knife-acl 0.0.12 → 1.0.0.beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/README.md +318 -115
- data/lib/chef/knife/acl_add.rb +16 -27
- data/lib/chef/knife/acl_base.rb +104 -21
- data/lib/chef/knife/acl_bulk_add.rb +73 -0
- data/lib/chef/knife/acl_bulk_remove.rb +78 -0
- data/lib/chef/knife/acl_remove.rb +22 -28
- data/lib/chef/knife/acl_show.rb +1 -1
- data/lib/chef/knife/group_add.rb +51 -0
- data/lib/chef/knife/group_create.rb +14 -9
- data/lib/chef/knife/group_destroy.rb +17 -7
- data/lib/chef/knife/group_list.rb +8 -10
- data/lib/chef/knife/group_remove.rb +51 -0
- data/lib/chef/knife/group_show.rb +13 -25
- data/lib/chef/knife/user_list.rb +3 -3
- data/lib/knife-acl/version.rb +1 -1
- metadata +17 -17
- data/lib/chef/knife/actor_map.rb +0 -57
- data/lib/chef/knife/group_add_actor.rb +0 -89
- data/lib/chef/knife/group_remove_actor.rb +0 -86
@@ -1,6 +1,7 @@
|
|
1
1
|
#
|
2
2
|
# Author:: Seth Falcon (<seth@opscode.com>)
|
3
|
-
#
|
3
|
+
# Author:: Jeremiah Snapp (<jeremiah@chef.io>)
|
4
|
+
# Copyright:: Copyright 2011--2015 Chef Software, Inc.
|
4
5
|
# License:: Apache License, Version 2.0
|
5
6
|
#
|
6
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
@@ -19,38 +20,25 @@
|
|
19
20
|
module OpscodeAcl
|
20
21
|
class GroupShow < Chef::Knife
|
21
22
|
category "OPSCODE HOSTED CHEF ACCESS CONTROL"
|
22
|
-
banner "knife group show
|
23
|
-
|
23
|
+
banner "knife group show GROUP_NAME"
|
24
|
+
|
24
25
|
deps do
|
25
|
-
|
26
|
-
require 'yaml'
|
26
|
+
include OpscodeAcl::AclBase
|
27
27
|
end
|
28
28
|
|
29
29
|
def run
|
30
|
-
@user_map = if ::File.exists?("actor-map.yaml")
|
31
|
-
YAML.load(IO.read("actor-map.yaml"))[:user_map]
|
32
|
-
else
|
33
|
-
{:users => {}, :usags => {}}
|
34
|
-
end
|
35
30
|
group_name = name_args[0]
|
36
|
-
|
37
|
-
|
31
|
+
|
32
|
+
if name_args.length != 1
|
33
|
+
show_usage
|
34
|
+
ui.fatal "You must specify group name"
|
38
35
|
exit 1
|
39
36
|
end
|
40
|
-
chef_rest = Chef::REST.new(Chef::Config[:chef_server_url])
|
41
|
-
group = chef_rest.get_rest("groups/#{group_name}")
|
42
|
-
ui.output(annotate_usags(group))
|
43
|
-
end
|
44
37
|
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
"user_usag" => user}
|
50
|
-
end
|
51
|
-
group["annotated_groups"] = annotated
|
52
|
-
group
|
38
|
+
validate_member_name!(group_name)
|
39
|
+
|
40
|
+
group = rest.get_rest("groups/#{group_name}")
