conjur-cli 4.14.0 → 4.15.0

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    YzdkNTU4NDk0N2QyMmNiOWJkMDA3MzZkZmNhMTg2NjZiNTQzZTMwYw==
-  data.tar.gz: !binary |-
-    ODE1ODg4ZGMyZGYzYTBiYTNmNzMzMWZlNjUwYjdjZjc4NDZjYWJkOA==
+SHA1:
+  metadata.gz: 9a7286b596f4e9bfdcac76be7e5d79b813aa2a52
+  data.tar.gz: 6e4d13583b0c704139bcfcea5cc4e6fa1a8a3335
 SHA512:
-  metadata.gz: !binary |-
-    NzE2OGU2MWI2NTI4ZjQyZjBmMDQyOTQ2ZDM5OTY1YTBjNWY2MmJjMDQ0ZTNj
-    MmM2ZjkzMjRmMTZkN2UxZjc3MmM5NTAxNjg4ZjE4YjE5Y2NiMTA4ZDI2OGQy
-    YTgxZWJiZjZjZjBlMDVhZjM2OWZiOTMyYTYzMzY4MTA2YjhmYWM=
-  data.tar.gz: !binary |-
-    NjlhMjllYzZjNDMwOTdmYjg0Nzc4MGU1ZWY0ZTg3Y2JiN2EyMmJkNWMzYmIx
-    YWY5Y2U0NmE3NmJmNGYyYTRhMzdlODk1ODZkN2YzYjJiZTBmMWU5Zjg2MWFh
-    NGI3NGQ2NjU3NDBmY2NiYWY0NTAzMWU0ZDM3MjZiZDY5NGI3YTk=
+  metadata.gz: 88490f66539ca80f3456abd2331763ff23b01ba62c35b389a446ab0d92d0a2a193478342d1dd27a7ea95af36a1777bb70d39c299d9bb30212ca4b56d180c8194
+  data.tar.gz: 9aa6c11cda54ecb915470c0c9a8915f84ad8bcc9c8664e25364dfa90da8dd2cf7a44b10862b222a986f8b8584c4526a49bf38f5162aa581ed3198104ca55963b

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+# 4.15.0
+
+* Migration to rspec 3
+* Commands to retire(decommission) variable, host, user, group
+* Bugfix (in some situations `conjur init` logged config file location incorrectly)

data/bin/_conjur_completions.yaml

@@ -87,6 +87,8 @@
   :show: true
   :list: true
   :update_password: true
+  :update: true
+  :uidsearch: true
 :variable:
   :create: true
   :show: true

data/conjur.gemspec

@@ -26,9 +26,11 @@ Gem::Specification.new do |gem|
   
   gem.add_runtime_dependency 'cas_rest_client'
   
-  gem.add_development_dependency 'rspec', '>= 2.14', '< 3.0'
+  gem.add_development_dependency 'rspec', '~> 3.0'
   gem.add_development_dependency 'simplecov'
   gem.add_development_dependency 'aruba'
-  gem.add_development_dependency 'ci_reporter', '~> 1.8'
+  gem.add_development_dependency 'ci_reporter_rspec', '~> 1.0'
+  gem.add_development_dependency 'ci_reporter_cucumber'
   gem.add_development_dependency 'rake', '~> 10.0'
+  gem.add_development_dependency 'io-grab', '~> 0.0.1'
 end

data/features/step_definitions/dsl_steps.rb

@@ -41,6 +41,6 @@ end
 
 Then(/^the context "(.*?)" should contain "(.*?)" item$/) do |key, key_count|
   step "the context should contain \"#{key}\""
-  @runner.context[key].should have(key_count.to_i).items
+  expect(@runner.context[key].length).to eq key_count.to_i
 end
 

data/lib/conjur/command.rb

@@ -99,7 +99,24 @@ module Conjur
           puts JSON.pretty_generate resources
         end
       end
+      
+      def retire_resource obj
+        obj.resource.attributes['permissions'].each do |p|
+          role = api.role(p['role'])
+          privilege = p['privilege']
+          next if role.roleid == obj.roleid && privilege == 'read'
+          puts "Denying #{privilege} privilege to #{role.roleid}"
+          obj.resource.deny(privilege, role)
+        end
+      end
         
