"I really want a way to change the validator client for a given org using the command line."
You are in luck! You can run the
knife client reregister ... command to change the validator client for your clusters. You will need to know two things to do this:
- The name of the validator client. By default this is ORGNAME-validator
- The organization where the validator client can be found.
For example, if I run the following command, the validator is changed on the Chef Server organization configured in my knife client's .chef/knife.rb (4thcoffee), and the new validator private key content shows up in the new-4thcoffee-validator.pem file.
knife client reregister 4thcoffee-validator -f new-4thcoffee-validator.pem
After you have the new validator key, you will want to get it in place in the path and using the same name as your current validator client PEM file. You can find the required name and path under the validation_client_name and validation_key keys in the knife.rb file of the workstation where you usually do bootstrapping for the organization.