Class: Chef::Knife::AclBulkRemove

Inherits:
Chef::Knife show all
Defined in:
lib/chef/knife/acl_bulk_remove.rb

Constant Summary

Constants inherited from Chef::Knife

CHEF_ORGANIZATION_MANAGEMENT, KNIFE_ROOT, OFFICIAL_PLUGINS, OPSCODE_HOSTED_CHEF_ACCESS_CONTROL, VERSION

Instance Attribute Summary

Attributes inherited from Chef::Knife

#name_args, #ui

Instance Method Summary collapse

Methods inherited from Chef::Knife

#api_key, #apply_computed_config, category, chef_config_dir, common_name, #config_file_defaults, #config_file_settings, config_loader, #config_source, #configure_chef, #create_object, #delete_object, dependency_loaders, deps, #format_rest_error, guess_category, #humanize_exception, #humanize_http_exception, inherited, #initialize, list_commands, load_commands, load_config, load_deps, #maybe_setup_fips, #merge_configs, msg, #noauth_rest, #parse_options, reset_config_loader!, reset_subcommands!, #rest, #root_rest, run, #run_with_pretty_exceptions, #server_url, #show_usage, snake_case_name, subcommand_category, subcommand_class_from, subcommand_files, subcommand_loader, subcommands, subcommands_by_category, #test_mandatory_field, ui, unnamed?, use_separate_defaults?, #username

Constructor Details

This class inherits a constructor from Chef::Knife

Instance Method Details

#runObject 



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/chef/knife/acl_bulk_remove.rb', line 32

def run
  member_type, member_name, object_type, regex, perms = name_args
  object_name_matcher = /#{regex}/

  if name_args.length != 5
    show_usage
    ui.fatal "You must specify the member type [client|group|user], member name, object type, object name REGEX and perms"
    exit 1
  end

  if member_name == "pivotal" && %w{client user}.include?(member_type)
    ui.fatal "ERROR: 'pivotal' is a system user so knife-acl will not remove it from an ACL."
    exit 1
  end
  if member_name == "admins" && member_type == "group" && perms.to_s.split(",").include?("grant")
    ui.fatal "ERROR: knife-acl will not remove the 'admins' group from the 'grant' ACE."
    ui.fatal "       Removal could prevent future attempts to modify permissions."
    exit 1
  end
  validate_perm_type!(perms)
  validate_member_type!(member_type)
  validate_member_name!(member_name)
  validate_object_type!(object_type)
  validate_member_exists!(member_type, member_name)

  if %w{containers groups}.include?(object_type)
    ui.fatal "bulk modifying the ACL of #{object_type} is not permitted"
    exit 1
  end

  objects_to_modify = []
  all_objects = rest.get_rest(object_type)
  objects_to_modify = all_objects.keys.grep(object_name_matcher)

  if objects_to_modify.empty?
    ui.info "No #{object_type} match the expression /#{regex}/"
    exit 0
  end

  ui.msg("The ACL of the following #{object_type} will be modified:")
  ui.msg("")
  ui.msg(ui.list(objects_to_modify.sort, :columns_down))
  ui.msg("")
  ui.confirm("Are you sure you want to modify the ACL of these #{object_type}?")

  objects_to_modify.each do |object_name|
    remove_from_acl!(member_type, member_name, object_type, object_name, perms)
  end
end