Class: Chef::Knife::OrgUserRemove

Inherits:
Chef::Knife show all
Defined in:
lib/chef/knife/org_user_remove.rb

Constant Summary

Constants inherited from Chef::Knife

CHEF_ORGANIZATION_MANAGEMENT, KNIFE_ROOT, OFFICIAL_PLUGINS, OPSCODE_HOSTED_CHEF_ACCESS_CONTROL, VERSION

Instance Attribute Summary collapse

Attributes inherited from Chef::Knife

#name_args, #ui

Instance Method Summary collapse

Methods inherited from Chef::Knife

#api_key, #apply_computed_config, category, chef_config_dir, common_name, #config_file_defaults, #config_file_settings, config_loader, #config_source, #configure_chef, #create_object, #delete_object, dependency_loaders, deps, #format_rest_error, guess_category, #humanize_exception, #humanize_http_exception, inherited, #initialize, list_commands, load_commands, load_config, load_deps, #maybe_setup_fips, #merge_configs, msg, #noauth_rest, #parse_options, reset_config_loader!, reset_subcommands!, #rest, #root_rest, run, #run_with_pretty_exceptions, #server_url, #show_usage, snake_case_name, subcommand_category, subcommand_class_from, subcommand_files, subcommand_loader, subcommands, subcommands_by_category, #test_mandatory_field, ui, unnamed?, use_separate_defaults?

Constructor Details

This class inherits a constructor from Chef::Knife

Instance Attribute Details

#org_nameObject

Returns the value of attribute org_name.



24
25
26
 
# File 'lib/chef/knife/org_user_remove.rb', line 24

def org_name
  @org_name
end

#usernameObject

Returns the value of attribute username.



24
25
26
 
# File 'lib/chef/knife/org_user_remove.rb', line 24

def username
  @username
end

Instance Method Details

#failure_error_message(org_name, username) ⇒ Object 



85
86
87
 
# File 'lib/chef/knife/org_user_remove.rb', line 85

def failure_error_message(org_name, username)
  ui.error "Error removing user #{username} from organization #{org_name}."
end

#remove_user_from_admin_group(org, org_name, username, admin_group_string) ⇒ Object 



89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'lib/chef/knife/org_user_remove.rb', line 89

def remove_user_from_admin_group(org, org_name, username, admin_group_string)
  org.remove_user_from_group(admin_group_string, username)
rescue Net::HTTPClientException => e
  if e.response.code == "404"
    ui.warn <<~EOF
      User #{username} is not in the #{admin_group_string} group for organization #{org_name}.
      You probably don't need to pass --force.
    EOF
  else
    raise e
  end
end

#runObject 



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
# File 'lib/chef/knife/org_user_remove.rb', line 36

def run
  @org_name, @username = @name_args

  if !org_name || !username
    ui.fatal "You must specify an ORG_NAME and USER_NAME"
    show_usage
    exit 1
  end

  org = Chef::Org.new(@org_name)

  if config[:force_remove_from_admins]
    if org.actor_delete_would_leave_admins_empty?
      failure_error_message(org_name, username)
      ui.msg <<~EOF
        You ran with --force which force removes the user from the admins and billing-admins groups.
        However, removing #{username} from the admins group would leave it empty, which breaks the org.
        Please add another user to org #{org_name} admins group and try again.
      EOF
      exit 1
    end
    remove_user_from_admin_group(org, org_name, username, "admins")
    remove_user_from_admin_group(org, org_name, username, "billing-admins")
  end

  begin
    org.dissociate_user(@username)
  rescue Net::HTTPClientException => e
    if e.response.code == "404"
      ui.msg "User #{username} is not associated with organization #{org_name}"
      exit 1
    elsif e.response.code == "403"
      body = Chef::JSONCompat.from_json(e.response.body)
      if body.key?("error") && body["error"] == "Please remove #{username} from this organization's admins group before removing him or her from the organization."
        failure_error_message(org_name, username)
        ui.msg <<~EOF
          User #{username} is in the organization's admin group. Removing users from an organization without removing them from the admins group is not allowed.
          Re-run this command with --force to remove this user from the admins prior to removing it from the organization.
        EOF
        exit 1
      else
        raise e
      end
    else
      raise e
    end
  end
end