aaf-mdqt 0.8.0

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at pete@binary-ape.org. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,9 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in mdq.gemspec
+gemspec
+
+gem 'simplecov', require: false, group: :test
+
+gem 'pry'
+gem 'rake'

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2018 Pete Birkinshaw
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/Makefile

@@ -0,0 +1,4 @@
+publish-gem:
+	gem build aaf-mdqt.gemspec
+	gem push aaf-mdqt-*.gem
+	rm aaf-mdqt-*.gem

data/README.md

@@ -0,0 +1,268 @@
+# MDQT - A Metadata Query Tool
+
+[![Gem Version](https://badge.fury.io/rb/mdqt.svg)](https://badge.fury.io/rb/mdqt) [![Maintainability](https://api.codeclimate.com/v1/badges/111c46aaebfe25e4a4a9/maintainability)](https://codeclimate.com/github/Digital-Identity-Labs/mdqt/maintainability) [![Test Coverage](https://api.codeclimate.com/v1/badges/111c46aaebfe25e4a4a9/test_coverage)](https://codeclimate.com/github/Digital-Identity-Labs/mdqt/test_coverage) [![Build Status](https://travis-ci.org/Digital-Identity-Labs/mdqt.svg?branch=master)](https://travis-ci.org/Digital-Identity-Labs/mdqt)
+
+MDQT is small library and commandline tool to query MDQ services for SAML metadata.
+You could do this with `curl` and `xmlsec1` but it's a little more convenient to use `mdqt` instead.
+
+MDQT also has features for managing local metadata files, to help when running an MDQ service or a Shibboleth IdP or SP.
+
+MDQ currently provides these features:
+
+  - Downloading single entities, lists or aggregates
+  - Signature verification
+  - Validating metadata against SAML2 schema
+  - Saving metadata to disk
+  - Extracting entity IDs from both aggregate and individual metadata files
+  - Renaming metadata files to their entity ID sha1 hashes (for use with LocalDynamicMetadataProvider)
+  - Creating sha1 hash symlinks to metadata files (also for use with Local Dynamic Metadata)
+  - Listing the entity IDs of downloaded metadata files
+  - Showing the full URL of an entity
+  - Caching entity metadata and using Gzip compression
+
+
+## MDQ?
+
+MDQ is a simple HTTP-based standard for looking up individual SAML entity metadata. Rather than regularly
+downloading large metadata aggregates containing thousands of entity descriptions,
+an IdP or SP can download the metadata for an individual entity whenever it is needed.
+
+The UK Access Management Federation has a
+[useful page explaining MDQ](https://www.ukfederation.org.uk/content/Documents/MDQ)
+
+## Installation
+
+MDQT is tested on recent MacOS and Linux, and should work with
+ Ruby 3.0.0 or later and recent JRuby releases.
+
+### As a gem for general use
+
+To install system-wide on your default Ruby, use
+
+    $ sudo gem install mdqt
+
+If using a per-user Ruby via `rbenv`, `asdf` or similar, you'll need
+
+    $ gem install mdqt
+
+### As part of a Ruby project
+
+To add MDQT to a Ruby project include this line in your application's `Gemfile`
+
+```ruby
+gem 'mdqt'
+```
+
+and then execute:
+
+    $ bundle
+
+### As a Docker container
+
+(Experimental)
+See the instructions at [MDQT-Container](https://github.com/Digital-Identity-Labs/mdqt-container)
+
+### Verifying signed metadata, installing Nokogiri
+
+MDQT can check that metadata has not been tampered with by verifying its
+signature. Some MDQ services use unencrypted HTTP connections and rely
+ on signed metadata.
+
+MDQT supports signature verification but requires a Ruby library called
+Nokogiri to do the hard work. Nokogiri is fast and useful but can sometimes
+be awkward to install for non-developers (it can sometimes require a C development
+environment and various XML libraries). In most cases Nokogiri will install 
+automatically, without problems, when you install MDQT, but if you encounter any 
+problems installing Nokogiri the [Installing Nokogiri](http://www.nokogiri.org/tutorials/installing_nokogiri.html) documentation is very helpful.
+
+## Commandline Usage as an MDQ client
+
+You can see a list of commandline options by typing:
+
+    $ mdqt help
+
+To see more information about a command, use the `--help` option after the command or type `help <command>`:
+
+    $ mdqt help get
+
+### Selecting an MDQ service to access
+
+You can specify the MDQ service with a commandline option:
+
+    $ mdqt get --service https://mdq.example.com/mdq  http://entity.ac.uk/shibboleth
+
+It's more convenient to set an environment variable to specify a default MDQ
+service. Set `MDQT_SERVICE` or `MDQ_BASE_URL` to the base URL of your MDQ service.
+
+    $ export MDQT_SERVICE=https://mdq.example.com/mdq
+    $ mdqt get http://entity.ac.uk/shibboleth
+    $ mdqt get http://example.org/service
+
+Finally, if you don't specify an MDQ service with `--service` or `MDQT_SERVICE` then `mdqt` *might* be
+able to guess your local NREN's MDQ service. Do not do this in production!
+
+If an MDQ service is known to MDQT it can be selected using an alias:
+
+    $ mdqt get --service incommon  http://entity.edu/shibboleth
+
+You can see known services and their aliases using `mdqt services`
+
+### Downloading entity metadata
+
+Downloading entity metadata to STDOUT:
+
+    $ mdqt get https://test-idp.ukfederation.org.uk/idp/shibboleth
+
