conjur-cli 2.1.6 → 2.1.7
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/conjur/authn.rb +4 -0
- data/lib/conjur/command/authn.rb +16 -0
- data/lib/conjur/command/resources.rb +13 -0
- data/lib/conjur/version.rb +1 -1
- metadata +2 -3
- data/lib/conjur/command/permissions.rb +0 -48
data/lib/conjur/authn.rb
CHANGED
data/lib/conjur/command/authn.rb
CHANGED
|
@@ -29,6 +29,22 @@ DESC
|
|
|
29
29
|
end
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
+
desc "Obtains an authentication token using the current logged-in user"
|
|
33
|
+
command :authenticate do |c|
|
|
34
|
+
c.arg_name 'header'
|
|
35
|
+
c.desc "Base64 encode the result and format as an HTTP Authorization header"
|
|
36
|
+
c.switch [:H,:header]
|
|
37
|
+
|
|
38
|
+
c.action do |global_options,options,args|
|
|
39
|
+
token = Conjur::Authn.authenticate(options)
|
|
40
|
+
if options[:header]
|
|
41
|
+
puts "Authorization: Token token=\"#{Base64.strict_encode64(token.to_json)}\""
|
|
42
|
+
else
|
|
43
|
+
puts token
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
32
48
|
desc "Logs out"
|
|
33
49
|
command :logout do |c|
|
|
34
50
|
c.action do
|
|
@@ -62,6 +62,19 @@ class Conjur::Command::Resources < Conjur::Command
|
|
|
62
62
|
api.resource([ Conjur.account, kind, id ].join(':')).deny privilege, role
|
|
63
63
|
end
|
|
64
64
|
end
|
|
65
|
+
|
|
66
|
+
desc "Check whether a role has a privilege on a resource"
|
|
67
|
+
arg_name "kind resource-id role privilege"
|
|
68
|
+
command :check do |c|
|
|
69
|
+
c.action do |global_options,options,args|
|
|
70
|
+
kind = args.shift or raise "Missing parameter: resource-kind"
|
|
71
|
+
resource_id = args.shift or raise "Missing parameter: resource-id"
|
|
72
|
+
role = args.shift or raise "Missing parameter: role"
|
|
73
|
+
privilege = args.shift or raise "Missing parameter: privilege"
|
|
74
|
+
role = api.role(role)
|
|
75
|
+
puts role.permitted? kind, resource_id, privilege
|
|
76
|
+
end
|
|
77
|
+
end
|
|
65
78
|
|
|
66
79
|
desc "Grant ownership on a resource to a new owner"
|
|
67
80
|
arg_name "kind resource-id owner"
|
data/lib/conjur/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: conjur-cli
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.7
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2013-05-
|
|
13
|
+
date: 2013-05-23 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: conjur-api
|
|
@@ -152,7 +152,6 @@ files:
|
|
|
152
152
|
- lib/conjur/command/field.rb
|
|
153
153
|
- lib/conjur/command/groups.rb
|
|
154
154
|
- lib/conjur/command/hosts.rb
|
|
155
|
-
- lib/conjur/command/permissions.rb
|
|
156
155
|
- lib/conjur/command/resources.rb
|
|
157
156
|
- lib/conjur/command/roles.rb
|
|
158
157
|
- lib/conjur/command/secrets.rb
|
|
@@ -1,48 +0,0 @@
|
|
|
1
|
-
require 'conjur/authn'
|
|
2
|
-
require 'conjur/command'
|
|
3
|
-
|
|
4
|
-
class Conjur::Command::Resources < Conjur::Command
|
|
5
|
-
self.prefix = :permission
|
|
6
|
-
|
|
7
|
-
desc "Grants permission on a resource to a role"
|
|
8
|
-
arg_name "resource-kind"
|
|
9
|
-
arg_name "resource-id"
|
|
10
|
-
arg_name "role"
|
|
11
|
-
arg_name "privilege"
|
|
12
|
-
command :grant do |c|
|
|
13
|
-
c.desc "Whether to give the grant option"
|
|
14
|
-
c.switch :grant
|
|
15
|
-
|
|
16
|
-
c.action do |global_options,options,args|
|
|
17
|
-
kind = args.shift or raise "Missing parameter: resource-kind"
|
|
18
|
-
resource_id = args.shift or raise "Missing parameter: resource-id"
|
|
19
|
-
role = args.shift or raise "Missing parameter: role"
|
|
20
|
-
privilege = args.shift or raise "Missing parameter: privilege"
|
|
21
|
-
resource = api.resource(kind, resource_id)
|
|
22
|
-
options = {}
|
|
23
|
-
options[:grant_option] = true if options[:grant]
|
|
24
|
-
resource.permit privilege, role, options
|
|
25
|
-
end
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
desc "Check whether a role has a privilege on a resource"
|
|
29
|
-
arg_name "resource-kind"
|
|
30
|
-
arg_name "resource-id"
|
|
31
|
-
arg_name "role"
|
|
32
|
-
arg_name "privilege"
|
|
33
|
-
command :check do |c|
|
|
34
|
-
c.action do |global_options,options,args|
|
|
35
|
-
kind = args.shift or raise "Missing parameter: resource-kind"
|
|
36
|
-
resource_id = args.shift or raise "Missing parameter: resource-id"
|
|
37
|
-
role = args.shift or raise "Missing parameter: role"
|
|
38
|
-
privilege = args.shift or raise "Missing parameter: privilege"
|
|
39
|
-
role = api.role(role)
|
|
40
|
-
begin
|
|
41
|
-
role.permitted? kind, resource_id, privilege
|
|
42
|
-
puts "true"
|
|
43
|
-
rescue RestClient::ResourceNotFound
|
|
44
|
-
puts "false"
|
|
45
|
-
end
|
|
46
|
-
end
|
|
47
|
-
end
|
|
48
|
-
end
|