_keys(users)
  users.map { |n| get_user_public_key(n) }
end