[chef] Re: Re: Total newb question re: disabling knife node edit

["steve ." < >]

Finer-grained access control is available in either Hosted or Private Chef if these options don't suit your needs.

Or you can throw in with the person who just posted that they're totally going to add a bunch of awesome features to OSS Chef.

(Hope they open-source that -- some of it sounded cool.)

On Tue, Jul 30, 2013 at 8:59 AM, Chas Schley < " target="_blank"> > wrote:

The ability to edit a node depends on your API client identity. There are admin clients and non-admin clients. Admin clients may edit nodes, non-admins may run 'knife node edit <node>' to see the node, but may not save changes to the node.

We track changes to node files in svn, and manage node uploads via our CI server (Jenkins). Everybody has the guest pem (non-admin) so they can see everything with knife, but to upload a node file, one must run a Jenkins job. The admin pem is installed on the Jenkins server and enjoys limited access. The CI serveralso tracks who ran what when, so we have audit trails on both node file changes in the source code as well as on what was actually uploaded to the Chef server.

Cheers,

-Chas

There are 2 kinds of clients; admin and normal.

On Jul 30, 2013, at 6:50 AM, Guy Matz < "> >

 wrote:

> Hi! folks, long time puppet guy, first week with chef!
>
> Is there a way to disable "knife node edit" on the server-side, to only allow for the editing of a node from a file?  I want to be able to track changes to nodes with git . . .
>
> Thanks so much,
> Guy Matz