knife-acl 0.0.11 → 0.0.12

Sign up to get free protection for your applications and to get access to all the features.
data/README.md CHANGED
@@ -2,9 +2,48 @@
2
2
 
3
3
  # Description
4
4
 
5
- This is an UNOFFICIAL and EXPERIMENTAL knife plugin to support basic
6
- user/group operations for Hosted Chef. All commands assume a working
7
- knife config for an org on Hosted Chef.
5
+ This is an Opscode supported knife plugin which provides some user/group
6
+ ACL operations for Enterprise Chef. All commands assume a working
7
+ knife configuration for an organization on Enterprise Chef.
8
+
9
+ # User Specific Association Group
10
+
11
+ User Specific Association Groups (USAGs) are a mechanism to grant access to
12
+ organization objects to users such that it is possible to quickly revoke the
13
+ access without touching all objects in the organization.
14
+
15
+ Each USAG contains a single user. The USAG is then added to other groups or
16
+ directly to the ACLs of an object as needed.
17
+
18
+ When the user is dissociated from an organization only the user's USAG needs to
19
+ be deleted thereby quickly revoking access to all objects in the organization.
20
+
21
+ USAGs and their membership within other normal groups are not visible in the
22
+ current [management console's web interface](https://manage.opscode.com).
23
+
24
+ ### STOP managing group membership with the web interface
25
+
26
+ USAGs are currently the correct way to add/remove users to/from groups in an
27
+ organization.
28
+
29
+ **Be warned**, once you start managing a group's membership using `knife-acl`
30
+ you should **avoid managing that group's membership using the [management
31
+ console's web interface](https://manage.opscode.com)**.
32
+
33
+ You can add USAGs to a group using `knife-acl` but if you click "Save Group" in
34
+ the web interface then all USAGs will be removed from the group erasing any
35
+ `knife-acl` work that was done on the group. This will happen even if no
36
+ changes were made to the group's members in the web interface.
37
+
38
+ The "Users" group is a special group. When a user is associated with an
39
+ organization the user's USAG is automatically made a member of the
40
+ "Users" group. You can remove USAGs from the "Users" group using `knife-acl`
41
+ but if you click "Save Group" in the web interface then all USAGs in the
42
+ organization will be added back to the "Users" group erasing any `knife-acl`
43
+ work that was done on the "Users" group. This will happen even if no changes
44
+ were made to the group's members in the web interface.
45
+
46
+ # Example: Manage a read-only Group
8
47
 
9
48
  You can use these commands to manage a read-only group. To do so:
10
49
 
@@ -13,7 +52,9 @@ You can use these commands to manage a read-only group. To do so:
13
52
 
14
53
  knife actor map
15
54
 
16
- 2. In the webUI, create a group that will hold read-only users.
55
+ 2. Create a group that will hold read-only users:
56
+
57
+ knife group create read-only
17
58
 
18
59
  3. For each user you wish to have read only access as defined by
19
60
  permissions given to the "read-only" group do the following:
@@ -33,10 +74,6 @@ following:
33
74
  #### Gem installed chef-client on a workstation
34
75
  gem install knife-acl
35
76
 
36
- # or if the gem has yet to be published to Rubygems
37
- gem build knife-acl.gemspec
38
- gem install knife-acl-x.y.z.gem
39
-
40
77
  #### Opscode hosted Enterprise Chef (OHC) with an Omnibus-installed chef-client on a workstation
41
78
  /opt/chef/embedded/bin/gem install knife-acl
42
79
 
@@ -51,11 +88,8 @@ Show a list of users associated with your org
51
88
 
52
89
  ## knife actor map
53
90
 
54
- Create a local map file actor-map.yaml" that maps users to their User
55
- Specific Association Group (USAG) and stores a list of clients. USAGs
56
- are an implementation detail that will likely be hidden or otherwise
57
- change in the future. USAGs are currently the correct way to
58
- add/remove users to/from groups in an org.
91
+ Create a local map file actor-map.yaml" that maps users to their USAG
92
+ and stores a list of clients.
59
93
 
