Class: Chef::EncryptedAttribute::RemoteUsers

Inherits:
Object
  • Object
show all
Defined in:
lib/chef/encrypted_attribute/remote_users.rb

Overview

Note:

This class methods require admin privileges.

Helpers to get remote Chef Users keys.

Class Method Summary collapse

Class Method Details

.all_public_keysArray<String>

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This method requires admin privileges.

Gets all Chef users public keys.

Returns:

  • (Array<String>)

    public key list.


105
106
107
108
109
# File 'lib/chef/encrypted_attribute/remote_users.rb', line 105

def self.all_public_keys
  # Chef::User.list(inflate=true) has a bug (fixed in 11.14.0)
  # https://tickets.chef.io/browse/CHEF-5328
  get_users_public_keys(Chef::User.list.keys)
end

.cacheCacheLru

Remote users public keys cache.

You can disable it setting it's size to zero:

Chef::EncryptedAttribute::RemoteUsers.cache.max_size(0)

Returns:

  • (CacheLru)

    Remote users LRU cache.


39
40
41
# File 'lib/chef/encrypted_attribute/remote_users.rb', line 39

def self.cache
  @@cache ||= Chef::EncryptedAttribute::CacheLru.new
end

.get_public_keys(users = []) ⇒ Array<String>

Note:

This method requires admin privileges.

Gets some Chef users public keys.

Parameters:

  • users (Array<String>, '*') (defaults to: [])

    user list. Use '*' to get all users public keys.

Returns:

  • (Array<String>)

    public key list.

Raises:

  • (ArgumentError)

    if user list is wrong.


51
52
53
54
55
56
57
58
59
60
61
# File 'lib/chef/encrypted_attribute/remote_users.rb', line 51

def self.get_public_keys(users = [])
  if users == '*' # users are [a-z0-9\-_]+, cannot be *
    cache.key?('*') ? cache['*'] : cache['*'] = all_public_keys
  elsif users.is_a?(Array)
    get_users_public_keys(users)
  elsif !users.nil?
    fail ArgumentError,
         "#{self.class}##{__method__} users argument must be an array "\
         'or "*".'
  end
end

.get_user_public_key(name) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This method requires admin privileges.

Reads a Chef user public key.

Parameters:

  • name (String)

    user name.

Returns:

  • (String)

    user public key as string.

Raises:


72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# File 'lib/chef/encrypted_attribute/remote_users.rb', line 72

def self.get_user_public_key(name)
  return cache[name] if cache.key?(name)
  user = Chef::User.load(name)
  cache[name] = user.public_key
rescue Net::HTTPServerException => e
  case e.response.code
  when '403'
    raise InsufficientPrivileges,
          'Your node needs admin privileges to be able to work with '\
          'Chef Users.'
  when '404' then raise UserNotFound, "Chef User not found: \"#{name}\"."
  else
    raise e
  end
end

.get_users_public_keys(users) ⇒ Array<String>

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This method requires admin privileges.

Gets some Chef users public keys.

Parameters:

  • users (Array<String>)

    user list.

Returns:

  • (Array<String>)

    public key list.


95
96
97
# File 'lib/chef/encrypted_attribute/remote_users.rb', line 95

def self.get_users_public_keys(users)
  users.map { |n| get_user_public_key(n) }
end