Commit ac3f5ee8 authored by danielsdeleo's avatar danielsdeleo
Browse files

Backport CHEF-4373 to 10.x

parent 1d786d44
......@@ -239,6 +239,9 @@ class Chef
# Save this client via the REST API, returns a hash including the private key
def save(new_key=false, validation=false)
# Implement CHEF-4373 with minimal churn to existing code:
return register_with_self_generated_key if new_key && validation && Chef::Config.local_key_generation
if validation
r = Chef::REST.new(Chef::Config[:chef_server_url], Chef::Config[:validation_client_name], Chef::Config[:validation_key])
else
......@@ -257,6 +260,25 @@ class Chef
end
end
def register_with_self_generated_key
r = Chef::REST.new(Chef::Config[:chef_server_url], Chef::Config[:validation_client_name], Chef::Config[:validation_key])
pkey = OpenSSL::PKey::RSA.generate(2048)
client_data = {:name => name, :admin => false , :public_key => pkey.public_key.to_pem}
# First, try and create a new registration
r = begin
r.post_rest("clients", client_data)
rescue Net::HTTPServerException => e
# If that fails, go ahead and try and update it
if e.response.code == "409"
r.put_rest("clients/#{name}", client_data)
else
raise e
end
end
private_key(pkey.to_pem)
self
end
def reregister
r = Chef::REST.new(Chef::Config[:chef_server_url])
reregistered_self = r.put_rest("clients/#{name}", { :name => name, :admin => admin, :private_key => true })
......
......@@ -251,6 +251,64 @@ describe Chef::ApiClient do
end
end
context "and client side key generation is enabled" do
let(:response) { {"uri"=> "https://example.com/clients/selfgenkeytest-1395958070", "public_key" => "rsa-key-data"} }
let(:pkey_in) { IO.read(File.join(CHEF_SPEC_DATA, "ssl/private_key.pem")) }
let(:generated_key) { OpenSSL::PKey::RSA.new(pkey_in) }
let(:generated_public_key) { generated_key.public_key }
before do
@client.name("deadsexy")
OpenSSL::PKey::RSA.stub(:generate).and_return(generated_key)
Chef::Config.stub(:local_key_generation).and_return true
end
context "and the client doesn't exist" do
let(:response) { {"uri"=> "https://example.com/clients/selfgenkeytest-1395958070", "public_key" => "rsa-key-data"} }
let(:pkey_in) { IO.read(File.join(CHEF_SPEC_DATA, "ssl/private_key.pem")) }
let(:generated_key) { OpenSSL::PKey::RSA.new(pkey_in) }
let(:generated_public_key) { generated_key.public_key }
before do
@http_client.should_receive(:post_rest).
with("clients", :name => "deadsexy", :admin => false, :public_key => generated_public_key.to_pem).
and_return(response)
end
it "creates the client with self generated key" do
@client.save(true, true)
@client.private_key.should == generated_key.to_pem
end
end
context "and the client already exists" do
before do
http_conflict_response = Net::HTTPConflict.new("409 blah blah", "409", "409")
http_conflict_error = Net::HTTPServerException.new("409 conflict", http_conflict_response)
@http_client.should_receive(:post_rest).
with("clients", :name => "deadsexy", :admin => false, :public_key => generated_public_key.to_pem).
and_raise(http_conflict_error)
@http_client.should_receive(:put_rest).
with("clients/deadsexy", :name => "deadsexy", :admin => false, :public_key => generated_public_key.to_pem).
and_return(response)
end
it "creates the client with self generated key" do
@client.save(true, true)
@client.private_key.should == generated_key.to_pem
end
end
end
end
end
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment