knife-acl 1.0.2 → 1.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +14 -3
- data/lib/chef/knife/acl_add.rb +2 -2
- data/lib/chef/knife/acl_base.rb +17 -7
- data/lib/chef/knife/acl_bulk_add.rb +1 -1
- data/lib/chef/knife/acl_bulk_remove.rb +1 -1
- data/lib/chef/knife/acl_remove.rb +2 -2
- data/lib/chef/knife/acl_show.rb +10 -2
- data/lib/chef/knife/group_add.rb +1 -1
- data/lib/chef/knife/group_create.rb +2 -2
- data/lib/chef/knife/group_destroy.rb +2 -2
- data/lib/chef/knife/group_list.rb +2 -2
- data/lib/chef/knife/group_remove.rb +1 -1
- data/lib/chef/knife/group_show.rb +2 -2
- data/lib/chef/knife/user_dissociate.rb +2 -2
- data/lib/chef/knife/user_invite_add.rb +2 -2
- data/lib/chef/knife/user_invite_list.rb +2 -2
- data/lib/chef/knife/user_invite_recind.rb +2 -2
- data/lib/chef/knife/user_list.rb +3 -3
- data/lib/chef/knife/user_show.rb +2 -2
- data/lib/knife-acl/version.rb +1 -1
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7b20c4e70c404b3dfdc0238406b653168047c862
|
|
4
|
+
data.tar.gz: 34507d1236c7c0027dc4a774aa252ba0e3f4f34a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0135c44d7e10b6f1614f3f7f00d0dd711f97707ce6f1b69eed057ad7f50e60c4dc5e1e288903ad8e44f060d8660224c58d7e9ab908d0060be0b03be4de524f52
|
|
7
|
+
data.tar.gz: b77b9b865d6291356250578edb2c0899d1c57160c3ccab25322dcb6266eea45a030a317fd7961df6770bef2867e77aa47abf6f9e15ebdcc58b8b75eeda9bf984
|
data/README.md
CHANGED
|
@@ -10,8 +10,8 @@ All commands assume a working knife configuration for an admin user of a Chef or
|
|
|
10
10
|
Reference:
|
|
11
11
|
|
|
12
12
|
1. [Chef Server Permissions PDF](https://github.com/chef/chef-server/blob/master/doc/ChefServerPermissions_v1.3.pdf)
|
|
13
|
-
2. [Chef Server Permissions Docs](
|
|
14
|
-
3. [Chef Server Groups Docs](
|
|
13
|
+
2. [Chef Server Permissions Docs](https://docs.chef.io/server/server_orgs.html#permissions)
|
|
14
|
+
3. [Chef Server Groups Docs](https://docs.chef.io/server/server_orgs.html#groups)
|
|
15
15
|
|
|
16
16
|
### Installation
|
|
17
17
|
|
|
@@ -378,6 +378,12 @@ knife acl remove group clients containers clients create,read,update,delete,gran
|
|
|
378
378
|
knife acl add group users containers clients read,delete
|
|
379
379
|
knife acl remove group users containers clients create,update,grant
|
|
380
380
|
|
|
381
|
+
knife acl add group admins containers cookbook_artifacts create,read,update,delete,grant
|
|
382
|
+
knife acl add group clients containers cookbook_artifacts read
|
|
383
|
+
knife acl remove group clients containers cookbook_artifacts create,update,delete,grant
|
|
384
|
+
knife acl add group users containers cookbook_artifacts create,read,update,delete
|
|
385
|
+
knife acl remove group users containers cookbook_artifacts grant
|
|
386
|
+
|
|
381
387
|
knife acl add group admins containers cookbooks create,read,update,delete,grant
|
|
382
388
|
knife acl add group clients containers cookbooks read
|
|
383
389
|
knife acl remove group clients containers cookbooks create,update,delete,grant
|
|
@@ -396,6 +402,11 @@ knife acl remove group clients containers environments create,update,delete,gran
|
|
|
396
402
|
knife acl add group users containers environments create,read,update,delete
|
|
397
403
|
knife acl remove group users containers environments grant
|
|
398
404
|
|
|
405
|
+
knife acl add group admins containers groups create,read,update,delete,grant
|
|
406
|
+
knife acl remove group clients containers groups create,read,update,delete,grant
|
|
407
|
+
knife acl add group users containers groups read
|
|
408
|
+
knife acl remove group users containers groups create,update,delete,grant
|
|
409
|
+
|
|
399
410
|
knife acl add group admins containers nodes create,read,update,delete,grant
|
|
400
411
|
knife acl add group clients containers nodes create,read
|
|
401
412
|
knife acl remove group clients containers nodes update,delete,grant
|
|
@@ -430,7 +441,7 @@ knife acl remove group users containers sandboxes read,update,delete,grant
|
|
|
430
441
|
|
|
431
442
|
Unless otherwise specified all works in this repository are
|
|
432
443
|
|
|
433
|
-
Copyright 2013-
|
|
444
|
+
Copyright 2013-2016 Chef Software, Inc.
