-
-
Save alexpop/10bb45c0c0024298f60d to your computer and use it in GitHub Desktop.
knife proxy authentication methods to make changes on the Chef server on behalf of another user
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Method 1 ### | |
| $ knife role from file roles/windows_web.rb \ | |
| --key .chef-test_user/test_user.pem \ | |
| --user test_user | |
| Benefits: | |
| * Uses standard knife subcomands | |
| * Out of the box | |
| Caveats: | |
| * Requires the users private keys on the jenkins machine. | |
| * Requires user to exist on the server | |
| ### Method 2 ### | |
| # Requires key from the Chef server: /etc/opscode/webui_priv.pem | |
| $ knife raw \ | |
| --method DELETE /organizations/eu_org/roles/linux_base \ | |
| --key .chef/webui_priv.pem \ | |
| --user test_user \ | |
| --proxy-auth \ | |
| --server-url https://ap-local-chef-server-12.opschef.tv | |
| Benefits: | |
| * Out of the box | |
| * Uses only the webui private key | |
| Caveats: | |
| * --proxy-auth available from knife 12.1.0+ | |
| * Uses the raw subcomand for POST, PUT and DELETE API calls | |
| * Requires user to exist on the server | |
| ### Method 3 ### | |
| # Requires key from the Chef server: /etc/opscode/webui_priv.pem | |
| $ knife role from file roles/linux_base.rb \ | |
| --key .chef/webui_priv.pem \ | |
| --user test_user | |
| Benefits: | |
| * Uses standard knife subcomands | |
| * Uses only the webui private key | |
| Caveats: | |
| * Requires user to exist on the server | |
| * Not out of the box at the moment, requires patching basic_client.rb, diff here: | |
| https://gist.github.com/alexpop/227bd98afa21beb36256 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment