knife-opc 0.1.1 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f81638cb44c3efb4b8b2a2c1e98ca1a48295a8e9
-  data.tar.gz: 8166172b30bc738ac5ffb40ec8f492fb34fac43a
+  metadata.gz: 9f10de72126959cda281388a2e5ab0e4d0f01313
+  data.tar.gz: 3ed8f3d554ffa5b72b0d08c2e3b317184b6b1ce0
 SHA512:
-  metadata.gz: 08ea03824872034a74c154a96f848614cc23c2cc870e20e546b2923de810f6257652ed0a6a48015ea3cac59f29a4aa5385e6c8a120b78e81a5030bff95a6cd1e
-  data.tar.gz: 3f8ee073eb6e57d8f80b19e85e3a8288a2a69e6cf07f17451f3b6f9a10ed9f335f9d70d47241a88a22c939668aa5e8f4d792289065cb3ef1530b243a9a82e976
+  metadata.gz: 303ad9f15fbb77b3a5d1709c2df28e6b5c897885ba53b2b20a43491b159570240f64f0fbed6f17f0e5a761442724220acf418ec006e4550641e24e02fb741fd2
+  data.tar.gz: 2c09e76ff39ffaa8a0d6a459f11f834745370a5adac9be58ea94ed91a0a236249fd9ed12bf659e234fd676f50c48d1b523fbfcb06fa0564ab342c76cc5313f2d

data/README.md

@@ -8,13 +8,24 @@
 # Description
 
 This knife plugin supports basic organization and user operations in
-Enterprise Chef (formerly Opscode Private Chef).
+Enterprise Chef (formerly Opscode Private Chef) and Chef Server 12.
 
 # Installation
 
-This knife plugin is packaged as a gem.  To install it, clone the
-git repository and run the following:
+This knife plugin is packaged as a gem.  To install it, run:
 
+    gem install knife-opc
+
+If you are using ChefDK, run:
+
+    chef gem install knife-opc
+
+## Development version
+
+To install the latest development version:
+
+    git clone https://github.com/opscode/knife-opc.git
+    cd knife-opc
     gem build knife-opc.gemspec
     gem install knife-opc-0.1.1.gem
 
@@ -36,17 +47,28 @@ of your OPC installation:
     chef_server_root https://chef.yourdomain.com/
 
 Note that most users in an OPC installation lack the permissions to
-run most of the commands from this plugin.  In order to use commands
-such as `knife opc org create`, you must authenticate as the 'pivotal' user.
-Add the following to your knife.rb to use the user 'pivotal':
+run most of the commands from this plugin.  On Chef Server 12, the
+majority of the commands provided by this plugin can be accessed via
+`chef-server-ctl` wrapper commands that properly configure knife-opc
+for administrative action.  We recommend you use the wrapper commands
+whenever possible
 
-    node_name 'pivotal'
-    client_key '/etc/opscode/pivotal.pem'
+When using knife-opc directly, many of the commands require special
+permissions. For instance, in order to use commands such as `knife opc
+org create`, you must authenticate as the 'pivotal' user.
 
 Note that the key for the pivotal user is in /etc/opscode on any node
 in your Chef Server cluster.  We recommend that you only use the
 pivotal user from a Chef Server itself and not copy this key off the
-machine.
+machine. In that case, you should run knife opc on the **Frontend
+server** as root, with a `knife.rb` in root's home directory.
+
+    current_dir = File.dirname(__FILE__)
+    log_level                :info
+    log_location             STDOUT
+    node_name                "pivotal"
+    client_key               "/etc/opscode/pivotal.pem"
+    chef_server_root         "https://chef.yourdomain.com/"
 
 # Subcommands
 
@@ -83,6 +105,12 @@ Deletes the given OPC user.
 
 Will open $EDITOR. When finished, Knife will update the given OPC user.
 
