knife-acl 1.0.0.beta.1 → 1.0.0.beta.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +30 -31
- data/lib/chef/knife/acl_add.rb +3 -3
- data/lib/chef/knife/acl_bulk_add.rb +3 -3
- data/lib/knife-acl/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 174599014d6ef8d93702ff667cb9b7fd9bc6e055
|
|
4
|
+
data.tar.gz: 07e002e9237edca95c83b94dff0d8cf17ab0869f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fe7443471d7a78e690ed917451b4b5528832a1920973a6e4b3431c42ff29e32a133efe718568d9307543b6584c5c31f1e87ea384674e51be3cc1bbce4a61a6ec
|
|
7
|
+
data.tar.gz: 9d1e77debcb4f99cf83bf2ace9e166fc374bf070bb8abc3bec2b5f0b892d354926e8ad9253b174561002248225febeeb42688be40d6c85e7ee3c6a068dd56b03
|
data/README.md
CHANGED
|
@@ -9,30 +9,18 @@ All commands assume a working knife configuration for an admin user of a Chef or
|
|
|
9
9
|
|
|
10
10
|
Reference:
|
|
11
11
|
|
|
12
|
-
1. [Chef Server Permissions](
|
|
13
|
-
2. [Chef Server
|
|
12
|
+
1. [Chef Server Permissions PDF](https://github.com/chef/chef-server/blob/master/doc/ChefServerPermissions_v1.3.pdf)
|
|
13
|
+
2. [Chef Server Permissions Docs](http://docs.chef.io/server/server_orgs.html#permissions)
|
|
14
|
+
3. [Chef Server Groups Docs](http://docs.chef.io/server/server_orgs.html#groups)
|
|
14
15
|
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
This knife plugin is packaged as a gem. To install it, enter the
|
|
18
|
-
following:
|
|
16
|
+
### Installation
|
|
19
17
|
|
|
20
18
|
The 1.0.0.beta version of knife-acl is currently recommended so be sure
|
|
21
19
|
to tell the gem command to install the prerelease.
|
|
22
20
|
|
|
23
|
-
|
|
24
|
-
chef gem install knife-acl --pre
|
|
25
|
-
|
|
26
|
-
#### Omnibus installed chef on a workstation
|
|
27
|
-
/opt/chef/embedded/bin/gem install knife-acl --pre
|
|
28
|
-
|
|
29
|
-
#### Gem installed chef on a workstation
|
|
30
|
-
gem install knife-acl --pre
|
|
31
|
-
|
|
32
|
-
#### Opscode Enterprise Chef (OPC) Directly on the active backend
|
|
33
|
-
as root:
|
|
21
|
+
Install into [Chef DK](https://downloads.chef.io/chef-dk/).
|
|
34
22
|
|
|
35
|
-
|
|
23
|
+
chef gem install knife-acl --pre
|
|
36
24
|
|
|
37
25
|
### _Warning about Users group_
|
|
38
26
|
|
|
@@ -76,12 +64,13 @@ default values.
|
|
|
76
64
|
|
|
77
65
|
#### Permissions Management Best Practice
|
|
78
66
|
|
|
79
|
-
The best practice for managing permissions is to only add
|
|
80
|
-
|
|
81
|
-
a
|
|
82
|
-
|
|
67
|
+
The best practice for managing permissions is to only add clients and groups to an objects' permissions.
|
|
68
|
+
|
|
69
|
+
Adding a user to an objects' permissions is possible by first adding the group to the permissions and
|
|
70
|
+
then adding the user to the group. This is much easier to maintain when compared to adding
|
|
71
|
+
individual users to each objects' permissions.
|
|
83
72
|
|
|
84
|
-
To enforce this the `knife acl add` and `knife acl bulk add` commands can only add a group
|
|
73
|
+
To enforce this the `knife acl add` and `knife acl bulk add` commands can only add a client or a group
|
|
85
74
|
to an objects' permissions.
|
|
86
75
|
|
|
87
76
|
If a group ever needs to be removed from the permissions of all objects the group can simply
|
|
@@ -233,12 +222,17 @@ named "web.example.com":
|
|
|
233
222
|
|
|
234
223
|
knife acl show nodes web.example.com
|
|
235
224
|
|
|
236
|
-
## knife acl add
|
|
225
|
+
## knife acl add MEMBER_TYPE MEMBER_NAME OBJECT_TYPE OBJECT_NAME PERMS
|
|
237
226
|
|
|
238
|
-
The best practice is to only add groups to ACLs. To enforce this best practice
|
|
239
|
-
the `knife acl add` command is only able to add
|
|
227
|
+
The best practice is to only add clients and groups to ACLs. To enforce this best practice
|
|
228
|
+
the `knife acl add` command is only able to add a client or a group to ACLs.