+Using the sha1 hashed version of entity IDs requires quotes or escaping in some shells:
+
+    $ mdqt get "{sha1}52e2065fc0d53744e8d4ee2c2f30696ebfc5def9"
+
+    $ mdqt get \{sha1\}52e2065fc0d53744e8d4ee2c2f30696ebfc5def9
+
+    $ mdqt get [sha1]52e2065fc0d53744e8d4ee2c2f30696ebfc5def9
+
+Requesting all metadata from an MDQ endpoint is done by specifying `--all`:
+
+    $ mdqt get --all
+
+
+### Caching metadata
+
+Caching can be enabled using `--cache`. At the moment the `mdqt` executable
+only supports caching to disk. It will create a cache directory in your temporary
+directory.
+
+    $ mdqt get --cache --service https://mdq.example.com/mdq http://entity.ac.uk/shibboleth
+
+Caching is now on by default. To force a single command to *not* use the cache, include `--reset`
+
+    $ mdqt get --reset --service https://mdq.example.com/mdq http://entity.ac.uk/shibboleth
+
+You can clear the cache by using the `reset` command:
+
+    $ mdqt reset
+
+
+### Verifying metadata
+
+If you have enabled verification by installing `xmldsig` (and have downloaded and checked a suitable
+certificate for your MDQ server) you can require verification by passing
+they `verify-with` flag with the path of your certificate.
+
+    $ mdqt get --verify-with myfederation.pem https://indiid.net/idp/shibboleth
+
+It's possible to pass more than one certificate by separating them with commas
+
+    $ mdqt get --verify-with myfederation.pem,previous.pem https://indiid.net/idp/shibboleth
+
+Basic XML correctness and validation against SAML2 Metadata schema can be enabled with the
+`--validate` switch:
+
+    $ mdqt get --validate https://indiid.net/idp/shibboleth
+
+If you need to check metadata that has already been downloaded then try the `check`
+command:
+
+    $ mdqt check metadata.xml # Just validate
+    $ mdqt check --verify-with myfederation.pem metadata.xml # Verify signature too
+
+You shouldn't need to *validate* XML from a trusted MDQ service such as one run by a
+national federation. You should however always *verify* the signature of XML sent over an unencrypyted HTTP connection,
+and probably even over HTTPS. MDQT's validation check is mostly for use when writing
+or debugging your own MDQ service.
+
+### Saving metadata as files
+
+The simplest way to save metadata is to redirect output from the `get` command:
+
+    $ mdqt get http://entity.ac.uk/shibboleth > metadata.xml
+
+MDQT also offers the `--save-to` option to write all metadata into a directory
+
+    $ mdqt get http://entity.ac.uk/shibboleth --save-to metadata_directory
+
+The `--save-to` option requires a directory to be specified. All files will be saved
+with a name based on their transformed identifier (sha1 hash) such as
+`77603e0cbda1e00d50373ca8ca20a375f5d1f171.xml`
+
+### Other Features
+
+For more information about current settings, download results, and so on, add
+`--verbose` to commands:
+
+    $mdqt get --verbose http://entity.ac.uk/shibboleth
+
+To convert normal URI entity IDs into MDQ SHA1 hashed transformed identifiers use the `transform` command:
+
+    $ mdqt transform http://example.org/service
+
+Transforming identifiers that have already been transformed should not re-transform them.
+
+To see more details of what is being sent and received by a `get` command add the `--explain` flag
+
+    $ mdqt get --explain --service https://mdq.example.com/mdq  http://entity.ac.uk/shibboleth
+
+MDQT will then show a table of sent and received headers which may be useful when debugging servers.
+
+To extract a list of all entity IDs from a file:
+
+    $ mdqt entities metadata.xml
+
+    $ mdqt entities --sha1 metadata.xml
+
+To create sha1 symlinks to a metadata file:
+
+    $ mdqt ln example_idp.xml
+
+To rename a file to its entity ID sha1 has:
+
+    $ mdqt rename example_idp.xml
+
+To list the entity IDs of files in a directory:
+
+    $ mdqt ls
+
+To list all entities available at an MDQ service:
+
+    $ mdqt list
+
+To show the MDQ services known to MDQT, and their aliases:
+
+    $ mdqt services
+
+To show the full MDQ URL of an entity
+
+    $ mdqt url http://entity.ac.uk/shibboleth
+
+MDQT can accept input on stdin, allowing composition and pipelining
+
+    $ cat list_of_ids.txt | mdqt url
+
+    $ mdqt list | grep cern.ch | mdqt get --save-to cern_metadata/ --list  | mdqt ls
+
+## Alternatives
+
+  * [SAML Library](https://github.com/trscavo/saml-library) is a set of scripts to help with metadata-related tasks, written
+by Tom Scavo of Internet2. Some of the scripts provide similar functionality to MDQT, and are designed to be piped together.
+
+## Library Usage
+
+Please don't! We originally had plans to include a usable generic library was part of MDQT but unless there's new demand
+for it that's now unlikely to happen. However, we do now have a set of libraries for the Elixir language, based around
+[Smee](https://github.com/Digital-Identity-Labs/smee) - not very helpful for Ruby projects but possibly of use for new
+projects.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`.
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/Digital-Identity-Labs/mdqt.
+This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,5 @@
+require "bundler/gem_tasks"
+
+Dir.glob('lib/tasks/*.rake').each { |r| load r}
+
+task :default => :tests