+## knife opc user password USERNAME [PASSWORD | --enable_external_auth]
+
+Command for managing password and authentication for a user.
+
+The last argument should either be a string you want the password to or you can pass --enable_external_auth instead of a password to enable external authentication for this user.
+
 ## knife opc org list
 
   * `-w`, `--with-uri`:
@@ -110,16 +138,16 @@ validator client is returned.
 
 ## knife opc org delete ORG_NAME
 
-Deletes the given OPC user.
+Deletes the given OPC organization.
 
-## knife opc associate ORGNAME USERNAME
+## knife opc org user add ORGNAME USERNAME
 
-Associates a user with an organization.  Requires that the named
-organization and user both exist.
+Adds a user to an organization.  Requires that the named organization
+and user both exist.
 
-## knife opc disassociate ORGNAME USERNAME
+## knife opc org user remove ORGNAME USERNAME
 
-Dissociates a user with an organization.  Requires that the named
+Removes a user from an organization.  Requires that the named
 organization and user both exist, and that the user is currently
 associated with the organization.
 
@@ -134,7 +162,6 @@ associated with the organization.
 # TODO
 
 * `--with-users` option for `org show` subcommand.
-* Filter unused fields from `org show`.
 
 ## License ##
 

data/lib/chef/knife/opc_org_create.rb

@@ -33,6 +33,10 @@ module Opc
 
     attr_accessor :org_name, :org_full_name
 
+    deps do
+      require 'chef/org'
+    end
+
     def run
       @org_name, @org_full_name = @name_args
 
@@ -42,45 +46,21 @@ module Opc
         exit 1
       end
 
-      org_args = { :name => org_name, :full_name => org_full_name}
-      @chef_rest = Chef::REST.new(Chef::Config[:chef_server_root])
-      result = @chef_rest.post_rest("organizations/", org_args)
+      org = Chef::Org.from_hash({ 'name' => org_name,
+                                  'full_name' => org_full_name}).create
       if config[:filename]
         File.open(config[:filename], "w") do |f|
-          f.print(result['private_key'])
+          f.print(org.private_key)
         end
       else
-        ui.msg result['private_key']
+        ui.msg org.private_key
       end
-      associate_user config[:association_user] if config[:association_user]
-    end
-
-    def associate_user(username)
-
-      # First, create and accept the organization invite
-      request_body = {:user => username}
-      response = @chef_rest.post_rest "organizations/#{org_name}/association_requests", request_body
-      association_id = response["uri"].split("/").last
-      @chef_rest.put_rest "users/#{username}/association_requests/#{association_id}", { :response => 'accept' }
 
-      # Next, add the user to the admin and billing-admin group
-      add_user_to_group(username, "admins")
-      add_user_to_group(username, "billing-admins")
-    end
-
-
-    # Note, this should *really* use the same method
-    # used in knife-acl
-    def add_user_to_group(username, groupname)
-      group = @chef_rest.get_rest "organizations/#{org_name}/groups/#{groupname}"
-      body_hash = {
-        :groupname => "#{groupname}",
-        :actors => {
-          "users" => group["actors"].concat([username]),
-          "groups" => group["groups"]
-        }
-      }
-      @chef_rest.put_rest "organizations/#{org_name}/groups/#{groupname}", body_hash
+      if config[:association_user]
+        org.associate_user(config[:association_user])
+        org.add_user_to_group('admins', config[:association_user])
+        org.add_user_to_group('billing-admins', config[:association_user])
+      end
     end
   end
 end

