lib/onering/api.rb in onering-client-0.0.99 vs lib/onering/api.rb in onering-client-0.1.1

- old
+ new

@@ -210,55 +210,34 @@ end # ----------------------------------------------------------------------------- def _setup_auth() type = Onering::Config.get('authentication.type', :auto) - - case type.to_sym - when :token - _setup_auth_token() - - else - _setup_auth_ssl() - end + _setup_auth_token() end # ----------------------------------------------------------------------------- def _default_param(key, value) @_default_params ||= {} @_default_params[key] = value Onering::API.default_params(@_default_params) end # ----------------------------------------------------------------------------- - def _setup_auth_ssl() - begin - Onering::Logger.info("Using SSL authentication mechanism", "Onering::API") + def _setup_auth_token() + Onering::Logger.info("Using token authentication mechanism", "Onering::API") - # get first keyfile found - key = (([Onering::Config.get('authentication.keyfile')] + DEFAULT_CLIENT_PEM).compact.select{|i| - rv = (File.readable?(File.expand_path(i)) rescue false) - Onering::Logger.debug("SSL keyfile found at #{File.expand_path(i)}", "Onering::API") if rv === true - rv - }).first + # get first keyfile found + key = Onering::Config.get('authentication.key', Onering::Config.get('authentication.keyfile')) - # SSL client key not found, attempt autoregistration... - if key.nil? - if Onering::Config.get('authentication.autoregister', true) - Onering::Logger.warn("SSL keyfile not found, attempting to autoregister client", "Onering::API") + if key.nil? + if Onering::Config.get('authentication.bootstrap.enabled', true) + Onering::Logger.warn("Authentication token not found, attempting to autoregister client", "Onering::API") - validation_key = Onering::Config.get('authentication.validation_keyfile', DEFAULT_VALIDATION_PEM) - validation_key = (File.expand_path(validation_key) rescue validation_key) - - # if validation key exists, autoregister - if File.size?(validation_key) - Onering::Logger.debug("Using validation key at #{validation_key}", "Onering::API") - - # set the authentication PEM to validation.pem - Onering::API.pem(File.read(validation_key)) - - # attempt to create client.pem from least-specific to most, first writable path wins + if not (bootstrap = Onering::Config.get('authentication.bootstrap.key')).nil? + if bootstrap.to_s =~ /[0-9a-f]{32,64}/ + # attempt to create key.yml from least-specific to most, first writable path wins clients = [{ :path => "/etc/onering", :name => fact('hardwareid'), :keyname => 'system', :autodelete => true @@ -271,58 +250,58 @@ # for each client attempt... clients.each do |client| # expand and assemble path client[:path] = (File.expand_path(client[:path]) rescue client[:path]) - keyfile = File.join(client[:path], 'client.pem') + keyfile = File.join(client[:path], 'key.yml') # skip this if we can't write to the parent directory next unless File.writable?(client[:path]) Dir.mkdir(client[:path]) unless File.directory?(client[:path]) next if File.exists?(keyfile) + self.class.headers({ + 'X-Auth-Bootstrap-Token' => bootstrap + }) + # attempt to create/download the keyfile - Onering::Logger.debug("Requesting SSL keyfile as client #{client[:name].strip}, key #{client[:keyname]}", "Onering::API") - response = self.class.get("/api/users/#{client[:name].strip}/keys/#{client[:keyname]}") + Onering::Logger.debug("Requesting authentication token for #{client[:name].strip}; #{bootstrap}", "Onering::API") + response = self.class.get("/api/users/#{client[:name].strip}/tokens/#{client[:keyname]}") # if successful, write the file if response.code < 400 and response.body - File.open(keyfile, 'w').puts(response.body) - raise Actions::Retry.new + File.open(keyfile, 'w').puts(YAML.dump({ + 'authentication' => { + 'key' => response.body.strip.chomp + } + })) + + key = response.body.strip.chomp + else # all errors are fatal at this stage Onering::Logger.fatal!("Cannot autoregister client: HTTP #{response.code} - #{(response.parsed_response || {}).get('error.message', 'Unknown error')}", "Onering::API") end - end - # it is an error to not have created a client.pem by now - raise Errors::AuthenticationMissing.new("Cannot autoregister client: keyfile not created") + self.class.headers({}) + # we're done here... + break + end else - # cannot autoregister without a validation.pem - raise Errors::AuthenticationMissing.new("Cannot autoregister client: validation keyfile is missing") + raise Errors::AuthenticationMissing.new("Autoregistration failed: invalid bootstrap token specified") end + else - raise Errors::AuthenticationMissing.new("Cannot find SSL key and autoregistration is disabled") + raise Errors::AuthenticationMissing.new("Autoregistration failed: no bootstrap token specified") end + else - Onering::API.pem(File.read((File.expand_path(key) rescue key))) - Onering::Logger.debug("Using SSL keyfile #{File.expand_path(key) rescue key}", "Onering::API") + raise Errors::AuthenticationMissing.new("Authentication token not found, and autoregistration disabled") end - - rescue Actions::Retry - retry end - end - -# ----------------------------------------------------------------------------- - def _setup_auth_token() - Onering::Logger.info("Using token authentication mechanism", "Onering::API") - - # get first keyfile found - key = Onering::Config.get('authentication.key', Onering::Config.get('authentication.keyfile')) raise Errors::AuthenticationMissing.new("Token authentication specified, but cannot find a token config or as a command line argument") if key.nil? # set auth mechanism Onering::API.headers({ 'X-Auth-Mechanism' => 'token' @@ -330,6 +309,6 @@ # set default parameters _default_param(:token, key) end end -end \ No newline at end of file +end