|
|
434
445
|
|
|
435
446
|
|||
|
|
436
447
|
| ------------- |-------------:|
|
data/lib/chef/knife/acl_add.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Author:: Steven Danna (steve@
|
|
2
|
+
# Author:: Steven Danna (steve@chef.io)
|
|
3
3
|
# Author:: Jeremiah Snapp (jeremiah@chef.io)
|
|
4
|
-
# Copyright:: Copyright 2011
|
|
4
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
5
5
|
# License:: Apache License, Version 2.0
|
|
6
6
|
#
|
|
7
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
data/lib/chef/knife/acl_base.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Author:: Steven Danna (steve@
|
|
2
|
+
# Author:: Steven Danna (steve@chef.io)
|
|
3
3
|
# Author:: Jeremiah Snapp (<jeremiah@chef.io>)
|
|
4
|
-
# Copyright:: Copyright 2011
|
|
4
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
5
5
|
# License:: Apache License, Version 2.0
|
|
6
6
|
#
|
|
7
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -77,7 +77,7 @@ module OpscodeAcl
|
|
|
77
77
|
end
|
|
78
78
|
|
|
79
79
|
def get_acl(object_type, object_name)
|
|
80
|
-
rest.get_rest("#{object_type}/#{object_name}/_acl")
|
|
80
|
+
rest.get_rest("#{object_type}/#{object_name}/_acl?detail=granular")
|
|
81
81
|
end
|
|
82
82
|
|
|
83
83
|
def get_ace(object_type, object_name, perm)
|
|
@@ -92,8 +92,16 @@ module OpscodeAcl
|
|
|
92
92
|
|
|
93
93
|
case member_type
|
|
94
94
|
when "client", "user"
