conjur-cli 2.2.1 → 2.3.0

data/lib/conjur/cli.rb

@@ -18,22 +18,21 @@ module Conjur
         end
       end
     end
-            
-    
+          
+    load_config
+
+    Conjur::Config.plugins.each do |plugin|
+      require "conjur-asset-#{plugin}"
+    end
+
     commands_from 'conjur/command'
 
     pre do |global,command,options,args|
-      load_config
-
       ENV['CONJUR_ENV'] = Config[:env] || "production"
       ENV['CONJUR_STACK'] = Config[:stack] if Config[:stack]
       ENV['CONJUR_STACK'] ||= 'v3' if ENV['CONJUR_ENV'] == 'production'
       ENV['CONJUR_ACCOUNT'] = Config[:account] or raise "Missing configuration setting: account. Please set it in ~/.conjurrc"
 
-      Conjur::Config.plugins.each do |plugin|
-        require "conjur-asset-#{plugin}"
-      end
-
       if Conjur.log
         Conjur.log << "Using host #{Conjur::Authn::API.host}\n"
       end

data/lib/conjur/command/groups.rb

@@ -20,17 +20,31 @@ class Conjur::Command::Groups < Conjur::Command
   desc "Add a new group member"
   arg_name "group member"
   command :"members:add" do |c|
-    c.desc "Grant with admin option"
+    c.desc "Also grant the admin option"
     c.switch [:a, :admin]
+
+    # perhaps this belongs to member:remove, but then either
+    # it would be possible to grant membership with member:revoke,
+    # or we would need two round-trips to authz
+    c.desc "Revoke the grant option if it's granted"
+    c.switch [:r, :'revoke-admin']
     
     c.action do |global_options,options,args|
       group = require_arg(args, 'group')
       member = require_arg(args, 'member')
       
       group = api.group(group)
-      api.role(group.roleid).grant_to member, !!options[:admin]
-
-      puts "Membership granted"
+      opts = nil
+      message = "Membership granted"
+      if options[:admin] then
+        opts = { admin_option: true }
+        message = "Adminship granted"
+      elsif options[:'revoke-admin'] then
+        opts = { admin_option: false }
+        message = "Adminship revoked"
+      end
+      api.role(group.roleid).grant_to member, opts
+      puts message
     end
   end
 

data/lib/conjur/version.rb

@@ -1,3 +1,3 @@
 module Conjur
-  VERSION = "2.2.1"
+  VERSION = "2.3.0"
 end

data/spec/command/groups_spec.rb

@@ -0,0 +1,39 @@
+require 'spec_helper'
+
+describe Conjur::Command::Groups, logged_in: true do
+  describe_command "group:members:add group role" do
+    it "adds the role to the group" do
+           RestClient::Request.should_receive(:execute).with(
+        method: :put,
+        url: "https://authz.example.com/the-account/roles/group/group/?members&member=role",
+        headers: {},
+        payload: nil
+      )
+      invoke
+    end
+  end
+
+  describe_command "group:members:add -a group role" do
+    it "adds the role to the group with admin option" do
+           RestClient::Request.should_receive(:execute).with(
+        method: :put,
+        url: "https://authz.example.com/the-account/roles/group/group/?members&member=role",
+        headers: {},
+        payload: { admin_option: true }
+      )
+      invoke
+    end
+  end
+
+  describe_command "group:members:add -r group role" do
+    it "revokes the admin rights" do
+           RestClient::Request.should_receive(:execute).with(
+        method: :put,
+        url: "https://authz.example.com/the-account/roles/group/group/?members&member=role",
+        headers: {},
+        payload: { admin_option: false }
+      )
+      invoke
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -47,8 +47,9 @@ shared_context "when logged in", logged_in: true do
   include_context "with mock authn"
   let(:username) { 'dknuth' }
   let(:api_key) { 'sekrit' }
-  let(:api) { Conjur::API.new_from_token({ 'data' => username }) }
+  let(:api) { Conjur::API.new_from_key(username, api_key) }
   before do
+    api.stub credentials: {}
     netrc[authn_host] = [username, api_key]
     Conjur::Command.stub api: api
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 2.2.1
+  version: 2.3.0
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-06-24 00:00:00.000000000 Z
+date: 2013-07-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: conjur-api
@@ -228,6 +228,7 @@ files:
 - lib/conjur/config.rb
 - lib/conjur/version.rb
 - spec/command/authn_spec.rb
+- spec/command/groups_spec.rb
 - spec/command/roles_spec.rb
 - spec/spec_helper.rb
 - spec/write_expectation.rb
@@ -245,7 +246,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -1479172198194627634
+      hash: 1906770823961939842
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -254,7 +255,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -1479172198194627634
+      hash: 1906770823961939842
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.25
@@ -265,6 +266,7 @@ test_files:
 - features/jsonfield.feature
 - features/support/env.rb
 - spec/command/authn_spec.rb
+- spec/command/groups_spec.rb
 - spec/command/roles_spec.rb
 - spec/spec_helper.rb
 - spec/write_expectation.rb