conjur-asset-layer-api 0.6.0 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2508286ad920028ad7ff4b1ebf42157e04e1a723
-  data.tar.gz: 03a85126384297b4701bdafa56f03742d2497d89
+  metadata.gz: 2e93a7c855bdc715040ff6e0bfbb3438446a3868
+  data.tar.gz: 66b7b240115a76f615adf87574a41db86037704b
 SHA512:
-  metadata.gz: 79d9651c0c2b4f6cedd334ae40bd55fffc8ba67af75b73069e3e77eea4ac1fc2c85e71f7adf6b2222e58bb6b6cf72172e20f89de41c4597ac491f78997a1552d
-  data.tar.gz: 23e4a963dd008f2a4ebd706158100abe3a3769b3aec03a034417e9b32b6bce38107448acccb552a3a335dd5113899d0d96619f807ceef367bc3c28526f9efc17
+  metadata.gz: c6e711a6bc92e4da9581bc1bc262ad2b426ce55e193e9ecb101207e62901c23fc5139e287c92b277cd4b7ece73357951159ff5d0a97d50e02ff1e508469f4667
+  data.tar.gz: 89be42ae54025c6981f3349939452bd452137f6c14c4e1dd78aa82931889c3d76397f8fd73ab7e2c1be97f8f75d8df6c16dd5650d9b8de9f03eebf30bdf8c44c

data/lib/conjur-asset-layer-version.rb

@@ -1,7 +1,7 @@
 module Conjur
   module Asset
     module Layer
-      VERSION = "0.6.0"
+      VERSION = "0.7.0"
     end
   end
 end

data/lib/conjur/command/layers.rb

@@ -12,6 +12,26 @@ class Conjur::Command::Layers < Conjur::Command
     end
     hostid
   end
+  
+  def self.interpret_layer_privilege(privilege)
+    case privilege
+    when 'execute'
+      'use_host'
+    when 'update'
+      'admin_host'
+    else
+      exit_now! "Invalid privilege '#{privilege}'. Acceptable values are : execute, update"
+    end
+  end
+  
+  def self.parse_layer_permission_args(global_options, options, args)
+    id = require_arg(args, "layer")
+    role = require_arg(args, "role")
+    privilege = require_arg(args, "privilege")
+    role_name = interpret_layer_privilege privilege
+    [ id, role_name, role ]
+  end
+
 
   desc "Create a new layer"
   arg_name "id"
@@ -92,6 +112,43 @@ class Conjur::Command::Layers < Conjur::Command
       puts "Layer provisioned by #{provisioner}"
     end
   end
+  
+  desc "Permit a privilege on hosts in the layer"
+  long_desc <<-DESC
+Privilege may be : execute, update
+  DESC
+  arg_name "layer role privilege"
+  command :"hosts:permit" do |c|
+    c.action do |global_options,options,args|
+      id, role_name, role = parse_layer_permission_args(global_options, options, args)
+      api.layer(id).add_member role_name, role
+      puts "Permission granted"
+    end
+  end
+
+  desc "Remove a privilege on hosts in the layer"
+  arg_name "layer role privilege"
+  command :"hosts:deny" do |c|
+    c.action do |global_options,options,args|
+      id, role_name, role = parse_layer_permission_args(global_options, options, args)
+      api.layer(id).remove_member role_name, role
+      puts "Permission removed"
+    end
+  end
+
+  desc "List roles that have permission on the hosts"
+  arg_name "layer privilege"
+  command :"hosts:permitted_roles" do |c|
+    c.action do |global_options,options,args|
+      id = require_arg(args, "layer")
+      role_name = interpret_layer_privilege require_arg(args, "privilege")
+      
+      members = api.layer(id).hosts_members(role_name).map(&:member).select do |m|
+        m.kind != "@"
+      end
+      display members.map(&:roleid)
+    end
+  end
 
   desc "Add a host to an layer"
   arg_name "layer host"

data/lib/conjur/layer.rb

@@ -22,6 +22,11 @@ module Conjur
         RestClient::Resource.new(self["hosts/#{fully_escape hostid}"].url, options).delete
       end
     end
+    
+    # Lists the roles that have been granted access to the hosts owned roles.
+    def hosts_members(role_name)
+      owned_role(role_name).members
+    end
 
     def hosts
       self.attributes['hosts'].collect do |id|

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: conjur-asset-layer-api
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Kevin Gilpin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-02 00:00:00.000000000 Z
+date: 2014-04-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: conjur-api