|
41
|
+
ui.output group
|
53
42
|
end
|
54
43
|
end
|
55
44
|
end
|
56
|
-
|
data/lib/chef/knife/user_list.rb
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
#
|
2
2
|
# Author:: Seth Falcon (<seth@opscode.com>)
|
3
|
-
#
|
3
|
+
# Author:: Jeremiah Snapp (<jeremiah@chef.io>)
|
4
|
+
# Copyright:: Copyright 2011--2015 Chef Software, Inc.
|
4
5
|
# License:: Apache License, Version 2.0
|
5
6
|
#
|
6
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
@@ -26,8 +27,7 @@ module OpscodeAcl
|
|
26
27
|
end
|
27
28
|
|
28
29
|
def run
|
29
|
-
|
30
|
-
users = chef_rest.get_rest("users").map { |u| u["user"]["username"] }
|
30
|
+
users = rest.get_rest("users").map { |u| u["user"]["username"] }
|
31
31
|
pp users.sort
|
32
32
|
end
|
33
33
|
end
|
data/lib/knife-acl/version.rb
CHANGED
metadata
CHANGED
@@ -1,18 +1,18 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: knife-acl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
5
|
-
prerelease:
|
4
|
+
version: 1.0.0.beta.1
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
7
|
- Seth Falcon
|
8
|
+
- Jeremiah Snapp
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2015-04-23 00:00:00.000000000 Z
|
13
13
|
dependencies: []
|
14
|
-
description:
|
15
|
-
email: support@
|
14
|
+
description: Knife plugin to manupulate Chef server access control lists
|
15
|
+
email: support@chef.io
|
16
16
|
executables: []
|
17
17
|
extensions: []
|
18
18
|
extra_rdoc_files:
|
@@ -23,14 +23,15 @@ files:
|
|
23
23
|
- README.md
|
24
24
|
- lib/chef/knife/acl_add.rb
|
25
25
|
- lib/chef/knife/acl_base.rb
|
26
|
+
- lib/chef/knife/acl_bulk_add.rb
|
27
|
+
- lib/chef/knife/acl_bulk_remove.rb
|
26
28
|
- lib/chef/knife/acl_remove.rb
|
27
29
|
- lib/chef/knife/acl_show.rb
|
28
|
-
- lib/chef/knife/
|
29
|
-
- lib/chef/knife/group_add_actor.rb
|
30
|
+
- lib/chef/knife/group_add.rb
|
30
31
|
- lib/chef/knife/group_create.rb
|
31
32
|
- lib/chef/knife/group_destroy.rb
|
32
33
|
- lib/chef/knife/group_list.rb
|
33
|
-
- lib/chef/knife/
|
34
|
+
- lib/chef/knife/group_remove.rb
|
34
35
|
- lib/chef/knife/group_show.rb
|
35
36
|
- lib/chef/knife/user_dissociate.rb
|
36
37
|
- lib/chef/knife/user_invite_add.rb
|
@@ -39,29 +40,28 @@ files:
|
|
39
40
|
- lib/chef/knife/user_list.rb
|
40
41
|
- lib/chef/knife/user_show.rb
|
41
42
|
- lib/knife-acl/version.rb
|
42
|
-
homepage: https://github.com/
|
43
|
+
homepage: https://github.com/chef/knife-acl
|
43
44
|
licenses: []
|
45
|
+
metadata: {}
|
44
46
|
post_install_message:
|
45
47
|
rdoc_options: []
|
46
48
|
require_paths:
|
47
49
|
- lib
|
48
50
|
required_ruby_version: !ruby/object:Gem::Requirement
|
49
|
-
none: false
|
50
51
|
requirements:
|
51
|
-
- -
|
52
|
+
- - ">="
|
52
53
|
- !ruby/object:Gem::Version
|
53
54
|
version: '0'
|
54
55
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
55
|
-
none: false
|
56
56
|
requirements:
|
57
|
-
- -
|
57
|
+
- - ">"
|
58
58
|
- !ruby/object:Gem::Version
|
59
|
-
version:
|
59
|
+
version: 1.3.1
|
60
60
|
requirements: []
|
61
61
|
rubyforge_project:
|
62
|
-
rubygems_version:
|
62
|
+
rubygems_version: 2.4.4
|
63
63
|
signing_key:
|
64
|
-
specification_version:
|
65
|
-
summary:
|
64
|
+
specification_version: 4
|
65
|
+
summary: Knife plugin to manupulate Chef server access control lists
|
66
66
|
test_files: []
|
67
67
|
has_rdoc:
|
data/lib/chef/knife/actor_map.rb
DELETED
@@ -1,57 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Seth Falcon (<seth@opscode.com>)
|
3
|
-
# Copyright:: Copyright 2011--2014 Chef Software, Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
#
|
18
|
-
|
19
|
-
module OpscodeAcl
|
20
|
-
class ActorMap < Chef::Knife
|
21
|
-
category "OPSCODE HOSTED CHEF ACCESS CONTROL"
|
