conjur-cli 2.4.1 → 2.6.0

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2012 Rafał Rzepecki
+Copyright (c) 2012 Conjur Inc
 
 MIT License
 

data/conjur.gemspec

@@ -3,9 +3,10 @@ require File.expand_path('../lib/conjur/version', __FILE__)
 
 Gem::Specification.new do |gem|
   gem.authors       = ["Rafa\305\202 Rzepecki", "Kevin Gilpin"]
-  gem.email         = ["divided.mind@gmail.com", "kevin.gilpin@inscitiv.com",]
+  gem.email         = ["divided.mind@gmail.com", "kgilpin@conjur.net",]
   gem.summary       = %q{Conjur command line interface}
   gem.homepage      = "https://github.com/inscitiv/cli-ruby"
+  gem.license       = 'MIT'
 
   gem.files         = `git ls-files`.split($\) + Dir['build_number']
   gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }

data/lib/conjur/command/hosts.rb

@@ -5,7 +5,7 @@ class Conjur::Command::Hosts < Conjur::Command
   self.prefix = :host
 
   desc "Create a new host"
-  arg_name "host"
+  arg_name "id?"
   command :create do |c|
     c.arg_name "password"
     c.flag [:p,:password]

data/lib/conjur/command/resources.rb

@@ -70,17 +70,29 @@ class Conjur::Command::Resources < Conjur::Command
       puts "Permission revoked"
     end
   end
-  
-  desc "Check whether a role has a privilege on a resource"
-  arg_name "kind resource-id role privilege"
+
+  desc "Check for a privilege on a resource"
+  long_desc """
+  By default, the privilege is checked for the logged-in user.
+  Permission checks may be performed for other roles using the optional role argument.
+  When the role argument is used, either the logged-in user must either own the specified
+  resource or be an admin of the specified role (i.e. be granted the specified role with grant option).
+  """
+  arg_name "kind resource-id privilege"
   command :check do |c|
+    c.desc "Role to check. By default, the current logged-in role is used"
+    c.flag [:r,:role]
+
     c.action do |global_options,options,args|
       kind = args.shift or raise "Missing parameter: resource-kind"
       resource_id = args.shift or raise "Missing parameter: resource-id"
-      role = args.shift or raise "Missing parameter: role"
       privilege = args.shift or raise "Missing parameter: privilege"
-      role = api.role(role)
-      puts role.permitted? kind, resource_id, privilege
+      if role = options[:role]
+        role = api.role(role)
+        puts role.permitted? kind, resource_id, privilege
+      else
+        puts api.resource([ conjur_account, kind, resource_id ].join(':')).permitted? privilege
+      end
     end
   end
 
@@ -92,11 +104,11 @@ class Conjur::Command::Resources < Conjur::Command
       id = require_arg(args, "resource-id")
       owner = require_arg(args, "owner")
       api.resource([ conjur_account, kind, id ].join(':')).give_to owner
-      puts "Role granted"
+      puts "Ownership granted"
     end
   end
 
-  desc "List roles with a specified permission on the resource"
+  desc "List roles with a specified permission on a resource"
   arg_name "kind resource-id permission"
   command :permitted_roles do |c|
     c.action do |global_options,options,args|

data/lib/conjur/command/variables.rb

@@ -5,6 +5,7 @@ class Conjur::Command::Variables < Conjur::Command
   self.prefix = :variable
   
   desc "Create and store a variable"
+  arg_name "id?"
   command :create do |c|
     c.arg_name "mime_type"
     c.flag [:m, :"mime-type"]
@@ -15,7 +16,16 @@ class Conjur::Command::Variables < Conjur::Command
     acting_as_option(c)
     
     c.action do |global_options,options,args|
-      var = api.create_variable(options[:m], options[:k], options)
+      id = args.shift
+      options[:id] = id if id
+      
+      mime_type = options.delete(:m)
+      kind = options.delete(:k)
+      
+      options.delete(:"mime-type")
+      options.delete(:"kind")
+      
+      var = api.create_variable(mime_type, kind, options)
       display(var, options)
     end
   end
@@ -37,6 +47,7 @@ class Conjur::Command::Variables < Conjur::Command
       value = args.shift || STDIN.read
       
       api.variable(id).add_value(value)
+      puts "Value added"
     end
   end
 

data/lib/conjur/version.rb

@@ -1,3 +1,3 @@
 module Conjur
-  VERSION = "2.4.1"
+  VERSION = "2.6.0"
 end

data/spec/command/hosts_spec.rb

@@ -0,0 +1,30 @@
+require 'spec_helper'
+
+describe Conjur::Command::Hosts, logged_in: true do
+  let(:collection_url) { "https://core.example.com/hosts" }
+  
+  describe_command "host:create" do
+    it "lets the server assign the id" do
+     RestClient::Request.should_receive(:execute).with(
+        method: :post,
+        url: collection_url,
+        headers: {},
+        payload: {}
+      ).and_return(post_response('assigned-id'))
+
+      expect { invoke }.to write({ id: 'assigned-id' }).to(:stdout)
+    end
+  end
+  describe_command "host:create the-id" do
+    it "propagates the user-assigned id" do
+     RestClient::Request.should_receive(:execute).with(
+        method: :post,
+        url: collection_url,
+        headers: {},
+        payload: { id: 'the-id' }
+      ).and_return(post_response('the-id'))
+
+      expect { invoke }.to write({ id: 'the-id' }).to(:stdout)
+    end
+  end
+end