data/aaf-mdqt.gemspec

@@ -0,0 +1,46 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'mdqt/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "aaf-mdqt"
+  spec.version       = MDQT::VERSION
+  spec.authors       = ["Pete Birkinshaw", "Australian Access Federation"]
+  spec.email         = []
+
+  spec.summary       = %q{Commandline utility for accessing MDQ services}
+  spec.description   = %q{Commandline utility for downloading SAML metadata from MDQ services}
+  spec.homepage      = "https://github.com/Digital-Identity-Labs/mdqt"
+  spec.license       = "MIT"
+
+  spec.required_ruby_version = '>= 3.0.0'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'commander', "~>4.6"
+  spec.add_dependency 'faraday', "~>2.9.0"
+  spec.add_dependency 'faraday-http-cache', "~>2.5.0"
+  spec.add_dependency 'faraday-follow_redirects', "~>0.3.0"
+  spec.add_dependency 'httpx', "~>1.2.0"
+  spec.add_dependency 'activesupport', "~>7"
+  spec.add_dependency 'dalli', "~>3.2"
+  spec.add_dependency 'pastel', "~>0.8"
+  spec.add_dependency 'terminal-table', "~>3.0"
+  spec.add_dependency 'concurrent-ruby-ext', "~>1.2.2"
+  spec.add_dependency 'xmldsig', "~>0.7.0"
+
+  #  spec.add_development_dependency "bundler", "~>2"
+  # spec.add_development_dependency "rake", ">= 13.1.0"
+  spec.add_development_dependency "rspec", "~> 3.10"
+  spec.add_development_dependency "cucumber", "~> 7.1"
+  spec.add_development_dependency "aruba", "~> 2.0"
+  spec.add_development_dependency "vcr", "~>  6.0"
+  spec.add_development_dependency "yard", "~> 0.9"
+  #spec.add_development_dependency "yard-cucumber", "~> 4.0"
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "mdqt"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/cucumber.yml

