knife-opc 0.3.2 → 0.4.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 3257cb3b536d35a41ec3fccb5c73162012fa9953
-  data.tar.gz: a439aff11ffa9bde8fe771cc4d39800875c26ae0
+SHA256:
+  metadata.gz: b3a53e5648286443bac177c18abd99f1fab7c2859e6536c5513a48ca8cc50b84
+  data.tar.gz: eac1bd7ce2e7cd8e18bd4ee29d5d151f89ebe9a2f2b8364f1d5a49e9cfec034a
 SHA512:
-  metadata.gz: 3195effbdcb420a5a81d75dcbdede8345174b733e0b6a8cfe0e71cded805592b5c941a09848d4cbbf09e0429128a42702949b9ef1b25901f5184c00ac698a1c2
-  data.tar.gz: df351c0d42dadc75f675121a6e39bb4da13a5e7abca00dd0392f2aae521300f5959549ad8d10ef69321777397050349ac164c6cf29f664d9993b4e76059dc91a
+  metadata.gz: 2fe3ab2ac4123cc30e7bdf06035c0cd8fa7d3d1bf24efb971135f54c1e887940b81d76a39596cfe703739d857ae549a2dbca05630586ea56256d6baf0936553f
+  data.tar.gz: 58648d6287565e3b145d7e34224d9873d2199ed2e6d1310e07b5baf5d71bb957662d9266dbcf0f02fc1e7ddf242861519498d4e82b01e3094ece058ef3d2d823

data/lib/chef/knife/opc_org_create.rb

@@ -1,6 +1,6 @@
 #
-# Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Author:: Steven Danna (<steve@chef.io>)
+# Copyright:: Copyright 2011-2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,24 +18,24 @@
 
 module Opc
   class OpcOrgCreate < Chef::Knife
-    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    category "CHEF ORGANIZATION MANAGEMENT"
     banner "knife opc org create ORG_SHORT_NAME ORG_FULL_NAME (options)"
 
     option :filename,
-    :long => '--filename FILENAME',
-    :short => '-f FILENAME',
-    :description => 'Write validator private key to FILENAME rather than STDOUT'
+      long: "--filename FILENAME",
+      short: "-f FILENAME",
+      description: "Write validator private key to FILENAME rather than STDOUT"
 
     option :association_user,
-    :long => '--association_user USERNAME',
-    :short => '-a USERNAME',
-    :description => 'Invite USERNAME to the new organization after creation'
+      long: "--association_user USERNAME",
+      short: "-a USERNAME",
+      description: "Invite USERNAME to the new organization after creation"
 
     attr_accessor :org_name, :org_full_name
 
     deps do
-      require 'chef/org'
-      require 'chef/org/group_operations'
+      require_relative "../org"
+      require_relative "../org/group_operations"
     end
 
     def run
@@ -47,8 +47,8 @@ module Opc
         exit 1
       end
 
-      org = Chef::Org.from_hash({ 'name' => org_name,
-                                  'full_name' => org_full_name}).create
+      org = Chef::Org.from_hash({ "name" => org_name,
+                                  "full_name" => org_full_name }).create
       if config[:filename]
         File.open(config[:filename], "w") do |f|
           f.print(org.private_key)
@@ -59,8 +59,8 @@ module Opc
 
       if config[:association_user]
         org.associate_user(config[:association_user])
-        org.add_user_to_group('admins', config[:association_user])
-        org.add_user_to_group('billing-admins', config[:association_user])
+        org.add_user_to_group("admins", config[:association_user])
+        org.add_user_to_group("billing-admins", config[:association_user])
       end
     end
   end

data/lib/chef/knife/opc_org_delete.rb

@@ -1,6 +1,6 @@
 #
-# Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Author:: Steven Danna (<steve@chef.io>)
+# Copyright:: Copyright 2011-2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,11 +15,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-require 'chef/mixin/root_rest'
+require_relative "../mixin/root_rest"
 
 module Opc
   class OpcOrgDelete < Chef::Knife
-    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    category "CHEF ORGANIZATION MANAGEMENT"
     banner "knife opc org delete ORG_NAME"
 
     include Chef::Mixin::RootRestv0

data/lib/chef/knife/opc_org_edit.rb

@@ -1,6 +1,6 @@
 #
-# Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Author:: Steven Danna (<steve@chef.io>)
+# Copyright:: Copyright 2011-2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,11 +15,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-require 'chef/mixin/root_rest'
+require_relative "../mixin/root_rest"
 
 module Opc
   class OpcOrgEdit < Chef::Knife
-    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    category "CHEF ORGANIZATION MANAGEMENT"
     banner "knife opc org edit ORG"
 
     def run
@@ -33,7 +33,7 @@ module Opc
 
       include Chef::Mixin::RootRestv0
 
-      original_org =  root_rest.get("organizations/#{org_name}")
+      original_org = root_rest.get("organizations/#{org_name}")
       edited_org = edit_data(original_org)
 
