conjur-cli 2.6.0 → 4.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +1 -1
- data/bin/conjur +20 -0
- data/bin/jsonfield +20 -0
- data/conjur.gemspec +1 -1
- data/lib/conjur.rb +20 -1
- data/lib/conjur/authn.rb +21 -1
- data/lib/conjur/cli.rb +21 -1
- data/lib/conjur/command.rb +43 -1
- data/lib/conjur/command/assets.rb +38 -17
- data/lib/conjur/command/audit.rb +0 -0
- data/lib/conjur/command/authn.rb +21 -1
- data/lib/conjur/command/field.rb +20 -0
- data/lib/conjur/command/groups.rb +21 -1
- data/lib/conjur/command/hosts.rb +22 -2
- data/lib/conjur/command/ids.rb +20 -0
- data/lib/conjur/command/resources.rb +50 -39
- data/lib/conjur/command/roles.rb +21 -1
- data/lib/conjur/command/secrets.rb +21 -1
- data/lib/conjur/command/users.rb +50 -12
- data/lib/conjur/command/variables.rb +21 -1
- data/lib/conjur/config.rb +20 -0
- data/lib/conjur/version.rb +21 -1
- data/spec/command/assets_spec.rb +137 -0
- data/spec/command/audit_spec.rb +0 -0
- data/spec/command/resources_spec.rb +133 -11
- data/spec/command/users_spec.rb +32 -0
- data/spec/command_spec.rb +60 -0
- data/spec/spec_helper.rb +10 -0
- metadata +17 -8
File without changes
|
@@ -2,22 +2,144 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe Conjur::Command::Resources, logged_in: true do
|
4
4
|
|
5
|
-
|
5
|
+
let (:full_resource_id) { [account, KIND, ID].join(":") }
|
6
|
+
let (:resource_instance) { double(attributes: resource_attributes) }
|
7
|
+
let (:resource_attributes) { { "some" => "attribute"} }
|
8
|
+
|
9
|
+
before :each do
|
10
|
+
api.stub(:resource).with(full_resource_id).and_return(resource_instance)
|
11
|
+
end
|
12
|
+
|
13
|
+
def invoke_silently
|
14
|
+
expect { invoke }.to write
|
15
|
+
end
|
16
|
+
|
17
|
+
shared_examples 'it displays resource attributes' do
|
18
|
+
it "as JSON to stdout" do
|
19
|
+
JSON::parse( expect { invoke }.to write ).should == resource_attributes
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
shared_examples "it obtains resource by id" do
|
24
|
+
it 'id is built from kind and id' do
|
25
|
+
api.should_receive(:resource).with(%r{^[^:]*:#{KIND}:#{ID}$})
|
26
|
+
invoke_silently
|
27
|
+
end
|
28
|
+
it 'uses default account as a prefix' do
|
29
|
+
api.should_receive(:resource).with(%r{^#{account}:})
|
30
|
+
invoke_silently
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
describe_command "resource:create #{KIND}:#{ID}" do
|
35
|
+
before :each do
|
36
|
+
resource_instance.stub(:create)
|
37
|
+
end
|
38
|
+
it "calls resource.create()" do
|
39
|
+
resource_instance.should_receive(:create)
|
40
|
+
invoke_silently
|
41
|
+
end
|
42
|
+
it_behaves_like "it obtains resource by id"
|
43
|
+
it_behaves_like "it displays resource attributes"
|
44
|
+
end
|
45
|
+
|
46
|
+
describe_command "resource:show #{KIND}:#{ID}" do
|
47
|
+
it_behaves_like "it obtains resource by id"
|
48
|
+
it_behaves_like "it displays resource attributes"
|
49
|
+
end
|
50
|
+
|
51
|
+
describe_command "resource:exists #{KIND}:#{ID}" do
|
52
|
+
before (:each) {
|
53
|
+
resource_instance.stub(:exists?).and_return("true")
|
54
|
+
}
|
55
|
+
it_behaves_like "it obtains resource by id"
|
56
|
+
it 'calls resource.exists?' do
|
57
|
+
resource_instance.should_receive(:exists?)
