W3cubDocs

/Chef 18

knife user

[edit on GitHub]

Use the knife user subcommand to manage the list of users and their associated RSA public key-pairs.

Note

Review the list of common options available to this (and all) knife subcommands and plugins.

create

Use the create argument to create a user. This process will generate an RSA key pair for the named user. The public key will be stored on the Chef Infra Server and the private key will be displayed on STDOUT or written to a named file.

  • For the user, the private key should be copied to the system as /etc/chef/client.pem.
  • For knife, the private key is typically copied to ~/.chef/client_name.pem and referenced in the config.rb configuration file.

Syntax

This argument has the following syntax:

knife user create USERNAME DISPLAY_NAME FIRST_NAME LAST_NAME EMAIL PASSWORD (options)

Options

This argument has the following options:

-f FILE, --file FILE

Save a private key to the specified file name.

--password PASSWORD

The user password.

--user-key FILENAME

The path to a file that contains the public key. If this option is not specified, the Chef Infra Server will generate a public/private key pair.

-k, --prevent-keygen

:Prevent Chef Infra Server from generating a default key pair for you. Cannot be passed with –user-key.

-o ORGNAME --orgname ORGNAME

:Associate new user to an organization matching ORGNAME

--first-name FIRST_NAME

:First name for the user

--last-name LAST_NAME

:Last name for the user

--email EMAIL

:Email for the user

--prompt-for-password, -p

:Prompt for user password

Note

See config.rb for more information about how to add certain knife options as settings in the config.rb file.

Examples

The following examples show how to use this knife subcommand:

Create a user

knife user create tbucatar "Tamira Bucatar" [email protected] -f /keys/tbucatar

knife user create arno arno schmidt [email protected] password
-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----

delete

Use the delete argument to delete a registered user.

Syntax

This argument has the following syntax:

knife user delete USER_NAME

Options

--no-disassociate-user, -d

:Don’t disassociate the user first

"--remove-from-admin-groups, -R

:If the user is a member of any org admin groups, attempt to remove from those groups. Ignored if –no-disassociate-user is set.

Examples

The following examples show how to use this knife subcommand:

Delete a user

knife user delete "Arjun Koch"

edit

Use the edit argument to edit the details of a user. When this argument is run, knife will open $EDITOR. When finished, knife will update the Chef Infra Server with those changes.

Syntax

This argument has the following syntax:

knife user edit USER_NAME

Options

--input FILENAME, -i FILENAME

:Name of file to use for PUT or POST

--filename FILENAME, -f FILENAME

:Write private key to FILENAME rather than STDOUT

Examples

EDITOR=ed knife user edit arno
639
1,%p
{
  "username": "arno",
  "email": "[email protected]",
  "display_name": "arno schmidt",
  "first_name": "arno",
  "last_name": "schmidt",
  "middle_name": "",
  "public_key": "-----BEGIN PUBLIC KEY-----\n[...]\n-----END PUBLIC KEY-----\n\n"
}
/email/s/chef.io/opscode.com/p
"email": "[email protected]",
wq
643
Saved arno.

knife  user show arno
display_name:  arno schmidt
email:         [email protected]
first_name:     arno
last_name:     schmidt
middle_name:
public_key: -----BEGIN PUBLIC KEY-----
[...]
-----END PUBLIC KEY-----


username:   arno

list

Use the list argument to show list of all registered users.

Syntax

This argument has the following syntax:

knife user list

Options

-w, --with-uri,

:Show corresponding URIs.

Examples

The following examples show how to use this knife subcommand:

knife user list
alice
pivotal

knife user list -w
alice: https://chef-server.fqdn/users/alice
pivotal: https://chef-server.fqdn/users/pivotal

knife org list -w -a
acme: https://chef-server.fqdn/organizations/acme

password

Command for managing password and authentication for a user.

Syntax

This argument has the following syntax:

knife user password USER_NAME [PASSWORD | ]

Options

--enable_external_auth,

:Enable external authentication for this user (such as LDAP).

Examples

The following examples show how to use this knife subcommand:

knife user password arno newpassword
{"username"=>"arno", "email"=>"[email protected]", "display_name"=>"arno schmidt", "first_name"=>"arno", "last_name"=>"schmidt", "middle_name"=>"", "public_key"=>"-----BEGIN PUBLIC KEY-----\n[...]\n-----END PUBLIC KEY-----\n\n", "password"=>"newpassword", "recovery_authentication_enabled"=>true}
Authentication info updated for arno.

key create

Use the key create argument to create a public key.

