class Puppet::Context::TrustedInformation

@api private

Attributes

authenticated[R]

one of 'remote', 'local', or false, where 'remote' is authenticated via cert, 'local' is trusted by virtue of running on the same machine (not a remote request), and false is an unauthenticated remote request.

@return [String, Boolean]

certname[R]

The validated certificate name used for the request

@return [String]

domain[R]

The domain name derived from the validated certificate name

@return [String]

extensions[R]

Extra information that comes from the trusted certificate's extensions.

@return [Hash{Object => Object}]

hostname[R]

The hostname derived from the validated certificate name

@return [String]

Public Class Methods

local(node) click to toggle source
   # File lib/puppet/context/trusted_information.rb
65 def self.local(node)
66   # Always trust local data by picking up the available parameters.
67   client_cert = node ? node.parameters['clientcert'] : nil
68   external = proc { retrieve_trusted_external(client_cert) }
69 
70   new('local', client_cert, {}, external)
71 end
new(authenticated, certname, extensions, external = {}) click to toggle source
   # File lib/puppet/context/trusted_information.rb
32 def initialize(authenticated, certname, extensions, external = {})
33   @authenticated = authenticated.freeze
34   @certname = certname.freeze
35   @extensions = extensions.freeze
36   if @certname
37     hostname, domain = @certname.split('.', 2)
38   else
39     hostname = nil
40     domain = nil
41   end
42   @hostname = hostname.freeze
43   @domain = domain.freeze
44   @external = external.is_a?(Proc) ? external : external.freeze
45 end
remote(authenticated, node_name, certificate) click to toggle source
   # File lib/puppet/context/trusted_information.rb
47 def self.remote(authenticated, node_name, certificate)
48   external = proc { retrieve_trusted_external(node_name) }
49 
50   if authenticated
51     extensions = {}
52     if certificate.nil?
53       Puppet.info(_('TrustedInformation expected a certificate, but none was given.'))
54     else
55       extensions = Hash[certificate.custom_extensions.collect do |ext|
56         [ext['oid'].freeze, ext['value'].freeze]
57       end]
58     end
59     new('remote', node_name, extensions, external)
60   else
61     new(false, nil, {}, external)
62   end
63 end

Private Class Methods

deep_freeze(object) click to toggle source

Deeply freezes the given object. The object and its content must be of the types: Array, Hash, Numeric, Boolean, Regexp, NilClass, or String. All other types raises an Error. (i.e. if they are assignable to Puppet::Pops::Types::Data type).

    # File lib/puppet/context/trusted_information.rb
 91 def self.deep_freeze(object)
 92   case object
 93   when Array
 94     object.each {|v| deep_freeze(v) }
 95     object.freeze
 96   when Hash
 97     object.each {|k, v| deep_freeze(k); deep_freeze(v) }
 98     object.freeze
 99   when NilClass, Numeric, TrueClass, FalseClass
100     # do nothing
101   when String
102     object.freeze
103   else
104     raise Puppet::Error, _("Unsupported data type: '%{klass}'") % { klass: object.class }
105   end
106   object
107 end
retrieve_trusted_external(certname) click to toggle source
   # File lib/puppet/context/trusted_information.rb
83 def self.retrieve_trusted_external(certname)
84   deep_freeze(Puppet::TrustedExternal.retrieve(certname) || {})
85 end

Public Instance Methods

external() click to toggle source

Additional external facts loaded through `trusted_external_command`.

@return [Hash]

   # File lib/puppet/context/trusted_information.rb
76 def external
77   if @external.is_a?(Proc)
78     @external = @external.call.freeze
79   end
80   @external
81 end
to_h() click to toggle source
    # File lib/puppet/context/trusted_information.rb
110 def to_h
111   {
112     'authenticated'.freeze => authenticated,
113     'certname'.freeze => certname,
114     'extensions'.freeze => extensions,
115     'hostname'.freeze => hostname,
116     'domain'.freeze => domain,
117     'external'.freeze => external,
118   }.freeze
119 end