|
58
|
+
invoke_silently
|
59
|
+
end
|
60
|
+
context 'displays response of resource.exists? (true/false)' do
|
61
|
+
# NOTE: a bit redundant, but will be helpful in 'documentation' context
|
62
|
+
it 'true' do
|
63
|
+
resource_instance.stub(:exists?).and_return("true")
|
64
|
+
expect { invoke }.to write "true"
|
65
|
+
end
|
66
|
+
it 'false' do
|
67
|
+
resource_instance.stub(:exists?).and_return("false")
|
68
|
+
expect { invoke }.to write "false"
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
describe_command "resource:permit #{KIND}:#{ID} #{ROLE} #{PRIVILEGE}" do
|
74
|
+
before(:each) { resource_instance.stub(:permit).and_return(true) }
|
75
|
+
it_behaves_like "it obtains resource by id"
|
76
|
+
it "calls resource.permit(#{PRIVILEGE}, #{ROLE})" do
|
77
|
+
resource_instance.should_receive(:permit).with(PRIVILEGE, ROLE)
|
78
|
+
invoke_silently
|
79
|
+
end
|
80
|
+
it { expect { invoke }.to write "Permission granted" }
|
81
|
+
end
|
82
|
+
|
83
|
+
describe_command "resource:deny #{KIND}:#{ID} #{ROLE} #{PRIVILEGE}" do
|
84
|
+
before(:each) { resource_instance.stub(:deny).and_return(true) }
|
85
|
+
it_behaves_like "it obtains resource by id"
|
86
|
+
it "calls resource.deny(#{PRIVILEGE},#{ROLE})" do
|
87
|
+
resource_instance.should_receive(:deny).with(PRIVILEGE, ROLE)
|
88
|
+
invoke_silently
|
89
|
+
end
|
90
|
+
it { expect { invoke }.to write "Permission revoked" }
|
91
|
+
end
|
92
|
+
|
93
|
+
describe_command "resource:check #{KIND}:#{ID} #{PRIVILEGE}" do
|
6
94
|
it "performs a permission check for the logged-in user" do
|
7
|
-
api.should_receive(:resource).with("the-account
|
8
|
-
bacon.should_receive(:permitted?).with(
|
95
|
+
api.should_receive(:resource).with("the-account:#{KIND}:#{ID}").and_return bacon = double("the-account:#{KIND}:#{ID}")
|
96
|
+
bacon.should_receive(:permitted?).with(PRIVILEGE)
|
9
97
|
|
10
98
|
invoke
|
11
99
|
end
|
12
100
|
end
|
13
|
-
|
14
|
-
describe_command "resource:check -r test:the-role food bacon fry" do
|
15
|
-
it "performs a permission check for a specified role" do
|
16
|
-
api.should_receive(:role).with("test:the-role").and_return role = double("the-account:test:the-role")
|
17
101
|
|
18
|
-
|
19
|
-
|
20
|
-
|
102
|
+
describe_command "resource:check -r #{ROLE} #{KIND}:#{ID} #{PRIVILEGE}" do
|
103
|
+
let (:role_instance) { double() }
|
104
|
+
let (:role_response) { "role response: true|false" }
|
105
|
+
let (:account) { ACCOUNT }
|
106
|
+
before(:each) {
|
107
|
+
api.stub(:role).and_return(role_instance)
|
108
|
+
role_instance.stub(:permitted?).and_return(role_response)
|
109
|
+
}
|
110
|
+
it 'obtains role object by id' do
|
111
|
+
api.should_receive(:role).with(ROLE)
|
112
|
+
invoke_silently
|
113
|
+
end
|
114
|
+
it "calls role.permitted?('#{ACCOUNT}:#{KIND}:#{ID}', #{PRIVILEGE})" do
|
115
|
+
role_instance.should_receive(:permitted?).with([ACCOUNT,KIND,ID].join(":"),PRIVILEGE)
|
116
|
+
invoke_silently
|
117
|
+
end
|
118
|
+
it { expect { invoke }.to write role_response }
|
119
|
+
end
|
120
|
+
|
121
|
+
describe_command "resource:give #{KIND}:#{ID} #{OWNER}" do
|
122
|
+
before(:each) { resource_instance.stub(:give_to).and_return(true) }
|
123
|
+
it_behaves_like "it obtains resource by id"
|
124
|
+
it "calls resource.give_to(#{OWNER})" do
|
125
|
+
resource_instance.should_receive(:give_to).with(OWNER)
|
126
|
+
invoke_silently
|
127
|
+
end
|
128
|
+
it { expect { invoke }.to write "Ownership granted" }
|
129
|
+
end
|
130
|
+
|
131
|
+
describe_command "resource:permitted_roles #{KIND}:#{ID} #{PRIVILEGE}" do
|
132
|
+
