knife-opc 0.3.1 → 0.4.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: c54f906018c0289af53b226e2c727b05316d7804
-  data.tar.gz: 80b121d10fbedf271168accbb16d4aa3e4d9bf6a
+SHA256:
+  metadata.gz: d7af88ddccf9a69fbab41970cfeb23bc0f9fd0f0b04451673933115f887c4d27
+  data.tar.gz: c0ab4f3057dcee7b9a5d10d64de463ebb638f3aecb477be696b6b83a3dd2ab8b
 SHA512:
-  metadata.gz: 2924964157951a54db7916efec203806267910954516e1081559684fb0d3d7e1f52a4cccc18b1bce664db08f2726e44ee190a9e7c53e3d2fa66f828fd6b549cb
-  data.tar.gz: 5bf0cb7097e45c2c8665bf53cb2cce2249f8d422f850ca0bfcc73534868889a7b430b95ba864ce0b18e75d8d1958c70fe6f3b23edbe3487b8c2f256aaef6d3d4
+  metadata.gz: 1e4e0abf5f50ff0f8b5eef59551c1e1e2ae341a8e2d4bd31579f77e99c6be410b9257ffd0ff870c5ef4a73e7ef3f6a874c93fa68306c6b1a0dad6dfe89379649
+  data.tar.gz: e220bd8ea974284ac13910b7fe6006d9bfe67a42e2fc87c21031674062b2eb672330c5109fad4303ae8eb7171e1ed4e416766692868941a1f2c90f4d71eef66a

data/lib/chef/knife/opc_org_create.rb

@@ -1,6 +1,6 @@
 #
-# Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Author:: Steven Danna (<steve@chef.io>)
+# Copyright:: Copyright 2011-2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,24 +18,24 @@
 
 module Opc
   class OpcOrgCreate < Chef::Knife
-    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    category "CHEF ORGANIZATION MANAGEMENT"
     banner "knife opc org create ORG_SHORT_NAME ORG_FULL_NAME (options)"
 
     option :filename,
-    :long => '--filename FILENAME',
-    :short => '-f FILENAME',
-    :description => 'Write validator private key to FILENAME rather than STDOUT'
+      long: "--filename FILENAME",
+      short: "-f FILENAME",
+      description: "Write validator private key to FILENAME rather than STDOUT"
 
     option :association_user,
-    :long => '--association_user USERNAME',
-    :short => '-a USERNAME',
-    :description => 'Invite USERNAME to the new organization after creation'
+      long: "--association_user USERNAME",
+      short: "-a USERNAME",
+      description: "Invite USERNAME to the new organization after creation"
 
     attr_accessor :org_name, :org_full_name
 
     deps do
-      require 'chef/org'
-      require 'chef/org/group_operations'
+      require_relative "../org"
+      require_relative "../org/group_operations"
     end
 
     def run
@@ -47,8 +47,8 @@ module Opc
         exit 1
       end
 
-      org = Chef::Org.from_hash({ 'name' => org_name,
-                                  'full_name' => org_full_name}).create
+      org = Chef::Org.from_hash({ "name" => org_name,
+                                  "full_name" => org_full_name }).create
       if config[:filename]
         File.open(config[:filename], "w") do |f|
           f.print(org.private_key)
@@ -59,8 +59,8 @@ module Opc
 
       if config[:association_user]
         org.associate_user(config[:association_user])
-        org.add_user_to_group('admins', config[:association_user])
-        org.add_user_to_group('billing-admins', config[:association_user])
+        org.add_user_to_group("admins", config[:association_user])
+        org.add_user_to_group("billing-admins", config[:association_user])
       end
     end
   end

data/lib/chef/knife/opc_org_delete.rb

@@ -1,6 +1,6 @@
 #
-# Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Author:: Steven Danna (<steve@chef.io>)
+# Copyright:: Copyright 2011-2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,17 +15,19 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+require_relative "../mixin/root_rest"
 
 module Opc
   class OpcOrgDelete < Chef::Knife
-    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    category "CHEF ORGANIZATION MANAGEMENT"
     banner "knife opc org delete ORG_NAME"
 
