conjur-cli 2.2.1 → 2.3.0
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/conjur/cli.rb +7 -8
- data/lib/conjur/command/groups.rb +18 -4
- data/lib/conjur/version.rb +1 -1
- data/spec/command/groups_spec.rb +39 -0
- data/spec/spec_helper.rb +2 -1
- metadata +6 -4
data/lib/conjur/cli.rb
CHANGED
@@ -18,22 +18,21 @@ module Conjur
|
|
18
18
|
end
|
19
19
|
end
|
20
20
|
end
|
21
|
-
|
22
|
-
|
21
|
+
|
22
|
+
load_config
|
23
|
+
|
24
|
+
Conjur::Config.plugins.each do |plugin|
|
25
|
+
require "conjur-asset-#{plugin}"
|
26
|
+
end
|
27
|
+
|
23
28
|
commands_from 'conjur/command'
|
24
29
|
|
25
30
|
pre do |global,command,options,args|
|
26
|
-
load_config
|
27
|
-
|
28
31
|
ENV['CONJUR_ENV'] = Config[:env] || "production"
|
29
32
|
ENV['CONJUR_STACK'] = Config[:stack] if Config[:stack]
|
30
33
|
ENV['CONJUR_STACK'] ||= 'v3' if ENV['CONJUR_ENV'] == 'production'
|
31
34
|
ENV['CONJUR_ACCOUNT'] = Config[:account] or raise "Missing configuration setting: account. Please set it in ~/.conjurrc"
|
32
35
|
|
33
|
-
Conjur::Config.plugins.each do |plugin|
|
34
|
-
require "conjur-asset-#{plugin}"
|
35
|
-
end
|
36
|
-
|
37
36
|
if Conjur.log
|
38
37
|
Conjur.log << "Using host #{Conjur::Authn::API.host}\n"
|
39
38
|
end
|
@@ -20,17 +20,31 @@ class Conjur::Command::Groups < Conjur::Command
|
|
20
20
|
desc "Add a new group member"
|
21
21
|
arg_name "group member"
|
22
22
|
command :"members:add" do |c|
|
23
|
-
c.desc "
|
23
|
+
c.desc "Also grant the admin option"
|
24
24
|
c.switch [:a, :admin]
|
25
|
+
|
26
|
+
# perhaps this belongs to member:remove, but then either
|
27
|
+
# it would be possible to grant membership with member:revoke,
|
28
|
+
# or we would need two round-trips to authz
|
29
|
+
c.desc "Revoke the grant option if it's granted"
|
30
|
+
c.switch [:r, :'revoke-admin']
|
25
31
|
|
26
32
|
c.action do |global_options,options,args|
|
27
33
|
group = require_arg(args, 'group')
|
28
34
|
member = require_arg(args, 'member')
|
29
35
|
|
30
36
|
group = api.group(group)
|
31
|
-
|
32
|
-
|
33
|
-
|
37
|
+
opts = nil
|
38
|
+
message = "Membership granted"
|
39
|
+
if options[:admin] then
|
40
|
+
opts = { admin_option: true }
|
41
|
+
message = "Adminship granted"
|
42
|
+
elsif options[:'revoke-admin'] then
|
43
|
+
opts = { admin_option: false }
|
44
|
+
message = "Adminship revoked"
|
45
|
+
end
|
46
|
+
api.role(group.roleid).grant_to member, opts
|
47
|
+
puts message
|
34
48
|
end
|
35
49
|
end
|
36
50
|
|
data/lib/conjur/version.rb
CHANGED
@@ -0,0 +1,39 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Conjur::Command::Groups, logged_in: true do
|
4
|
+
describe_command "group:members:add group role" do
|
5
|
+
it "adds the role to the group" do
|
6
|
+
RestClient::Request.should_receive(:execute).with(
|
7
|
+
method: :put,
|
8
|
+
url: "https://authz.example.com/the-account/roles/group/group/?members&member=role",
|
9
|
+
headers: {},
|
10
|
+
payload: nil
|
11
|
+
)
|
12
|
+
invoke
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
describe_command "group:members:add -a group role" do
|
17
|
+
it "adds the role to the group with admin option" do
|
18
|
+
RestClient::Request.should_receive(:execute).with(
|
19
|
+
method: :put,
|
20
|
+
url: "https://authz.example.com/the-account/roles/group/group/?members&member=role",
|
21
|
+
headers: {},
|
22
|
+
payload: { admin_option: true }
|
23
|
+
)
|
24
|
+
invoke
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
describe_command "group:members:add -r group role" do
|
29
|
+
it "revokes the admin rights" do
|
30
|
+
RestClient::Request.should_receive(:execute).with(
|
31
|
+
method: :put,
|
32
|
+
url: "https://authz.example.com/the-account/roles/group/group/?members&member=role",
|
33
|
+
headers: {},
|
34
|
+
payload: { admin_option: false }
|
35
|
+
)
|
36
|
+
invoke
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
data/spec/spec_helper.rb
CHANGED
@@ -47,8 +47,9 @@ shared_context "when logged in", logged_in: true do
|
|
47
47
|
include_context "with mock authn"
|
48
48
|
let(:username) { 'dknuth' }
|
49
49
|
let(:api_key) { 'sekrit' }
|
50
|
-
let(:api) { Conjur::API.
|
50
|
+
let(:api) { Conjur::API.new_from_key(username, api_key) }
|
51
51
|
before do
|
52
|
+
api.stub credentials: {}
|
52
53
|
netrc[authn_host] = [username, api_key]
|
53
54
|
Conjur::Command.stub api: api
|
54
55
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-cli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.3.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2013-
|
13
|
+
date: 2013-07-03 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: conjur-api
|
@@ -228,6 +228,7 @@ files:
|
|
228
228
|
- lib/conjur/config.rb
|
229
229
|
- lib/conjur/version.rb
|
230
230
|
- spec/command/authn_spec.rb
|
231
|
+
- spec/command/groups_spec.rb
|
231
232
|
- spec/command/roles_spec.rb
|
232
233
|
- spec/spec_helper.rb
|
233
234
|
- spec/write_expectation.rb
|
@@ -245,7 +246,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
245
246
|
version: '0'
|
246
247
|
segments:
|
247
248
|
- 0
|
248
|
-
hash:
|
249
|
+
hash: 1906770823961939842
|
249
250
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
250
251
|
none: false
|
251
252
|
requirements:
|
@@ -254,7 +255,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
254
255
|
version: '0'
|
255
256
|
segments:
|
256
257
|
- 0
|
257
|
-
hash:
|
258
|
+
hash: 1906770823961939842
|
258
259
|
requirements: []
|
259
260
|
rubyforge_project:
|
260
261
|
rubygems_version: 1.8.25
|
@@ -265,6 +266,7 @@ test_files:
|
|
265
266
|
- features/jsonfield.feature
|
266
267
|
- features/support/env.rb
|
267
268
|
- spec/command/authn_spec.rb
|
269
|
+
- spec/command/groups_spec.rb
|
268
270
|
- spec/command/roles_spec.rb
|
269
271
|
- spec/spec_helper.rb
|
270
272
|
- spec/write_expectation.rb
|