How Can I Find All Users and Their Groups for All Orgs?

Sean Horn -

Versions:

Chef Server 12.x

Discussion:

On a Chef Server, sometimes it is handy to be able to find the total user and group membership in orgs.

Be aware of the following while viewing the output from the script: https://github.com/chef/knife-acl/tree/0.0.12#user-specific-association-group

## This script can find users, USAGS, groups, and orgs

run_command() {
  /opt/opscode/embedded/bin/knife $1 $2 -u pivotal -k     /etc/opscode/pivotal.pem -s https://127.0.0.1/organizations/$3;
}

echo "--Begin User list"
chef-server-ctl user-list
echo "--End User list"

echo ""

for ii in `chef-server-ctl org-list`; do
  echo "---Orgname: $ii"

    echo "-----USAGS: $ii"

      usag_list=`run_command list /groups ponyville | grep -E -v '(admins|clients|billing-admins|users)'`
      for usag in $usag_list; do
        run_command show $usag $ii
      done
      run_command list /groups $ii

      echo ""

      run_command show /groups/users.json $ii

    echo "-----End USAGS: $ii"

  echo ""

  run_command show /groups/admins.json $ii
  echo "---End Orgname: $ii"

  echo ""
done

Example Output

I ran the code above as a script named org-user-usag-group-list.sh and got the following output, which I will annotate with bash/ruby script comments

bash ./org-user-usag-group-list.sh

# The global list of users on the Chef Server.

--Begin User list
bumpy
pivotal
rainbowdash
--End User list

# Start of a new org output

---Orgname: ponyville

# The USAGS in the ponyville org, like 000000000000167dc75bd8f9b2c4bfea are for associated with specific users. This one is associated with the rainbowdash user. The next is associated with the bumpy user.

-----USAGS: ponyville
groups/000000000000167dc75bd8f9b2c4bfea.json:
{
  "name": "000000000000167dc75bd8f9b2c4bfea",
  "users": [
    "rainbowdash"
  ]
}
groups/00000000000048f938758d5cdda600bd.json:
{
  "name": "00000000000048f938758d5cdda600bd",
  "users": [
    "bumpy"
  ]
}
groups/000000000000167dc75bd8f9b2c4bfea.json  groups/00000000000048f938758d5cdda600bd.json
groups/admins.json                            groups/billing-admins.json
groups/clients.json                           groups/users.json

# Then, we see that the 000000000000167dc75bd8f9b2c4bfea USAG (group) is included as a member of the Users group in the ponyville org, which in turn associates the rainbowdash user with the Users group of that org.

groups/users.json:
{
  "name": "users",
  "users": [
    "pivotal"
  ],
  "groups": [
    "000000000000167dc75bd8f9b2c4bfea",
    "00000000000048f938758d5cdda600bd"
  ]
}
-----End USAGS: ponyville

# The Admins group includes the default member, pivotal, and the creating member, rainbowdash. The bumpy user was also previously assigned to the Admins group, not seen in this output. If not seen in this output, but only previously, with the Users group and USAGS, then the User is a member of the org, but not a member of the Admins group.

groups/admins.json:
{
  "name": "admins",
  "users": [
    "pivotal",
    "rainbowdash",
    "bumpy"
  ]
}
---End Orgname: ponyville

# If this were a typical chef server with more than one org, there would be additional orgs listed at this point, containing their own Users, USAGs, Users group, and Admins group.

 

Have more questions? Submit a request

Comments

Powered by Zendesk