knife-acl 1.0.0.beta.1 → 1.0.0.beta.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +30 -31
- data/lib/chef/knife/acl_add.rb +3 -3
- data/lib/chef/knife/acl_bulk_add.rb +3 -3
- data/lib/knife-acl/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 174599014d6ef8d93702ff667cb9b7fd9bc6e055
|
|
4
|
+
data.tar.gz: 07e002e9237edca95c83b94dff0d8cf17ab0869f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fe7443471d7a78e690ed917451b4b5528832a1920973a6e4b3431c42ff29e32a133efe718568d9307543b6584c5c31f1e87ea384674e51be3cc1bbce4a61a6ec
|
|
7
|
+
data.tar.gz: 9d1e77debcb4f99cf83bf2ace9e166fc374bf070bb8abc3bec2b5f0b892d354926e8ad9253b174561002248225febeeb42688be40d6c85e7ee3c6a068dd56b03
|
data/README.md
CHANGED
|
@@ -9,30 +9,18 @@ All commands assume a working knife configuration for an admin user of a Chef or
|
|
|
9
9
|
|
|
10
10
|
Reference:
|
|
11
11
|
|
|
12
|
-
1. [Chef Server Permissions](
|
|
13
|
-
2. [Chef Server
|
|
12
|
+
1. [Chef Server Permissions PDF](https://github.com/chef/chef-server/blob/master/doc/ChefServerPermissions_v1.3.pdf)
|
|
13
|
+
2. [Chef Server Permissions Docs](http://docs.chef.io/server/server_orgs.html#permissions)
|
|
14
|
+
3. [Chef Server Groups Docs](http://docs.chef.io/server/server_orgs.html#groups)
|
|
14
15
|
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
This knife plugin is packaged as a gem. To install it, enter the
|
|
18
|
-
following:
|
|
16
|
+
### Installation
|
|
19
17
|
|
|
20
18
|
The 1.0.0.beta version of knife-acl is currently recommended so be sure
|
|
21
19
|
to tell the gem command to install the prerelease.
|
|
22
20
|
|
|
23
|
-
|
|
24
|
-
chef gem install knife-acl --pre
|
|
25
|
-
|
|
26
|
-
#### Omnibus installed chef on a workstation
|
|
27
|
-
/opt/chef/embedded/bin/gem install knife-acl --pre
|
|
28
|
-
|
|
29
|
-
#### Gem installed chef on a workstation
|
|
30
|
-
gem install knife-acl --pre
|
|
31
|
-
|
|
32
|
-
#### Opscode Enterprise Chef (OPC) Directly on the active backend
|
|
33
|
-
as root:
|
|
21
|
+
Install into [Chef DK](https://downloads.chef.io/chef-dk/).
|
|
34
22
|
|
|
35
|
-
|
|
23
|
+
chef gem install knife-acl --pre
|
|
36
24
|
|
|
37
25
|
### _Warning about Users group_
|
|
38
26
|
|
|
@@ -76,12 +64,13 @@ default values.
|
|
|
76
64
|
|
|
77
65
|
#### Permissions Management Best Practice
|
|
78
66
|
|
|
79
|
-
The best practice for managing permissions is to only add
|
|
80
|
-
|
|
81
|
-
a
|
|
82
|
-
|
|
67
|
+
The best practice for managing permissions is to only add clients and groups to an objects' permissions.
|
|
68
|
+
|
|
69
|
+
Adding a user to an objects' permissions is possible by first adding the group to the permissions and
|
|
70
|
+
then adding the user to the group. This is much easier to maintain when compared to adding
|
|
71
|
+
individual users to each objects' permissions.
|
|
83
72
|
|
|
84
|
-
To enforce this the `knife acl add` and `knife acl bulk add` commands can only add a group
|
|
73
|
+
To enforce this the `knife acl add` and `knife acl bulk add` commands can only add a client or a group
|
|
85
74
|
to an objects' permissions.
|
|
86
75
|
|
|
87
76
|
If a group ever needs to be removed from the permissions of all objects the group can simply
|
|
@@ -233,12 +222,17 @@ named "web.example.com":
|
|
|
233
222
|
|
|
234
223
|
knife acl show nodes web.example.com
|
|
235
224
|
|
|
236
|
-
## knife acl add
|
|
225
|
+
## knife acl add MEMBER_TYPE MEMBER_NAME OBJECT_TYPE OBJECT_NAME PERMS
|
|
237
226
|
|
|
238
|
-
The best practice is to only add groups to ACLs. To enforce this best practice
|
|
239
|
-
the `knife acl add` command is only able to add
|
|
227
|
+
The best practice is to only add clients and groups to ACLs. To enforce this best practice
|
|
228
|
+
the `knife acl add` command is only able to add a client or a group to ACLs.
