knife-acl 0.0.12 → 1.0.0.beta.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/README.md +318 -115
- data/lib/chef/knife/acl_add.rb +16 -27
- data/lib/chef/knife/acl_base.rb +104 -21
- data/lib/chef/knife/acl_bulk_add.rb +73 -0
- data/lib/chef/knife/acl_bulk_remove.rb +78 -0
- data/lib/chef/knife/acl_remove.rb +22 -28
- data/lib/chef/knife/acl_show.rb +1 -1
- data/lib/chef/knife/group_add.rb +51 -0
- data/lib/chef/knife/group_create.rb +14 -9
- data/lib/chef/knife/group_destroy.rb +17 -7
- data/lib/chef/knife/group_list.rb +8 -10
- data/lib/chef/knife/group_remove.rb +51 -0
- data/lib/chef/knife/group_show.rb +13 -25
- data/lib/chef/knife/user_list.rb +3 -3
- data/lib/knife-acl/version.rb +1 -1
- metadata +17 -17
- data/lib/chef/knife/actor_map.rb +0 -57
- data/lib/chef/knife/group_add_actor.rb +0 -89
- data/lib/chef/knife/group_remove_actor.rb +0 -86
@@ -1,6 +1,7 @@
|
|
1
1
|
#
|
2
2
|
# Author:: Seth Falcon (<seth@opscode.com>)
|
3
|
-
#
|
3
|
+
# Author:: Jeremiah Snapp (<jeremiah@chef.io>)
|
4
|
+
# Copyright:: Copyright 2011--2015 Chef Software, Inc.
|
4
5
|
# License:: Apache License, Version 2.0
|
5
6
|
#
|
6
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
@@ -19,38 +20,25 @@
|
|
19
20
|
module OpscodeAcl
|
20
21
|
class GroupShow < Chef::Knife
|
21
22
|
category "OPSCODE HOSTED CHEF ACCESS CONTROL"
|
22
|
-
banner "knife group show
|
23
|
-
|
23
|
+
banner "knife group show GROUP_NAME"
|
24
|
+
|
24
25
|
deps do
|
25
|
-
|
26
|
-
require 'yaml'
|
26
|
+
include OpscodeAcl::AclBase
|
27
27
|
end
|
28
28
|
|
29
29
|
def run
|
30
|
-
@user_map = if ::File.exists?("actor-map.yaml")
|
31
|
-
YAML.load(IO.read("actor-map.yaml"))[:user_map]
|
32
|
-
else
|
33
|
-
{:users => {}, :usags => {}}
|
34
|
-
end
|
35
30
|
group_name = name_args[0]
|
36
|
-
|
37
|
-
|
31
|
+
|
32
|
+
if name_args.length != 1
|
33
|
+
show_usage
|
34
|
+
ui.fatal "You must specify group name"
|
38
35
|
exit 1
|
39
36
|
end
|
40
|
-
chef_rest = Chef::REST.new(Chef::Config[:chef_server_url])
|
41
|
-
group = chef_rest.get_rest("groups/#{group_name}")
|
42
|
-
ui.output(annotate_usags(group))
|
43
|
-
end
|
44
37
|
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
"user_usag" => user}
|
50
|
-
end
|
51
|
-
group["annotated_groups"] = annotated
|
52
|
-
group
|
38
|
+
validate_member_name!(group_name)
|
39
|
+
|
40
|
+
group = rest.get_rest("groups/#{group_name}")
