[chef-dev] Re: Admin client creation issue

[Christopher Brown < >]

Ah, gotcha.
The default client permissions on Hosted Chef only allow that client
to update the node it's associated with.  That's part of the security
design.  You can alter a client to have broader permissions, but
that's usually not a good idea.  Users, however, have that permission
(update on all nodes) by default.  And what you have should work on
the open source server as you said.

Take a look at these links:
http://wiki.opscode.com/display/chef/API+Clients
http://help.opscode.com/kb/knife/manage-api-clients-with-knife
http://help.opscode.com/kb/manage/managing-permissions

and let me know if that helps.

Cheers,
-Chris


On Fri, Sep 9, 2011 at 7:37 AM, Ignasi 
<
 >
 wrote:
> Hi,
> The only thing I need is to create a client capable of updating the run list
> of the different nodes using the API.
> I started developing with a Hosted Chef environment (which is the main
> target), and I don't know if there is any way to set that permission
> automatically (I've not found any documentation about the Opscode Platform
> API, btw).
> On the other hand, from what you say, I understand that the code I have
> right now (create a client with the admin flag) should work with the open
> source chef server, shouldn't it?
>
> Thank you,
> Ignasi
>
>
> On 9 September 2011 16:28, Christopher Brown 
> <
 >
>  wrote:
>>
>> Ignasi,
>> Authorization in Hosted Chef is quite different from the open source
>> version.  In Hosted Chef, there are no "admin" clients, but there is a
>> finer grained permissions system and a difference between the default
>> rights of a "user" and a "client".  What exactly do you want to
>> accomplish?  Perhaps it's just as easily done with your user identity.
>>  If you want to give a particular client broader permissions, take a
>> look at its settings in http://manage.opscode.com.  Let me know if you
>> need more info, and come find us on IRC.
>>
>> Cheers,
>> Chris
>>
>> On Fri, Sep 9, 2011 at 7:13 AM, Ignasi Barrera 
>> <
 >
>> wrote:
>> > Hi all,
>> >
>> > I am trying to create an admin client in a Hosted Chef environment, but
>> > it is
>> > always created as a regular client.
>> >
>> > I've been trying with the Server API, just copying the JSON example in
>> > the
>> > wiki, tried also with knife, and tried to create a regular client and
>> > updating
>> > it afterwards (using knife or the Server API), but the admin flag is
>> > never set.
>> >
>> > I am trying with the following Server API request body, but it creates a
>> > regular client: {"name": "myclient", "admin": true}
>> > Also tried a PUT once the client is created, but the client remains the
>> > same,
>> > and the same result if I use knife.
>> >
>> > Is there any way I could create an administrator client using the Server
>> > API?
>> >
>> >
>> > Thanks in advance,
>> >
>> > Ignasi
>> >
>>
>>
>>
>> --
>> Christopher Brown, Chief Technical Officer, Opscode, Inc.
>> T: (425) 502-5522, E: 
>> 
 
>> IRC, Github: skeptomai
>> Twitter: @skeptomai
>
>



-- 
Christopher Brown, Chief Technical Officer, Opscode, Inc.
T: (425) 502-5522, E: 

 
IRC, Github: skeptomai
Twitter: @skeptomai