/usr/lib/ruby/vendor_ruby/chef_zero/endpoints/actors_endpoint.rb is in chef-zero 5.1.1-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 | require "ffi_yajl"
require "chef_zero/endpoints/rest_list_endpoint"
module ChefZero
module Endpoints
# /users, /organizations/ORG/clients or /organizations/ORG/users
class ActorsEndpoint < RestListEndpoint
def get(request)
response = super(request)
# apply query filters: if one applies, stop processing rest
# (precendence matches chef-server: https://github.com/chef/chef-server/blob/268a0c9/src/oc_erchef/apps/chef_objects/src/chef_user.erl#L554-L559)
if value = request.query_params["external_authentication_uid"]
response[2] = filter("external_authentication_uid", value, request, response[2])
elsif value = request.query_params["email"]
response[2] = filter("email", value, request, response[2])
end
if request.query_params["verbose"]
results = parse_json(response[2])
results.each do |name, url|
record = get_data(request, request.rest_path + [ name ], :nil)
if record
record = parse_json(record)
record = ChefData::DataNormalizer.normalize_user(record, name, identity_keys, server.options[:osc_compat])
results[name] = record
end
end
response[2] = to_json(results)
end
response
end
def post(request)
# First, find out if the user actually posted a public key. If not, make
# one.
request_body = parse_json(request.body)
public_key = request_body["public_key"]
skip_key_create = !request.api_v0? && !request_body["create_key"]
if !public_key && !skip_key_create
private_key, public_key = server.gen_key_pair
request_body["public_key"] = public_key
request.body = to_json(request_body)
elsif skip_key_create
request_body["public_key"] = nil
request.body = to_json(request_body)
end
result = super(request)
if result[0] == 201
# If we generated a key, stuff it in the response.
user_data = parse_json(result[2])
key_data = {}
key_data["private_key"] = private_key if private_key
key_data["public_key"] = public_key unless request.rest_path[0] == "users"
response =
if request.api_v0?
user_data.merge!(key_data)
elsif skip_key_create && !public_key
user_data
else
actor_name = request_body["name"] || request_body["username"] || request_body["clientname"]
relpath_to_default_key = [ actor_name, "keys", "default" ]
key_data["uri"] = build_uri(request.base_uri, request.rest_path + relpath_to_default_key)
key_data["public_key"] = public_key
key_data["name"] = "default"
key_data["expiration_date"] = "infinity"
user_data["chef_key"] = key_data
user_data
end
json_response(201, response)
else
result
end
end
private
def filter(key, value, request, resp)
results = parse_json(resp)
new_results = {}
results.each do |name, url|
record = get_data(request, request.rest_path + [ name ], :nil)
if record
record = parse_json(record)
new_results[name] = url if record[key] == value
end
end
to_json(new_results)
end
end
end
end
|