|
|
229
|
+
|
|
230
|
+
Valid `MEMBER_TYPE` values are
|
|
240
231
|
|
|
241
|
-
|
|
232
|
+
- client
|
|
233
|
+
- group
|
|
234
|
+
|
|
235
|
+
Add `MEMBER_NAME` to the `PERMS` access control entry of `OBJECT_NAME`.
|
|
242
236
|
Objects are specified by the combination of their type and name.
|
|
243
237
|
|
|
244
238
|
Valid `OBJECT_TYPE` values are
|
|
@@ -268,12 +262,17 @@ the ability to delete and update the node called "web.example.com":
|
|
|
268
262
|
|
|
269
263
|
knife acl add group superusers nodes web.example.com delete,update
|
|
270
264
|
|
|
271
|
-
## knife acl bulk add
|
|
265
|
+
## knife acl bulk add MEMBER_TYPE MEMBER_NAME OBJECT_TYPE REGEX PERMS
|
|
266
|
+
|
|
267
|
+
The best practice is to only add clients and groups to ACLs. To enforce this best practice
|
|
268
|
+
the `knife acl bulk add` command is only able to add a client or a group to ACLs.
|
|
272
269
|
|
|
273
|
-
|
|
274
|
-
|
|
270
|
+
Valid `MEMBER_TYPE` values are
|
|
271
|
+
|
|
272
|
+
- client
|
|
273
|
+
- group
|
|
275
274
|
|
|
276
|
-
Add `
|
|
275
|
+
Add `MEMBER_NAME` to the `PERMS` access control entry for each object in a
|
|
277
276
|
set of objects of `OBJECT_TYPE`.
|
|
278
277
|
|
|
279
278
|
The set of objects are specified by matching the objects' names with the
|
data/lib/chef/knife/acl_add.rb
CHANGED
|
@@ -31,12 +31,12 @@ module OpscodeAcl
|
|
|
31
31
|
|
|
32
32
|
if name_args.length != 5
|
|
33
33
|
show_usage
|
|
34
|
-
ui.fatal "You must specify the member type [group], member name, object type, object name and perms"
|
|
34
|
+
ui.fatal "You must specify the member type [client|group], member name, object type, object name and perms"
|
|
35
35
|
exit 1
|
|
36
36
|
end
|
|
37
37
|
|
|
38
|
-
unless
|
|
39
|
-
ui.fatal "ERROR: To enforce best practice, knife-acl can only add a group to an ACL."
|
|
38
|
+
unless %w(client group).include?(member_type)
|
|
39
|
+
ui.fatal "ERROR: To enforce best practice, knife-acl can only add a client or a group to an ACL."
|
|
40
40
|
ui.fatal " See the knife-acl README for more information."
|
|
41
41
|
exit 1
|
|
42
42
|
end
|
|
@@ -31,12 +31,12 @@ module OpscodeAcl
|
|
|
31
31
|
|
|
32
32
|
if name_args.length != 5
|
|
33
33
|
show_usage
|
|
34
|
-
ui.fatal "You must specify the member type [group], member name, object type, object name REGEX and perms"
|
|
34
|
+
ui.fatal "You must specify the member type [client|group], member name, object type, object name REGEX and perms"
|
|
35
35
|
exit 1
|
|
36
36
|
end
|
|
37
37
|
|
|
38
|
-
unless
|
|
39
|
-
ui.fatal "ERROR: To enforce best practice, knife-acl can only add a group to an ACL."
|
|
38
|
+
unless %w(client group).include?(member_type)
|
|
39
|
+
ui.fatal "ERROR: To enforce best practice, knife-acl can only add a client or a group to an ACL."
|
|
40
40
|
ui.fatal " See the knife-acl README for more information."
|
|
41
41
|
exit 1
|
|
42
42
|
end
|
data/lib/knife-acl/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: knife-acl
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.0.beta.
|
|
4
|
+
version: 1.0.0.beta.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Seth Falcon
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2015-
|
|
12
|
+
date: 2015-11-05 00:00:00.000000000 Z
|
|
13
13
|
dependencies: []
|
|
14
14
|
description: Knife plugin to manupulate Chef server access control lists
|
|
15
15
|
email: support@chef.io
|
|
@@ -59,7 +59,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
59
59
|
version: 1.3.1
|
|
60
60
|
requirements: []
|
|
61
61
|
rubyforge_project:
|
|
62
|
-
rubygems_version: 2.4.
|
|
62
|
+
rubygems_version: 2.4.8
|
|
63
63
|
signing_key:
|
|
64
64
|
specification_version: 4
|
|
65
65
|
summary: Knife plugin to manupulate Chef server access control lists
|