Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added users_path for provisioning users in chefzero #880

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

added users_path for provisioning users in chefzero #880

wants to merge 1 commit into from

Conversation

equick
Copy link

@equick equick commented Nov 22, 2015

Hi,

I've been playing around with test-kitchen and chef-vault. In order to set up a chef-vault administrator in the chef_vault_secret, there needs to be a user (or client) in chef-zero.

The example under https://github.com/chef-cookbooks/chef-vault/tree/master/test/fixtures uses a client, but to make the test more realistic, I wanted to add an administrator as well.

chef_vault_secret 'myapp-vault' do
  data_bag 'myapp'
  raw_data('keystorepass.dev' => 'chef12345')
  admins 'quickedw'
  clients 'role:myapp'
  search '*:*'
end

I have created the following user under ~/chef/cookbooks/myapp/test/fixtures/users

jenkins@buildhost $ pwd
/home/jenkins/chef/cookbooks/myapp/test/fixtures/
jenkins@buildhost $ ls
clients  cookbooks  users
jenkins@buildhost $ ls users
quickedw.json  quickedw.pem
jenkins@buildhost $ cat quickedw.json
{
  "name": "quickedw",
  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroTVtRfhrIp8HsDgWOQ6\nwPSR/trQhCJy0izY8cSHK2tlg0H6tH326qXn+cPtdyxKm5y21+z5/Ap2o4Y2Z/xa\nyMPbWUENPCnNgva8dAPQ71+IzbnQTN9SWL6yBEBtC0Ap1mDM8/H1w4xseIAU2pSf\n+ul0Ly8k5LEhyIYxoo+/7FyUJN0J28Tj+tFlSDJtWAuRryvdKRrIODg1tiaCuOkm\nOSM2djB/oyy5xtMky/4iZCaKZO6C37Z1qGOKrU7cZf3eDJxjUjp3MWrWniCOjiha\nbI86ToKsN/Dh4MSXUjvSp7PQRMEZoVNcVb1K6BSNq4FAjadFhR6wfLTV0gYCz5gE\nuwIDAQAB\n-----END PUBLIC KEY-----\n",
  "admin": true,
  "chef_type": "user"
}

and using the patch in my PR, this creates /tmp/kitchen/users on the provisioned host and copies over the json user above.

As you can see below it now adds the client and user keys to the vault_keys file.

root@kitchenhost # pwd
/tmp/kitchen/data_bags/myapp
root@kitchenhost # cat myapp-vault_keys.json
{
  "id": "myapp-vault_keys",
  "admins": [
    "quickedw"
  ],
  "clients": [
    "tomcat6-rhel6"
  ],
  "search_query": "*:*",
  "tomcat6-rhel6": "ehs4FEVyyE+/c6AaYwNQbwSNM7L9RWvBDhAMvELGYQndYfCGC/0Ha0IFtpRA\nGb7kqh3RZX9nm6t+uSjKCm2LMD2BtH9ckxEMSrHuO/kzYkY9cB12mFTxLWJc\nHm3RlPyAJ216ufhBeUIy3cjuZa2poV/+RzvGkDlAcfj0qSU6Zp5YkQM++tbG\n+mx0AQLMXwcrTvxbztb6hPcmHk9rZLEN3y7pBQcD6uaRomgJxyGDSuu10RGf\nWJBgBZKyttlQj1ErNN4W9Z+UkzetZLOOYmoz0NUpuhNp54qGJmHy6Q6nDoGZ\nlCbqyzV2YsWmA9LdIaIEFTZpVVT7I3+7jqUpnaHh/A==\n",
  "quickedw": "UlkJDn/9jvZg8fOaT+LvV1dT+pDVGH9jiZoiYeN7dH5JSggXh6xx/U/LHho3\nJvwdhXdC4QRsWbDStONSy4n5+ECaCM6BmKV+3Qch99fPm99IC2EmePYUIFO2\n8cQfav7rtSKurXeFEFnqL/RA8OdDVCeliaMO85xnuoBdgkLXEZQ7j2Wx8PTd\nogwVd0C/3f2GiYd7Bo+1iUjB0gqfiSv9WCpAQVTV+pjSl5YFLRUbjvsrJJ4A\nxVsbl1z+C9NQ2dMFsky01wEirH2swKCA+dW20g0Sw4QC6YgJ0o37PgQT1CzN\nHwcClC4hSLyAx1lV4dQLP+VkpN9xS/Yvo86rx/4R4Q==\n"

@equick equick mentioned this pull request Nov 25, 2015
Closed
@lamont-granquist
Copy link
Contributor

failling tests + needs rebase

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
New Feature Provisioner: Chef
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@equick @lamont-granquist @cheeseplus