@@ -0,0 +1,2 @@
+default: --publish
+

data/exe/mdqt

@@ -0,0 +1,174 @@
+#!/usr/bin/env ruby
+require 'rubygems'
+require 'mdqt/cli'
+require 'mdqt/version'
+
+require 'commander'
+
+Signal.trap('SIGINT') do
+  puts 'Received signal, halting'
+  exit 1
+end
+
+Commander.configure do
+  program :name, 'mdqt'
+  program :version, MDQT::VERSION
+  program :description, 'MDQ SAML metadata client'
+
+  #global_option '--verbose'
+
+  default_command :help
+
+  command :version do |c|
+    c.syntax = 'mdqt version'
+    c.description = 'Show version of MDQT'
+    c.action do |args, options|
+      options.default MDQT::CLI::Defaults.cli_defaults
+      options.default({ service: :not_required })
+      MDQT::CLI::Version.run(args, options)
+    end
+  end
+
+  command :get do |c|
+    c.syntax = 'mdqt get [options] entityidentifier '
+    c.description = 'Download one entity record or an aggregate of entity records'
+    c.option '--service URL', String, 'MDQ service to search for entities. Defaults to MDQT_SERVICE or MDQ_BASE_URL env variables'
+    c.option '--cache', "Cache downloads and try to fetch from cache where appropriate (deprecated)"
+    c.option '--refresh', "Never cache (will prevent --cache)"
+    c.option '--verify-with PATHS', Array, 'Validate downloads using specified certificates'
+    c.option '--validate', 'Validate downloaded metadata against SAML2 schema (not normally needed)'
+    #c.option '--stdin', 'accept one or more entity ids from STDIN'
+    c.option '--all', 'Request all entity records'
+    c.option '--explain', 'Show details of client request and server response'
+    c.option '--tls-risky', "Don't check certificate used for TLS (usually a bad idea)"
+    c.option '--save-to PATH', String, 'Write all data to files in the specified directory'
+    #c.option '--link-id', 'If saving files, save files with aliases (requires `--save-to`)'
+    c.option '--list', 'If saving files, print the names of files written to disk (requires `--save-to`)'
+    c.option '--verbose', 'Display extra information on stderr'
+    c.action do |args, options|
+      options.default MDQT::CLI::Defaults.cli_defaults
+      options.default({ service: MDQT::CLI::Defaults.base_url }) if options.service.to_s == ''
+      MDQT::CLI::Get.run(args, options)
+    end
+  end
+
+  command :reset do |c|
+    c.syntax = 'mdqt reset'
+    c.description = 'Delete all cached data'
+    c.option '--verbose', 'Display extra information on stderr'
+    c.action do |args, options|
+      options.default MDQT::CLI::Defaults.cli_defaults
+      options.default({ service: :not_required })
+      MDQT::CLI::Reset.run(args, options)
+    end
+  end
+
+  command :transform do |c|
+    c.syntax = 'mdqt transform ENTITYIDS'
+    c.description = 'Show transformed entity IDs'
+    c.option '--verbose', 'Display extra information on stderr'
+    c.action do |args, options|
+      options.default MDQT::CLI::Defaults.cli_defaults
+      options.default({ service: :not_required })
+      MDQT::CLI::Transform.run(args, options)
+    end
+  end
+
+  command :check do |c|
+    c.syntax = 'mdqt check XML_FILENAME [--verify-with ./CERTIFICATE_FILENAME]'
+    c.description = 'Validate XML and check signatures'
+    c.option '--verbose', 'Display extra information on stderr'
+    c.option '--verify-with PATHS', Array, 'Validate file using specified certificates'
+    c.action do |args, options|
+      options.default MDQT::CLI::Defaults.cli_defaults
+      options.default({ service: :not_required, validate: true })