+    include Chef::Mixin::RootRestv0
+
     def run
       org_name = @name_args[0]
-      @chef_rest = Chef::REST.new(Chef::Config[:chef_server_root])
       ui.confirm "Do you want to delete the organization #{org_name}"
-      ui.output @chef_rest.delete_rest("organizations/#{org_name}")
+      ui.output root_rest.delete("organizations/#{org_name}")
     end
   end
 end

data/lib/chef/knife/opc_org_edit.rb

@@ -1,6 +1,6 @@
 #
-# Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Author:: Steven Danna (<steve@chef.io>)
+# Copyright:: Copyright 2011-2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,10 +15,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+require_relative "../mixin/root_rest"
 
 module Opc
   class OpcOrgEdit < Chef::Knife
-    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    category "CHEF ORGANIZATION MANAGEMENT"
     banner "knife opc org edit ORG"
 
     def run
@@ -30,8 +31,9 @@ module Opc
         exit 1
       end
 
-      @chef_rest = Chef::REST.new(Chef::Config[:chef_server_root])
-      original_org =  @chef_rest.get_rest("organizations/#{org_name}")
+      include Chef::Mixin::RootRestv0
+
+      original_org = root_rest.get("organizations/#{org_name}")
       edited_org = edit_data(original_org)
 
       if original_org == edited_org
@@ -39,9 +41,8 @@ module Opc
         exit
       end
 
-      @chef_rest = Chef::REST.new(Chef::Config[:chef_server_root])
       ui.msg edited_org
-      result = @chef_rest.put_rest("organizations/#{org_name}", edited_org)
+      root_rest.put("organizations/#{org_name}", edited_org)
       ui.msg("Saved #{org_name}.")
     end
   end

data/lib/chef/knife/opc_org_list.rb

@@ -1,6 +1,6 @@
 #
-# Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Author:: Steven Danna (<steve@chef.io>)
+# Copyright:: Copyright 2011-2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,27 +15,29 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+require_relative "../mixin/root_rest"
 
 module Opc
   class OpcOrgList < Chef::Knife
-    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    category "CHEF ORGANIZATION MANAGEMENT"
     banner "knife opc org list"
 
     option :with_uri,
-    :long => "--with-uri",
-    :short => "-w",
-    :description => "Show corresponding URIs"
+      long: "--with-uri",
+      short: "-w",
+      description: "Show corresponding URIs"
 
     option :all_orgs,
-    :long => "--all-orgs",
-    :short => "-a",
-    :description => "Show auto-generated hidden orgs in output"
+      long: "--all-orgs",
+      short: "-a",
+      description: "Show auto-generated hidden orgs in output"
+
+    include Chef::Mixin::RootRestv0
 
     def run
-      @chef_rest = Chef::REST.new(Chef::Config[:chef_server_root])
-      results =  @chef_rest.get_rest("organizations")
-      unless config[:all_orgs] 
-        results = results.select { |k,v| !(k.length == 20 && k =~ /^[a-z]+$/) }
+      results = root_rest.get("organizations")
+      unless config[:all_orgs]
+        results = results.select { |k, v| !(k.length == 20 && k =~ /^[a-z]+$/) }
       end
       ui.output(ui.format_list_for_display(results))
     end

data/lib/chef/knife/opc_org_show.rb

@@ -1,6 +1,6 @@
 #
-# Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Author:: Steven Danna (<steve@chef.io>)
+# Copyright:: Copyright 2011-2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,16 +15,18 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+require_relative "../mixin/root_rest"
 
 module Opc
   class OpcOrgShow < Chef::Knife
-    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    category "CHEF ORGANIZATION MANAGEMENT"
     banner "knife opc org show ORGNAME"
 
