Class: Opc::OpcUserPassword

Inherits:
Chef::Knife
  • Object
show all
Includes:
Chef::Mixin::RootRestv0
Defined in:
lib/chef/knife/opc_user_password.rb

Instance Method Summary collapse

Methods included from Chef::Mixin::RootRestv0

#root_rest

Instance Method Details

#runObject 



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
# File 'lib/chef/knife/opc_user_password.rb', line 32

def run
  # check that correct number of args was passed, should be either
  # USERNAME PASSWORD or USERNAME --enable-external-auth
  #
  # note that you can't pass USERNAME PASSWORD --enable-external-auth
  unless (@name_args.length == 2 && !config[:enable_external_auth]) || (@name_args.length == 1 && config[:enable_external_auth])
    show_usage
    ui.fatal("You must pass two arguments")
    ui.fatal("Note that --enable-external-auth cannot be passed with a password")
    exit 1
  end

  user_name = @name_args[0]

  # note that this will be nil if config[:enable_external_auth] is true
  password = @name_args[1]

  # since the API does not pass back whether recovery_authentication_enabled is
  # true or false, there is no way of knowing if the user is using ldap or not,
  # so we will update the user every time, instead of checking if we are actually
  # changing anything before we PUT.
  user = root_rest.get("users/#{user_name}")

  user["password"] = password unless password.nil?

  # if --enable-external-auth was passed, enable it, else disable it.
  # there is never a situation where we would want to enable ldap
  # AND change the password. changing the password means that the user
  # wants to disable ldap and put user in recover (if they are using ldap).
  user["recovery_authentication_enabled"] = !config[:enable_external_auth]

  begin
    root_rest.put("users/#{user_name}", user)
  rescue => e
    raise e
  end

  ui.msg("Authentication info updated for #{user_name}.")
end