data/lib/chef/knife/opc_org_edit.rb

@@ -0,0 +1,48 @@
+#
+# Author:: Steven Danna (<steve@opscode.com>)
+# Copyright:: Copyright 2011 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module Opc
+  class OpcOrgEdit < Chef::Knife
+    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    banner "knife opc org edit ORG"
+
+    def run
+      org_name = @name_args[0]
+
+      if org_name.nil?
+        show_usage
+        ui.fatal("You must specify an organization name")
+        exit 1
+      end
+
+      @chef_rest = Chef::REST.new(Chef::Config[:chef_server_root])
+      original_org =  @chef_rest.get_rest("organizations/#{org_name}")
+      edited_org = edit_data(original_org)
+
+      if original_org == edited_org
+        ui.msg("Organization unchanged, not saving.")
+        exit
+      end
+
+      @chef_rest = Chef::REST.new(Chef::Config[:chef_server_root])
+      ui.msg edited_org
+      result = @chef_rest.put_rest("organizations/#{org_name}", edited_org)
+      ui.msg("Saved #{org_name}.")
+    end
+  end
+end

data/lib/chef/knife/{opc_org_associate.rb → opc_org_user_add.rb}

@@ -17,11 +17,20 @@
 #
 
 module Opc
-  class OpcOrgAssociate < Chef::Knife
+  class OpcOrgUserAdd < Chef::Knife
     category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
-    banner "knife opc org associate ORG_NAME USER_NAME"
+    banner "knife opc org user add ORG_NAME USER_NAME"
     attr_accessor :org_name, :username
 
+    option :admin,
+    :long => '--admin',
+    :short => '-a',
+    :description => 'Add user to admin group'
+
+    deps do
+      require 'chef/org'
+    end
+
     def run
       @org_name, @username = @name_args
 
@@ -31,20 +40,17 @@ module Opc
         exit 1
       end
 
-      @chef_rest = Chef::REST.new(Chef::Config[:chef_server_root])
-      request_body = {:user => username}
-      response = @chef_rest.post_rest "organizations/#{org_name}/association_requests", request_body
-      if response["error"]
-        ui.msg response["error"]
-      else
-        association_id = response["uri"].split("/").last
-        response = @chef_rest.put_rest "users/#{username}/association_requests/#{association_id}", { :response => 'accept' }
-        if response["error"]
-          ui.msg response["error"]
+      org = Chef::Org.new(@org_name)
+      begin
+        org.associate_user(@username)
+      rescue Net::HTTPServerException => e
+        if e.response.code == "409"
+          ui.msg "User #{username} already associated with organization #{org_name}"
         else
-          ui.msg "User #{username} is now associated with organization #{org_name}"
+          raise e
         end
       end
+      org.add_user_to_group('admins', @username) if config[:admin]
     end
   end
 end

data/lib/chef/knife/{opc_org_dissociate.rb → opc_org_user_remove.rb}

@@ -17,11 +17,15 @@
 #
 
 module Opc
-  class OpcOrgDissociate < Chef::Knife
+  class OpcOrgUserRemove < Chef::Knife
     category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
-    banner "knife opc org dissociate ORG_NAME USER_NAME"
+    banner "knife opc org user remove ORG_NAME USER_NAME"
     attr_accessor :org_name, :username
 
+    deps do
+      require 'chef/org'
+    end
+
     def run
       @org_name, @username = @name_args
 
@@ -31,12 +35,16 @@ module Opc
         exit 1
       end
 
-      @chef_rest = Chef::REST.new(Chef::Config[:chef_server_root])
-      response = @chef_rest.delete_rest "organizations/#{org_name}/users/#{username}"
-      if response["error"]
-        ui.msg response["error"]
-      else
-        ui.msg "User #{username} has been dissociated from organization #{org_name}"
+      org = Chef::Org.new(@org_name)
+      begin
+        org.dissociate_user(@username)
+      rescue Net::HTTPServerException => e
+        if e.response.code == "404"
+          ui.msg "User #{username} is not associated with organization #{org_name}"
+          exit 1
+        else
+          raise e
+        end
       end
     end
   end

