Class: Chef::Provider::PrivateKey
- Inherits:
-
LWRPBase
- Object
- LWRPBase
- Chef::Provider::PrivateKey
- Defined in:
- lib/chef/provider/private_key.rb
Instance Attribute Summary collapse
-
#current_private_key ⇒ Object
readonly
Returns the value of attribute current_private_key.
Instance Method Summary collapse
- #create_key(regenerate) ⇒ Object
- #encode_private_key(key) ⇒ Object
- #load_current_resource ⇒ Object
- #new_source_key ⇒ Object
- #whyrun_supported? ⇒ Boolean
- #write_private_key(key) ⇒ Object
Instance Attribute Details
#current_private_key ⇒ Object (readonly)
Returns the value of attribute current_private_key.
132 133 134 |
# File 'lib/chef/provider/private_key.rb', line 132 def current_private_key @current_private_key end |
Instance Method Details
#create_key(regenerate) ⇒ Object
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
# File 'lib/chef/provider/private_key.rb', line 29 def create_key(regenerate) final_private_key = nil if new_source_key # # Create private key from source # desired_output = encode_private_key(new_source_key) if Array(current_resource.action) == [ :delete ] || desired_output != IO.read(new_resource.path) converge_by "reformat key at #{new_resource.source_key_path} to #{new_resource.format} private key #{new_resource.path} (#{new_resource.pass_phrase ? ", #{new_resource.cipher} password" : ""})" do IO.write(new_resource.path, desired_output) end end final_private_key = new_source_key else # # Create private key file # if Array(current_resource.action) == [ :delete ] || regenerate || (new_resource.regenerate_if_different && (current_resource.size != new_resource.size || current_resource.type != new_resource.type)) action = (current_resource.path == :none || ::File.exists?(current_resource.path)) ? "overwrite" : "create" converge_by "#{action} #{new_resource.type} private key #{new_resource.path} (#{new_resource.size} bits#{new_resource.pass_phrase ? ", #{new_resource.cipher} password" : ""})" do case new_resource.type when :rsa if new_resource.exponent final_private_key = OpenSSL::PKey::RSA.generate(new_resource.size, new_resource.exponent) else final_private_key = OpenSSL::PKey::RSA.generate(new_resource.size) end when :dsa final_private_key = OpenSSL::PKey::DSA.generate(new_resource.size) end if new_resource.path != :none write_private_key(final_private_key) end end else # Warn if existing key has different characteristics than expected if current_resource.size != new_resource.size Chef::Log.warn("Mismatched key size! #{current_resource.path} is #{current_resource.size} bytes, desired is #{new_resource.size} bytes. Use action :regenerate to force key regeneration.") elsif current_resource.type != new_resource.type Chef::Log.warn("Mismatched key type! #{current_resource.path} is #{current_resource.type}, desired is #{new_resource.type} bytes. Use action :regenerate to force key regeneration.") end final_private_key = current_private_key if current_resource.format != new_resource.format converge_by "change format of #{new_resource.type} private key #{new_resource.path} from #{current_resource.format} to #{new_resource.format}" do write_private_key(current_private_key) end end end end if new_resource.public_key_path public_key_path = new_resource.public_key_path public_key_format = new_resource.public_key_format Cheffish.inline_resource(self) do public_key public_key_path do source_key final_private_key format public_key_format end end end if new_resource.after new_resource.after.call(new_resource, final_private_key) end end |
#encode_private_key(key) ⇒ Object
103 104 105 106 107 108 109 |
# File 'lib/chef/provider/private_key.rb', line 103 def encode_private_key(key) key_format = {} key_format[:format] = new_resource.format if new_resource.format key_format[:pass_phrase] = new_resource.pass_phrase if new_resource.pass_phrase key_format[:cipher] = new_resource.cipher if new_resource.cipher Cheffish::KeyFormatter.encode(key, key_format) end |
#load_current_resource ⇒ Object
134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 |
# File 'lib/chef/provider/private_key.rb', line 134 def load_current_resource resource = Chef::Resource::PrivateKey.new(new_resource.name) if new_resource.path != :none && ::File.exist?(new_resource.path) resource.path new_resource.path begin key, key_format = Cheffish::KeyFormatter.decode(IO.read(new_resource.path), new_resource.pass_phrase, new_resource.path) if key @current_private_key = key resource.format key_format[:format] resource.type key_format[:type] resource.size key_format[:size] resource.exponent key_format[:exponent] resource.pass_phrase key_format[:pass_phrase] resource.cipher key_format[:cipher] end rescue # If there's an error reading, we assume format and type are wrong and don't futz with them end else resource.action :delete end @current_resource = resource end |
#new_source_key ⇒ Object
116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 |
# File 'lib/chef/provider/private_key.rb', line 116 def new_source_key @new_source_key ||= begin if new_resource.source_key.is_a?(String) source_key, source_key_format = Cheffish::KeyFormatter.decode(new_resource.source_key, new_resource.source_key_pass_phrase) source_key elsif new_resource.source_key new_resource.source_key elsif new_resource.source_key_path source_key, source_key_format = Cheffish::KeyFormatter.decode(IO.read(new_resource.source_key_path), new_resource.source_key_pass_phrase, new_resource.source_key_path) source_key else nil end end end |
#whyrun_supported? ⇒ Boolean
25 26 27 |
# File 'lib/chef/provider/private_key.rb', line 25 def whyrun_supported? true end |
#write_private_key(key) ⇒ Object
111 112 113 114 |
# File 'lib/chef/provider/private_key.rb', line 111 def write_private_key(key) IO.write(new_resource.path, encode_private_key(key)) # TODO permissions on file? end |