Class: ChefSSL::Client

Inherits:
Object
  • Object
show all
Defined in:
lib/chef-ssl/client.rb,
lib/chef-ssl/client/request.rb,
lib/chef-ssl/client/version.rb,
lib/chef-ssl/client/signing_authority.rb,
lib/chef-ssl/client/issued_certificate.rb

Defined Under Namespace

Classes: CertSaveFailed, IssuedCertificate, Request, SigningAuthority

Constant Summary collapse

VERSION = 
'1.1.0'

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeClient

Returns a new instance of Client.



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/chef-ssl/client.rb', line 19

def initialize
  Chef::Knife.new.tap do |knife|
    # Set the log-level, knife style. This equals :error level
    Chef::Config[:verbosity] = knife.config[:verbosity] ||= 0
    knife.configure_chef
  end

  Spice.reset

  # avoid Spice issue if chef_server_url has a trailing slash.
  chef_server_url = Chef::Config.chef_server_url
  chef_server_url.gsub!(/\/$/, '')

  if Chef::Config.ssl_verify_mode == :verify_none
    verify_mode = OpenSSL::SSL::VERIFY_NONE
  else
    verify_mode = OpenSSL::SSL::VERIFY_PEER
  end

  Spice.setup do |s|
    s.server_url = chef_server_url
    s.client_name = Chef::Config.node_name
    s.client_key = Spice.read_key_file(File.expand_path(Chef::Config.client_key))
    s.connection_options = {
      :ssl => {
        :verify_mode => verify_mode,
        :client_cert => Chef::Config.ssl_client_cert,
        :client_key => Chef::Config.ssl_client_key,
        :ca_path => Chef::Config.ssl_ca_path,
        :ca_file => Chef::Config.ssl_ca_file,
      }
    }
  end
end

Class Method Details

.load_authority(options) ⇒ Object 



54
55
56
57
58
59
 
# File 'lib/chef-ssl/client.rb', line 54

def self.load_authority(options)
  SigningAuthority.load(
    :path => options[:path],
    :password => options[:password]
  )
end

Instance Method Details

#ca_search(ca = nil) ⇒ Object 



61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/chef-ssl/client.rb', line 61

def ca_search(ca=nil)
  if ca
    nodes = Spice.nodes("csr_outbox_*_ca:#{ca}")
  else
    nodes = Spice.nodes("csr_outbox_*")
  end
  nodes.each do |node|
    next if node.normal['csr_outbox'].nil?
    node.normal['csr_outbox'].each do |id, data|
      next if data['csr'].nil? # XXX warn, raise?
      yield Request.new(node.name, data)
    end
  end
end

#common_name_search(name) ⇒ Object 



76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'lib/chef-ssl/client.rb', line 76

def common_name_search(name)
  name_sha = Digest::SHA256.new << name
  cert_id = name_sha.to_s
  nodes = Spice.nodes("csr_outbox_*_id:#{cert_id}")
  nodes.each do |node|
    node.normal['csr_outbox'].each do |id, data|
      next unless data['id'] == cert_id
      next if data['csr'].nil? # XXX warn, raise?
      yield Request.new(node.name, data)
    end
  end
end