chef-zero 15.0.17 → 15.0.21

data/lib/chef_zero/endpoints/acls_endpoint.rb

@@ -1,41 +1,41 @@
-require "ffi_yajl" unless defined?(FFI_Yajl)
-require_relative "../rest_base"
-require_relative "../chef_data/data_normalizer"
-require_relative "../chef_data/acl_path"
-
-module ChefZero
-  module Endpoints
-    # /organizations/ORG/THING/NAME/_acl
-    # Where THING is:
-    # - clients, data, containers, cookbooks, environments
-    #   groups, roles, nodes, users
-    # or
-    # /organizations/ORG/organization/_acl
-    # /users/NAME/_acl
-    class AclsEndpoint < RestBase
-      def get(request)
-        path = request.rest_path[0..-2] # Strip off _acl
-        path = path[0..1] if path.size == 3 && path[0] == "organizations" && %w{organization organizations}.include?(path[2])
-        acl_path = ChefData::AclPath.get_acl_data_path(path)
-        unless acl_path
-          raise RestErrorResponse.new(404, "Object not found: #{build_uri(request.base_uri, request.rest_path)}")
-        end
-
-        acls = FFI_Yajl::Parser.parse(get_data(request, acl_path))
-        acls = ChefData::DataNormalizer.normalize_acls(acls)
-        if request.query_params["detail"] == "granular"
-          acls.each do |perm, ace|
-            acls[perm]["actors"] = []
-          end
-        else
-          acls.each do |perm, ace|
-            acls[perm].delete("clients")
-            acls[perm].delete("users")
-          end
-        end
-
-        json_response(200, acls)
-      end
-    end
-  end
-end
+require "ffi_yajl" unless defined?(FFI_Yajl)
+require_relative "../rest_base"
+require_relative "../chef_data/data_normalizer"
+require_relative "../chef_data/acl_path"
+
+module ChefZero
+  module Endpoints
+    # /organizations/ORG/THING/NAME/_acl
+    # Where THING is:
+    # - clients, data, containers, cookbooks, environments
+    #   groups, roles, nodes, users
+    # or
+    # /organizations/ORG/organization/_acl
+    # /users/NAME/_acl
+    class AclsEndpoint < RestBase
+      def get(request)
+        path = request.rest_path[0..-2] # Strip off _acl
+        path = path[0..1] if path.size == 3 && path[0] == "organizations" && %w{organization organizations}.include?(path[2])
+        acl_path = ChefData::AclPath.get_acl_data_path(path)
+        unless acl_path
+          raise RestErrorResponse.new(404, "Object not found: #{build_uri(request.base_uri, request.rest_path)}")
+        end
+
+        acls = FFI_Yajl::Parser.parse(get_data(request, acl_path))
+        acls = ChefData::DataNormalizer.normalize_acls(acls)
+        if request.query_params["detail"] == "granular"
+          acls.each do |perm, ace|
+            acls[perm]["actors"] = []
+          end
+        else
+          acls.each do |perm, ace|
+            acls[perm].delete("clients")
+            acls[perm].delete("users")
+          end
+        end
+
+        json_response(200, acls)
+      end
+    end
+  end
+end

data/lib/chef_zero/endpoints/actor_default_key_endpoint.rb

@@ -1,78 +1,78 @@
-require_relative "../rest_base"
-
-module ChefZero
-  module Endpoints
-    # ActorDefaultKeyEndpoint
-    #
-    # This class handles DELETE/GET/PUT requests for client/user default public
-    # keys, i.e. requests with identity key "default". All others are handled
-    # by ActorKeyEndpoint.
-    #
-    # Default public keys are stored with the actor (client or user) instead of
-    # under user/client_keys. Handling those in a separate endpoint offloads
-    # the branching logic onto the router rather than branching in every
-    # endpoint method (`if request.rest_path[-1] == "default" ...`).
-    #
-    # /users/USER/keys/default
-    # /organizations/ORG/clients/CLIENT/keys/default
-    class ActorDefaultKeyEndpoint < RestBase
-      DEFAULT_PUBLIC_KEY_NAME = "default".freeze
-
-      def get(request)
-        # 404 if actor doesn't exist
-        actor_data = get_actor_data(request)
-        key_data = default_public_key_from_actor(actor_data)
-
-        # 404 if the actor doesn't have a default key
-        if key_data["public_key"].nil?
