knife-acl 0.0.11 → 0.0.12

data/README.md

@@ -2,9 +2,48 @@
 
 # Description
 
-This is an UNOFFICIAL and EXPERIMENTAL knife plugin to support basic
-user/group operations for Hosted Chef. All commands assume a working
-knife config for an org on Hosted Chef.
+This is an Opscode supported knife plugin which provides some user/group
+ACL operations for Enterprise Chef. All commands assume a working
+knife configuration for an organization on Enterprise Chef.
+
+# User Specific Association Group
+
+User Specific Association Groups (USAGs) are a mechanism to grant access to
+organization objects to users such that it is possible to quickly revoke the
+access without touching all objects in the organization.
+
+Each USAG contains a single user. The USAG is then added to other groups or
+directly to the ACLs of an object as needed.
+
+When the user is dissociated from an organization only the user's USAG needs to
+be deleted thereby quickly revoking access to all objects in the organization.
+
+USAGs and their membership within other normal groups are not visible in the
+current [management console's web interface](https://manage.opscode.com).
+
+### STOP managing group membership with the web interface
+
+USAGs are currently the correct way to add/remove users to/from groups in an
+organization.
+
+**Be warned**, once you start managing a group's membership using `knife-acl`
+you should **avoid managing that group's membership using the [management
+console's web interface](https://manage.opscode.com)**.
+
+You can add USAGs to a group using `knife-acl` but if you click "Save Group" in
+the web interface then all USAGs will be removed from the group erasing any
+`knife-acl` work that was done on the group. This will happen even if no
+changes were made to the group's members in the web interface.
+
+The "Users" group is a special group. When a user is associated with an
+organization the user's USAG is automatically made a member of the
+"Users" group. You can remove USAGs from the "Users" group using `knife-acl`
+but if you click "Save Group" in the web interface then all USAGs in the
+organization will be added back to the "Users" group erasing any `knife-acl`
+work that was done on the "Users" group. This will happen even if no changes
+were made to the group's members in the web interface.
+
+# Example: Manage a read-only Group
 
 You can use these commands to manage a read-only group.  To do so:
 
@@ -13,7 +52,9 @@ You can use these commands to manage a read-only group.  To do so:
 
         knife actor map
 
-2. In the webUI, create a group that will hold read-only users.
+2. Create a group that will hold read-only users:
+
+        knife group create read-only
 
 3. For each user you wish to have read only access as defined by
    permissions given to the "read-only" group do the following:
@@ -33,10 +74,6 @@ following:
 #### Gem installed chef-client on a workstation
     gem install knife-acl
 
-    # or if the gem has yet to be published to Rubygems
-    gem build knife-acl.gemspec
-    gem install knife-acl-x.y.z.gem
-
 #### Opscode hosted Enterprise Chef (OHC) with an Omnibus-installed chef-client on a workstation
 /opt/chef/embedded/bin/gem install knife-acl
 
@@ -51,11 +88,8 @@ Show a list of users associated with your org
 
 ## knife actor map
 
-Create a local map file actor-map.yaml" that maps users to their User
-Specific Association Group (USAG) and stores a list of clients.  USAGs
-are an implementation detail that will likely be hidden or otherwise
-change in the future.  USAGs are currently the correct way to
-add/remove users to/from groups in an org.
+Create a local map file actor-map.yaml" that maps users to their USAG
+and stores a list of clients.
 
 This command creates a local cache of the user to USAG mapping as well
 as a local cache of clients and is used by the following commands:
@@ -63,6 +97,10 @@ as a local cache of clients and is used by the following commands:
 - `knife group add actor`, and
 - `knife group remove actor`.
 
+## knife group create
+
+Create a new group.
+
 ## knife group list
 
 List groups in the org.
@@ -86,6 +124,11 @@ Remove ACTOR from GROUP. Requires an up-to-date actor map as created by
 `knife actor map`.  The user's USAG will be removed from the subgroups
 of GROUP if ACTOR is a user.
 
+## knife group destroy GROUP
+
+Removes `GROUP` from the organization.  All members of the group (both
+actors and groups) remain in the system, only `GROUP` is removed.
+
 ## knife acl show OBJECT_TYPE OBJECT_NAME
 
 Shows the ACL for the specified object.  Objects are identified by the
@@ -143,7 +186,6 @@ ability to delete the node called "api.example.com":
 
 ## TODO
 
-- Feature: create/delete groups
 - Feature: build group membership graph
 - Remove duplication in commands
 - Staleness detector for actor map
@@ -154,12 +196,12 @@ ability to delete the node called "api.example.com":
 
 Unless otherwise specified all works in this repository are
 
-Copyright 2013 Opscode, Inc
+Copyright 2013--2014 Chef Software, Inc.
 
