summaryrefslogtreecommitdiff
path: root/lib/chef/knife/user_create.rb
blob: a1761de979caa7f7a89af63dc5953d3026f84dd0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
#
# Author:: Steven Danna (<steve@chef.io>)
# Author:: Tyler Cloke (<tyler@chef.io>)
# Copyright:: Copyright 2012-2016, Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

require "chef/knife"
require "chef/knife/osc_user_create"

class Chef
  class Knife
    class UserCreate < Knife

      attr_accessor :user_field

      deps do
        require "chef/user_v1"
        require "chef/json_compat"
      end

      option :file,
        short: "-f FILE",
        long: "--file FILE",
        description: "Write the private key to a file if the server generated one."

      option :user_key,
        long: "--user-key FILENAME",
        description: "Set the initial default key for the user from a file on disk (cannot pass with --prevent-keygen)."

      option :prevent_keygen,
        short: "-k",
        long: "--prevent-keygen",
        description: "API V1 (Chef Server 12.1+) only. Prevent server from generating a default key pair for you. Cannot be passed with --user-key.",
        boolean: true

      option :admin,
        short: "-a",
        long: "--admin",
        description: "DEPRECATED: Open Source Chef 11 only. Create the user as an admin.",
        boolean: true

      option :user_password,
        short: "-p PASSWORD",
        long: "--password PASSWORD",
        description: "DEPRECATED: Open Source Chef 11 only. Password for newly created user.",
        default: ""

      banner "knife user create USERNAME DISPLAY_NAME FIRST_NAME LAST_NAME EMAIL PASSWORD (options)"

      def user
        @user_field ||= Chef::UserV1.new
      end

      def create_user_from_hash(hash)
        Chef::UserV1.from_hash(hash).create
      end

      def osc_11_warning
        <<~EOF
          IF YOU ARE USING CHEF SERVER 12+, PLEASE FOLLOW THE INSTRUCTIONS UNDER knife user create --help.
          You only passed a single argument to knife user create.
          For backwards compatibility, when only a single argument is passed,
          knife user create assumes you want Open Source 11 Server user creation.
          knife user create for Open Source 11 Server is being deprecated.
          Open Source 11 Server user commands now live under the knife osc_user namespace.
          For backwards compatibility, we will forward this request to knife osc_user create.
          If you are using an Open Source 11 Server, please use that command to avoid this warning.
          NOTE: Backwards compatibility for Open Source 11 Server in these commands will be removed
          in Chef 15 which will be released April 2019.
EOF
      end

      def run_osc_11_user_create
        # run osc_user_create with our input
        ARGV.delete("user")
        ARGV.unshift("osc_user")
        Chef::Knife.run(ARGV, Chef::Application::Knife.options)
      end

      def run
        # DEPRECATION NOTE
        # Remove this if statement and corrosponding code post OSC 11 support.
        #
        # If only 1 arg is passed, assume OSC 11 case.
        if @name_args.length == 1
          ui.warn(osc_11_warning)
          run_osc_11_user_create
        else # EC / CS 12 user create

          test_mandatory_field(@name_args[0], "username")
          user.username @name_args[0]

          test_mandatory_field(@name_args[1], "display name")
          user.display_name @name_args[1]

          test_mandatory_field(@name_args[2], "first name")
          user.first_name @name_args[2]

          test_mandatory_field(@name_args[3], "last name")
          user.last_name @name_args[3]

          test_mandatory_field(@name_args[4], "email")
          user.email @name_args[4]

          test_mandatory_field(@name_args[5], "password")
          user.password @name_args[5]

          if config[:user_key] && config[:prevent_keygen]
            show_usage
            ui.fatal("You cannot pass --user-key and --prevent-keygen")
            exit 1
          end

          if !config[:prevent_keygen] && !config[:user_key]
            user.create_key(true)
          end

          if config[:user_key]
            user.public_key File.read(File.expand_path(config[:user_key]))
          end

          output = edit_hash(user)
          final_user = create_user_from_hash(output)

          ui.info("Created #{user}")
          if final_user.private_key
            if config[:file]
              File.open(config[:file], "w") do |f|
                f.print(final_user.private_key)
              end
            else
              ui.msg final_user.private_key
            end
          end
        end
      end
    end
  end
end