|
41
|
+
ui.output group
|
53
42
|
end
|
54
43
|
end
|
55
44
|
end
|
56
|
-
|
data/lib/chef/knife/user_list.rb
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
#
|
2
2
|
# Author:: Seth Falcon (<seth@opscode.com>)
|
3
|
-
#
|
3
|
+
# Author:: Jeremiah Snapp (<jeremiah@chef.io>)
|
4
|
+
# Copyright:: Copyright 2011--2015 Chef Software, Inc.
|
4
5
|
# License:: Apache License, Version 2.0
|
5
6
|
#
|
6
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
@@ -26,8 +27,7 @@ module OpscodeAcl
|
|
26
27
|
end
|
27
28
|
|
28
29
|
def run
|
29
|
-
|
30
|
-
users = chef_rest.get_rest("users").map { |u| u["user"]["username"] }
|
30
|
+
users = rest.get_rest("users").map { |u| u["user"]["username"] }
|
31
31
|
pp users.sort
|
32
32
|
end
|
33
33
|
end
|
data/lib/knife-acl/version.rb
CHANGED
metadata
CHANGED
@@ -1,18 +1,18 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: knife-acl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
5
|
-
prerelease:
|
4
|
+
version: 1.0.0.beta.1
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
7
|
- Seth Falcon
|
8
|
+
- Jeremiah Snapp
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2015-04-23 00:00:00.000000000 Z
|
13
13
|
dependencies: []
|
14
|
-
description:
|
15
|
-
email: support@
|
14
|
+
description: Knife plugin to manupulate Chef server access control lists
|
15
|
+
email: support@chef.io
|
16
16
|
executables: []
|
17
17
|
extensions: []
|
18
18
|
extra_rdoc_files:
|
@@ -23,14 +23,15 @@ files:
|
|
23
23
|
- README.md
|
24
24
|
- lib/chef/knife/acl_add.rb
|
25
25
|
- lib/chef/knife/acl_base.rb
|
26
|
+
- lib/chef/knife/acl_bulk_add.rb
|
27
|
+
- lib/chef/knife/acl_bulk_remove.rb
|
26
28
|
- lib/chef/knife/acl_remove.rb
|
27
29
|
- lib/chef/knife/acl_show.rb
|
28
|
-
- lib/chef/knife/
|
29
|
-
- lib/chef/knife/group_add_actor.rb
|
30
|
+
- lib/chef/knife/group_add.rb
|
30
31
|
- lib/chef/knife/group_create.rb
|
31
32
|
- lib/chef/knife/group_destroy.rb
|
32
33
|
- lib/chef/knife/group_list.rb
|
33
|
-
- lib/chef/knife/
|
34
|
+
- lib/chef/knife/group_remove.rb
|
34
35
|
- lib/chef/knife/group_show.rb
|
35
36
|
- lib/chef/knife/user_dissociate.rb
|
36
37
|
- lib/chef/knife/user_invite_add.rb
|
@@ -39,29 +40,28 @@ files:
|
|
39
40
|
- lib/chef/knife/user_list.rb
|
40
41
|
- lib/chef/knife/user_show.rb
|
41
42
|
- lib/knife-acl/version.rb
|
42
|
-
homepage: https://github.com/
|
43
|
+
homepage: https://github.com/chef/knife-acl
|
43
44
|
licenses: []
|
45
|
+
metadata: {}
|
44
46
|
post_install_message:
|
45
47
|
rdoc_options: []
|
46
48
|
require_paths:
|
47
49
|
- lib
|
48
50
|
required_ruby_version: !ruby/object:Gem::Requirement
|
49
|
-
none: false
|
50
51
|
requirements:
|
51
|
-
- -
|
52
|
+
- - ">="
|
52
53
|
- !ruby/object:Gem::Version
|
53
54
|
version: '0'
|
54
55
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
55
|
-
none: false
|
56
56
|
requirements:
|
57
|
-
- -
|
57
|
+
- - ">"
|
58
58
|
- !ruby/object:Gem::Version
|
59
|
-
version:
|
59
|
+
version: 1.3.1
|
60
60
|
requirements: []
|
61
61
|
rubyforge_project:
|
62
|
-
rubygems_version:
|
62
|
+
rubygems_version: 2.4.4
|
63
63
|
signing_key:
|
64
|
-
specification_version:
|
65
|
-
summary:
|
64
|
+
specification_version: 4
|
65
|
+
summary: Knife plugin to manupulate Chef server access control lists
|
66
66
|
test_files: []
|
67
67
|
has_rdoc:
|
data/lib/chef/knife/actor_map.rb
DELETED
@@ -1,57 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Seth Falcon (<seth@opscode.com>)
|
3
|
-
# Copyright:: Copyright 2011--2014 Chef Software, Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
#
|
18
|
-
|
19
|
-
module OpscodeAcl
|
20
|
-
class ActorMap < Chef::Knife
|
21
|
-
category "OPSCODE HOSTED CHEF ACCESS CONTROL"
|
