Allow vault_admins/ADMINS to be a group, not a specific user.

[TonyLovesDevOps]

We want to specify a group of users, rather than individual users, as a parameter for who should have access to a vault.

e.g. given the group 'vault-administrators', which contains users 'foo, bar, baz' we'd like to be able to specify in knife.rb:

# In knife.rb
knife[:vault_admins] =     'vault-administrators'
# Or, run as a command
knife vault update my_awesome_vault awesome_vault_item -A vault-administrators

Instead of what we need to do today:

# In knife.rb
knife[:vault_admins] =     [ 'foo', 'bar', 'baz' ]`
# Or, run as a command
knife vault update my_awesome_vault awesome_vault_item -A 'foo,bar,baz'

This would greatly simplify configuration for us; instead of needing to keep track of what the current admin list is everywhere we use knife, we could manage it in one place on the chef server.

[TonyLovesDevOps]

I've worked around this for now by placing this in my knife.rb:

knife[:vault_admins] = Chef::Knife.new.rest.get_rest("groups/admins")["users"].reject{|u| u == 'pivotal'}

[andrewelizondo]

👍

[themaroqa]

Is there any chance to see this implemented?