-||| 
+|||
 | ------------- |-------------:|
 | Author      |Seth Falcon (seth@opscode.com)|
-| Copyright  |Copyright (c) 2013 Opscode, Inc.|
+| Copyright  |Copyright (c) 2013--2014 Chef Software, Inc.|
 | License     |Apache License, Version 2.0|
 
 Licensed under the Apache License, Version 2.0 (the "License");

data/lib/chef/knife/acl_add.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Steven Danna (steve@opscode.com)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Copyright:: Copyright 2011--2014 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

data/lib/chef/knife/acl_base.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Steven Danna (steve@opscode.com)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Copyright:: Copyright 2011--2014 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

data/lib/chef/knife/acl_remove.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Steven Danna (steve@opscode.com)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Copyright:: Copyright 2011--2014 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

data/lib/chef/knife/acl_show.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Steven Danna (steve@opscode.com)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Copyright:: Copyright 2011--2014 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

data/lib/chef/knife/actor_map.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Seth Falcon (<seth@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Copyright:: Copyright 2011--2014 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

data/lib/chef/knife/group_add_actor.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Seth Falcon (<seth@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Copyright:: Copyright 2011--2014 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

data/lib/chef/knife/group_create.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Seth Falcon (<seth@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Copyright:: Copyright 2011--2014 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -31,8 +31,7 @@ module OpscodeAcl
         ui.error "must specify a group name"
         exit 1
       end
-      chef_rest = Chef::REST.new(Chef::Config[:chef_server_url])
-      group = chef_rest.post_rest("groups", {:groupname => group_name})
+      group = rest.post_rest("groups", {:groupname => group_name})
       ui.output group
     end
   end

data/lib/chef/knife/group_destroy.rb

@@ -0,0 +1,38 @@
+#
+# Author:: Christopher Maier (<cm@opscode.com>)
+# Copyright:: Copyright 2014 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module OpscodeAcl
+  class GroupDestroy < Chef::Knife
+    category "OPSCODE HOSTED CHEF ACCESS CONTROL"
+    banner "knife group destroy GROUP"
+
+    deps do
+      require 'yaml'
+    end
+
+    def run
+      group_name = name_args[0]
+      if !group_name || group_name.empty?
+        ui.error "must specify a group name"
+        exit 1
+      end
+      result = rest.delete_rest("groups/#{group_name}")
+      ui.output result
+    end
+  end
+end

data/lib/chef/knife/group_list.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Seth Falcon (<seth@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Copyright:: Copyright 2011--2014 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

data/lib/chef/knife/group_remove_actor.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Seth Falcon (<seth@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Copyright:: Copyright 2011--2014 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

data/lib/chef/knife/group_show.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Seth Falcon (<seth@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Copyright:: Copyright 2011--2014 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

data/lib/chef/knife/user_dissociate.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Copyright:: Copyright 2011--2014 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

data/lib/chef/knife/user_invite_add.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Copyright:: Copyright 2011--2014 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

data/lib/chef/knife/user_invite_list.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Copyright:: Copyright 2011--2014 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

data/lib/chef/knife/user_invite_recind.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Copyright:: Copyright 2011--2014 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

data/lib/chef/knife/user_list.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Seth Falcon (<seth@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Copyright:: Copyright 2011--2014 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

data/lib/chef/knife/user_show.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Copyright:: Copyright 2011--2014 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");

data/lib/knife-acl/version.rb

@@ -1,3 +1,3 @@
 module KnifeACL
-  VERSION = "0.0.11"
+  VERSION = "0.0.12"
 end

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: knife-acl
 version: !ruby/object:Gem::Version
-  version: 0.0.11
+  version: 0.0.12
+  prerelease: 
 platform: ruby
 authors:
 - Seth Falcon
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-09-10 00:00:00.000000000 Z
+date: 2014-04-01 00:00:00.000000000 Z
 dependencies: []
 description: ACL Knife Tools for Opscode hosted Enterprise Chef/Enterprise Chef
 email: support@opscode.com
@@ -27,6 +28,7 @@ files:
 - lib/chef/knife/actor_map.rb
 - lib/chef/knife/group_add_actor.rb
 - lib/chef/knife/group_create.rb
+- lib/chef/knife/group_destroy.rb
 - lib/chef/knife/group_list.rb
 - lib/chef/knife/group_remove_actor.rb
 - lib/chef/knife/group_show.rb
@@ -39,25 +41,27 @@ files:
 - lib/knife-acl/version.rb
 homepage: https://github.com/opscode/knife-acl/blob/master/README.md
 licenses: []
-metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.7
+rubygems_version: 1.8.23
 signing_key: 
-specification_version: 4
+specification_version: 3
 summary: ACL Knife Tools for Opscode hosted Enterprise Chef/Enterprise Chef
 test_files: []
+has_rdoc: 

checksums.yaml

@@ -1,15 +0,0 @@
----
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    NDk0ZWU1NzAzMWNmMTM5ZjM3NjRkMWYyZjljMzg3M2M0MTM1MjVkMA==
-  data.tar.gz: !binary |-
-    ZjM4NGI3ZTU5YWE2YmQ3OGZkZDNjZTNmYzE4YzhkMTY1OTI4NGI1MQ==
-!binary "U0hBNTEy":
-  metadata.gz: !binary |-
-    OWIzNjA0ZDg5YWFkNGE3ZjdiZjJkYmJhNTQ3OTk3ZGUyZTRlZjlmMDQ3NmVk
-    NDM5OWM1MTViYjVkZGZkNDEwYTM0MjRhZGQwZmRlNzNmMTQxMmU5MjQzMjk3
-    MDQ1NDlhMDA1ZjA3ZDNjOTNhMTlkNWRlODRkY2FjODUzMGQ1NDM=
-  data.tar.gz: !binary |-
-    MzY0ZWMxYjhhZjNmMzMxM2ZjYzZiODIxMmNhNjRiYTc5OWQxMjgyYTMzOTIz
-    ZTA2YTkxMjJmM2RkN2MzMzg1OGFlZjhjZjIyNDJjZmQ0NTM4MDdhYmMzODhk
-    YmZlN2I0MjI0Y2YwNzg0ZGNjOWUyMzAxZDBjZDM3ZGFkZjBkZmY=