class Opc::OpcOrgUserRemove

Attributes

org_name[RW]
username[RW]

Public Instance Methods

failure_error_message(org_name, username) click to toggle source
# File lib/chef/knife/opc_org_user_remove.rb, line 85
def failure_error_message(org_name, username)
  ui.error "Error removing user #{username} from organization #{org_name}."
end
remove_user_from_admin_group(org, org_name, username, admin_group_string) click to toggle source
# File lib/chef/knife/opc_org_user_remove.rb, line 89
    def remove_user_from_admin_group(org, org_name, username, admin_group_string)
      org.remove_user_from_group(admin_group_string, username)
    rescue Net::HTTPServerException => e
      if e.response.code == "404"
        ui.warn <<~EOF
          User #{username} is not in the #{admin_group_string} group for organization #{org_name}.
          You probably don't need to pass --force.
        EOF
      else
        raise e
      end
    end
run() click to toggle source
# File lib/chef/knife/opc_org_user_remove.rb, line 36
    def run
      @org_name, @username = @name_args

      if !org_name || !username
        ui.fatal "You must specify an ORG_NAME and USER_NAME"
        show_usage
        exit 1
      end

      org = Chef::Org.new(@org_name)

      if config[:force_remove_from_admins]
        if org.actor_delete_would_leave_admins_empty?
          failure_error_message(org_name, username)
          ui.msg <<~EOF
            You ran with --force which force removes the user from the admins and billing-admins groups.
            However, removing #{username} from the admins group would leave it empty, which breaks the org.
            Please add another user to org #{org_name} admins group and try again.
          EOF
          exit 1
        end
        remove_user_from_admin_group(org, org_name, username, "admins")
        remove_user_from_admin_group(org, org_name, username, "billing-admins")
      end

      begin
        org.dissociate_user(@username)
      rescue Net::HTTPServerException => e
        if e.response.code == "404"
          ui.msg "User #{username} is not associated with organization #{org_name}"
          exit 1
        elsif e.response.code == "403"
          body = Chef::JSONCompat.from_json(e.response.body)
          if body.key?("error") && body["error"] == "Please remove #{username} from this organization's admins group before removing him or her from the organization."
            failure_error_message(org_name, username)
            ui.msg <<~EOF
              User #{username} is in the organization's admin group. Removing users from an organization without removing them from the admins group is not allowed.
              Re-run this command with --force to remove this user from the admins prior to removing it from the organization.
            EOF
            exit 1
          else
            raise e
          end
        else
          raise e
        end
      end
    end