Chef API User Permissions?


#1

Hi Chefs,

So I’m trying to set up a daemon to automatically update our Chef assets whenever a change is made to a specific branch on our Chef repo (data bags, roles, and environments only…cookbooks are handled with Berkshelf).

I created an “admin client” with my local copy of knife and set the daemon up to use the generated key. Reading and updating assets on the Chef server (Hosted Chef) seems to work fine, but creating assets causes a Permission Denied error.

Can anyone tell me how to update the permissions on the UI so as to allow an Admin Client to create an asset? The UI is very confusing and the obvious things don’t seem to have worked…

Eric


#2

Hi Eric,

So I’m trying to set up a daemon to automatically update our Chef
assets whenever a change is made to a specific branch on our Chef repo
(data bags, roles, and environments only…cookbooks are handled with
Berkshelf).
Would you open source this project, please? There’s interest from my side.

I created an "admin client"
Have you tried an admin user, too? I’m still a bit confused, but IIRC
users were introduced with Chef 11, so there might be no need for the
admin clients anymore.

Did you test, if uploading works with your user’s (or client’s) certificate?

Steffen

On 29/01/14 16:49, Eric Herot wrote:

Hi Chefs,

So I’m trying to set up a daemon to automatically update our Chef assets whenever a change is made to a specific branch on our Chef repo (data bags, roles, and environments only…cookbooks are handled with Berkshelf).

I created an “admin client” with my local copy of knife and set the daemon up to use the generated key. Reading and updating assets on the Chef server (Hosted Chef) seems to work fine, but creating assets causes a Permission Denied error.

Can anyone tell me how to update the permissions on the UI so as to allow an Admin Client to create an asset? The UI is very confusing and the obvious things don’t seem to have worked…

Eric


#3

This ‘gitupdater’ client does not have a corresponding ‘user’ in our Hosted Chef account. Might that be the issue? It seems odd that non-user clients would be able to update but not create.

Other users on our system can create assets, but I have not been able to do so with the certificate for the ‘gitupdater’ client.

On Jan 29, 2014, at 2:06 PM, Steffen Gebert st+gmane@st-g.de wrote:

Hi Eric,

So I’m trying to set up a daemon to automatically update our Chef
assets whenever a change is made to a specific branch on our Chef repo
(data bags, roles, and environments only…cookbooks are handled with
Berkshelf).
Would you open source this project, please? There’s interest from my side.

I created an "admin client"
Have you tried an admin user, too? I’m still a bit confused, but IIRC
users were introduced with Chef 11, so there might be no need for the
admin clients anymore.

Did you test, if uploading works with your user’s (or client’s) certificate?

Steffen

On 29/01/14 16:49, Eric Herot wrote:

Hi Chefs,

So I’m trying to set up a daemon to automatically update our Chef assets whenever a change is made to a specific branch on our Chef repo (data bags, roles, and environments only…cookbooks are handled with Berkshelf).

I created an “admin client” with my local copy of knife and set the daemon up to use the generated key. Reading and updating assets on the Chef server (Hosted Chef) seems to work fine, but creating assets causes a Permission Denied error.

Can anyone tell me how to update the permissions on the UI so as to allow an Admin Client to create an asset? The UI is very confusing and the obvious things don’t seem to have worked…

Eric