+    include Chef::Mixin::RootRestv0
+
     def run
       org_name = @name_args[0]
-      @chef_rest = Chef::REST.new(Chef::Config[:chef_server_root])
-      ui.output @chef_rest.get_rest("organizations/#{org_name}")
+      ui.output root_rest.get("organizations/#{org_name}")
     end
   end
 end

data/lib/chef/knife/opc_org_user_add.rb

@@ -1,6 +1,6 @@
 #
-# Author:: Marc Paradise (<marc@getchef.com>)
-# Copyright:: Copyright 2014 Chef Software, Inc
+# Author:: Marc Paradise (<marc@chef.io>)
+# Copyright:: Copyright 2014-2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,18 +18,18 @@
 
 module Opc
   class OpcOrgUserAdd < Chef::Knife
-    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    category "CHEF ORGANIZATION MANAGEMENT"
     banner "knife opc org user add ORG_NAME USER_NAME"
     attr_accessor :org_name, :username
 
     option :admin,
-    :long => '--admin',
-    :short => '-a',
-    :description => 'Add user to admin group'
+      long: "--admin",
+      short: "-a",
+      description: "Add user to admin group"
 
     deps do
-      require 'chef/org'
-      require 'chef/org/group_operations'
+      require_relative "../org"
+      require_relative "../org/group_operations"
     end
 
     def run
@@ -52,8 +52,9 @@ module Opc
         end
       end
       if config[:admin]
-        org.add_user_to_group('admins', @username)
-        org.add_user_to_group('billing-admins', @username)
+        org.add_user_to_group("admins", @username)
+        org.add_user_to_group("billing-admins", @username)
+        ui.msg "User #{username} is added to admins and billing-admins group"
       end
     end
   end

data/lib/chef/knife/opc_org_user_remove.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Marc Paradise (<marc@getchef.com>)
-# Copyright:: Copyright 2014 Chef Software, Inc
+# Copyright:: Copyright 2014-2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,12 +18,19 @@
 
 module Opc
   class OpcOrgUserRemove < Chef::Knife
-    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    category "CHEF ORGANIZATION MANAGEMENT"
     banner "knife opc org user remove ORG_NAME USER_NAME"
     attr_accessor :org_name, :username
 
+    option :force_remove_from_admins,
+      long: "--force",
+      short: "-f",
+      description: "Force removal of user from the organization's admins and billing-admins group."
+
     deps do
-      require 'chef/org'
+      require_relative "../org"
+      require_relative "../org/group_operations"
+      require "chef/json_compat"
     end
 
     def run
@@ -36,16 +43,61 @@ module Opc
       end
 
       org = Chef::Org.new(@org_name)
+
+      if config[:force_remove_from_admins]
+        if org.actor_delete_would_leave_admins_empty?
+          failure_error_message(org_name, username)
+          ui.msg <<~EOF
+            You ran with --force which force removes the user from the admins and billing-admins groups.
+            However, removing #{username} from the admins group would leave it empty, which breaks the org.
+            Please add another user to org #{org_name} admins group and try again.
+          EOF
+          exit 1
+        end
+        remove_user_from_admin_group(org, org_name, username, "admins")
+        remove_user_from_admin_group(org, org_name, username, "billing-admins")
+      end
+
       begin
         org.dissociate_user(@username)
       rescue Net::HTTPServerException => e
         if e.response.code == "404"
           ui.msg "User #{username} is not associated with organization #{org_name}"
           exit 1
+        elsif e.response.code == "403"
+          body = Chef::JSONCompat.from_json(e.response.body)
+          if body.key?("error") && body["error"] == "Please remove #{username} from this organization's admins group before removing him or her from the organization."
+            failure_error_message(org_name, username)
+            ui.msg <<~EOF
+              User #{username} is in the organization's admin group. Removing users from an organization without removing them from the admins group is not allowed.
+              Re-run this command with --force to remove this user from the admins prior to removing it from the organization.
+            EOF
+            exit 1
+          else
+            raise e
+          end
         else
           raise e
         end
       end
     end
+
+    def failure_error_message(org_name, username)
+      ui.error "Error removing user #{username} from organization #{org_name}."
+    end
+
+    def remove_user_from_admin_group(org, org_name, username, admin_group_string)
+      org.remove_user_from_group(admin_group_string, username)
+    rescue Net::HTTPServerException => e
+      if e.response.code == "404"
+        ui.warn <<~EOF
+          User #{username} is not in the #{admin_group_string} group for organization #{org_name}.
+          You probably don't need to pass --force.
+        EOF
+      else
+        raise e
+      end
+    end
+
   end
 end