-          raise RestErrorResponse.new(404, "Object not found: #{build_uri(request.base_uri, request.rest_path)}")
-        end
-
-        json_response(200, default_public_key_from_actor(actor_data))
-      end
-
-      def delete(request)
-        path = actor_path(request)
-        actor_data = get_actor_data(request) # 404 if actor doesn't exist
-
-        default_public_key = delete_actor_default_public_key!(request, path, actor_data)
-        json_response(200, default_public_key)
-      end
-
-      def put(request)
-        # 404 if actor doesn't exist
-        actor_data = get_actor_data(request)
-
-        new_public_key = parse_json(request.body)["public_key"]
-        actor_data["public_key"] = new_public_key
-
-        set_data(request, actor_path(request), to_json(actor_data))
-      end
-
-      private
-
-      def actor_path(request)
-        return request.rest_path[0..3] if request.rest_path[2] == "clients"
-
-        request.rest_path[0..1]
-      end
-
-      def get_actor_data(request)
-        path = actor_path(request)
-        parse_json(get_data(request, path))
-      end
-
-      def default_public_key_from_actor(actor_data)
-        { "name" => DEFAULT_PUBLIC_KEY_NAME,
-          "public_key" => actor_data["public_key"],
-          "expiration_date" => "infinity" }
-      end
-
-      def delete_actor_default_public_key!(request, path, actor_data)
-        new_actor_data = actor_data.merge("public_key" => nil)
-        set_data(request, path, to_json(new_actor_data))
-        default_public_key_from_actor(actor_data)
-      end
-    end
-  end
-end
+require_relative "../rest_base"
+
+module ChefZero
+  module Endpoints
+    # ActorDefaultKeyEndpoint
+    #
+    # This class handles DELETE/GET/PUT requests for client/user default public
+    # keys, i.e. requests with identity key "default". All others are handled
+    # by ActorKeyEndpoint.
+    #
+    # Default public keys are stored with the actor (client or user) instead of
+    # under user/client_keys. Handling those in a separate endpoint offloads
+    # the branching logic onto the router rather than branching in every
+    # endpoint method (`if request.rest_path[-1] == "default" ...`).
+    #
+    # /users/USER/keys/default
+    # /organizations/ORG/clients/CLIENT/keys/default
+    class ActorDefaultKeyEndpoint < RestBase
+      DEFAULT_PUBLIC_KEY_NAME = "default".freeze
+
+      def get(request)
+        # 404 if actor doesn't exist
+        actor_data = get_actor_data(request)
+        key_data = default_public_key_from_actor(actor_data)
+
+        # 404 if the actor doesn't have a default key
+        if key_data["public_key"].nil?
+          raise RestErrorResponse.new(404, "Object not found: #{build_uri(request.base_uri, request.rest_path)}")
+        end
+
+        json_response(200, default_public_key_from_actor(actor_data))
+      end
+
+      def delete(request)
+        path = actor_path(request)
+        actor_data = get_actor_data(request) # 404 if actor doesn't exist
+
+        default_public_key = delete_actor_default_public_key!(request, path, actor_data)
+        json_response(200, default_public_key)
+      end
+
+      def put(request)
+        # 404 if actor doesn't exist
+        actor_data = get_actor_data(request)
+
+        new_public_key = parse_json(request.body)["public_key"]
+        actor_data["public_key"] = new_public_key
+
+        set_data(request, actor_path(request), to_json(actor_data))
+      end
+
+      private
+
+      def actor_path(request)
+        return request.rest_path[0..3] if request.rest_path[2] == "clients"
+
+        request.rest_path[0..1]
+      end
+
+      def get_actor_data(request)
+        path = actor_path(request)
+        parse_json(get_data(request, path))
+      end
+
+      def default_public_key_from_actor(actor_data)
+        { "name" => DEFAULT_PUBLIC_KEY_NAME,
+          "public_key" => actor_data["public_key"],
+          "expiration_date" => "infinity" }
+      end
+
+      def delete_actor_default_public_key!(request, path, actor_data)
+        new_actor_data = actor_data.merge("public_key" => nil)
+        set_data(request, path, to_json(new_actor_data))
+        default_public_key_from_actor(actor_data)
+      end
+    end
+  end
+end

data/lib/chef_zero/endpoints/actor_endpoint.rb

@@ -1,184 +1,184 @@
-require "ffi_yajl" unless defined?(FFI_Yajl)
-require_relative "rest_object_endpoint"
-require_relative "../chef_data/data_normalizer"
-
-module ChefZero
-  module Endpoints
-    # /organizations/ORG/clients/NAME
-    # /organizations/ORG/users/NAME
-    # /users/NAME
-    class ActorEndpoint < RestObjectEndpoint
-
-      def get(request)
-        result = super
-        user_data = parse_json(result[2])
-
-        user_data.delete("public_key") unless request.api_v0?
-
-        json_response(200, user_data)
-      end
-
-      def delete(request)
-        result = super
-
-        if request.rest_path[0] == "users"
-          list_data(request, [ "organizations" ]).each do |org|
-            begin
-              delete_data(request, [ "organizations", org, "users", request.rest_path[1] ], :data_store_exceptions)
-            rescue DataStore::DataNotFoundError
-            end
-          end
-        end
-
-        delete_actor_keys!(request)
-        result
-      end
-
-      def put(request)
-        # Find out if we're updating the public key.