|
|
95
|
-
|
|
96
|
-
|
|
95
|
+
# Our PUT body depends on the type of reply we get from _acl?detail=granular
|
|
96
|
+
# When the server replies with json attributes 'users' and 'clients',
|
|
97
|
+
# we'll want to modify entries under the same keys they arrived.- their presence
|
|
98
|
+
# in the body tells us that CS will accept them in a PUT.
|
|
99
|
+
# Older version of chef-server will continue to use 'actors' for a combined list
|
|
100
|
+
# and expect the same in the body.
|
|
101
|
+
key = "#{member_type}s"
|
|
102
|
+
key = 'actors' unless ace.has_key? key
|
|
103
|
+
next if ace[key].include?(member_name)
|
|
104
|
+
ace[key] << member_name
|
|
97
105
|
when "group"
|
|
98
106
|
next if ace['groups'].include?(member_name)
|
|
99
107
|
ace['groups'] << member_name
|
|
@@ -111,8 +119,10 @@ module OpscodeAcl
|
|
|
111
119
|
|
|
112
120
|
case member_type
|
|
113
121
|
when "client", "user"
|
|
114
|
-
|
|
115
|
-
|
|
122
|
+
key = "#{member_type}s"
|
|
123
|
+
key = 'actors' unless ace.has_key? key
|
|
124
|
+
next unless ace[key].include?(member_name)
|
|
125
|
+
ace[key].delete(member_name)
|
|
116
126
|
when "group"
|
|
117
127
|
next unless ace['groups'].include?(member_name)
|
|
118
128
|
ace['groups'].delete(member_name)
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#
|
|
2
2
|
# Author:: Jeremiah Snapp (jeremiah@chef.io)
|
|
3
|
-
# Copyright:: Copyright 2011
|
|
3
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
4
4
|
# License:: Apache License, Version 2.0
|
|
5
5
|
#
|
|
6
6
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#
|
|
2
2
|
# Author:: Jeremiah Snapp (jeremiah@chef.io)
|
|
3
|
-
# Copyright:: Copyright 2011
|
|
3
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
4
4
|
# License:: Apache License, Version 2.0
|
|
5
5
|
#
|
|
6
6
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Author:: Steven Danna (steve@
|
|
2
|
+
# Author:: Steven Danna (steve@chef.io)
|
|
3
3
|
# Author:: Jeremiah Snapp (jeremiah@chef.io)
|
|
4
|
-
# Copyright:: Copyright 2011
|
|
4
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
5
5
|
# License:: Apache License, Version 2.0
|
|
6
6
|
#
|
|
7
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
data/lib/chef/knife/acl_show.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Author:: Steven Danna (steve@
|
|
3
|
-
# Copyright:: Copyright 2011
|
|
2
|
+
# Author:: Steven Danna (steve@chef.io)
|
|
3
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
4
4
|
# License:: Apache License, Version 2.0
|
|
5
5
|
#
|
|
6
6
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -38,6 +38,14 @@ module OpscodeAcl
|
|
|
38
38
|
validate_object_type!(object_type)
|
|
39
39
|
validate_object_name!(object_name)
|
|
40
40
|
acl = get_acl(object_type, object_name)
|
|
41
|
+
PERM_TYPES.each do |perm|
|
|
42
|
+
# Filter out the actors field if we have
|
|
43
|
+
# users and clients. Note that if one is present,
|
|
44
|
+
# both will be - but we're checking both for completeness.
|
|
45
|
+
if acl[perm].has_key?('users') && acl[perm].has_key?('clients')
|
|
46
|
+
acl[perm].delete 'actors'
|
|
47
|
+
end
|
|
48
|
+
end
|
|
41
49
|
ui.output acl
|
|
42
50
|
end
|
|
43
51
|
end
|
data/lib/chef/knife/group_add.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#
|
|
2
2
|
# Author:: Seth Falcon (<seth@chef.io>)
|
|
3
3
|
# Author:: Jeremiah Snapp (<jeremiah@chef.io>)
|
|
4
|
-
# Copyright:: Copyright 2011
|
|
4
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
5
5
|
# License:: Apache License, Version 2.0
|
|
6
6
|
#
|
|
7
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Author:: Seth Falcon (<seth@
|
|
2
|
+
# Author:: Seth Falcon (<seth@chef.io>)
|
|
3
3
|
# Author:: Jeremiah Snapp (<jeremiah@chef.io>)
|
|
4
|
-
# Copyright:: Copyright 2011
|
|
4
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
5
5
|
# License:: Apache License, Version 2.0
|
|
6
6
|
#
|
|
7
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Author:: Christopher Maier (<cm@