       if original_org == edited_org

data/lib/chef/knife/opc_org_list.rb

@@ -1,6 +1,6 @@
 #
-# Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Author:: Steven Danna (<steve@chef.io>)
+# Copyright:: Copyright 2011-2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,29 +15,29 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-require 'chef/mixin/root_rest'
+require_relative "../mixin/root_rest"
 
 module Opc
   class OpcOrgList < Chef::Knife
-    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    category "CHEF ORGANIZATION MANAGEMENT"
     banner "knife opc org list"
 
     option :with_uri,
-    :long => "--with-uri",
-    :short => "-w",
-    :description => "Show corresponding URIs"
+      long: "--with-uri",
+      short: "-w",
+      description: "Show corresponding URIs"
 
     option :all_orgs,
-    :long => "--all-orgs",
-    :short => "-a",
-    :description => "Show auto-generated hidden orgs in output"
+      long: "--all-orgs",
+      short: "-a",
+      description: "Show auto-generated hidden orgs in output"
 
     include Chef::Mixin::RootRestv0
 
     def run
-      results =  root_rest.get("organizations")
+      results = root_rest.get("organizations")
       unless config[:all_orgs]
-        results = results.select { |k,v| !(k.length == 20 && k =~ /^[a-z]+$/) }
+        results = results.select { |k, v| !(k.length == 20 && k =~ /^[a-z]+$/) }
       end
       ui.output(ui.format_list_for_display(results))
     end

data/lib/chef/knife/opc_org_show.rb

@@ -1,6 +1,6 @@
 #
-# Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Author:: Steven Danna (<steve@chef.io>)
+# Copyright:: Copyright 2011-2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,11 +15,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-require 'chef/mixin/root_rest'
+require_relative "../mixin/root_rest"
 
 module Opc
   class OpcOrgShow < Chef::Knife
-    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    category "CHEF ORGANIZATION MANAGEMENT"
     banner "knife opc org show ORGNAME"
 
     include Chef::Mixin::RootRestv0

data/lib/chef/knife/opc_org_user_add.rb

@@ -1,6 +1,6 @@
 #
-# Author:: Marc Paradise (<marc@getchef.com>)
-# Copyright:: Copyright 2014 Chef Software, Inc
+# Author:: Marc Paradise (<marc@chef.io>)
+# Copyright:: Copyright 2014-2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,18 +18,18 @@
 
 module Opc
   class OpcOrgUserAdd < Chef::Knife
-    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    category "CHEF ORGANIZATION MANAGEMENT"
     banner "knife opc org user add ORG_NAME USER_NAME"
     attr_accessor :org_name, :username
 
     option :admin,
-    :long => '--admin',
-    :short => '-a',
-    :description => 'Add user to admin group'
+      long: "--admin",
+      short: "-a",
+      description: "Add user to admin group"
 
     deps do
-      require 'chef/org'
-      require 'chef/org/group_operations'
+      require_relative "../org"
+      require_relative "../org/group_operations"
     end
 
     def run
@@ -52,8 +52,9 @@ module Opc
         end
       end
       if config[:admin]
-        org.add_user_to_group('admins', @username)
-        org.add_user_to_group('billing-admins', @username)
+        org.add_user_to_group("admins", @username)
+        org.add_user_to_group("billing-admins", @username)
+        ui.msg "User #{username} is added to admins and billing-admins group"
       end
     end
   end

data/lib/chef/knife/opc_org_user_remove.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Marc Paradise (<marc@getchef.com>)
-# Copyright:: Copyright 2014 Chef Software, Inc
+# Copyright:: Copyright 2014-2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,12 +18,19 @@
 
 module Opc
   class OpcOrgUserRemove < Chef::Knife
-    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    category "CHEF ORGANIZATION MANAGEMENT"
     banner "knife opc org user remove ORG_NAME USER_NAME"
     attr_accessor :org_name, :username
 
+    option :force_remove_from_admins,
+      long: "--force",
+      short: "-f",
+      description: "Force removal of user from the organization's admins and billing-admins group."
+
     deps do
-      require 'chef/org'
+      require_relative "../org"
+      require_relative "../org/group_operations"
+      require "chef/json_compat"
     end
 