data/lib/chef/knife/opc_user_create.rb

@@ -1,6 +1,6 @@
 #
-# Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Author:: Steven Danna (<steve@chef.io>)
+# Copyright:: Copyright 2011-2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,21 +15,29 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+require_relative "../mixin/root_rest"
 
 module Opc
   class OpcUserCreate < Chef::Knife
-    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    category "CHEF ORGANIZATION MANAGEMENT"
     banner "knife opc user create USERNAME FIRST_NAME [MIDDLE_NAME] LAST_NAME EMAIL PASSWORD"
 
     option :filename,
-    :long => '--filename FILENAME',
-    :short => '-f FILENAME',
-    :description => 'Write private key to FILENAME rather than STDOUT'
+      long: "--filename FILENAME",
+      short: "-f FILENAME",
+      description: "Write private key to FILENAME rather than STDOUT"
 
     option :orgname,
-    :long => '--orgname ORGNAME',
-    :short => '-o ORGNAME',
-    :description => 'Associate new user to an organization matching ORGNAME'
+      long: "--orgname ORGNAME",
+      short: "-o ORGNAME",
+      description: "Associate new user to an organization matching ORGNAME"
+
+    option :passwordprompt,
+      long: "--prompt-for-password",
+      short: "-p",
+      description: "Prompt for user password"
+
+    include Chef::Mixin::RootRestv0
 
     def run
       case @name_args.count
@@ -37,47 +45,57 @@ module Opc
         username, first_name, middle_name, last_name, email, password = @name_args
       when 5
         username, first_name, last_name, email, password = @name_args
+      when 4
+        username, first_name, last_name, email = @name_args
       else
         ui.fatal "Wrong number of arguments"
         show_usage
         exit 1
       end
+      password = prompt_for_password if config[:passwordprompt]
+      unless password
+        ui.fatal "You must either provide a password or use the --prompt-for-password (-p) option"
+        exit 1
+      end
       middle_name ||= ""
 
       user_hash = {
-        :username =>     username,
-        :first_name =>   first_name,
-        :middle_name =>  middle_name,
-        :last_name =>    last_name,
-        :display_name => "#{first_name} #{last_name}",
-        :email =>        email,
-        :password =>     password
+        username: username,
+        first_name: first_name,
+        middle_name: middle_name,
+        last_name: last_name,
+        display_name: "#{first_name} #{last_name}",
+        email: email,
+        password: password,
       }
 
-     # Check the file before creating the user so the api is more transactional.
-     if config[:filename]
-       file = config[:filename]
-       unless File.exists?(file) ? File.writable?(file) : File.writable?(File.dirname(file))
-         ui.fatal "File #{config[:filename]} is not writable.  Check permissions."
-         exit 1
-       end
-     end
+      # Check the file before creating the user so the api is more transactional.
+      if config[:filename]
+        file = config[:filename]
+        unless File.exist?(file) ? File.writable?(file) : File.writable?(File.dirname(file))
+          ui.fatal "File #{config[:filename]} is not writable.  Check permissions."
+          exit 1
+        end
+      end
 
-      @chef_rest = Chef::REST.new(Chef::Config[:chef_server_root])
-      result = @chef_rest.post_rest("users/", user_hash)
+      result = root_rest.post("users/", user_hash)
       if config[:filename]
         File.open(config[:filename], "w") do |f|
-          f.print(result['private_key'])
+          f.print(result["private_key"])
         end
       else
-        ui.msg result['private_key']
+        ui.msg result["private_key"]
       end
       if config[:orgname]
-        request_body = {:user => username}
-        response = @chef_rest.post_rest "organizations/#{config[:orgname]}/association_requests", request_body
+        request_body = { user: username }
+        response = root_rest.post("organizations/#{config[:orgname]}/association_requests", request_body)
         association_id = response["uri"].split("/").last
-        @chef_rest.put_rest "users/#{username}/association_requests/#{association_id}", { :response => 'accept' }
+        root_rest.put("users/#{username}/association_requests/#{association_id}", { response: "accept" })
       end
     end
+
+    def prompt_for_password
+      ui.ask("Please enter the user's password: ") { |q| q.echo = false }
+    end
   end
 end