[chef] A question: how to get the already existed registration secret.

[Dikang Gu < >]

Hello folks,

I have a question about the following code (in chef/lib/chef/client.rb):

   def register

      determine_node_name unless @node_name

      Chef::Log.debug("Registering #{@safe_name} for an openid")

      

      begin

        if @rest.get_rest("registrations/#{@safe_name}")

          @secret = Chef::FileCache.load(File.join("registration", @safe_name))

        end

      rescue Net::HTTPServerException => e

        case e.message

        when /^404/

          create_registration

        else

          raise

        end

      rescue Chef::Exceptions::FileNotFound

        Chef::Application.fatal! "A remote registration already exists for #{@safe_name}, however the local shared secret does not exist." +

          " To remedy this, you could delete the registration via webUI/REST, change the node_name option in config.rb" +

          " (or use the -N/--node-name option to the CLI) or" +

          " copy the old shared secret to #{File.join(Chef::Config[:file_cache_path], 'registration', @safe_name)}", 3

      end

 

      true

    end

   def authenticate

      determine_node_name unless @node_name

      Chef::Log.debug("Authenticating #{@safe_name} via openid")

      response = @rest.post_rest('openid/consumer/start', {

        "openid_identifier" => "#{Chef::Config[:openid_url]}/openid/server/node/#{@safe_name}",

        "submit" => "Verify"

      })

      @rest.post_rest(

        "#{Chef::Config[:openid_url]}#{response["action"]}",

        { "password" => @secret }

      )

    end

If the registration already exists, that is, we will get the secret from the line "@secret = Chef::FileCache.load(File.join("registration", @safe_name))", but this is the one after the encryption, right? And then, in the authenticate function, we should post  the secret unencrypted to the openid server, right? How do you solve this problem?


Thanks
Dikang