Class: Ridley::Middleware::ChefAuth

Inherits:
Faraday::Middleware
  • Object
show all
Extended by:
Mixlib::Authentication
Includes:
Logging
Defined in:
lib/ridley/middleware/chef_auth.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Logging

logger, #logger, set_logger

Constructor Details

#initialize(app, client_name, client_key) ⇒ ChefAuth

Returns a new instance of ChefAuth.



53
54
55
56
57
# File 'lib/ridley/middleware/chef_auth.rb', line 53

def initialize(app, client_name, client_key)
  super(app)
  @client_name = client_name
  @client_key  = client_key
end

Instance Attribute Details

#client_keyObject (readonly)

Returns the value of attribute client_key.



51
52
53
# File 'lib/ridley/middleware/chef_auth.rb', line 51

def client_key
  @client_key
end

#client_nameObject (readonly)

Returns the value of attribute client_name.



50
51
52
# File 'lib/ridley/middleware/chef_auth.rb', line 50

def client_name
  @client_name
end

Class Method Details

.authentication_headers(client_name, client_key, options = {}) ⇒ Object

Generate authentication headers for a request to a Chef Server

Parameters:

  • client_name (String)
  • client_key (String)

    the path OR actual client key

  • options (Hash) (defaults to: {})

    a customizable set of options

Options Hash (options):

  • :host (String)

See Also:

  • for options


18
19
20
21
22
23
24
# File 'lib/ridley/middleware/chef_auth.rb', line 18

def authentication_headers(client_name, client_key, options = {})
  contents = File.exists?(client_key) ? File.read(client_key) : client_key.to_s
  rsa_key = OpenSSL::PKey::RSA.new(contents)

  headers = signing_object(client_name, options).sign(rsa_key).merge(host: options[:host])
  headers.inject({}) { |memo, kv| memo["#{kv[0].to_s.upcase}"] = kv[1];memo }
end

.signing_object(client_name, options = {}) ⇒ SigningObject

Create a signing object for a Request to a Chef Server

Parameters:

  • client_name (String)
  • options (Hash) (defaults to: {})

    a customizable set of options

Options Hash (options):

  • :http_method (String)
  • :path (String)
  • :body (String)
  • :timestamp (Time)

Returns:

  • (SigningObject)


36
37
38
39
40
41
42
43
44
45
# File 'lib/ridley/middleware/chef_auth.rb', line 36

def signing_object(client_name, options = {})
  options = options.reverse_merge(
    body: String.new,
    timestamp: Time.now.utc.iso8601
  )
  options[:user_id]       = client_name
  options[:proto_version] = "1.0"

  SignedHeaderAuth.signing_object(options)
end

Instance Method Details

#call(env) ⇒ Object



59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# File 'lib/ridley/middleware/chef_auth.rb', line 59

def call(env)
  signing_options = {
    http_method: env[:method],
    host: "#{env[:url].host}:#{env[:url].port}",
    path: env[:url].path,
    body: env[:body] || ''
  }
  authentication_headers = self.class.authentication_headers(client_name, client_key, signing_options)

  env[:request_headers] = default_headers.merge(env[:request_headers]).merge(authentication_headers)
  env[:request_headers] = env[:request_headers].merge('Content-Length' => env[:body].bytesize.to_s) if env[:body]

  log.debug { "==> performing authenticated Chef request as '#{client_name}'"}
  log.debug { "request env: #{env}"}

  @app.call(env)
end