22
|
-
banner "knife actor map"
|
23
|
-
|
24
|
-
# writes a yaml file to current working directly named
|
25
|
-
# 'actor-map.yaml'
|
26
|
-
# group add/remove operations will read this file
|
27
|
-
#
|
28
|
-
deps do
|
29
|
-
require 'pp'
|
30
|
-
require 'yaml'
|
31
|
-
end
|
32
|
-
|
33
|
-
def run
|
34
|
-
chef_rest = Chef::REST.new(Chef::Config[:chef_server_url])
|
35
|
-
usags = chef_rest.get_rest("groups").keys.select do |gname|
|
36
|
-
gname.length == 32 && gname =~ /^[0-9a-f]+$/
|
37
|
-
end
|
38
|
-
user_map = {:users => {}, :usags => {}}
|
39
|
-
user_map = usags.inject(user_map) do |map, usag|
|
40
|
-
a_group = chef_rest.get_rest("groups/#{usag}")
|
41
|
-
actors = a_group["actors"]
|
42
|
-
if actors.length == 1
|
43
|
-
user_map[:users][actors.first] = usag
|
44
|
-
user_map[:usags][usag] = actors.first
|
45
|
-
end
|
46
|
-
user_map
|
47
|
-
end
|
48
|
-
clients = chef_rest.get_rest("clients").keys.inject({}) { |h, c| h[c] = c; h }
|
49
|
-
open("actor-map.yaml", "w") do |f|
|
50
|
-
f.write({ :user_map => user_map, :clients => clients }.to_yaml)
|
51
|
-
end
|
52
|
-
ui.msg "Found %d users and %d clients" % [user_map[:users].size, clients.size]
|
53
|
-
ui.msg "wrote map to 'actor-map.yaml'"
|
54
|
-
end
|
55
|
-
end
|
56
|
-
end
|
57
|
-
|
@@ -1,89 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Seth Falcon (<seth@opscode.com>)
|
3
|
-
# Copyright:: Copyright 2011--2014 Chef Software, Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
#
|
18
|
-
|
19
|
-
module OpscodeAcl
|
20
|
-
class GroupAddActor < Chef::Knife
|
21
|
-
category "OPSCODE HOSTED CHEF ACCESS CONTROL"
|
22
|
-
banner "knife group add actor GROUP ACTOR"
|
23
|
-
attr_reader :actor_name, :group_name, :user_map, :clients
|
24
|
-
deps do
|
25
|
-
require 'yaml'
|
26
|
-
end
|
27
|
-
|
28
|
-
def run
|
29
|
-
if !File.exists?("actor-map.yaml")
|
30
|
-
ui.error "unable to find 'actor-map.yaml'. Run 'knife actor map' and try again."
|
31
|
-
exit 1
|
32
|
-
end
|
33
|
-
actor_map = YAML.load(IO.read("actor-map.yaml"))
|
34
|
-
@user_map = actor_map[:user_map]
|
35
|
-
@clients = actor_map[:clients]
|
36
|
-
@group_name = name_args[0]
|
37
|
-
@actor_name = name_args[1]
|
38
|
-
|
39
|
-
if !group_name || !actor_name
|
40
|
-
ui.error "must specify GROUP and ACTOR"
|
41
|
-
exit 1
|
42
|
-
end
|
43
|
-
find_actor_in_map
|
44
|
-
@chef_rest = Chef::REST.new(Chef::Config[:chef_server_url])
|
45
|
-
group = @chef_rest.get_rest("groups/#{group_name}")
|
46
|
-
save_group(group)
|
47
|
-
end
|
48
|
-
|
49
|
-
def save_group(group)
|
50
|
-
new_group = make_group_for_put(group)
|
51
|
-
@chef_rest.put_rest("groups/#{new_group["groupname"]}", new_group)
|
52
|
-
end
|
53
|
-
|
54
|
-
def make_group_for_put(existing_group)
|
55
|
-
new_group = {
|
56
|
-
"groupname" => existing_group["groupname"],
|
57
|
-
"orgname" => existing_group["orgname"],
|
58
|
-
"actors" => {
|
59
|
-
# users are added to groups via the user's USAG so we never
|
60
|
-
# modify the users directly
|
61
|
-
"users" => existing_group["users"],
|
62
|
-
"clients" => maybe_add_actor(:client, existing_group["clients"]),
|
63
|
-
"groups" => maybe_add_actor(:user, existing_group["groups"])
|
64
|
-
}
|
65
|
-
}
|
66
|
-
end
|
67
|
-
|
68
|
-
def maybe_add_actor(type, actors)
|
69
|
-
new_actors = actors.dup
|
70
|
-
if @actor_type == type && !new_actors.include?(@actor_id)
|
71
|
-
new_actors << @actor_id
|
72
|
-
end
|
73
|
-
new_actors
|
74
|
-
end
|
75
|
-
|
76
|
-
def find_actor_in_map
|
77
|
-
@actor_type, @actor_id = if user_map[:users][actor_name]
|
78
|
-
[:user, user_map[:users][actor_name]]
|
79
|
-
else
|
80
|
-
[:client, clients[actor_name]]
|
81
|
-
end
|
82
|
-
if @actor_id.nil?