60
94
  This command creates a local cache of the user to USAG mapping as well
61
95
  as a local cache of clients and is used by the following commands:
@@ -63,6 +97,10 @@ as a local cache of clients and is used by the following commands:
63
97
  - `knife group add actor`, and
64
98
  - `knife group remove actor`.
65
99
 
100
+ ## knife group create
101
+
102
+ Create a new group.
103
+
66
104
  ## knife group list
67
105
 
68
106
  List groups in the org.
@@ -86,6 +124,11 @@ Remove ACTOR from GROUP. Requires an up-to-date actor map as created by
86
124
  `knife actor map`. The user's USAG will be removed from the subgroups
87
125
  of GROUP if ACTOR is a user.
88
126
 
127
+ ## knife group destroy GROUP
128
+
129
+ Removes `GROUP` from the organization. All members of the group (both
130
+ actors and groups) remain in the system, only `GROUP` is removed.
131
+
89
132
  ## knife acl show OBJECT_TYPE OBJECT_NAME
90
133
 
91
134
  Shows the ACL for the specified object. Objects are identified by the
@@ -143,7 +186,6 @@ ability to delete the node called "api.example.com":
143
186
 
144
187
  ## TODO
145
188
 
146
- - Feature: create/delete groups
147
189
  - Feature: build group membership graph
148
190
  - Remove duplication in commands
149
191
  - Staleness detector for actor map
@@ -154,12 +196,12 @@ ability to delete the node called "api.example.com":
154
196
 
155
197
  Unless otherwise specified all works in this repository are
156
198
 
157
- Copyright 2013 Opscode, Inc
199
+ Copyright 2013--2014 Chef Software, Inc.
158
200
 
159
- |||
201
+ |||
160
202
  | ------------- |-------------:|
161
203
  | Author |Seth Falcon (seth@opscode.com)|
162
- | Copyright |Copyright (c) 2013 Opscode, Inc.|
204
+ | Copyright |Copyright (c) 2013--2014 Chef Software, Inc.|
163
205
  | License |Apache License, Version 2.0|
164
206
 
