chef - [chef] Re: Chef12: knife user show to non-admin users

First login ?
Lost password ?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Chef12: knife user show to non-admin users

From: Tiago Cruz < >
To: " " < >
Subject: [chef] Re: Chef12: knife user show to non-admin users
Date: Fri, 23 Jan 2015 09:08:32 -0200

I tried to

$ knife acl add groups users read group vault-admins

And put my users on 'vault-admins' group, but does not work :(

The problem is: knife-vault needs to get public key of the users to generate the hash.

If the guy is a non-admin, he only can generate for his own, and I can't see the key:

$ knife vault show reliability portability-credentials
ERROR: ChefVault::Exceptions::SecretDecryption: reliability/portability-credentials is not encrypted with your public key. Contact an administrator of the vault item to encrypt for you!

And the guy who did, can't generate to me because the can't see my private key using 'knife user show tiago_cruz'

So, how can I give him access to my private_key?

Thanks a lot!

On Thu, Jan 22, 2015 at 5:51 PM, Tiago Cruz < " target="_blank"> > wrote:

Hello,

There is some way to give non-admins users permission to use 'knife user show'?

$ knife user show xxx -VV
DEBUG: Chef::HTTP calling Chef::HTTP::JSONInput#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::JSONToModelOutput#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::CookieManager#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::Decompressor#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::Authenticator#handle_request
DEBUG: Signing the request as jaum
DEBUG: Chef::HTTP calling Chef::HTTP::RemoteRequestID#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::ValidateContentLength#handle_request
DEBUG: Initiating GET to https://chef-host/organizations/organization/users/truta
DEBUG: ---- HTTP Request Header Data: ----
DEBUG: Accept: application/json
DEBUG: Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3
DEBUG: X-OPS-SIGN: algorithm=sha1;version=1.0;
DEBUG: X-OPS-USERID: jaum
DEBUG: X-OPS-TIMESTAMP: 2015-01-22T19:42:02Z
DEBUG: X-OPS-CONTENT-HASH: 2jmj7l5rSw0yVb/vlWAYkK/YBwk=
DEBUG: X-OPS-AUTHORIZATION-1: GsGVBloLX88PUr+OygGRf/JfqenGh2ZHvGS5LXEIehw/+Xu8Xgi5QYGK9lDs
DEBUG: X-OPS-AUTHORIZATION-2: lQ6NGPt4AoiglpTuQUJnyP8rhPLEeNlMmh3hxBbGMlWHzTOqWsHvPLlbAg6e
DEBUG: X-OPS-AUTHORIZATION-3: H7uWraSg882f26xXDkFJOhu/loBD3jZ51eCsyEJwJkkPhlOG8yVmNrgzn2cV
DEBUG: X-OPS-AUTHORIZATION-4: sKvwKHJwAu5UUGHrNcyKeH1SPlWYHZFhL0lEMb6lwDxZA7O5nKJu9RE/nEPc
DEBUG: X-OPS-AUTHORIZATION-5: FKYframg47s+uPYjrb9MjH5AjtAK3DBA1dZxXrTFTEeB2rtWNjrSAVNE0O5I
DEBUG: X-OPS-AUTHORIZATION-6: GlqUUlBuXa0j/Er52tIMJBl0Fav4cwGK5tNx1DniNQ==
DEBUG: HOST: chef-host:443
DEBUG: X-REMOTE-REQUEST-ID: 1fb2cc5a-25a4-483a-b4e5-adaedb01d80a
DEBUG: ---- End HTTP Request Header Data ----
DEBUG: ---- HTTP Status and Header Data: ----
DEBUG: HTTP 1.1 403 Forbidden
DEBUG: server: ngx_openresty/1.4.3.6
DEBUG: date: Thu, 22 Jan 2015 19:42:01 GMT
DEBUG: content-length: 37
DEBUG: connection: close
DEBUG: x-ops-api-info: flavor=cs;version=12.0.0;oc_erchef=0.29.4
DEBUG: ---- End HTTP Status/Header Data ----
DEBUG: Chef::HTTP calling Chef::HTTP::ValidateContentLength#handle_response
DEBUG: Content-Length validated correctly.
DEBUG: Chef::HTTP calling Chef::HTTP::RemoteRequestID#handle_response
DEBUG: Chef::HTTP calling Chef::HTTP::Authenticator#handle_response
DEBUG: Chef::HTTP calling Chef::HTTP::Decompressor#handle_response
DEBUG: Chef::HTTP calling Chef::HTTP::CookieManager#handle_response
DEBUG: Chef::HTTP calling Chef::HTTP::JSONToModelOutput#handle_response
DEBUG: Expected JSON response, but got content-type ''
DEBUG: Chef::HTTP calling Chef::HTTP::JSONInput#handle_response
INFO: HTTP Request Returned 403 Forbidden: error
/opt/chefdk/embedded/lib/ruby/2.1.0/net/http/response.rb:119:in `error!': 403 "Forbidden" (Net::HTTPServerException)
from /opt/chefdk/embedded/apps/chef/lib/chef/http.rb:145:in `request'
from /opt/chefdk/embedded/apps/chef/lib/chef/rest.rb:115:in `get'
from /opt/chefdk/embedded/apps/chef/lib/chef/user.rb:164:in `load'
from /opt/chefdk/embedded/apps/chef/lib/chef/knife/user_show.rb:43:in `run'
from /opt/chefdk/embedded/apps/chef/lib/chef/knife.rb:493:in `run_with_pretty_exceptions'
from /opt/chefdk/embedded/apps/chef/lib/chef/knife.rb:174:in `run'
from /opt/chefdk/embedded/apps/chef/lib/chef/application/knife.rb:139:in `run'
from /opt/chefdk/embedded/apps/chef/bin/knife:25:in `<top (required)>'
from /usr/bin/knife:33:in `load'
from /usr/bin/knife:33:in `<main>'

Thanks!!
--
-- Tiago Cruz

-- Tiago Cruz

[chef] Chef12: knife user show to non-admin users, Tiago Cruz, 01/22/2015
- [chef] Re: Chef12: knife user show to non-admin users, Tiago Cruz, 01/23/2015
  - [chef] Re: Re: Chef12: knife user show to non-admin users, Steven Danna, 01/23/2015
    - [chef] Re: Re: Re: Chef12: knife user show to non-admin users, Tiago Cruz, 01/26/2015
      - [chef] Re: Re: Re: Re: Chef12: knife user show to non-admin users, Steven Danna, 01/26/2015
    - [chef] Re: Re: Re: Chef12: knife user show to non-admin users, Tiago Cruz, 01/26/2015