data/lib/chef/knife/opc_user_password.rb

@@ -0,0 +1,73 @@
+#
+# Author:: Tyler Cloke (<tyler@getchef.com>)
+# Copyright:: Copyright 2014 Chef, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module Opc
+  class OpcUserPassword < Chef::Knife
+    category "OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT"
+    banner "knife opc user password USERNAME [PASSWORD | --enable_external_auth]"
+
+    option :enable_external_auth,
+    :long => "--enable-external-auth",
+    :short => "-e",
+    :description => "Enable external authentication for this user (such as LDAP)"
+
+    def run
+      # check that correct number of args was passed, should be either
+      # USERNAME PASSWORD or USERNAME --enable-external-auth
+      #
+      # note that you can't pass USERNAME PASSWORD --enable-external-auth
+      if !((@name_args.length == 2 && !config[:enable_external_auth]) || (@name_args.length == 1 && config[:enable_external_auth]))
+        show_usage
+        ui.fatal("You must pass two arguments")
+        ui.fatal("Note that --enable-external-auth cannot be passed with a password")
+        exit 1
+      end
+
+      user_name = @name_args[0]
+
+      # note that this will be nil if config[:enable_external_auth] is true
+      password = @name_args[1]
+
+      @chef_rest = Chef::REST.new(Chef::Config[:chef_server_root])
+
+      # since the API does not pass back whether recovery_authentication_enabled is
+      # true or false, there is no way of knowing if the user is using ldap or not,
+      # so we will update the user every time, instead of checking if we are actually
+      # changing anything before we PUT.
+      user =  @chef_rest.get_rest("users/#{user_name}")
+
+      user["password"] = password if not password.nil?
+
+      # if --enable-external-auth was passed, enable it, else disable it.
+      # there is never a situation where we would want to enable ldap
+      # AND change the password. changing the password means that the user
+      # wants to disable ldap and put user in recover (if they are using ldap).
+      user["recovery_authentication_enabled"] = !config[:enable_external_auth]
+
+      @chef_rest = Chef::REST.new(Chef::Config[:chef_server_root])
+      begin
+        result = @chef_rest.put_rest("users/#{user_name}", user)
+      rescue => e
+        raise e
+        exit 1
+      end
+      ui.msg user
+      ui.msg("Authentication info updated for #{user_name}.")
+    end
+  end
+end