data/spec/command/resources_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe Conjur::Command::Resources, logged_in: true do
+
+  describe_command "resource:check food bacon fry" do
+    it "performs a permission check for the logged-in user" do
+      api.should_receive(:resource).with("the-account:food:bacon").and_return bacon = double("the-account:food:bacon")
+      bacon.should_receive(:permitted?).with("fry")
+      
+      invoke
+    end
+  end
+  
+  describe_command "resource:check -r test:the-role food bacon fry" do
+    it "performs a permission check for a specified role" do
+      api.should_receive(:role).with("test:the-role").and_return role = double("the-account:test:the-role")
+
+      role.should_receive(:permitted?).with("food", "bacon", "fry")
+      
+      invoke
+    end
+  end
+end

data/spec/command/roles_spec.rb

@@ -30,7 +30,7 @@ describe Conjur::Command::Roles, logged_in: true do
       end
     end
   end
-
+  
   describe "role:memberships" do
     let(:all_roles) { %w(foo:user:joerandom foo:something:cool foo:something:else foo:group:admins) }
     let(:role) do

data/spec/command/variables_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe Conjur::Command::Variables, logged_in: true do
+  let(:collection_url) { "https://core.example.com/variables" }
+
+  let(:base_payload) { { mime_type: 'text/plain', kind: 'password' } }
+
+  describe_command "variable:create -m text/plain -k password" do
+    it "lets the server assign the id" do
+     RestClient::Request.should_receive(:execute).with(
+        method: :post,
+        url: collection_url,
+        headers: {},
+        payload: base_payload
+      ).and_return(post_response('assigned-id'))
+
+      expect { invoke }.to write({ id: 'assigned-id' }).to(:stdout)
+    end
+  end
+  describe_command "variable:create -m text/plain -k password the-id" do
+    it "propagates the user-assigned id" do
+     RestClient::Request.should_receive(:execute).with(
+        method: :post,
+        url: collection_url,
+        headers: {},
+        payload: base_payload.merge({ id: 'the-id' })
+      ).and_return(post_response('the-id'))
+
+      expect { invoke }.to write({ id: 'the-id' }).to(:stdout)
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -1,6 +1,7 @@
 require "rubygems"
 require "bundler/setup"
 require 'tempfile'
+require 'ostruct'
 
 require "simplecov"
 SimpleCov.start
@@ -59,6 +60,16 @@ shared_context "when not logged in", logged_in: false do
   include_context "with mock authn"
 end
 
+  
+def post_response(id, attributes = {})
+  attributes[:id] = id
+  
+  OpenStruct.new({
+    headers: { location: [ collection_url, id ].join('/') }, 
+    body: attributes.to_json
+  })
+end
+
 require 'write_expectation'
 
 require 'conjur/cli'

data/spec/write_expectation.rb

@@ -25,6 +25,7 @@ RSpec::Matchers.define :write do |message|
       end
 
     case message
+    when Hash then output.include?(JSON.pretty_generate message)
     when String then output.include? message
     when Regexp then output.match message
     when nil then output

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 2.4.1
+  version: 2.6.0
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-07-16 00:00:00.000000000 Z
+date: 2013-08-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: conjur-api
@@ -191,7 +191,7 @@ dependencies:
 description: 
 email:
 - divided.mind@gmail.com
-- kevin.gilpin@inscitiv.com
+- kgilpin@conjur.net
 executables:
 - conjur
 - jsonfield
@@ -229,11 +229,15 @@ files:
 - lib/conjur/version.rb
 - spec/command/authn_spec.rb
 - spec/command/groups_spec.rb
+- spec/command/hosts_spec.rb
+- spec/command/resources_spec.rb
 - spec/command/roles_spec.rb
+- spec/command/variables_spec.rb
 - spec/spec_helper.rb
 - spec/write_expectation.rb
 homepage: https://github.com/inscitiv/cli-ruby
-licenses: []
+licenses:
+- MIT
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -246,7 +250,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -619613034249408123
+      hash: -4082547880357174583
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -255,7 +259,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -619613034249408123
+      hash: -4082547880357174583
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.25
@@ -267,6 +271,9 @@ test_files:
 - features/support/env.rb
 - spec/command/authn_spec.rb
 - spec/command/groups_spec.rb
+- spec/command/hosts_spec.rb
+- spec/command/resources_spec.rb
 - spec/command/roles_spec.rb
+- spec/command/variables_spec.rb
 - spec/spec_helper.rb
 - spec/write_expectation.rb