[chef-dev] Re: Admin client creation issue

[Christopher Brown < >]

Manually adding the client to the admin group would definitely do the
trick.  For most of the permissions operations, it's easier to get in
done in the webui at manage.opscode.com than by the API at this point.
 That will get better in the future.
Glad to hear this has been helpful.

Cheers,
-Chris

On Fri, Sep 9, 2011 at 8:34 AM, Ignasi 
<
 >
 wrote:
> That was really helpful, now I understand.
>
> Alghough it is not the recommended solution, is there any way, using the
> API, to give a client in the Hosted Chef the rights to manage the run lists?
> That client will be only a client, not associated to a node.
> Which should be the best approach to that? Maybe I must add a restriction to
> manually add the client to the "admin" group after creating it?
>
> Thanks,
> Ignasi
>
>
>
>
> On 9 September 2011 16:55, Christopher Brown 
> <
 >
>  wrote:
>>
>> Ah, gotcha.
>> The default client permissions on Hosted Chef only allow that client
>> to update the node it's associated with.  That's part of the security
>> design.  You can alter a client to have broader permissions, but
>> that's usually not a good idea.  Users, however, have that permission
>> (update on all nodes) by default.  And what you have should work on
>> the open source server as you said.
>>
>> Take a look at these links:
>> http://wiki.opscode.com/display/chef/API+Clients
>> http://help.opscode.com/kb/knife/manage-api-clients-with-knife
>> http://help.opscode.com/kb/manage/managing-permissions
>>
>> and let me know if that helps.
>>
>> Cheers,
>> -Chris
>>
>>
>> On Fri, Sep 9, 2011 at 7:37 AM, Ignasi 
>> <
 >
>>  wrote:
>> > Hi,
>> > The only thing I need is to create a client capable of updating the run
>> > list
>> > of the different nodes using the API.
>> > I started developing with a Hosted Chef environment (which is the main
>> > target), and I don't know if there is any way to set that permission
>> > automatically (I've not found any documentation about the Opscode
>> > Platform
>> > API, btw).
>> > On the other hand, from what you say, I understand that the code I have
>> > right now (create a client with the admin flag) should work with the
>> > open
>> > source chef server, shouldn't it?
>> >
>> > Thank you,
>> > Ignasi
>> >
>> >
>> > On 9 September 2011 16:28, Christopher Brown 
>> > <
 >
>> >  wrote:
>> >>
>> >> Ignasi,
>> >> Authorization in Hosted Chef is quite different from the open source
>> >> version.  In Hosted Chef, there are no "admin" clients, but there is a
>> >> finer grained permissions system and a difference between the default
>> >> rights of a "user" and a "client".  What exactly do you want to
>> >> accomplish?  Perhaps it's just as easily done with your user identity.
>> >>  If you want to give a particular client broader permissions, take a
>> >> look at its settings in http://manage.opscode.com.  Let me know if you
>> >> need more info, and come find us on IRC.
>> >>
>> >> Cheers,
>> >> Chris
>> >>
>> >> On Fri, Sep 9, 2011 at 7:13 AM, Ignasi Barrera
>> >> <
 >
>> >> wrote:
>> >> > Hi all,
>> >> >
>> >> > I am trying to create an admin client in a Hosted Chef environment,
>> >> > but
>> >> > it is
>> >> > always created as a regular client.
>> >> >
>> >> > I've been trying with the Server API, just copying the JSON example
>> >> > in
>> >> > the
>> >> > wiki, tried also with knife, and tried to create a regular client and
>> >> > updating
>> >> > it afterwards (using knife or the Server API), but the admin flag is
>> >> > never set.
>> >> >
>> >> > I am trying with the following Server API request body, but it
>> >> > creates a
>> >> > regular client: {"name": "myclient", "admin": true}
>> >> > Also tried a PUT once the client is created, but the client remains
>> >> > the
>> >> > same,
>> >> > and the same result if I use knife.
>> >> >
>> >> > Is there any way I could create an administrator client using the
>> >> > Server
>> >> > API?
>> >> >
>> >> >
>> >> > Thanks in advance,
>> >> >
>> >> > Ignasi
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Christopher Brown, Chief Technical Officer, Opscode, Inc.
>> >> T: (425) 502-5522, E: 
>> >> 
 
>> >> IRC, Github: skeptomai
>> >> Twitter: @skeptomai
>> >
>> >
>>
>>
>>
>> --
>> Christopher Brown, Chief Technical Officer, Opscode, Inc.
>> T: (425) 502-5522, E: 
>> 
 
>> IRC, Github: skeptomai
>> Twitter: @skeptomai
>
>



-- 
Christopher Brown, Chief Technical Officer, Opscode, Inc.
T: (425) 502-5522, E: 

 
IRC, Github: skeptomai
Twitter: @skeptomai