data/lib/chef/org.rb

@@ -0,0 +1,143 @@
+require 'chef/json_compat'
+require 'chef/mixin/params_validate'
+require 'chef/rest'
+
+class Chef
+  class Org
+
+    include Chef::Mixin::ParamsValidate
+
+    def initialize(name='')
+      @name = name
+      @full_name = ''
+      # The Chef API returns the private key of the validator
+      # client on create
+      @private_key = nil
+      @guid = nil
+    end
+
+    def chef_rest
+      @chef_rest ||= Chef::REST.new(Chef::Config[:chef_server_root])
+    end
+
+    def name(arg=nil)
+      set_or_return(:name, arg,
+                    :regex => /^[a-z0-9\-_]+$/)
+    end
+
+    def full_name(arg=nil)
+      set_or_return(:full_name,
+                    arg, :kind_of => String)
+    end
+
+    def private_key(arg=nil)
+      set_or_return(:private_key,
+                    arg, :kind_of => String)
+    end
+
+    def guid(arg=nil)
+      set_or_return(:guid,
+                    arg, :kind_of => String)
+    end
+
+    def to_hash
+      result = {
+        "name" => @name,
+        "full_name" => @full_name
+      }
+      result["private_key"] = @private_key if @private_key
+      result["guid"] = @guid if @guid
+      result
+    end
+
+    def to_json(*a)
+      Chef::JSONCompat.to_json(to_hash, *a)
+    end
+
+    def create
+      payload = {:name => self.name, :full_name => self.full_name}
+      new_org = chef_rest.post_rest("organizations", payload)
+      Chef::Org.from_hash(self.to_hash.merge(new_org))
+    end
+
+    def update
+      payload = {:name => self.name, :full_name => self.full_name}
+      new_org = chef_rest.put_rest("organizations/#{name}", payload)
+      Chef::Org.from_hash(self.to_hash.merge(new_org))
+    end
+
+    def destroy
+      chef_rest.delete_rest("organizations/#{@name}")
+    end
+
+    def save
+      begin
+        create
+      rescue Net::HTTPServerException => e
+        if e.response.code == "409"
+          update
+        else
+          raise e
+        end
+      end
+    end
+
+    def associate_user(username)
+      request_body = {:user => username}
+      response = chef_rest.post_rest "organizations/#{@name}/association_requests", request_body
+      association_id = response["uri"].split("/").last
+      chef_rest.put_rest "users/#{username}/association_requests/#{association_id}", { :response => 'accept' }
+    end
+
+    def dissociate_user(username)
+      chef_rest.delete_rest "organizations/#{name}/users/#{username}"
+    end
+
+    def add_user_to_group(groupname, username)
+      group = chef_rest.get_rest "organizations/#{name}/groups/#{groupname}"
+      body_hash = {
+        :groupname => "#{groupname}",
+        :actors => {
+          "users" => group["actors"].concat([username]),
+          "groups" => group["groups"]
+        }
+      }
+      chef_rest.put_rest "organizations/#{name}/groups/#{groupname}", body_hash
+    end
+
+    # Class methods
+    def self.from_hash(org_hash)
+      org = Chef::Org.new
+      org.name org_hash['name']
+      org.full_name org_hash['full_name']
+      org.private_key org_hash['private_key'] if org_hash.key?('private_key')
+      org.guid org_hash['guid'] if org_hash.key?('guid')
+      org
+    end
+
+    def self.from_json(json)
+      Chef::Org.from_hash(Chef::JSONCompat.from_json(json))
+    end
+
+    class <<self
+      alias_method :json_create, :from_json
+    end
+
+    def self.load(org_name)
+      response =  Chef::REST.new(Chef::Config[:chef_server_root]).get_rest("organizations/#{org_name}")
+      Chef::Org.from_hash(response)
+    end
+
+    def self.list(inflate=false)
+      orgs = Chef::REST.new(Chef::Config[:chef_server_root]).get_rest('organizations')
+      if inflate
+        orgs.inject({}) do |org_map, (name, _url)|
+          org_map[name] = Chef::Org.load(name)
+          org_map
+        end
+      else
+        orgs
+      end
+    end
+  end
+end

data/lib/knife-opc/version.rb

@@ -1,3 +1,3 @@
 module KnifeOPC
-  VERSION = "0.1.1"
+  VERSION = "0.2.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: knife-opc
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.1
 platform: ruby
 authors:
 - Steven Danna
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-09-08 00:00:00.000000000 Z
+date: 2014-11-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -76,17 +76,20 @@ extra_rdoc_files:
 files:
 - LICENSE
 - README.md
-- lib/chef/knife/opc_org_associate.rb
 - lib/chef/knife/opc_org_create.rb
 - lib/chef/knife/opc_org_delete.rb
-- lib/chef/knife/opc_org_dissociate.rb
+- lib/chef/knife/opc_org_edit.rb
 - lib/chef/knife/opc_org_list.rb
 - lib/chef/knife/opc_org_show.rb
+- lib/chef/knife/opc_org_user_add.rb
+- lib/chef/knife/opc_org_user_remove.rb
 - lib/chef/knife/opc_user_create.rb
 - lib/chef/knife/opc_user_delete.rb
 - lib/chef/knife/opc_user_edit.rb
 - lib/chef/knife/opc_user_list.rb
+- lib/chef/knife/opc_user_password.rb
 - lib/chef/knife/opc_user_show.rb
+- lib/chef/org.rb
 - lib/knife-opc/version.rb
 homepage: http://wiki.opscode.com/display/chef
 licenses: []
@@ -107,9 +110,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.1
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Knife Tools for Opscode Chef Server
 test_files: []
-has_rdoc: