Class: PuppetHttps

Inherits:
Object
  • Object
show all
Defined in:
lib/puppet_https.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(settings) ⇒ PuppetHttps

Returns a new instance of PuppetHttps.



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'lib/puppet_https.rb', line 7

def initialize(settings)
  # Settings hash:
  #   - ca_certificate_path
  #   - certificate_path (optional)
  #   - private_key_path (optional)
  #   - read_timeout (optional)
  #   - token_path (default: $HOME/.puppetlabs/token)
  #   - token (optional, takes precedence over token_path)
  #
  #   token auth takes precedence over cert auth (in the case that both methods are provided)

  default_token_path = ENV['HOME'].nil? ? nil : File.join(ENV['HOME'], '.puppetlabs', 'token')

  ca_cert_path = settings['ca_certificate_path']
  cert_path    = settings['certificate_path']
  pkey_path    = settings['private_key_path']

  @ca_file      = settings['ca_certificate_path'] if ca_cert_path and File.exist?(ca_cert_path)
  @read_timeout = settings['read_timeout'] || 90 # A default timeout value in seconds

  @auth_method = case
    when (settings['token'] or settings['token_path'])
      'token'
    when (cert_path and pkey_path)
      'cert'
    when default_token_path && File.exist?(default_token_path)
      'token'
    else
      nil
    end

  unless @auth_method
    raise RuntimeError, "No authentication methods available."
  end

  case @auth_method
  when 'token'
    @token      = settings['token']
    @token_path = (settings['token_path'] || default_token_path) unless @token
    # Make sure we have a token and it's not empty
    case
    when (@token and @token.empty?)
      raise RuntimeError, "Received an empty string for token"
    when (not @token and not File.exist?(@token_path))
      raise RuntimeError, "Token file not found at [#{@token_path}]"
    when (not @token and File.zero?(@token_path))
      raise RuntimeError, "Token file at [#{@token_path}] is empty"
    end
  when 'cert'
    if File.exist?(cert_path) and File.exist?(pkey_path)
      @cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
      @key  = OpenSSL::PKey::RSA.new(File.read(pkey_path))
    else
      raise RuntimeError, "Certificate auth requested but certificate or private key cannot be found."
    end
  end


end

Instance Attribute Details

#auth_methodObject (readonly)

Returns the value of attribute auth_method.



5
6
7
 
# File 'lib/puppet_https.rb', line 5

def auth_method
  @auth_method
end

#token_pathObject (readonly)

Returns the value of attribute token_path.



5
6
7
 
# File 'lib/puppet_https.rb', line 5

def token_path
  @token_path
end

Instance Method Details

#auth_headerObject 



141
142
143
144
 
# File 'lib/puppet_https.rb', line 141

def auth_header
  token  = self.token
  header = token ? {"X-Authentication" => token} : {}
end

#delete(url) ⇒ Object 



120
121
122
123
124
125
126
127
128
 
# File 'lib/puppet_https.rb', line 120

def delete(url)
  url = URI.parse(url)

  request = Net::HTTP::Delete.new(url.request_uri, self.auth_header)
  request.content_type = 'application/json'

  res = make_ssl_request(url, request)
  res
end

#get(url) ⇒ Object 



98
99
100
101
102
103
104
 
# File 'lib/puppet_https.rb', line 98

def get(url)
  url = URI.parse(url)
  accept = 'application/json'
  req = Net::HTTP::Get.new("#{url.path}?#{url.query}", {"Accept" => accept}.merge(self.auth_header))
  res = make_ssl_request(url, req)
  res
end

#make_ssl_request(url, req) ⇒ Object 



67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'lib/puppet_https.rb', line 67

def make_ssl_request(url, req)
  connection = Net::HTTP.new(url.host, url.port)

  # connection.set_debug_output $stderr

  connection.use_ssl      = true
  connection.ssl_version  = :TLSv1_2
  connection.verify_mode  = OpenSSL::SSL::VERIFY_PEER
  connection.ca_file      = @ca_file if @ca_file
  connection.read_timeout = @read_timeout

  if @auth_method == 'cert'
    connection.cert = @cert
    connection.key  = @key
  end

  connection.start { |http| http.request(req) }
end

#post(url, request_body = nil) ⇒ Object 



106
107
108
109
110
111
112
113
114
115
116
117
118
 
# File 'lib/puppet_https.rb', line 106

def post(url, request_body=nil)
  url = URI.parse(url)

  request = Net::HTTP::Post.new(url.request_uri, self.auth_header)
  request.content_type = 'application/json'

  unless request_body.nil?
    request.body = request_body
  end

  res = make_ssl_request(url, request)
  res
end

#put(url, request_body = nil) ⇒ Object 



86
87
88
89
90
91
92
93
94
95
96
 
# File 'lib/puppet_https.rb', line 86

def put(url, request_body=nil)
  url = URI.parse(url)
  req = Net::HTTP::Put.new(url.path, self.auth_header)
  req.content_type = 'application/json'

  unless request_body.nil?
    req.body = request_body
  end

  res = make_ssl_request(url, req)
end

#tokenObject

private



132
133
134
135
136
137
138
139
 
# File 'lib/puppet_https.rb', line 132

def token
  return @token if @token
  if @token_path and File.exist?(@token_path)
    @token = File.read(@token_path)
    return @token
  end
  return nil
end