|
83
|
-
ui.error("no user or client named '#{actor_name}' in actor-map.yaml")
|
84
|
-
exit 1
|
85
|
-
end
|
86
|
-
true
|
87
|
-
end
|
88
|
-
end
|
89
|
-
end
|
@@ -1,86 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Seth Falcon (<seth@opscode.com>)
|
3
|
-
# Copyright:: Copyright 2011--2014 Chef Software, Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
#
|
18
|
-
|
19
|
-
module OpscodeAcl
|
20
|
-
class GroupRemoveActor < Chef::Knife
|
21
|
-
category "OPSCODE HOSTED CHEF ACCESS CONTROL"
|
22
|
-
banner "knife group remove actor GROUP ACTOR"
|
23
|
-
attr_reader :actor_name, :group_name, :user_map, :clients
|
24
|
-
deps do
|
25
|
-
require 'yaml'
|
26
|
-
end
|
27
|
-
|
28
|
-
def run
|
29
|
-
if !File.exists?("actor-map.yaml")
|
30
|
-
ui.error "unable to find 'actor-map.yaml'. Run 'knife actor map' and try again."
|
31
|
-
exit 1
|
32
|
-
end
|
33
|
-
actor_map = YAML.load(IO.read("actor-map.yaml"))
|
34
|
-
@user_map = actor_map[:user_map]
|
35
|
-
@clients = actor_map[:clients]
|
36
|
-
@group_name = name_args[0]
|
37
|
-
@actor_name = name_args[1]
|
38
|
-
|
39
|
-
if !group_name || !actor_name
|
40
|
-
ui.error "must specify GROUP and ACTOR"
|
41
|
-
exit 1
|
42
|
-
end
|
43
|
-
find_actor_in_map
|
44
|
-
@chef_rest = Chef::REST.new(Chef::Config[:chef_server_url])
|
45
|
-
group = @chef_rest.get_rest("groups/#{group_name}")
|
46
|
-
case @actor_type
|
47
|
-
when :user
|
48
|
-
group["groups"].delete(@actor_id)
|
49
|
-
group["users"].delete(actor_name)
|
50
|
-
when :client
|
51
|
-
group["clients"].delete(@actor_id)
|
52
|
-
end
|
53
|
-
save_group(group)
|
54
|
-
end
|
55
|
-
|
56
|
-
def save_group(group)
|
57
|
-
new_group = make_group_for_put(group)
|
58
|
-
@chef_rest.put_rest("groups/#{new_group["groupname"]}", new_group)
|
59
|
-
end
|
60
|
-
|
61
|
-
def make_group_for_put(existing_group)
|
62
|
-
new_group = {
|
63
|
-
"groupname" => existing_group["groupname"],
|
64
|
-
"orgname" => existing_group["orgname"],
|
65
|
-
"actors" => {
|
66
|
-
"clients" => existing_group["clients"],
|
67
|
-
"groups" => existing_group["groups"],
|
68
|
-
"users" => existing_group["users"]
|
69
|
-
}
|
70
|
-
}
|
71
|
-
end
|
72
|
-
|
73
|
-
def find_actor_in_map
|
74
|
-
@actor_type, @actor_id = if user_map[:users][actor_name]
|
75
|
-
[:user, user_map[:users][actor_name]]
|
76
|
-
else
|
77
|
-
[:client, clients[actor_name]]
|
78
|
-
end
|
79
|
-
if @actor_id.nil?
|
80
|
-
ui.error("no user or client named '#{actor_name}' in actor-map.yaml")
|
81
|
-
exit 1
|
82
|
-
end
|
83
|
-
true
|
84
|
-
end
|
85
|
-
end
|
86
|
-
end
|