22
|
-
banner "knife actor map"
|
23
|
-
|
24
|
-
# writes a yaml file to current working directly named
|
25
|
-
# 'actor-map.yaml'
|
26
|
-
# group add/remove operations will read this file
|
27
|
-
#
|
28
|
-
deps do
|
29
|
-
require 'pp'
|
30
|
-
require 'yaml'
|
31
|
-
end
|
32
|
-
|
33
|
-
def run
|
34
|
-
chef_rest = Chef::REST.new(Chef::Config[:chef_server_url])
|
35
|
-
usags = chef_rest.get_rest("groups").keys.select do |gname|
|
36
|
-
gname.length == 32 && gname =~ /^[0-9a-f]+$/
|
37
|
-
end
|
38
|
-
user_map = {:users => {}, :usags => {}}
|
39
|
-
user_map = usags.inject(user_map) do |map, usag|
|
40
|
-
a_group = chef_rest.get_rest("groups/#{usag}")
|
41
|
-
actors = a_group["actors"]
|
42
|
-
if actors.length == 1
|
43
|
-
user_map[:users][actors.first] = usag
|
44
|
-
user_map[:usags][usag] = actors.first
|
45
|
-
end
|
46
|
-
user_map
|
47
|
-
end
|
48
|
-
clients = chef_rest.get_rest("clients").keys.inject({}) { |h, c| h[c] = c; h }
|
49
|
-
open("actor-map.yaml", "w") do |f|
|
50
|
-
f.write({ :user_map => user_map, :clients => clients }.to_yaml)
|
51
|
-
end
|
52
|
-
ui.msg "Found %d users and %d clients" % [user_map[:users].size, clients.size]
|
53
|
-
ui.msg "wrote map to 'actor-map.yaml'"
|
54
|
-
end
|
55
|
-
end
|
56
|
-
end
|
57
|
-
|
@@ -1,89 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Seth Falcon (<seth@opscode.com>)
|
3
|
-
# Copyright:: Copyright 2011--2014 Chef Software, Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
#
|
18
|
-
|
19
|
-
module OpscodeAcl
|
20
|
-
class GroupAddActor < Chef::Knife
|
21
|
-
category "OPSCODE HOSTED CHEF ACCESS CONTROL"
|
22
|
-
banner "knife group add actor GROUP ACTOR"
|
23
|
-
attr_reader :actor_name, :group_name, :user_map, :clients
|
24
|
-
deps do
|
25
|
-
require 'yaml'
|
26
|
-
end
|
27
|
-
|
28
|
-
def run
|
29
|
-
if !File.exists?("actor-map.yaml")
|
30
|
-
ui.error "unable to find 'actor-map.yaml'. Run 'knife actor map' and try again."
|
31
|
-
exit 1
|
32
|
-
end
|
33
|
-
actor_map = YAML.load(IO.read("actor-map.yaml"))
|
34
|
-
@user_map = actor_map[:user_map]
|
35
|
-
@clients = actor_map[:clients]
|
36
|
-
@group_name = name_args[0]
|
37
|
-
@actor_name = name_args[1]
|
38
|
-
|
39
|
-
if !group_name || !actor_name
|
40
|
-
ui.error "must specify GROUP and ACTOR"
|
41
|
-
exit 1
|
42
|
-
end
|
43
|
-
find_actor_in_map
|
44
|
-
@chef_rest = Chef::REST.new(Chef::Config[:chef_server_url])
|
45
|
-
group = @chef_rest.get_rest("groups/#{group_name}")
|
46
|
-
save_group(group)
|
47
|
-
end
|
48
|
-
|
49
|
-
def save_group(group)
|
50
|
-
new_group = make_group_for_put(group)
|
51
|
-
@chef_rest.put_rest("groups/#{new_group["groupname"]}", new_group)
|
52
|
-
end
|
53
|
-
|
54
|
-
def make_group_for_put(existing_group)
|
55
|
-
new_group = {
|
56
|
-
"groupname" => existing_group["groupname"],
|
57
|
-
"orgname" => existing_group["orgname"],
|
58
|
-
"actors" => {
|
59
|
-
# users are added to groups via the user's USAG so we never
|
60
|
-
# modify the users directly
|
61
|
-
"users" => existing_group["users"],
|
62
|
-
"clients" => maybe_add_actor(:client, existing_group["clients"]),
|
63
|
-
"groups" => maybe_add_actor(:user, existing_group["groups"])
|
64
|
-
}
|
65
|
-
}
|
66
|
-
end
|
67
|
-
|
68
|
-
def maybe_add_actor(type, actors)
|
69
|
-
new_actors = actors.dup
|
70
|
-
if @actor_type == type && !new_actors.include?(@actor_id)
|
71
|
-
new_actors << @actor_id
|
72
|
-
end
|
73
|
-
new_actors
|
74
|
-
end
|
75
|
-
|
76
|
-
def find_actor_in_map
|
77
|
-
@actor_type, @actor_id = if user_map[:users][actor_name]
|
78
|
-
[:user, user_map[:users][actor_name]]
|
79
|
-
else
|
80
|
-
[:client, clients[actor_name]]
|
81
|
-
end
|
82
|
-
if @actor_id.nil?