|
|
2
|
+
# Author:: Christopher Maier (<cm@chef.io>)
|
|
3
3
|
# Author:: Jeremiah Snapp (<jeremiah@chef.io>)
|
|
4
|
-
# Copyright:: Copyright 2015
|
|
4
|
+
# Copyright:: Copyright 2015-2016 Chef Software, Inc.
|
|
5
5
|
# License:: Apache License, Version 2.0
|
|
6
6
|
#
|
|
7
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Author:: Seth Falcon (<seth@
|
|
2
|
+
# Author:: Seth Falcon (<seth@chef.io>)
|
|
3
3
|
# Author:: Jeremiah Snapp (<jeremiah@chef.io>)
|
|
4
|
-
# Copyright:: Copyright 2011
|
|
4
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
5
5
|
# License:: Apache License, Version 2.0
|
|
6
6
|
#
|
|
7
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#
|
|
2
2
|
# Author:: Seth Falcon (<seth@chef.io>)
|
|
3
3
|
# Author:: Jeremiah Snapp (<jeremiah@chef.io>)
|
|
4
|
-
# Copyright:: Copyright 2011
|
|
4
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
5
5
|
# License:: Apache License, Version 2.0
|
|
6
6
|
#
|
|
7
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Author:: Seth Falcon (<seth@
|
|
2
|
+
# Author:: Seth Falcon (<seth@chef.io>)
|
|
3
3
|
# Author:: Jeremiah Snapp (<jeremiah@chef.io>)
|
|
4
|
-
# Copyright:: Copyright 2011
|
|
4
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
5
5
|
# License:: Apache License, Version 2.0
|
|
6
6
|
#
|
|
7
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Author:: Steven Danna (<steve@
|
|
3
|
-
# Copyright:: Copyright 2011
|
|
2
|
+
# Author:: Steven Danna (<steve@chef.io>)
|
|
3
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
4
4
|
# License:: Apache License, Version 2.0
|
|
5
5
|
#
|
|
6
6
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Author:: Steven Danna (<steve@
|
|
3
|
-
# Copyright:: Copyright 2011
|
|
2
|
+
# Author:: Steven Danna (<steve@chef.io>)
|
|
3
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
4
4
|
# License:: Apache License, Version 2.0
|
|
5
5
|
#
|
|
6
6
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Author:: Steven Danna (<steve@
|
|
3
|
-
# Copyright:: Copyright 2011
|
|
2
|
+
# Author:: Steven Danna (<steve@chef.io>)
|
|
3
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
4
4
|
# License:: Apache License, Version 2.0
|
|
5
5
|
#
|
|
6
6
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Author:: Steven Danna (<steve@
|
|
3
|
-
# Copyright:: Copyright 2011
|
|
2
|
+
# Author:: Steven Danna (<steve@chef.io>)
|
|
3
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
4
4
|
# License:: Apache License, Version 2.0
|
|
5
5
|
#
|
|
6
6
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
data/lib/chef/knife/user_list.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Author:: Seth Falcon (<seth@
|
|
2
|
+
# Author:: Seth Falcon (<seth@chef.io>)
|
|
3
3
|
# Author:: Jeremiah Snapp (<jeremiah@chef.io>)
|
|
4
|
-
# Copyright:: Copyright 2011
|
|
4
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
5
5
|
# License:: Apache License, Version 2.0
|
|
6
6
|
#
|
|
7
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -21,7 +21,7 @@ module OpscodeAcl
|
|
|
21
21
|
class UserList < Chef::Knife
|
|
22
22
|
category "OPSCODE HOSTED CHEF ACCESS CONTROL"
|
|
23
23
|
banner "knife user list"
|
|
24
|
-
|
|
24
|
+
|
|
25
25
|
deps do
|
|
26
26
|
require 'pp'
|
|
27
27
|
end
|
data/lib/chef/knife/user_show.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Author:: Steven Danna (<steve@
|
|
3
|
-
# Copyright:: Copyright 2011
|
|
2
|
+
# Author:: Steven Danna (<steve@chef.io>)
|
|
3
|
+
# Copyright:: Copyright 2011-2016 Chef Software, Inc.
|
|
4
4
|
# License:: Apache License, Version 2.0
|
|
5
5
|
#
|
|
6
6
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
data/lib/knife-acl/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: knife-acl
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Seth Falcon
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2016-01
|
|
12
|
+
date: 2016-09-01 00:00:00.000000000 Z
|
|
13
13
|
dependencies: []
|
|
14
14
|
description: Knife plugin to manupulate Chef server access control lists
|
|
15
15
|
email: support@chef.io
|
|
@@ -59,9 +59,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
59
59
|
version: '0'
|
|
60
60
|
requirements: []
|
|
61
61
|
rubyforge_project:
|
|
62
|
-
rubygems_version: 2.
|
|
62
|
+
rubygems_version: 2.6.6
|
|
63
63
|
signing_key:
|
|
64
64
|
specification_version: 4
|
|
65
65
|
summary: Knife plugin to manupulate Chef server access control lists
|
|
66
66
|
test_files: []
|
|
67
|
-
has_rdoc:
|