The ability to edit a node depends on your API client identity. There are admin clients and non-admin clients. Admin clients may edit nodes, non-admins may run 'knife node edit ’ to see the node, but may not save changes to the node.
We track changes to node files in svn, and manage node uploads via our CI server (Jenkins). Everybody has the guest pem (non-admin) so they can see everything with knife, but to upload a node file, one must run a Jenkins job. The admin pem is installed on the Jenkins server and enjoys limited access. The CI serveralso tracks who ran what when, so we have audit trails on both node file changes in the source code as well as on what was actually uploaded to the Chef server.
There are 2 kinds of clients; admin and normal.
On Jul 30, 2013, at 6:50 AM, Guy Matz firstname.lastname@example.org
Hi! folks, long time puppet guy, first week with chef!
Is there a way to disable “knife node edit” on the server-side, to only allow for the editing of a node from a file? I want to be able to track changes to nodes with git . . .
Thanks so much,