-        request_body = FFI_Yajl::Parser.parse(request.body)
-
-        if request_body["public_key"].nil?
-          # If public_key is null, then don't overwrite it.  Weird patchiness.
-          body_modified = true
-          request_body.delete("public_key")
-        else
-          updating_public_key = true
-        end
-
-        # Generate private_key if requested.
-        if request_body.key?("private_key")
-          body_modified = true
-
-          if request_body.delete("private_key")
-            private_key, public_key = server.gen_key_pair
-            updating_public_key = true
-            request_body["public_key"] = public_key
-          end
-        end
-
-        # Put modified body back in `request.body`
-        request.body = to_json(request_body) if body_modified
-
-        # PUT /clients is patchy
-        request.body = patch_request_body(request)
-
-        result = super(request)
-
-        # Inject private_key into response, delete public_key/password if applicable
-        if result[0] == 200 || result[0] == 201
-          client_or_user_name = identity_key_value(request) || request.rest_path[-1]
-
-          if is_rename?(request)
-            rename_keys!(request, client_or_user_name)
-          end
-
-          if request.rest_path[0] == "users"
-            response = {
-              "uri" => build_uri(request.base_uri, [ "users", client_or_user_name ]),
-            }
-          else
-            response = parse_json(result[2])
-          end
-
-          if client?(request)
-            response["private_key"] = private_key ? private_key : false
-          else
-            response["private_key"] = private_key if private_key
-            response.delete("public_key") unless updating_public_key
-          end
-
-          response.delete("password")
-
-          json_response(result[0], response)
-        else
-          result
-        end
-      end
-
-      def populate_defaults(request, response_json)
-        response = parse_json(response_json)
-
-        populated_response =
-          if client?(request)
-            ChefData::DataNormalizer.normalize_client(
-              response,
-              response["name"] || request.rest_path[-1],
-              request.rest_path[1]
-            )
-          else
-            ChefData::DataNormalizer.normalize_user(
-              response,
-              response["username"] || request.rest_path[-1],
-              identity_keys,
-              server.options[:osc_compat],
-              request.method
-            )
-          end
-
-        to_json(populated_response)
-      end
-
-      private
-
-      # Move key data to new path
-      def rename_keys!(request, new_client_or_user_name)
-        orig_keys_path = keys_path_base(request)
-        new_keys_path = orig_keys_path.dup
-          .tap { |path| path[-2] = new_client_or_user_name }
-
-        key_names = list_data_or_else(request, orig_keys_path, nil)
-        return unless key_names # No keys to move
-
-        key_names.each do |key_name|
-          # Get old data
-          orig_path = [ *orig_keys_path, key_name ]
-          data = get_data(request, orig_path, :data_store_exceptions)
-
-          # Copy data to new path
-          create_data(
-            request,
-            new_keys_path, key_name,
-            data,
-            :create_dir
-          )
-        end
-
-        # Delete original data
-        delete_data_dir(request, orig_keys_path, :recursive, :data_store_exceptions)
-      end
-
-      def delete_actor_keys!(request)
-        path = keys_path_base(request)[0..-2]
-        delete_data_dir(request, path, :recursive, :data_store_exceptions)
-      rescue DataStore::DataNotFoundError
-      end
-
-      def client?(request, rest_path = nil)
-        rest_path ||= request.rest_path
-        rest_path[2] == "clients"
-      end
-
-      # Return the data store keys path for the request client or user, e.g.
-      #
-      # /organizations/ORG/clients/CLIENT -> /organizations/ORG/client_keys/CLIENT/keys
-      # /organizations/ORG/users/USER -> /organizations/ORG/user_keys/USER/keys
-      # /users/USER -> /user_keys/USER
-      #
-      def keys_path_base(request, client_or_user_name = nil)
-        rest_path = (rest_path || request.rest_path).dup
-        rest_path = rest_path.dup
-        case rest_path[-2]
-        when "users"
-          rest_path[-2] = "user_keys"
-        when "clients"
-          rest_path[-2] = "client_keys"
-        else
-          raise "Unexpected URL #{rest_path.join("/")}: cannot determine key path"
-        end
-        rest_path << "keys"
-        rest_path
-      end
-    end
-  end
-end
+require "ffi_yajl" unless defined?(FFI_Yajl)
+require_relative "rest_object_endpoint"
+require_relative "../chef_data/data_normalizer"
+
+module ChefZero
+  module Endpoints
+    # /organizations/ORG/clients/NAME
+    # /organizations/ORG/users/NAME
+    # /users/NAME
+    class ActorEndpoint < RestObjectEndpoint
+
+      def get(request)
+        result = super
+        user_data = parse_json(result[2])
+
+        user_data.delete("public_key") unless request.api_v0?
