class Puppet::Context::TrustedInformation
@api private
Attributes
one of 'remote', 'local', or false, where 'remote' is authenticated via cert, 'local' is trusted by virtue of running on the same machine (not a remote request), and false is an unauthenticated remote request.
@return [String, Boolean]
The validated certificate name used for the request
@return [String]
The domain name derived from the validated certificate name
@return [String]
Extra information that comes from the trusted certificate's extensions.
@return [Hash{Object => Object}]
The hostname derived from the validated certificate name
@return [String]
Public Class Methods
# File lib/puppet/context/trusted_information.rb 66 def self.local(node) 67 # Always trust local data by picking up the available parameters. 68 client_cert = node ? node.parameters['clientcert'] : nil 69 external = proc { retrieve_trusted_external(client_cert) } 70 71 new('local', client_cert, {}, external) 72 end
# File lib/puppet/context/trusted_information.rb 33 def initialize(authenticated, certname, extensions, external = {}) 34 @authenticated = authenticated.freeze 35 @certname = certname.freeze 36 @extensions = extensions.freeze 37 if @certname 38 hostname, domain = @certname.split('.', 2) 39 else 40 hostname = nil 41 domain = nil 42 end 43 @hostname = hostname.freeze 44 @domain = domain.freeze 45 @external = external.is_a?(Proc) ? external : external.freeze 46 end
# File lib/puppet/context/trusted_information.rb 48 def self.remote(authenticated, node_name, certificate) 49 external = proc { retrieve_trusted_external(node_name) } 50 51 if authenticated 52 extensions = {} 53 if certificate.nil? 54 Puppet.info(_('TrustedInformation expected a certificate, but none was given.')) 55 else 56 extensions = Hash[certificate.custom_extensions.collect do |ext| 57 [ext['oid'].freeze, ext['value'].freeze] 58 end] 59 end 60 new('remote', node_name, extensions, external) 61 else 62 new(false, nil, {}, external) 63 end 64 end
Private Class Methods
Deeply freezes the given object. The object and its content must be of the types: Array, Hash, Numeric, Boolean, Regexp, NilClass, or String. All other types raises an Error. (i.e. if they are assignable to Puppet::Pops::Types::Data type).
# File lib/puppet/context/trusted_information.rb 92 def self.deep_freeze(object) 93 case object 94 when Array 95 object.each {|v| deep_freeze(v) } 96 object.freeze 97 when Hash 98 object.each {|k, v| deep_freeze(k); deep_freeze(v) } 99 object.freeze 100 when NilClass, Numeric, TrueClass, FalseClass 101 # do nothing 102 when String 103 object.freeze 104 else 105 raise Puppet::Error, _("Unsupported data type: '%{klass}'") % { klass: object.class } 106 end 107 object 108 end
# File lib/puppet/context/trusted_information.rb 84 def self.retrieve_trusted_external(certname) 85 deep_freeze(Puppet::TrustedExternal.retrieve(certname) || {}) 86 end
Public Instance Methods
Additional external facts loaded through `trusted_external_command`.
@return [Hash]
# File lib/puppet/context/trusted_information.rb 77 def external 78 if @external.is_a?(Proc) 79 @external = @external.call.freeze 80 end 81 @external 82 end
# File lib/puppet/context/trusted_information.rb 111 def to_h 112 { 113 'authenticated' => authenticated, 114 'certname' => certname, 115 'extensions' => extensions, 116 'hostname' => hostname, 117 'domain' => domain, 118 'external' => external, 119 }.freeze 120 end