let(:roles_list) { %W[klaatu barada nikto] }
|
133
|
+
before(:each) {
|
134
|
+
resource_instance.stub(:permitted_roles).and_return(roles_list)
|
135
|
+
}
|
136
|
+
it_behaves_like "it obtains resource by id"
|
137
|
+
it "calls resource.permitted_roles(#{PRIVILEGE}" do
|
138
|
+
resource_instance.should_receive(:permitted_roles)
|
139
|
+
invoke_silently
|
140
|
+
end
|
141
|
+
it "displays JSONised list of roles" do
|
142
|
+
JSON.parse( expect { invoke }.to write ).should == roles_list
|
21
143
|
end
|
22
144
|
end
|
23
|
-
end
|
145
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Conjur::Command::Users, logged_in: true do
|
4
|
+
let(:update_password_url) { "https://authn.example.com/users/password" }
|
5
|
+
|
6
|
+
context "updating password" do
|
7
|
+
before do
|
8
|
+
RestClient::Request.should_receive(:execute).with(
|
9
|
+
method: :put,
|
10
|
+
url: update_password_url,
|
11
|
+
user: username,
|
12
|
+
password: api_key,
|
13
|
+
headers: { },
|
14
|
+
payload: "new-password"
|
15
|
+
)
|
16
|
+
end
|
17
|
+
|
18
|
+
describe_command "user:update_password -p new-password" do
|
19
|
+
it "PUTs the new password" do
|
20
|
+
invoke
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
describe_command "user:update_password" do
|
25
|
+
it "PUTs the new password" do
|
26
|
+
Conjur::Command::Users.should_receive(:prompt_for_password).and_return "new-password"
|
27
|
+
|
28
|
+
invoke
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Conjur::Command do
|
4
|
+
describe "provides id conversion functions as a class methods" do
|
5
|
+
describe "#full_resource_id(id)" do
|
6
|
+
describe "injects account into brief ids" do
|
7
|
+
context "long id (3+ tokens)" do
|
8
|
+
it "returns id as is" do
|
9
|
+
described_class.full_resource_id("a:b:c").should == "a:b:c"
|
10
|
+
end
|
11
|
+
end
|
12
|
+
context "brief id(2 tokens)" do
|
13
|
+
before(:each) { described_class.stub(:conjur_account).and_return("current/acc") }
|
14
|
+
it "injects current account as a prefix" do
|
15
|
+
described_class.full_resource_id("a:b").should == "current/acc:a:b"
|
16
|
+
end
|
17
|
+
end
|
18
|
+
context "malformed id (no separators)" do
|
19
|
+
it "breaks" do
|
20
|
+
expect { described_class.full_resource_id("a") }.to raise_error
|
21
|
+
expect { described_class.full_resource_id("nil") }.to raise_error
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
describe "#get_kind_and_id_from_args(args, [argname])" do
|
27
|
+
describe "extracts (kind, subid) from id" do
|
28
|
+
def subject *args
|
29
|
+
described_class.get_kind_and_id_from_args(args)
|
30
|
+
end
|
31
|
+
context "for brief ids(2 tokens)" do
|
32
|
+
it "token#1=> kind (dashes replaced with undescrores), token#2=>id" do
|
33
|
+
subject("the-kind:the-id").should == ['the_kind','the-id']
|
34
|
+
end
|
35
|
+
end
|
36
|
+
context "for long ids(3+ tokens)" do
|
37
|
+
it "token #1=> ignored" do
|
38
|
+
subject("a:b:c:d").should_not include('a')
|
39
|
+
end
|
40
|
+
it "token #2=> kind (dashes replaced with underscores)" do
|
41
|
+
subject("a:the-kind:c:d")[0].should == "the_kind"
|
42
|
+
end
|
43
|
+
it "extracts remaining part (starting from 3rd token) as an id" do
|
44
|
+
subject("a:b:c-token:d-token")[1].should == "c-token:d-token"
|
45
|
+
end
|
46
|
+
end
|
47
|
+
context "for too short input" do
|
48
|
+
it "breaks" do
|
49
|
+
expect { subject("a") }.to raise_error
|
50
|
+
end
|
51
|
+
end
|
52
|
+
context "for empty parameters" do
|
53
|
+
it "breaks" do
|
54
|
+
expect { subject() }.to raise_error
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