     def run
@@ -36,16 +43,61 @@ module Opc
       end
 
       org = Chef::Org.new(@org_name)
+
+      if config[:force_remove_from_admins]
+        if org.actor_delete_would_leave_admins_empty?
+          failure_error_message(org_name, username)
+          ui.msg <<~EOF
+            You ran with --force which force removes the user from the admins and billing-admins groups.
+            However, removing #{username} from the admins group would leave it empty, which breaks the org.
+            Please add another user to org #{org_name} admins group and try again.
+          EOF
+          exit 1
+        end
+        remove_user_from_admin_group(org, org_name, username, "admins")
+        remove_user_from_admin_group(org, org_name, username, "billing-admins")
+      end
+
       begin
         org.dissociate_user(@username)
       rescue Net::HTTPServerException => e
         if e.response.code == "404"
           ui.msg "User #{username} is not associated with organization #{org_name}"
           exit 1
+        elsif e.response.code == "403"
+          body = Chef::JSONCompat.from_json(e.response.body)
+          if body.key?("error") && body["error"] == "Please remove #{username} from this organization's admins group before removing him or her from the organization."
+            failure_error_message(org_name, username)
+            ui.msg <<~EOF
+              User #{username} is in the organization's admin group. Removing users from an organization without removing them from the admins group is not allowed.
+              Re-run this command with --force to remove this user from the admins prior to removing it from the organization.
+            EOF
+            exit 1
+          else
+            raise e
+          end
         else
           raise e
         end
       end
     end
+
+    def failure_error_message(org_name, username)
+      ui.error "Error removing user #{username} from organization #{org_name}."
+    end
+
+    def remove_user_from_admin_group(org, org_name, username, admin_group_string)
+      org.remove_user_from_group(admin_group_string, username)
+    rescue Net::HTTPServerException => e
+      if e.response.code == "404"
+        ui.warn <<~EOF
+          User #{username} is not in the #{admin_group_string} group for organization #{org_name}.
+          You probably don't need to pass --force.
+        EOF
+      else
+        raise e
+      end
+    end
+
   end
 end

data/lib/chef/knife/opc_user_create.rb

@@ -1,6 +1,6 @@
 #
-# Author:: Steven Danna (<steve@opscode.com>)
-# Copyright:: Copyright 2011 Opscode, Inc.
+# Author:: Steven Danna (<steve@chef.io>)
+# Copyright:: Copyright 2011-2016 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,22 +15,27 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-require 'chef/mixin/root_rest'
+require_relative "../mixin/root_rest"
 
 module Opc
   class OpcUserCreate < Chef::Knife
-    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    category "CHEF ORGANIZATION MANAGEMENT"
     banner "knife opc user create USERNAME FIRST_NAME [MIDDLE_NAME] LAST_NAME EMAIL PASSWORD"
 
     option :filename,
-    :long => '--filename FILENAME',
-    :short => '-f FILENAME',
-    :description => 'Write private key to FILENAME rather than STDOUT'
+      long: "--filename FILENAME",
+      short: "-f FILENAME",
+      description: "Write private key to FILENAME rather than STDOUT"
 
     option :orgname,
-    :long => '--orgname ORGNAME',
-    :short => '-o ORGNAME',
-    :description => 'Associate new user to an organization matching ORGNAME'
+      long: "--orgname ORGNAME",
+      short: "-o ORGNAME",
+      description: "Associate new user to an organization matching ORGNAME"
+
+    option :passwordprompt,
+      long: "--prompt-for-password",
+      short: "-p",
+      description: "Prompt for user password"
 
     include Chef::Mixin::RootRestv0
 
@@ -40,46 +45,57 @@ module Opc
         username, first_name, middle_name, last_name, email, password = @name_args
       when 5
         username, first_name, last_name, email, password = @name_args
+      when 4
+        username, first_name, last_name, email = @name_args
       else
         ui.fatal "Wrong number of arguments"
         show_usage
         exit 1
       end
+      password = prompt_for_password if config[:passwordprompt]
+      unless password
+        ui.fatal "You must either provide a password or use the --prompt-for-password (-p) option"
+        exit 1
+      end
       middle_name ||= ""
 
       user_hash = {
-        :username =>     username,
-        :first_name =>   first_name,
-        :middle_name =>  middle_name,
-        :last_name =>    last_name,
-        :display_name => "#{first_name} #{last_name}",
-        :email =>        email,
-        :password =>     password
+        username: username,
+        first_name: first_name,
+        middle_name: middle_name,
+        last_name: last_name,
+        display_name: "#{first_name} #{last_name}",
+        email: email,
+        password: password,
       }
 
-     # Check the file before creating the user so the api is more transactional.
-     if config[:filename]
-       file = config[:filename]
-       unless File.exists?(file) ? File.writable?(file) : File.writable?(File.dirname(file))
-         ui.fatal "File #{config[:filename]} is not writable.  Check permissions."
-         exit 1
-       end
-     end
+      # Check the file before creating the user so the api is more transactional.
+      if config[:filename]
+        file = config[:filename]
+        unless File.exist?(file) ? File.writable?(file) : File.writable?(File.dirname(file))
+          ui.fatal "File #{config[:filename]} is not writable.  Check permissions."
+          exit 1
+        end
+      end
 
       result = root_rest.post("users/", user_hash)
       if config[:filename]
         File.open(config[:filename], "w") do |f|
-          f.print(result['private_key'])
+          f.print(result["private_key"])
         end
       else
-        ui.msg result['private_key']
+        ui.msg result["private_key"]
       end
       if config[:orgname]
-        request_body = {:user => username}
+        request_body = { user: username }
         response = root_rest.post("organizations/#{config[:orgname]}/association_requests", request_body)
         association_id = response["uri"].split("/").last
-        root_rest.put("users/#{username}/association_requests/#{association_id}", {:response => 'accept'})
+        root_rest.put("users/#{username}/association_requests/#{association_id}", { response: "accept" })
       end
     end
+
+    def prompt_for_password
+      ui.ask("Please enter the user's password: ") { |q| q.echo = false }
+    end
   end
 end