|
|
229
|
+
|
|
230
|
+
Valid `MEMBER_TYPE` values are
|
|
240
231
|
|
|
241
|
-
|
|
232
|
+
- client
|
|
233
|
+
- group
|
|
234
|
+
|
|
235
|
+
Add `MEMBER_NAME` to the `PERMS` access control entry of `OBJECT_NAME`.
|
|
242
236
|
Objects are specified by the combination of their type and name.
|
|
243
237
|
|
|
244
238
|
Valid `OBJECT_TYPE` values are
|
|
@@ -268,12 +262,17 @@ the ability to delete and update the node called "web.example.com":
|
|
|
268
262
|
|
|
269
263
|
knife acl add group superusers nodes web.example.com delete,update
|
|
270
264
|
|
|
271
|
-
## knife acl bulk add
|
|
265
|
+
## knife acl bulk add MEMBER_TYPE MEMBER_NAME OBJECT_TYPE REGEX PERMS
|
|
266
|
+
|
|
267
|
+
The best practice is to only add clients and groups to ACLs. To enforce this best practice
|
|
268
|
+
the `knife acl bulk add` command is only able to add a client or a group to ACLs.
|
|
272
269
|
|
|
273
|
-
|
|
274
|
-
|
|
270
|
+
Valid `MEMBER_TYPE` values are
|
|
271
|
+
|
|
272
|
+
- client
|
|
273
|
+
- group
|
|
275
274
|
|
|
276
|
-
Add `
|
|
275
|
+
Add `MEMBER_NAME` to the `PERMS` access control entry for each object in a
|
|
277
276
|
set of objects of `OBJECT_TYPE`.
|
|
278
277
|
|
|
279
278
|
The set of objects are specified by matching the objects' names with the
|
data/lib/chef/knife/acl_add.rb
CHANGED
|
@@ -31,12 +31,12 @@ module OpscodeAcl
|
|
|
31
31
|
|
|
32
32
|
if name_args.length != 5
|
|
33
33
|
show_usage
|
|
34
|
-
ui.fatal "You must specify the member type [group], member name, object type, object name and perms"
|
|
34
|
+
ui.fatal "You must specify the member type [client|group], member name, object type, object name and perms"
|
|
35
35
|
exit 1
|
|
36
36
|
end
|
|
37
37
|
|
|
38
|
-
unless
|
|
39
|
-
ui.fatal "ERROR: To enforce best practice, knife-acl can only add a group to an ACL."
|
|
38
|
+
unless %w(client group).include?(member_type)
|
|
39
|
+
ui.fatal "ERROR: To enforce best practice, knife-acl can only add a client or a group to an ACL."
|
|
40
40
|
ui.fatal " See the knife-acl README for more information."
|
|
41
41
|
exit 1
|
|
42
42
|
end
|
|
@@ -31,12 +31,12 @@ module OpscodeAcl
|
|
|
31
31
|
|
|
32
32
|
if name_args.length != 5
|
|
33
33
|
show_usage
|
|
34
|
-
ui.fatal "You must specify the member type [group], member name, object type, object name REGEX and perms"
|
|
34
|
+
ui.fatal "You must specify the member type [client|group], member name, object type, object name REGEX and perms"
|
|
35
35
|
exit 1
|
|
36
36
|
end
|
|
37
37
|
|
|
38
|
-
unless
|
|
39
|
-
ui.fatal "ERROR: To enforce best practice, knife-acl can only add a group to an ACL."
|
|
38
|
+
unless %w(client group).include?(member_type)
|
|
39
|
+
ui.fatal "ERROR: To enforce best practice, knife-acl can only add a client or a group to an ACL."
|
|
40
40
|
ui.fatal " See the knife-acl README for more information."
|
|
41
41
|
exit 1
|
|
42
42
|
end
|
data/lib/knife-acl/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: knife-acl
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.0.beta.
|
|
4
|
+
version: 1.0.0.beta.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Seth Falcon
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2015-
|
|
12
|
+
date: 2015-11-05 00:00:00.000000000 Z
|
|
13
13
|
dependencies: []
|
|
14
14
|
description: Knife plugin to manupulate Chef server access control lists
|
|
15
15
|
email: support@chef.io
|
|
@@ -59,7 +59,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
59
59
|
version: 1.3.1
|
|
60
60
|
requirements: []
|
|
61
61
|
rubyforge_project:
|
|
62
|
-
rubygems_version: 2.4.
|
|
62
|
+
rubygems_version: 2.4.8
|
|
63
63
|
signing_key:
|
|
64
64
|
specification_version: 4
|
|
65
65
|
summary: Knife plugin to manupulate Chef server access control lists
|