search

sous-chefs / users

Development repository for the users cookbook
https://supermarket.chef.io/cookbooks/users
Apache License 2.0
138 stars 218 forks source link

Restricting Where Users are Created Based on Environment #401

Closed JasonKAls closed 7 years ago

JasonKAls commented 7 years ago

Cookbook version

1.8.2

Chef-client version

Chef: 12.10.24

Platform Details

Ubuntu -16.04 on AWS

Scenario:

I have only one Chef-Server that manages all of my nodes. Each user created within the users Data Bag is added to each node despite this being unnecessary for certain scenarios (special services, prod stag dev, chef-environment, etc). There doesn't seem to be a way to limit where a user or service user is created.

Steps to Reproduce:

Create 2 users with similar permissions but that are meant for different VPCs/Environments/Services/Nodes.

Expected Result:

Should allow users to be created in same Data Bag but are created based on certain criteria. Perhaps an Environment field within the JSON for the Data Bag item for the user.

Actual Result:

All users are created on all nodes despite their unnecessary presence and security concerns.

iennae commented 7 years ago

Can you create different data bags per environment which works with the cookbook currently? Changing how the manage resource works currently will add complexity that incurs future support costs.

JasonKAls commented 7 years ago

Understood. I'll work with my team to handle this on my end. Thanks, @iennae!