|
83
|
-
ui.error("no user or client named '#{actor_name}' in actor-map.yaml")
|
84
|
-
exit 1
|
85
|
-
end
|
86
|
-
true
|
87
|
-
end
|
88
|
-
end
|
89
|
-
end
|
@@ -1,86 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Seth Falcon (<seth@opscode.com>)
|
3
|
-
# Copyright:: Copyright 2011--2014 Chef Software, Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
#
|
18
|
-
|
19
|
-
module OpscodeAcl
|
20
|
-
class GroupRemoveActor < Chef::Knife
|
21
|
-
category "OPSCODE HOSTED CHEF ACCESS CONTROL"
|
22
|
-
banner "knife group remove actor GROUP ACTOR"
|
23
|
-
attr_reader :actor_name, :group_name, :user_map, :clients
|
24
|
-
deps do
|
25
|
-
require 'yaml'
|
26
|
-
end
|
27
|
-
|
28
|
-
def run
|
29
|
-
if !File.exists?("actor-map.yaml")
|
30
|
-
ui.error "unable to find 'actor-map.yaml'. Run 'knife actor map' and try again."
|
31
|
-
exit 1
|
32
|
-
end
|
33
|
-
actor_map = YAML.load(IO.read("actor-map.yaml"))
|
34
|
-
@user_map = actor_map[:user_map]
|
35
|
-
@clients = actor_map[:clients]
|
36
|
-
@group_name = name_args[0]
|
37
|
-
@actor_name = name_args[1]
|
38
|
-
|
39
|
-
if !group_name || !actor_name
|
40
|
-
ui.error "must specify GROUP and ACTOR"
|
41
|
-
exit 1
|
42
|
-
end
|
43
|
-
find_actor_in_map
|
44
|
-
@chef_rest = Chef::REST.new(Chef::Config[:chef_server_url])
|
45
|
-
group = @chef_rest.get_rest("groups/#{group_name}")
|
46
|
-
case @actor_type
|
47
|
-
when :user
|
48
|
-
group["groups"].delete(@actor_id)
|
49
|
-
group["users"].delete(actor_name)
|
50
|
-
when :client
|
51
|
-
group["clients"].delete(@actor_id)
|
52
|
-
end
|
53
|
-
save_group(group)
|
54
|
-
end
|
55
|
-
|
56
|
-
def save_group(group)
|
57
|
-
new_group = make_group_for_put(group)
|
58
|
-
@chef_rest.put_rest("groups/#{new_group["groupname"]}", new_group)
|
59
|
-
end
|
60
|
-
|
61
|
-
def make_group_for_put(existing_group)
|
62
|
-
new_group = {
|
63
|
-
"groupname" => existing_group["groupname"],
|
64
|
-
"orgname" => existing_group["orgname"],
|
65
|
-
"actors" => {
|
66
|
-
"clients" => existing_group["clients"],
|
67
|
-
"groups" => existing_group["groups"],
|
68
|
-
"users" => existing_group["users"]
|
69
|
-
}
|
70
|
-
}
|
71
|
-
end
|
72
|
-
|
73
|
-
def find_actor_in_map
|
74
|
-
@actor_type, @actor_id = if user_map[:users][actor_name]
|
75
|
-
[:user, user_map[:users][actor_name]]
|
76
|
-
else
|
77
|
-
[:client, clients[actor_name]]
|
78
|
-
end
|
79
|
-
if @actor_id.nil?
|
80
|
-
ui.error("no user or client named '#{actor_name}' in actor-map.yaml")
|
81
|
-
exit 1
|
82
|
-
end
|
83
|
-
true
|
84
|
-
end
|
85
|
-
end
|
86
|
-
end
|