/usr/lib/ruby/vendor_ruby/chef/resource/public_key.rb is in ruby-cheffish 4.0.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 | require 'openssl/cipher'
require 'cheffish/base_resource'
require 'openssl'
require 'cheffish/key_formatter'
class Chef
class Resource
class PublicKey < Cheffish::BaseResource
resource_name :public_key
allowed_actions :create, :delete, :nothing
default_action :create
property :path, String, name_property: true
property :format, [ :pem, :der, :openssh ], default: :openssh
property :source_key
property :source_key_path, String
property :source_key_pass_phrase
# We are not interested in Chef's cloning behavior here.
def load_prior_resource(*args)
Chef::Log.debug("Overloading #{resource_name}.load_prior_resource with NOOP")
end
action :create do
if !new_source_key
raise "No source key specified"
end
desired_output = encode_public_key(new_source_key)
if Array(current_resource.action) == [ :delete ] || desired_output != IO.read(new_resource.path)
converge_by "write #{new_resource.format} public key #{new_resource.path} from #{new_source_key_publicity} key #{new_resource.source_key_path}" do
IO.write(new_resource.path, desired_output)
# TODO permissions on file?
end
end
end
action :delete do
if Array(current_resource.action) == [ :create ]
converge_by "delete public key #{new_resource.path}" do
::File.unlink(new_resource.path)
end
end
end
action_class.class_eval do
def encode_public_key(key)
key_format = {}
key_format[:format] = new_resource.format if new_resource.format
Cheffish::KeyFormatter.encode(key, key_format)
end
attr_reader :current_public_key
attr_reader :new_source_key_publicity
def new_source_key
@new_source_key ||= begin
if new_resource.source_key.is_a?(String)
source_key, source_key_format = Cheffish::KeyFormatter.decode(new_resource.source_key, new_resource.source_key_pass_phrase)
elsif new_resource.source_key
source_key = new_resource.source_key
elsif new_resource.source_key_path
source_key, source_key_format = Cheffish::KeyFormatter.decode(IO.read(new_resource.source_key_path), new_resource.source_key_pass_phrase, new_resource.source_key_path)
else
return nil
end
if source_key.private?
@new_source_key_publicity = 'private'
source_key.public_key
else
@new_source_key_publicity = 'public'
source_key
end
end
end
def load_current_resource
if ::File.exist?(new_resource.path)
resource = Chef::Resource::PublicKey.new(new_resource.path, run_context)
begin
key, key_format = Cheffish::KeyFormatter.decode(IO.read(new_resource.path), nil, new_resource.path)
if key
@current_public_key = key
resource.format key_format[:format]
end
rescue
# If there is an error reading we assume format and such is broken
end
@current_resource = resource
else
not_found_resource = Chef::Resource::PublicKey.new(new_resource.path, run_context)
not_found_resource.action :delete
@current_resource = not_found_resource
end
end
end
end
end
end
|