/usr/lib/ruby/vendor_ruby/chef_zero/endpoints/policy_group_policy_endpoint.rb is in chef-zero 5.1.1-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 | require "ffi_yajl"
require "chef_zero/rest_base"
require "chef_zero/chef_data/data_normalizer"
module ChefZero
module Endpoints
# /organizations/ORG/policy_groups/GROUP/policies/NAME
#
# in the data store, this REST path actually stores the revision ID of ${policy_name} that's currently
# associated with ${policy_group}.
class PolicyGroupPolicyEndpoint < RestBase
# GET /organizations/ORG/policy_groups/GROUP/policies/NAME
def get(request)
policy_name = request.rest_path[5]
# fetch /organizations/{organization}/policies/{policy_name}/revisions/{revision_id}
revision_id = parse_json(get_data(request))
result = get_data(request, request.rest_path[0..1] +
["policies", policy_name, "revisions", revision_id])
result = ChefData::DataNormalizer.normalize_policy(parse_json(result), policy_name, revision_id)
json_response(200, result)
end
# Create or update the policy document for the given policy group and policy name. If no policy group
# with the given name exists, it will be created. If no policy with the given revision_id exists, it
# will be created from the document in the request body. If a policy with that revision_id exists, the
# Chef Server simply associates that revision id with the given policy group. When successful, the
# document that was created or updated is returned.
## MANDATORY FIELDS AND FORMATS
# * `revision_id`: String; Must be < 255 chars, matches /^[\-[:alnum:]_\.\:]+$/
# * `name`: String; Must match name in URI; Must be <= 255 chars, matches /^[\-[:alnum:]_\.\:]+$/
# * `run_list`: Array
# * `run_list[i]`: Fully Qualified Recipe Run List Item
# * `cookbook_locks`: JSON Object
# * `cookbook_locks(key)`: CookbookName
# * `cookbook_locks[item]`: JSON Object, mandatory keys: "identifier", "dotted_decimal_identifier"
# * `cookbook_locks[item]["identifier"]`: varchar(255) ?
# * `cookbook_locks[item]["dotted_decimal_identifier"]` ChefCompatibleVersionNumber
# PUT /organizations/ORG/policy_groups/GROUP/policies/NAME
def put(request)
policyfile_data = parse_json(request.body)
policy_name = request.rest_path[5]
revision_id = policyfile_data["revision_id"]
# If the policy revision being submitted does not exist, create it.
# Storage: /organizations/ORG/policies/POLICY/revisions/REVISION
policyfile_path = request.rest_path[0..1] + ["policies", policy_name, "revisions", revision_id]
if !exists_data?(request, policyfile_path)
create_data(request, policyfile_path[0..-2], revision_id, request.body, :create_dir)
end
# if named policy exists and the given revision ID exists, associate the revision ID with the policy
# group.
# Storage: /organizations/ORG/policies/POLICY/revisions/REVISION
response_code = exists_data?(request) ? 200 : 201
set_data(request, nil, to_json(revision_id), :create, :create_dir)
already_json_response(response_code, request.body)
end
# DELETE /organizations/ORG/policy_groups/GROUP/policies/NAME
def delete(request)
# Save the existing association.
current_revision_id = parse_json(get_data(request))
# delete the association.
delete_data(request)
# return the full policy document at the no-longer-associated revision.
policy_name = request.rest_path[5]
policy_path = request.rest_path[0..1] + ["policies", policy_name,
"revisions", current_revision_id]
full_policy_doc = parse_json(get_data(request, policy_path))
full_policy_doc = ChefData::DataNormalizer.normalize_policy(full_policy_doc, policy_name, current_revision_id)
return json_response(200, full_policy_doc)
end
end
end
end
|