class Puppet::Context::TrustedInformation
@api private
Attributes
one of 'remote', 'local', or false, where 'remote' is authenticated via cert, 'local' is trusted by virtue of running on the same machine (not a remote request), and false is an unauthenticated remote request.
@return [String, Boolean]
The validated certificate name used for the request
@return [String]
The domain name derived from the validated certificate name
@return [String]
Extra information that comes from the trusted certificate's extensions.
@return [Hash{Object => Object}]
The hostname derived from the validated certificate name
@return [String]
Public Class Methods
# File lib/puppet/context/trusted_information.rb 65 def self.local(node) 66 # Always trust local data by picking up the available parameters. 67 client_cert = node ? node.parameters['clientcert'] : nil 68 external = proc { retrieve_trusted_external(client_cert) } 69 70 new('local', client_cert, {}, external) 71 end
# File lib/puppet/context/trusted_information.rb 32 def initialize(authenticated, certname, extensions, external = {}) 33 @authenticated = authenticated.freeze 34 @certname = certname.freeze 35 @extensions = extensions.freeze 36 if @certname 37 hostname, domain = @certname.split('.', 2) 38 else 39 hostname = nil 40 domain = nil 41 end 42 @hostname = hostname.freeze 43 @domain = domain.freeze 44 @external = external.is_a?(Proc) ? external : external.freeze 45 end
# File lib/puppet/context/trusted_information.rb 47 def self.remote(authenticated, node_name, certificate) 48 external = proc { retrieve_trusted_external(node_name) } 49 50 if authenticated 51 extensions = {} 52 if certificate.nil? 53 Puppet.info(_('TrustedInformation expected a certificate, but none was given.')) 54 else 55 extensions = Hash[certificate.custom_extensions.collect do |ext| 56 [ext['oid'].freeze, ext['value'].freeze] 57 end] 58 end 59 new('remote', node_name, extensions, external) 60 else 61 new(false, nil, {}, external) 62 end 63 end
Private Class Methods
Deeply freezes the given object. The object and its content must be of the types: Array, Hash, Numeric, Boolean, Regexp, NilClass, or String. All other types raises an Error. (i.e. if they are assignable to Puppet::Pops::Types::Data type).
# File lib/puppet/context/trusted_information.rb 91 def self.deep_freeze(object) 92 case object 93 when Array 94 object.each {|v| deep_freeze(v) } 95 object.freeze 96 when Hash 97 object.each {|k, v| deep_freeze(k); deep_freeze(v) } 98 object.freeze 99 when NilClass, Numeric, TrueClass, FalseClass 100 # do nothing 101 when String 102 object.freeze 103 else 104 raise Puppet::Error, _("Unsupported data type: '%{klass}'") % { klass: object.class } 105 end 106 object 107 end
# File lib/puppet/context/trusted_information.rb 83 def self.retrieve_trusted_external(certname) 84 deep_freeze(Puppet::TrustedExternal.retrieve(certname) || {}) 85 end
Public Instance Methods
Additional external facts loaded through `trusted_external_command`.
@return [Hash]
# File lib/puppet/context/trusted_information.rb 76 def external 77 if @external.is_a?(Proc) 78 @external = @external.call.freeze 79 end 80 @external 81 end
# File lib/puppet/context/trusted_information.rb 110 def to_h 111 { 112 'authenticated'.freeze => authenticated, 113 'certname'.freeze => certname, 114 'extensions'.freeze => extensions, 115 'hostname'.freeze => hostname, 116 'domain'.freeze => domain, 117 'external'.freeze => external, 118 }.freeze 119 end