Class: Chef::Knife::UserPassword

Inherits:
Chef::Knife show all
Defined in:
lib/chef/knife/user_password.rb

Constant Summary

Constants inherited from Chef::Knife

CHEF_ORGANIZATION_MANAGEMENT, KNIFE_ROOT, OFFICIAL_PLUGINS, OPSCODE_HOSTED_CHEF_ACCESS_CONTROL, VERSION

Instance Attribute Summary

Attributes inherited from Chef::Knife

#name_args, #ui

Instance Method Summary collapse

Methods inherited from Chef::Knife

#api_key, #apply_computed_config, category, chef_config_dir, common_name, #config_file_defaults, #config_file_settings, config_loader, #config_source, #configure_chef, #create_object, #delete_object, dependency_loaders, deps, #format_rest_error, guess_category, #humanize_exception, #humanize_http_exception, inherited, #initialize, list_commands, load_commands, load_config, load_deps, #maybe_setup_fips, #merge_configs, msg, #noauth_rest, #parse_options, reset_config_loader!, reset_subcommands!, #rest, #root_rest, run, #run_with_pretty_exceptions, #server_url, #show_usage, snake_case_name, subcommand_category, subcommand_class_from, subcommand_files, subcommand_loader, subcommands, subcommands_by_category, #test_mandatory_field, ui, unnamed?, use_separate_defaults?, #username

Constructor Details

This class inherits a constructor from Chef::Knife

Instance Method Details

#runObject 



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/chef/knife/user_password.rb', line 29

def run
  # check that correct number of args was passed, should be either
  # USERNAME PASSWORD or USERNAME --enable-external-auth
  #
  # note that you can't pass USERNAME PASSWORD --enable-external-auth
  unless (@name_args.length == 2 && !config[:enable_external_auth]) || (@name_args.length == 1 && config[:enable_external_auth])
    show_usage
    ui.fatal("You must pass two arguments")
    ui.fatal("Note that --enable-external-auth cannot be passed with a password")
    exit 1
  end

  user_name = @name_args[0]

  # note that this will be nil if config[:enable_external_auth] is true
  password = @name_args[1]

  # since the API does not pass back whether recovery_authentication_enabled is
  # true or false, there is no way of knowing if the user is using ldap or not,
  # so we will update the user every time, instead of checking if we are actually
  # changing anything before we PUT.
  result = root_rest.get("users/#{user_name}")

  result["password"] = password unless password.nil?

  # if --enable-external-auth was passed, enable it, else disable it.
  # there is never a situation where we would want to enable ldap
  # AND change the password. changing the password means that the user
  # wants to disable ldap and put user in recover (if they are using ldap).
  result["recovery_authentication_enabled"] = !config[:enable_external_auth]

  begin
    root_rest.put("users/#{user_name}", result)
  rescue => e
    raise e
  end

  ui.msg("Authentication info updated for #{user_name}.")
end