/usr/lib/ruby/vendor_ruby/chef_zero/endpoints/actor_default_key_endpoint.rb is in chef-zero 5.1.1-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 | require "chef_zero/rest_base"
module ChefZero
module Endpoints
# ActorDefaultKeyEndpoint
#
# This class handles DELETE/GET/PUT requests for client/user default public
# keys, i.e. requests with identity key "default". All others are handled
# by ActorKeyEndpoint.
#
# Default public keys are stored with the actor (client or user) instead of
# under user/client_keys. Handling those in a separate endpoint offloads
# the branching logic onto the router rather than branching in every
# endpoint method (`if request.rest_path[-1] == "default" ...`).
#
# /users/USER/keys/default
# /organizations/ORG/clients/CLIENT/keys/default
class ActorDefaultKeyEndpoint < RestBase
DEFAULT_PUBLIC_KEY_NAME = "default".freeze
def get(request)
# 404 if actor doesn't exist
actor_data = get_actor_data(request)
key_data = default_public_key_from_actor(actor_data)
# 404 if the actor doesn't have a default key
if key_data["public_key"].nil?
raise RestErrorResponse.new(404, "Object not found: #{build_uri(request.base_uri, request.rest_path)}")
end
json_response(200, default_public_key_from_actor(actor_data))
end
def delete(request)
path = actor_path(request)
actor_data = get_actor_data(request) # 404 if actor doesn't exist
default_public_key = delete_actor_default_public_key!(request, path, actor_data)
json_response(200, default_public_key)
end
def put(request)
# 404 if actor doesn't exist
actor_data = get_actor_data(request)
new_public_key = parse_json(request.body)["public_key"]
actor_data["public_key"] = new_public_key
set_data(request, actor_path(request), to_json(actor_data))
end
private
def actor_path(request)
return request.rest_path[0..3] if request.rest_path[2] == "clients"
request.rest_path[0..1]
end
def get_actor_data(request)
path = actor_path(request)
parse_json(get_data(request, path))
end
def default_public_key_from_actor(actor_data)
{ "name" => DEFAULT_PUBLIC_KEY_NAME,
"public_key" => actor_data["public_key"],
"expiration_date" => "infinity" }
end
def delete_actor_default_public_key!(request, path, actor_data)
new_actor_data = actor_data.merge("public_key" => nil)
set_data(request, path, to_json(new_actor_data))
default_public_key_from_actor(actor_data)
end
end
end
end
|