[chef] RE: Re: chef-server containers

[Phil Oliva < >]

Thanks Daniel.

So if a user has read, create, upload, and write permissions to 'cookbooks' 
objects but only read permissions to 'sandboxes' objects then user won't be 
able to upload cookbooks, correct?

-Phil

-----Original Message-----
From: Daniel DeLeo 
[mailto:
 
 On Behalf Of Daniel DeLeo
Sent: Wednesday, September 30, 2015 7:47 PM
To: 

 
Subject: [chef] Re: chef-server containers



On Wednesday, September 30, 2015 at 4:17 PM, Phil Oliva wrote:

> Ohai chefs,
>  
> I’ve been reviewing the following document ChefServerPermissions_v1.3.pdf 
> (https://github.com/chef/chef-server/blob/master/doc/ChefServerPermissions_v1.3.pdf)
>  and have a few questions around the purpose of some chef objects (and 
> their related containers) on the chef server.
>  
> The document lists all the default containers (which relate to chef 
> objects) that exist today:
>  
> clients
> containers
> cookbooks
> data
> environments
> groups
> nodes
> roles
> sandboxes
> policies
> policy_groups
> cookbook_artifacts
>  
> Most chef object seem pretty obvious but except for data, sandboxes, and 
> cookbook_artifacts objects.
>  
> Is data object simply a data bag?

Yes
  
> What are sandboxes and cookbook_artifacts objects? If an user only had read 
> access to these type of objects what wouldn’t they be able to do when using 
> knife commands?

Sandboxes keep track of state during cookbook uploads, since the actual files 
are uploaded to S3 or an S3-alike service (bookshelf).

Cookbook artifacts are cookbooks that are used by policyfiles. These are 
stored as a separate object type so we didn’t have to introduce any behavior 
changes to the existing cookbooks APIs.
  
>  
> -Phil
>  
> Philip Oliva
> Senior Infrastructure Software Developer BlackBerry Ltd.
> “Fail quick, fail often, recover quickly”
> http://ca.linkedin.com/pub/philip-oliva/67/74/10
>  

--
Daniel DeLeo