-
Notifications
You must be signed in to change notification settings - Fork 163
/
clean_acls.rb
35 lines (32 loc) · 1.08 KB
/
clean_acls.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# Remove clients from the admins group
chef_group 'admins' do
remove_groups 'clients'
end
valid_nodes = search(:node, '*:*').map { |node| node.name }
search(:client, '*:*').each do |c|
if valid_nodes.include?(c.name)
# Check whether the user exists
begin
api = Cheffish.chef_server_api
api.get("#{api.root_url}/users/#{c.name}").inspect
rescue Net::HTTPServerException => e
if e.response.code == '404'
puts "Response #{e.response.code} for #{c.name}"
# If the user does NOT exist, we can just add the client to the acl
chef_acl "nodes/#{c.name}" do
rights [ :read, :update ], clients: [ c.name ]
end
next
end
end
# We will only get here if the user DOES exist. We are going to have a
# conflict between the user and client. Create a group for it, add
# the user for that group, and add the group to the acl. Bleagh.
chef_group "client_#{c.name}" do
clients c.name
end
chef_acl "nodes/#{c.name}" do
rights [ :read, :update ], groups: "client_#{c.name}"
end
end
end