36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
# File 'lib/chef/knife/opc_org_user_remove.rb', line 36
def run
@org_name, @username = @name_args
if !org_name || !username
ui.fatal "You must specify an ORG_NAME and USER_NAME"
show_usage
exit 1
end
org = Chef::Org.new(@org_name)
if config[:force_remove_from_admins]
if org.actor_delete_would_leave_admins_empty?
failure_error_message(org_name, username)
ui.msg <<~EOF
You ran with --force which force removes the user from the admins and billing-admins groups.
However, removing #{username} from the admins group would leave it empty, which breaks the org.
Please add another user to org #{org_name} admins group and try again.
EOF
exit 1
end
remove_user_from_admin_group(org, org_name, username, "admins")
remove_user_from_admin_group(org, org_name, username, "billing-admins")
end
begin
org.dissociate_user(@username)
rescue Net::HTTPServerException => e
if e.response.code == "404"
ui.msg "User #{username} is not associated with organization #{org_name}"
exit 1
elsif e.response.code == "403"
body = Chef::JSONCompat.from_json(e.response.body)
if body.key?("error") && body["error"] == "Please remove #{username} from this organization's admins group before removing him or her from the organization."
failure_error_message(org_name, username)
ui.msg <<~EOF
User #{username} is in the organization's admin group. Removing users from an organization without removing them from the admins group is not allowed.
Re-run this command with --force to remove this user from the admins prior to removing it from the organization.
EOF
exit 1
else
raise e
end
else
raise e
end
end
end
|