class ChefAPI::Resource::Client

Public Class Methods

from_file(path) click to toggle source

Load the client from a .pem file on disk. Lots of assumptions are made here.

@param [String] path

the path to the client on disk

@return [Resource::Client]

# File lib/chef-api/resources/client.rb, line 28
def from_file(path)
  name, key = Util.safe_read(path)

  if client = fetch(name)
    client.private_key = key
    client
  else
    new(name: name, private_key: key)
  end
end
new(attributes = {}, prefix = {}) click to toggle source

Override the loading of the client. Since HEC and EC both return certificate, but OPC and CZ both use public_key. In order to normalize this discrepancy, the intializer converts the response from the server OPC format. HEC and EC both handle putting a public key to the server instead of a certificate.

@see Resource::Base#initialize

Calls superclass method ChefAPI::Resource::Base::new
# File lib/chef-api/resources/client.rb, line 49
def initialize(attributes = {}, prefix = {})
  if certificate = attributes.delete(:certificate) ||
                   attributes.delete('certificate')
    x509 = OpenSSL::X509::Certificate.new(certificate)
    attributes[:public_key] = x509.public_key.to_pem
  end

  super
end

Public Instance Methods

regenerate_keys() click to toggle source

Generate a new RSA private key for this API client.

@example Regenerate the private key

key = client.regenerate_key
key #=> "-----BEGIN PRIVATE KEY-----\nMIGfMA0GCS..."

@note For security reasons, you should perform this operation sparingly!

The resulting private key is committed to this object, meaning it is
saved to memory somewhere. You should set this resource's +private_key+
to +nil+ after you have committed it to disk and perform a manual GC to
be ultra-secure.

@note Regenerating the private key also regenerates the public key!

@return [self]

the current resource with the new public and private key attributes
# File lib/chef-api/resources/client.rb, line 77
def regenerate_keys
  raise Error::CannotRegenerateKey if new_resource?
  update(private_key: true).save!
  self
end