- From: Christopher Brown <
>
- To: Ignasi <
>
- Cc:
- Subject: [chef-dev] Re: Admin client creation issue
- Date: Fri, 9 Sep 2011 07:55:24 -0700
Ah, gotcha.
The default client permissions on Hosted Chef only allow that client
to update the node it's associated with. That's part of the security
design. You can alter a client to have broader permissions, but
that's usually not a good idea. Users, however, have that permission
(update on all nodes) by default. And what you have should work on
the open source server as you said.
Take a look at these links:
http://wiki.opscode.com/display/chef/API+Clients
http://help.opscode.com/kb/knife/manage-api-clients-with-knife
http://help.opscode.com/kb/manage/managing-permissions
and let me know if that helps.
Cheers,
-Chris
On Fri, Sep 9, 2011 at 7:37 AM, Ignasi
<
>
wrote:
>
Hi,
>
The only thing I need is to create a client capable of updating the run list
>
of the different nodes using the API.
>
I started developing with a Hosted Chef environment (which is the main
>
target), and I don't know if there is any way to set that permission
>
automatically (I've not found any documentation about the Opscode Platform
>
API, btw).
>
On the other hand, from what you say, I understand that the code I have
>
right now (create a client with the admin flag) should work with the open
>
source chef server, shouldn't it?
>
>
Thank you,
>
Ignasi
>
>
>
On 9 September 2011 16:28, Christopher Brown
>
<
>
>
wrote:
>
>
>
> Ignasi,
>
> Authorization in Hosted Chef is quite different from the open source
>
> version. In Hosted Chef, there are no "admin" clients, but there is a
>
> finer grained permissions system and a difference between the default
>
> rights of a "user" and a "client". What exactly do you want to
>
> accomplish? Perhaps it's just as easily done with your user identity.
>
> If you want to give a particular client broader permissions, take a
>
> look at its settings in http://manage.opscode.com. Let me know if you
>
> need more info, and come find us on IRC.
>
>
>
> Cheers,
>
> Chris
>
>
>
> On Fri, Sep 9, 2011 at 7:13 AM, Ignasi Barrera
>
> <
>
>
> wrote:
>
> > Hi all,
>
> >
>
> > I am trying to create an admin client in a Hosted Chef environment, but
>
> > it is
>
> > always created as a regular client.
>
> >
>
> > I've been trying with the Server API, just copying the JSON example in
>
> > the
>
> > wiki, tried also with knife, and tried to create a regular client and
>
> > updating
>
> > it afterwards (using knife or the Server API), but the admin flag is
>
> > never set.
>
> >
>
> > I am trying with the following Server API request body, but it creates a
>
> > regular client: {"name": "myclient", "admin": true}
>
> > Also tried a PUT once the client is created, but the client remains the
>
> > same,
>
> > and the same result if I use knife.
>
> >
>
> > Is there any way I could create an administrator client using the Server
>
> > API?
>
> >
>
> >
>
> > Thanks in advance,
>
> >
>
> > Ignasi
>
> >
>
>
>
>
>
>
>
> --
>
> Christopher Brown, Chief Technical Officer, Opscode, Inc.
>
> T: (425) 502-5522, E:
>
>
>
> IRC, Github: skeptomai
>
> Twitter: @skeptomai
>
>
--
Christopher Brown, Chief Technical Officer, Opscode, Inc.
T: (425) 502-5522, E:
IRC, Github: skeptomai
Twitter: @skeptomai
Archive powered by MHonArc 2.6.16.