165
207
  Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,6 +1,6 @@
1
1
  #
2
2
  # Author:: Steven Danna (steve@opscode.com)
3
- # Copyright:: Copyright 2011 Opscode, Inc.
3
+ # Copyright:: Copyright 2011--2014 Chef Software, Inc.
4
4
  # License:: Apache License, Version 2.0
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,6 +1,6 @@
1
1
  #
2
2
  # Author:: Steven Danna (steve@opscode.com)
3
- # Copyright:: Copyright 2011 Opscode, Inc.
3
+ # Copyright:: Copyright 2011--2014 Chef Software, Inc.
4
4
  # License:: Apache License, Version 2.0
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,6 +1,6 @@
1
1
  #
2
2
  # Author:: Steven Danna (steve@opscode.com)
3
- # Copyright:: Copyright 2011 Opscode, Inc.
3
+ # Copyright:: Copyright 2011--2014 Chef Software, Inc.
4
4
  # License:: Apache License, Version 2.0
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,6 +1,6 @@
1
1
  #
2
2
  # Author:: Steven Danna (steve@opscode.com)
3
- # Copyright:: Copyright 2011 Opscode, Inc.
3
+ # Copyright:: Copyright 2011--2014 Chef Software, Inc.
4
4
  # License:: Apache License, Version 2.0
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,6 +1,6 @@
1
1
  #
2
2
  # Author:: Seth Falcon (<seth@opscode.com>)
3
- # Copyright:: Copyright 2011 Opscode, Inc.
3
+ # Copyright:: Copyright 2011--2014 Chef Software, Inc.
4
4
  # License:: Apache License, Version 2.0
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,6 +1,6 @@
1
1
  #
2
2
  # Author:: Seth Falcon (<seth@opscode.com>)
3
- # Copyright:: Copyright 2011 Opscode, Inc.
3
+ # Copyright:: Copyright 2011--2014 Chef Software, Inc.
4
4
  # License:: Apache License, Version 2.0
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,6 +1,6 @@
1
1
  #
2
2
  # Author:: Seth Falcon (<seth@opscode.com>)
3
- # Copyright:: Copyright 2011 Opscode, Inc.
3
+ # Copyright:: Copyright 2011--2014 Chef Software, Inc.
4
4
  # License:: Apache License, Version 2.0
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -31,8 +31,7 @@ module OpscodeAcl
31
31
  ui.error "must specify a group name"
32
32
  exit 1
33
33
  end
34
- chef_rest = Chef::REST.new(Chef::Config[:chef_server_url])
35
- group = chef_rest.post_rest("groups", {:groupname => group_name})
34
+ group = rest.post_rest("groups", {:groupname => group_name})
36
35
  ui.output group
37
36
  end
38
37
  end
@@ -0,0 +1,38 @@
1
+ #
2
+ # Author:: Christopher Maier (<cm@opscode.com>)
3
+ # Copyright:: Copyright 2014 Opscode, Inc.
4
+ # License:: Apache License, Version 2.0
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+
19
+ module OpscodeAcl
20
+ class GroupDestroy < Chef::Knife
21
+ category "OPSCODE HOSTED CHEF ACCESS CONTROL"
22
+ banner "knife group destroy GROUP"
23
+
24
+ deps do
25
+ require 'yaml'
26
+ end
27
+
28
+ def run
29
+ group_name = name_args[0]
30
+ if !group_name || group_name.empty?
31
+ ui.error "must specify a group name"
32
+ exit 1
33
+ end
34
+ result = rest.delete_rest("groups/#{group_name}")
35
+ ui.output result
36
+ end
37
+ end
38
+ end
@@ -1,6 +1,6 @@
1
1
  #
2
2
  # Author:: Seth Falcon (<seth@opscode.com>)
3
- # Copyright:: Copyright 2011 Opscode, Inc.
3
+ # Copyright:: Copyright 2011--2014 Chef Software, Inc.
4
4
  # License:: Apache License, Version 2.0
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,6 +1,6 @@
1
1
  #
2
2
  # Author:: Seth Falcon (<seth@opscode.com>)
3
- # Copyright:: Copyright 2011 Opscode, Inc.
3
+ # Copyright:: Copyright 2011--2014 Chef Software, Inc.
4
4
  # License:: Apache License, Version 2.0
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,6 +1,6 @@
1
1
  #
2
2
  # Author:: Seth Falcon (<seth@opscode.com>)
3
- # Copyright:: Copyright 2011 Opscode, Inc.
3
+ # Copyright:: Copyright 2011--2014 Chef Software, Inc.
4
4
  # License:: Apache License, Version 2.0
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,6 +1,6 @@
1
1
  #
2
2
  # Author:: Steven Danna (<steve@opscode.com>)
3
- # Copyright:: Copyright 2011 Opscode, Inc.
3
+ # Copyright:: Copyright 2011--2014 Chef Software, Inc.
4
4