+
+        json_response(200, user_data)
+      end
+
+      def delete(request)
+        result = super
+
+        if request.rest_path[0] == "users"
+          list_data(request, [ "organizations" ]).each do |org|
+
+            delete_data(request, [ "organizations", org, "users", request.rest_path[1] ], :data_store_exceptions)
+          rescue DataStore::DataNotFoundError
+
+          end
+        end
+
+        delete_actor_keys!(request)
+        result
+      end
+
+      def put(request)
+        # Find out if we're updating the public key.
+        request_body = FFI_Yajl::Parser.parse(request.body)
+
+        if request_body["public_key"].nil?
+          # If public_key is null, then don't overwrite it.  Weird patchiness.
+          body_modified = true
+          request_body.delete("public_key")
+        else
+          updating_public_key = true
+        end
+
+        # Generate private_key if requested.
+        if request_body.key?("private_key")
+          body_modified = true
+
+          if request_body.delete("private_key")
+            private_key, public_key = server.gen_key_pair
+            updating_public_key = true
+            request_body["public_key"] = public_key
+          end
+        end
+
+        # Put modified body back in `request.body`
+        request.body = to_json(request_body) if body_modified
+
+        # PUT /clients is patchy
+        request.body = patch_request_body(request)
+
+        result = super(request)
+
+        # Inject private_key into response, delete public_key/password if applicable
+        if result[0] == 200 || result[0] == 201
+          client_or_user_name = identity_key_value(request) || request.rest_path[-1]
+
+          if is_rename?(request)
+            rename_keys!(request, client_or_user_name)
+          end
+
+          if request.rest_path[0] == "users"
+            response = {
+              "uri" => build_uri(request.base_uri, [ "users", client_or_user_name ]),
+            }
+          else
+            response = parse_json(result[2])
+          end
+
+          if client?(request)
+            response["private_key"] = private_key || false
+          else
+            response["private_key"] = private_key if private_key
+            response.delete("public_key") unless updating_public_key
+          end
+
+          response.delete("password")
+
+          json_response(result[0], response)
+        else
+          result
+        end
+      end
+
+      def populate_defaults(request, response_json)
+        response = parse_json(response_json)
+
+        populated_response =
+          if client?(request)
+            ChefData::DataNormalizer.normalize_client(
+              response,
+              response["name"] || request.rest_path[-1],
+              request.rest_path[1]
+            )
+          else
+            ChefData::DataNormalizer.normalize_user(
+              response,
+              response["username"] || request.rest_path[-1],
+              identity_keys,
+              server.options[:osc_compat],
+              request.method
+            )
+          end
+
+        to_json(populated_response)
+      end
+
+      private
+
+      # Move key data to new path
+      def rename_keys!(request, new_client_or_user_name)
+        orig_keys_path = keys_path_base(request)
+        new_keys_path = orig_keys_path.dup
+          .tap { |path| path[-2] = new_client_or_user_name }
+
+        key_names = list_data_or_else(request, orig_keys_path, nil)
+        return unless key_names # No keys to move
+
+        key_names.each do |key_name|
+          # Get old data
+          orig_path = [ *orig_keys_path, key_name ]
+          data = get_data(request, orig_path, :data_store_exceptions)
+
+          # Copy data to new path
+          create_data(
+            request,
+            new_keys_path, key_name,
+            data,
+            :create_dir
+          )
+        end
+
+        # Delete original data
+        delete_data_dir(request, orig_keys_path, :recursive, :data_store_exceptions)
+      end
+
+      def delete_actor_keys!(request)
+        path = keys_path_base(request)[0..-2]
+        delete_data_dir(request, path, :recursive, :data_store_exceptions)
+      rescue DataStore::DataNotFoundError
+      end
+
+      def client?(request, rest_path = nil)
+        rest_path ||= request.rest_path
+        rest_path[2] == "clients"
+      end
+
+      # Return the data store keys path for the request client or user, e.g.
+      #
+      # /organizations/ORG/clients/CLIENT -> /organizations/ORG/client_keys/CLIENT/keys
+      # /organizations/ORG/users/USER -> /organizations/ORG/user_keys/USER/keys
+      # /users/USER -> /user_keys/USER
+      #
+      def keys_path_base(request, client_or_user_name = nil)
+        rest_path = (rest_path || request.rest_path).dup
+        rest_path = rest_path.dup
+        case rest_path[-2]
+        when "users"
+          rest_path[-2] = "user_keys"
+        when "clients"
+          rest_path[-2] = "client_keys"
+        else
+          raise "Unexpected URL #{rest_path.join("/")}: cannot determine key path"
+        end
+        rest_path << "keys"
+        rest_path
+      end
+    end
+  end
+end