func getResults(variety string, toGet []string) []indexer.Indexable {
var results []indexer.Indexable
switch variety {
case "node":
for _, n := range toGet {
if node, _ := node.Get(n); node != nil {
results = append(results, node)
}
}
case "role":
for _, r := range toGet {
if role, _ := role.Get(r); role != nil {
results = append(results, role)
}
}
case "client":
for _, c := range toGet {
if client, _ := client.Get(c); client != nil {
results = append(results, client)
}
}
case "environment":
for _, e := range toGet {
if environment, _ := environment.Get(e); environment != nil {
results = append(results, environment)
}
}
default: // It's a data bag
/* These may require further processing later. */
dbag, _ := databag.Get(variety)
if dbag != nil {
for _, k := range toGet {
dbi, err := dbag.GetDBItem(k)
if err != nil {
// at least log the error for
// now
logger.Errorf(err.Error())
}
results = append(results, dbi)
}
}
}
return results
}
// GetReqUser gets the actor making the request. If use-auth is not on, always
// returns the admin user.
func GetReqUser(name string) (Actor, util.Gerror) {
/* If UseAuth is turned off, use the automatically created admin user */
if !config.Config.UseAuth {
name = "admin"
}
var c Actor
var err error
c, err = client.Get(name)
if err != nil {
/* Theoretically it should be hard to reach this point, since
* if the signed request was accepted the user ought to exist.
* Still, best to be cautious. */
u, cerr := user.Get(name)
if cerr != nil {
gerr := util.Errorf("Neither a client nor a user named '%s' could be found. In addition, the following errors were reported: %s -- %s", name, err.Error(), cerr.Error())
gerr.SetStatus(http.StatusUnauthorized)
return nil, gerr
}
c = u
}
return c, nil
}
func createDefaultActors() {
if cwebui, _ := client.Get("chef-webui"); cwebui == nil {
if webui, nerr := client.New("chef-webui"); nerr != nil {
logger.Criticalf(nerr.Error())
os.Exit(1)
} else {
webui.Admin = true
pem, err := webui.GenerateKeys()
if err != nil {
logger.Criticalf(err.Error())
os.Exit(1)
}
if config.Config.UseAuth {
if fp, ferr := os.Create(fmt.Sprintf("%s/%s.pem", config.Config.ConfRoot, webui.Name)); ferr == nil {
fp.Chmod(0600)
fp.WriteString(pem)
fp.Close()
} else {
logger.Criticalf(ferr.Error())
os.Exit(1)
}
}
webui.Save()
}
}
if cvalid, _ := client.Get("chef-validator"); cvalid == nil {
if validator, verr := client.New("chef-validator"); verr != nil {
logger.Criticalf(verr.Error())
os.Exit(1)
} else {
validator.Validator = true
pem, err := validator.GenerateKeys()
if err != nil {
logger.Criticalf(err.Error())
os.Exit(1)
}
if config.Config.UseAuth {
if fp, ferr := os.Create(fmt.Sprintf("%s/%s.pem", config.Config.ConfRoot, validator.Name)); ferr == nil {
fp.Chmod(0600)
fp.WriteString(pem)
fp.Close()
} else {
logger.Criticalf(ferr.Error())
os.Exit(1)
}
}
validator.Save()
}
}
if uadmin, _ := user.Get("admin"); uadmin == nil {
if admin, aerr := user.New("admin"); aerr != nil {
logger.Criticalf(aerr.Error())
os.Exit(1)
} else {
admin.Admin = true
pem, err := admin.GenerateKeys()
if err != nil {
logger.Criticalf(err.Error())
os.Exit(1)
}
if config.Config.UseAuth {
if fp, ferr := os.Create(fmt.Sprintf("%s/%s.pem", config.Config.ConfRoot, admin.Name)); ferr == nil {
fp.Chmod(0600)
fp.WriteString(pem)
fp.Close()
} else {
logger.Criticalf(ferr.Error())
os.Exit(1)
}
}
if aerr := admin.Save(); aerr != nil {
logger.Criticalf(aerr.Error())
os.Exit(1)
}
}
}
environment.MakeDefaultEnvironment()
return
}
func clientHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
path := splitPath(r.URL.Path)
clientName := path[1]
opUser, oerr := actor.GetReqUser(r.Header.Get("X-OPS-USERID"))
if oerr != nil {
jsonErrorReport(w, r, oerr.Error(), oerr.Status())
return
}
switch r.Method {
case "DELETE":
chefClient, gerr := client.Get(clientName)
if gerr != nil {
jsonErrorReport(w, r, gerr.Error(), gerr.Status())
return
}
if !opUser.IsAdmin() && !opUser.IsSelf(chefClient) {
jsonErrorReport(w, r, "Deleting that client is forbidden", http.StatusForbidden)
return
}
/* Docs were incorrect. It does want the body of the
* deleted object. */
jsonClient := chefClient.ToJSON()
/* Log the delete event before deleting the client, in
* case the client is deleting itself. */
if lerr := loginfo.LogEvent(opUser, chefClient, "delete"); lerr != nil {
jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError)
return
}
err := chefClient.Delete()
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusForbidden)
return
}
enc := json.NewEncoder(w)
if err = enc.Encode(&jsonClient); err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
return
}
case "GET":
chefClient, gerr := client.Get(clientName)
if gerr != nil {
jsonErrorReport(w, r, gerr.Error(), gerr.Status())
return
}
if !opUser.IsAdmin() && !opUser.IsSelf(chefClient) {
jsonErrorReport(w, r, "You are not allowed to perform that action.", http.StatusForbidden)
return
}
/* API docs are wrong here re: public_key vs.
