Class: Chef::Provider::PrivateKey
- Inherits:
-
LWRPBase
- Object
- LWRPBase
- Chef::Provider::PrivateKey
- Defined in:
- lib/chef/provider/private_key.rb
Instance Attribute Summary collapse
-
#current_private_key ⇒ Object
readonly
Returns the value of attribute current_private_key.
Instance Method Summary collapse
- #create_key(regenerate, action) ⇒ Object
- #encode_private_key(key) ⇒ Object
- #load_current_resource ⇒ Object
- #new_key_with_path ⇒ Object
- #new_path ⇒ Object
- #new_source_key ⇒ Object
- #whyrun_supported? ⇒ Boolean
- #write_private_key(key) ⇒ Object
Instance Attribute Details
#current_private_key ⇒ Object (readonly)
Returns the value of attribute current_private_key.
156 157 158 |
# File 'lib/chef/provider/private_key.rb', line 156 def current_private_key @current_private_key end |
Instance Method Details
#create_key(regenerate, action) ⇒ Object
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 |
# File 'lib/chef/provider/private_key.rb', line 29 def create_key(regenerate, action) if @should_create_directory Cheffish.inline_resource(self, action) do directory run_context.config[:private_key_write_path] end end final_private_key = nil if new_source_key # # Create private key from source # desired_output = encode_private_key(new_source_key) if current_resource.path == :none || desired_output != IO.read(new_path) converge_by "reformat key at #{new_resource.source_key_path} to #{new_resource.format} private key #{new_path} (#{new_resource.pass_phrase ? ", #{new_resource.cipher} password" : ""})" do IO.write(new_path, desired_output) end end final_private_key = new_source_key else # # Generate a new key # if !current_private_key || regenerate || (new_resource.regenerate_if_different && (current_resource.size != new_resource.size || current_resource.type != new_resource.type)) case new_resource.type when :rsa if new_resource.exponent final_private_key = OpenSSL::PKey::RSA.generate(new_resource.size, new_resource.exponent) else final_private_key = OpenSSL::PKey::RSA.generate(new_resource.size) end when :dsa final_private_key = OpenSSL::PKey::DSA.generate(new_resource.size) end generated_key = true else final_private_key = current_private_key generated_key = false end if generated_key generated_description = " (#{new_resource.size} bits#{new_resource.pass_phrase ? ", #{new_resource.cipher} password" : ""})" if new_path != :none action = current_resource.path == :none ? 'create' : 'overwrite' converge_by "#{action} #{new_resource.type} private key #{new_path}#{generated_description}" do write_private_key(final_private_key) end else converge_by "generate private key#{generated_description}" do end end else # Warn if existing key has different characteristics than expected if current_resource.size != new_resource.size Chef::Log.warn("Mismatched key size! #{current_resource.path} is #{current_resource.size} bytes, desired is #{new_resource.size} bytes. Use action :regenerate to force key regeneration.") elsif current_resource.type != new_resource.type Chef::Log.warn("Mismatched key type! #{current_resource.path} is #{current_resource.type}, desired is #{new_resource.type} bytes. Use action :regenerate to force key regeneration.") end if current_resource.format != new_resource.format converge_by "change format of #{new_resource.type} private key #{new_path} from #{current_resource.format} to #{new_resource.format}" do write_private_key(current_private_key) end elsif (@current_file_mode & 0077) != 0 new_mode = @current_file_mode & 07700 converge_by "change mode of private key #{new_path} to #{new_mode.to_s(8)}" do ::File.chmod(new_mode, new_path) end end end end if new_resource.public_key_path public_key_path = new_resource.public_key_path public_key_format = new_resource.public_key_format Cheffish.inline_resource(self, action) do public_key public_key_path do source_key final_private_key format public_key_format end end end if new_resource.after new_resource.after.call(new_resource, final_private_key) end end |
#encode_private_key(key) ⇒ Object
125 126 127 128 129 130 131 |
# File 'lib/chef/provider/private_key.rb', line 125 def encode_private_key(key) key_format = {} key_format[:format] = new_resource.format if new_resource.format key_format[:pass_phrase] = new_resource.pass_phrase if new_resource.pass_phrase key_format[:cipher] = new_resource.cipher if new_resource.cipher Cheffish::KeyFormatter.encode(key, key_format) end |
#load_current_resource ⇒ Object
184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 |
# File 'lib/chef/provider/private_key.rb', line 184 def load_current_resource resource = Chef::Resource::PrivateKey.new(new_resource.name, run_context) new_key, new_path = new_key_with_path if new_path != :none && ::File.exist?(new_path) resource.path new_path @current_file_mode = ::File.stat(new_path).mode else resource.path :none end if new_key begin key, key_format = Cheffish::KeyFormatter.decode(new_key, new_resource.pass_phrase, new_path) if key @current_private_key = key resource.format key_format[:format] resource.type key_format[:type] resource.size key_format[:size] resource.exponent key_format[:exponent] resource.pass_phrase key_format[:pass_phrase] resource.cipher key_format[:cipher] end rescue # If there's an error reading, we assume format and type are wrong and don't futz with them end else resource.action :delete end @current_resource = resource end |
#new_key_with_path ⇒ Object
162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 |
# File 'lib/chef/provider/private_key.rb', line 162 def new_key_with_path path = new_resource.path if path.is_a?(Symbol) return [ nil, path ] elsif Pathname.new(path).relative? private_key, private_key_path = Cheffish.get_private_key_with_path(path, run_context.config) if private_key return [ private_key, (private_key_path || :none) ] elsif run_context.config[:private_key_write_path] @should_create_directory = true path = ::File.join(run_context.config[:private_key_write_path], path) return [ nil, path ] else raise "Could not find key #{path} and Chef::Config.private_key_write_path is not set." end elsif ::File.exist?(path) return [ IO.read(path), path ] else return [ nil, path ] end end |
#new_path ⇒ Object
158 159 160 |
# File 'lib/chef/provider/private_key.rb', line 158 def new_path new_key_with_path[1] end |
#new_source_key ⇒ Object
140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 |
# File 'lib/chef/provider/private_key.rb', line 140 def new_source_key @new_source_key ||= begin if new_resource.source_key.is_a?(String) source_key, source_key_format = Cheffish::KeyFormatter.decode(new_resource.source_key, new_resource.source_key_pass_phrase) source_key elsif new_resource.source_key new_resource.source_key elsif new_resource.source_key_path source_key, source_key_format = Cheffish::KeyFormatter.decode(IO.read(new_resource.source_key_path), new_resource.source_key_pass_phrase, new_resource.source_key_path) source_key else nil end end end |
#whyrun_supported? ⇒ Boolean
25 26 27 |
# File 'lib/chef/provider/private_key.rb', line 25 def whyrun_supported? true end |
#write_private_key(key) ⇒ Object
133 134 135 136 137 138 |
# File 'lib/chef/provider/private_key.rb', line 133 def write_private_key(key) ::File.open(new_path, 'w') do |file| file.chmod(0600) file.write(encode_private_key(key)) end end |