data/spec/spec_helper.rb
CHANGED
@@ -70,6 +70,16 @@ def post_response(id, attributes = {})
|
|
70
70
|
})
|
71
71
|
end
|
72
72
|
|
73
|
+
# stub parameters to be used in resource/asset tests
|
74
|
+
KIND="asset_kind"
|
75
|
+
ID="unique_id"
|
76
|
+
ROLE='<role>'
|
77
|
+
MEMBER='<member>'
|
78
|
+
PRIVILEGE='<privilege>'
|
79
|
+
OWNER='<owner/userid>'
|
80
|
+
ACCOUNT='<core_account>'
|
81
|
+
|
82
|
+
|
73
83
|
require 'write_expectation'
|
74
84
|
|
75
85
|
require 'conjur/cli'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-cli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 4.1.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,24 +10,24 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2013-
|
13
|
+
date: 2013-10-24 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: conjur-api
|
17
17
|
requirement: !ruby/object:Gem::Requirement
|
18
18
|
none: false
|
19
19
|
requirements:
|
20
|
-
- -
|
20
|
+
- - ! '>='
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: '
|
22
|
+
version: '4.0'
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
26
26
|
none: false
|
27
27
|
requirements:
|
28
|
-
- -
|
28
|
+
- - ! '>='
|
29
29
|
- !ruby/object:Gem::Version
|
30
|
-
version: '
|
30
|
+
version: '4.0'
|
31
31
|
- !ruby/object:Gem::Dependency
|
32
32
|
name: gli
|
33
33
|
requirement: !ruby/object:Gem::Requirement
|
@@ -215,6 +215,7 @@ files:
|
|
215
215
|
- lib/conjur/cli.rb
|
216
216
|
- lib/conjur/command.rb
|
217
217
|
- lib/conjur/command/assets.rb
|
218
|
+
- lib/conjur/command/audit.rb
|
218
219
|
- lib/conjur/command/authn.rb
|
219
220
|
- lib/conjur/command/field.rb
|
220
221
|
- lib/conjur/command/groups.rb
|
@@ -227,12 +228,16 @@ files:
|
|
227
228
|
- lib/conjur/command/variables.rb
|
228
229
|
- lib/conjur/config.rb
|
229
230
|
- lib/conjur/version.rb
|
231
|
+
- spec/command/assets_spec.rb
|
232
|
+
- spec/command/audit_spec.rb
|
230
233
|
- spec/command/authn_spec.rb
|
231
234
|
- spec/command/groups_spec.rb
|
232
235
|
- spec/command/hosts_spec.rb
|
233
236
|
- spec/command/resources_spec.rb
|
234
237
|
- spec/command/roles_spec.rb
|
238
|
+
- spec/command/users_spec.rb
|
235
239
|
- spec/command/variables_spec.rb
|
240
|
+
- spec/command_spec.rb
|
236
241
|
- spec/spec_helper.rb
|
237
242
|
- spec/write_expectation.rb
|
238
243
|
homepage: https://github.com/inscitiv/cli-ruby
|
@@ -250,7 +255,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
250
255
|
version: '0'
|
251
256
|
segments:
|
252
257
|
- 0
|
253
|
-
hash: -
|
258
|
+
hash: -1756527085096003511
|
254
259
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
255
260
|
none: false
|
256
261
|
requirements:
|
@@ -259,7 +264,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
259
264
|
version: '0'
|
260
265
|
segments:
|
261
266
|
- 0
|
262
|
-
hash: -
|
267
|
+
hash: -1756527085096003511
|
263
268
|
requirements: []
|
264
269
|
rubyforge_project:
|
265
270
|
rubygems_version: 1.8.25
|
@@ -269,11 +274,15 @@ summary: Conjur command line interface
|
|
269
274
|
test_files:
|
270
275
|
- features/jsonfield.feature
|
271
276
|
- features/support/env.rb
|
277
|
+
- spec/command/assets_spec.rb
|
278
|
+
- spec/command/audit_spec.rb
|
272
279
|
- spec/command/authn_spec.rb
|
273
280
|
- spec/command/groups_spec.rb
|
274
281
|
- spec/command/hosts_spec.rb
|
275
282
|
- spec/command/resources_spec.rb
|
276
283
|
- spec/command/roles_spec.rb
|
284
|
+
- spec/command/users_spec.rb
|
277
285
|
- spec/command/variables_spec.rb
|
286
|
+
- spec/command_spec.rb
|
278
287
|
- spec/spec_helper.rb
|
279
288
|
- spec/write_expectation.rb
|