Create a Puppet Enterprise user from the command line

2018-06-11

mjslabs

I'm installing Puppet Enterprise (2017.3) for the first time using some in-house scripts we have that use a mix of Ansible and bash to bootstrap a Puppet Master.

For creating a Code Manager user, I'm trying to follow the best practices.

Specifically, this part:

In the console, create a deployment user. We recommend that you create a dedicated deployment user for Code Manager use.

Is it possible to create a deployment user (or any user, for that matter) and assign it a role without using the Puppet Enterprise GUI (console)? I see Puppet publishes its API, but it warns

In general, these APIs aren’t designed for use by tools other than Puppet agent

In an ideal world, I'm looking for a supported way to do this that wouldn't need to be updated when Puppet changes its API in the future. Every bit of documentation I can find on Puppet's website instructs me to use the console for these type of actions.

2018-06-12

Mr_Sharma

Hi Mjslabs,

The first question I would ask: what is the need of using the APIs for obvious operations if that is to be one time activity and doable by console which is easily accessible? PE console gives you a better control of RBAC operations and easy to understand graphical view.

Second, why do you need to use HTTP Endpoint API here? I think, you should use the RBAC APIs if you need to do some stuffs with user, group, roles, permissions etc. Reference link

HTTP APIs being used by agent itself for internal operations such as configuration management which is not required in this case and use of RBAC APIs would suffice your need if you do not want to use console or have no access to console.

Hope the input will help.

Thank you! I think I mixed up the general HTTP API with the RBAC API. Do you know if there are any command line interfaces or tools written to help consume the RBAC API, or will I have to write my own?

mjslabs ( 2018-06-12 )

The APIs can be simply called from any external tool (e.g. Jenkins workflows) or command line (e.g. putty console) as you execute the other cURL commands.

Mr_Sharma ( 2018-06-13 )

Asked: 2018-06-11