Syntax

This argument has the following syntax:

knife user key create USER_NAME (options)

Options

This argument has the following options:

-e DATE, --expiration-date DATE

The expiration date for the public key, specified as an ISO 8601 formatted string: YYYY-MM-DDTHH:MM:SSZ. If this option is not specified, the public key will not have an expiration date. For example: 2013-12-24T21:00:00Z.

-f FILE, --file FILE

Save a private key to the specified file name.

-k NAME, --key-name NAME

The name of the public key.

-p FILE_NAME, --public-key FILE_NAME

The path to a file that contains the public key. If this option is not specified, and only if --key-name is specified, the Chef Infra Server will generate a public/private key pair.

Examples

None.

key delete

Use the key delete argument to delete a public key.

Syntax

This argument has the following syntax:

knife user key delete USER_NAME KEY_NAME

Examples

None.

key edit

Use the key edit argument to modify or rename a public key.

Syntax

This argument has the following syntax:

knife user key edit USER_NAME KEY_NAME (options)

Options

This argument has the following options:

-c, --create-key

Generate a new public/private key pair and replace an existing public key with the newly-generated public key. To replace the public key with an existing public key, use --public-key instead.

-e DATE, --expiration-date DATE

The expiration date for the public key, specified as an ISO 8601 formatted string: YYYY-MM-DDTHH:MM:SSZ. If this option is not specified, the public key will not have an expiration date. For example: 2013-12-24T21:00:00Z.

-f FILE, --file FILE

Save a private key to the specified file name. If the --public-key option is not specified the Chef Infra Server will generate a private key.

-k NAME, --key-name NAME

The name of the public key.

-p FILE_NAME, --public-key FILE_NAME

The path to a file that contains the public key. If this option is not specified, and only if --key-name is specified, the Chef Infra Server will generate a public/private key pair.

Examples

None.

key list

Use the key list argument to view a list of public keys for the named user.

Syntax

This argument has the following syntax:

knife user key list USER_NAME (options)

Options

This argument has the following options:

-e, --only-expired

Show a list of public keys that have expired.

-n, --only-non-expired

Show a list of public keys that have not expired.

-w, --with-details

Show a list of public keys, including URIs and expiration status.

Examples

None.

key show

Use the key show argument to view details for a specific public key.

Syntax

This argument has the following syntax:

knife user key show USER_NAME KEY_NAME

Examples

None.

list

Use the list argument to view a list of registered users.

Syntax

This argument has the following syntax:

knife user list (options)

Options

This argument has the following options:

-w, --with-uri

Show the corresponding URIs.

Examples

None.

reregister

Use the reregister argument to regenerate an RSA key pair for a user. The public key will be stored on the Chef Infra Server and the private key will be displayed on STDOUT or written to a named file.

Note

Running this argument will invalidate the previous RSA key pair, making it unusable during authentication to the Chef Infra Server.

Syntax

This argument has the following syntax:

knife user reregister USER_NAME (options)

Options

This argument has the following options:

-f FILE_NAME, --file FILE_NAME

Save a private key to the specified file name.

Note

See config.rb for more information about how to add certain knife options as settings in the config.rb file.

Examples

The following examples show how to use this knife subcommand:

Regenerate the RSA key-pair

knife user reregister "Arjun Koch"

show

Use the show argument to show the details of a user.

Syntax

This argument has the following syntax:

knife user show USER_NAME (options)

Options

This argument has the following options:

--with-orgs, -l

Show the organizations of which the user is a member.

Examples

The following examples show how to use this knife subcommand:

Show user data

To view a user named Tamira Bucatar, enter:

knife user show "Tamira Bucatar"

to return something like:

chef_type: user
json_class:  Chef::User
name:        Tamira Bucatar
public_key:

knife user show alice -l
display_name:  Alice Schmidt
email:       [email protected]
first_name:  Alice
last_name:   Schmidt
middle_name:
organizations: acme
public_key:  -----BEGIN PUBLIC KEY-----
[...]
-----END PUBLIC KEY-----


username:   alice

Show user data as JSON

To view information in JSON format, use the -F common option as part of the command like this:

knife user show "Tamira Bucatar" -F json

(Other formats available include text, yaml, and pp, e.g. -F yaml for YAML.)

© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs.chef.io/knife_user/