* certificate. Also orgname (at least w/ open source)
* and clientname, and it wants chef_type and
* json_class
*/
jsonClient := chefClient.ToJSON()
enc := json.NewEncoder(w)
if err := enc.Encode(&jsonClient); err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
return
}
case "PUT":
clientData, jerr := parseObjJSON(r.Body)
if jerr != nil {
jsonErrorReport(w, r, jerr.Error(), http.StatusBadRequest)
return
}
chefClient, err := client.Get(clientName)
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusNotFound)
return
}
/* Makes chef-pedant happy. I suppose it is, after all,
* pedantic. */
if averr := util.CheckAdminPlusValidator(clientData); averr != nil {
jsonErrorReport(w, r, averr.Error(), averr.Status())
return
}
if !opUser.IsAdmin() && !opUser.IsSelf(chefClient) {
jsonErrorReport(w, r, "You are not allowed to perform that action.", http.StatusForbidden)
return
}
if !opUser.IsAdmin() {
var verr util.Gerror
aerr := opUser.CheckPermEdit(clientData, "admin")
if !opUser.IsValidator() {
verr = opUser.CheckPermEdit(clientData, "validator")
}
if aerr != nil && verr != nil {
jsonErrorReport(w, r, "Client can be either an admin or a validator, but not both.", http.StatusBadRequest)
return
} else if aerr != nil || verr != nil {
if aerr == nil {
aerr = verr
}
jsonErrorReport(w, r, aerr.Error(), aerr.Status())
return
}
}
jsonName, sterr := util.ValidateAsString(clientData["name"])
if sterr != nil {
jsonErrorReport(w, r, sterr.Error(), http.StatusBadRequest)
return
}
/* If clientName and clientData["name"] aren't the
* same, we're renaming. Check the new name doesn't
* already exist. */
jsonClient := chefClient.ToJSON()
if clientName != jsonName {
if lerr := loginfo.LogEvent(opUser, chefClient, "modify"); lerr != nil {
jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError)
return
}
err := chefClient.Rename(jsonName)
if err != nil {
jsonErrorReport(w, r, err.Error(), err.Status())
return
}
w.WriteHeader(http.StatusCreated)
}
if uerr := chefClient.UpdateFromJSON(clientData); uerr != nil {
jsonErrorReport(w, r, uerr.Error(), uerr.Status())
return
}
if pk, pkfound := clientData["public_key"]; pkfound {
switch pk := pk.(type) {
case string:
if pkok, pkerr := client.ValidatePublicKey(pk); !pkok {
jsonErrorReport(w, r, pkerr.Error(), http.StatusBadRequest)
return
}
chefClient.SetPublicKey(pk)
jsonClient["public_key"] = pk
case nil:
//show_public_key = false
default:
jsonErrorReport(w, r, "Bad request", http.StatusBadRequest)
return
}
}
if p, pfound := clientData["private_key"]; pfound {
switch p := p.(type) {
case bool:
if p {
var cgerr error
if jsonClient["private_key"], cgerr = chefClient.GenerateKeys(); cgerr != nil {
jsonErrorReport(w, r, cgerr.Error(), http.StatusInternalServerError)
return
}
// make sure the json
// client gets the new
// public key
jsonClient["public_key"] = chefClient.PublicKey()
}
default:
jsonErrorReport(w, r, "Bad request", http.StatusBadRequest)
return
}
}
chefClient.Save()
if lerr := loginfo.LogEvent(opUser, chefClient, "modify"); lerr != nil {
jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError)
return
}
enc := json.NewEncoder(w)
if err := enc.Encode(&jsonClient); err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
return
}
default:
jsonErrorReport(w, r, "Unrecognized method for client!", http.StatusMethodNotAllowed)
}
}