  # License:: Apache License, Version 2.0
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,6 +1,6 @@
1
1
  #
2
2
  # Author:: Steven Danna (<steve@opscode.com>)
3
- # Copyright:: Copyright 2011 Opscode, Inc.
3
+ # Copyright:: Copyright 2011--2014 Chef Software, Inc.
4
4
  # License:: Apache License, Version 2.0
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,6 +1,6 @@
1
1
  #
2
2
  # Author:: Steven Danna (<steve@opscode.com>)
3
- # Copyright:: Copyright 2011 Opscode, Inc.
3
+ # Copyright:: Copyright 2011--2014 Chef Software, Inc.
4
4
  # License:: Apache License, Version 2.0
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,6 +1,6 @@
1
1
  #
2
2
  # Author:: Steven Danna (<steve@opscode.com>)
3
- # Copyright:: Copyright 2011 Opscode, Inc.
3
+ # Copyright:: Copyright 2011--2014 Chef Software, Inc.
4
4
  # License:: Apache License, Version 2.0
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,6 +1,6 @@
1
1
  #
2
2
  # Author:: Seth Falcon (<seth@opscode.com>)
3
- # Copyright:: Copyright 2011 Opscode, Inc.
3
+ # Copyright:: Copyright 2011--2014 Chef Software, Inc.
4
4
  # License:: Apache License, Version 2.0
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,6 +1,6 @@
1
1
  #
2
2
  # Author:: Steven Danna (<steve@opscode.com>)
3
- # Copyright:: Copyright 2011 Opscode, Inc.
3
+ # Copyright:: Copyright 2011--2014 Chef Software, Inc.
4
4
  # License:: Apache License, Version 2.0
5
5
  #
6
6
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -1,3 +1,3 @@
1
1
  module KnifeACL
2
- VERSION = "0.0.11"
2
+ VERSION = "0.0.12"
3
3
  end
metadata CHANGED
@@ -1,14 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: knife-acl
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.11
4
+ version: 0.0.12
5
+ prerelease:
5
6
  platform: ruby
6
7
  authors:
7
8
  - Seth Falcon
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2013-09-10 00:00:00.000000000 Z
12
+ date: 2014-04-01 00:00:00.000000000 Z
12
13
  dependencies: []
13
14
  description: ACL Knife Tools for Opscode hosted Enterprise Chef/Enterprise Chef
14
15
  email: support@opscode.com
@@ -27,6 +28,7 @@ files:
27
28
  - lib/chef/knife/actor_map.rb
28
29
  - lib/chef/knife/group_add_actor.rb
29
30
  - lib/chef/knife/group_create.rb
31
+ - lib/chef/knife/group_destroy.rb
30
32
  - lib/chef/knife/group_list.rb
31
33
  - lib/chef/knife/group_remove_actor.rb
32
34
  - lib/chef/knife/group_show.rb
@@ -39,25 +41,27 @@ files:
39
41
  - lib/knife-acl/version.rb
40
42
  homepage: https://github.com/opscode/knife-acl/blob/master/README.md
41
43
  licenses: []
42
- metadata: {}
43
44
  post_install_message:
44
45
  rdoc_options: []
45
46
  require_paths:
46
47
  - lib
47
48
  required_ruby_version: !ruby/object:Gem::Requirement
49
+ none: false
48
50
  requirements:
49
51
  - - ! '>='
50
52
  - !ruby/object:Gem::Version
51
53
  version: '0'
52
54
  required_rubygems_version: !ruby/object:Gem::Requirement
55
+ none: false
53
56
  requirements:
54
57
  - - ! '>='
55
58
  - !ruby/object:Gem::Version
56
59
  version: '0'
57
60
  requirements: []
58
61
  rubyforge_project:
59
- rubygems_version: 2.0.7
62
+ rubygems_version: 1.8.23
60
63
  signing_key:
61
- specification_version: 4
64
+ specification_version: 3
62
65
  summary: ACL Knife Tools for Opscode hosted Enterprise Chef/Enterprise Chef
63
66
  test_files: []
67
+ has_rdoc:
checksums.yaml DELETED
@@ -1,15 +0,0 @@
1
- ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: !binary |-
4
- NDk0ZWU1NzAzMWNmMTM5ZjM3NjRkMWYyZjljMzg3M2M0MTM1MjVkMA==
5
- data.tar.gz: !binary |-
6
- ZjM4NGI3ZTU5YWE2YmQ3OGZkZDNjZTNmYzE4YzhkMTY1OTI4NGI1MQ==
7
- !binary "U0hBNTEy":
8
- metadata.gz: !binary |-
9
- OWIzNjA0ZDg5YWFkNGE3ZjdiZjJkYmJhNTQ3OTk3ZGUyZTRlZjlmMDQ3NmVk
10
- NDM5OWM1MTViYjVkZGZkNDEwYTM0MjRhZGQwZmRlNzNmMTQxMmU5MjQzMjk3
11
- MDQ1NDlhMDA1ZjA3ZDNjOTNhMTlkNWRlODRkY2FjODUzMGQ1NDM=
12
- data.tar.gz: !binary |-
13
- MzY0ZWMxYjhhZjNmMzMxM2ZjYzZiODIxMmNhNjRiYTc5OWQxMjgyYTMzOTIz
14
- ZTA2YTkxMjJmM2RkN2MzMzg1OGFlZjhjZjIyNDJjZmQ0NTM4MDdhYmMzODhk
15
- YmZlN2I0MjI0Y2YwNzg0ZGNjOWUyMzAxZDBjZDM3ZGFkZjBkZmY=