+      MDQT::CLI::Check.run(args, options)
+    end
+  end
+
+  command :entities do |c|
+    c.syntax = 'mdqt entities XML_FILENAME'
+    c.description = 'Extract entity IDs from a metadata file'
+    c.option '--sha1', 'include the sha1 hash for each entity ID'
+    c.action do |args, options|
+      args = Dir.glob("*.xml") unless args && !args.empty?
+      options.default MDQT::CLI::Defaults.cli_defaults
+      options.default({ service: :not_required })
+      MDQT::CLI::Entities.run(args, options)
+    end
+  end
+
+  command :ln do |c|
+    c.syntax = 'mdqt ln XML_FILENAME'
+    c.description = 'Create a soft link to the file using an sha1 hash of the entityID'
+    c.option '--force', 'Overwrite any existing links'
+    c.option '--verbose', 'Display extra information on stderr'
+    c.action do |args, options|
+      options.default MDQT::CLI::Defaults.cli_defaults
+      options.default({ service: :not_required })
+      MDQT::CLI::Ln.run(args, options)
+    end
+  end
+
+  command :ls do |c|
+    c.syntax = 'mdqt ls XML_FILENAME/DIRECTORY'
+    c.description = 'List valid metadata files in directory'
+    c.option '--verbose', 'Display extra information on stderr'
+    c.action do |args, options|
+      options.default MDQT::CLI::Defaults.cli_defaults
+      options.default({ service: :not_required })
+      MDQT::CLI::Ls.run(args, options)
+    end
+  end
+
+  command :list do |c|
+    c.syntax = 'mdqt list [options]'
+    c.description = 'List entities available at the MDQ service'
+    c.option '--service URL', String, 'MDQ service to search for entities. Defaults to MDQT_SERVICE or MDQ_BASE_URL env variables'
+    c.option '--cache', "Cache downloads and try to fetch from cache where appropriate (deprecated)"
+    c.option '--refresh', "Never cache (will prevent --cache)"
+    c.option '--verbose', 'Display extra information on stderr'
+    c.action do |args, options|
+      options.default MDQT::CLI::Defaults.cli_defaults
+      options.default({ service: MDQT::CLI::Defaults.base_url }) if options.service.to_s == ''
+      MDQT::CLI::List.run(args, options)
+    end
+  end
+
+  command :services do |c|
+    c.syntax = 'mdqt services'
+    c.description = 'List URLs and aliases for known MDQ services'
+    c.action do |args, options|
+      options.default MDQT::CLI::Defaults.cli_defaults
+      options.default({ service: :not_required })
+      MDQT::CLI::Services.run(args, options)
+    end
+  end
+
+  command :rename do |c|
+    c.syntax = 'mdqt rename XML_FILENAME'
+    c.description = 'Rename a file using the sha1 hash of its entityID'
+    c.option '--force', 'Overwrite any existing files with that name'
+    c.option '--verbose', 'Display extra information on stderr'
+    c.option '--link', 'Add a symlink with the original filename'
+    c.action do |args, options|
+      options.default MDQT::CLI::Defaults.cli_defaults
+      options.default({ service: :not_required })
+      MDQT::CLI::Rename.run(args, options)
+    end
+  end
+
+  command :url do |c|
+    c.syntax = 'mdqt url ENTITYIDS'
+    c.description = 'List URLs for each entity ID at the MDQ service'
+    c.option '--verbose', 'Display extra information on stderr'
+    c.option '--service URL', String, 'MDQ service to search for entities. Defaults to MDQT_SERVICE or MDQ_BASE_URL env variables'
+    c.action do |args, options|
+      options.default MDQT::CLI::Defaults.cli_defaults
+      options.default({ service: MDQT::CLI::Defaults.base_url }) if options.service.to_s == ''
+      MDQT::CLI::URL.run(args, options)
+    end
+  end
+
+end
+