+      def retire_role obj
+        obj.role.members.each do |r|
+          member = api.role(r.member)
+          puts "Revoking from role #{member.roleid}"
+          obj.role.revoke_from member
+        end
+      end
       
       def display_members(members, options)
         result = if options[:V]

data/lib/conjur/command/groups.rb

@@ -59,6 +59,24 @@ class Conjur::Command::Groups < Conjur::Command
         display(api.group(id), options)
       end
     end
+    
+    group.desc "Decommission a group"
+    group.arg_name "id"
+    group.command :retire do |c|
+      c.action do |global_options,options,args|
+        id = require_arg(args, 'id')
+        
+        group = api.group(id)
+        
+        retire_resource group
+        retire_role group
+        
+        puts "Giving ownership to 'attic'"
+        group.resource.give_to api.user('attic')
+        
+        puts "Group retired"
+      end
+    end
 
     group.desc "Show and manage group members"
     group.command :members do |members|

data/lib/conjur/command/hosts.rb

@@ -20,6 +20,10 @@
 #
 
 class Conjur::Command::Hosts < Conjur::Command
+  def self.host_layer_roles host
+    host.role.all.select{|r| r.kind == "layer"}
+  end
+  
   desc "Manage hosts"
   command :host do |hosts|
     hosts.desc "Create a new host"
@@ -51,7 +55,28 @@ class Conjur::Command::Hosts < Conjur::Command
       end
     end
 
+    hosts.desc "Decommission a host"
+    hosts.arg_name "id"
+    hosts.command :retire do |c|
+      c.action do |global_options,options,args|
+        id = require_arg(args, 'id')
+        
+        host = api.host(id)
+        
+        host_layer_roles(host).each do |layer|
+          puts "Removing from layer #{layer.id}"
+          api.layer(layer.id).remove_host host
+        end
 
+        retire_resource host
+        retire_role host
+        
+        puts "Giving ownership to 'attic'"
+        host.resource.give_to api.user('attic')
+        
+        puts "Host retired"
+      end
+    end
 
     hosts.desc "List hosts"
     hosts.command :list do |c|
@@ -78,7 +103,8 @@ class Conjur::Command::Hosts < Conjur::Command
     hosts.command :layers do |c|
       c.action do |global_options, options, args|
         id = require_arg(args, 'id')
-        display api.host(id).role.all.select{|r| r.kind == "layer"}.map(&:identifier), options
+        host = api.host(id)
+        display host_layer_roles(host).map(&:identifier), options
       end
     end
   end

data/lib/conjur/command/init.rb

@@ -121,7 +121,7 @@ class Conjur::Command::Init < Conjur::Command
         f.puts YAML.dump(config.stringify_keys)
       end
 
-      puts "Wrote configuration to #{options[:file]}"
+      puts "Wrote configuration to #{config_file}"
     end
   end
 

data/lib/conjur/command/rspec/describe_command.rb

@@ -1,4 +1,4 @@
-module RSpec::Core::DSL
+RSpec::Core::DSL.change_global_dsl do
   def describe_command *argv, &block
     describe *argv do
       let(:invoke) do

data/lib/conjur/command/rspec/mock_services.rb

@@ -3,9 +3,9 @@ shared_context "with fake endpoints and test config" do
   let(:authz_host) { 'https://authz.example.com' }
   let(:core_host) { 'https://core.example.com' }
   before do
-    Conjur::Authn::API.stub host: authn_host
-    Conjur::Authz::API.stub host: authz_host
-    Conjur::Core::API.stub host: core_host
+    allow(Conjur::Authn::API).to receive(:host) { authn_host }
+    allow(Conjur::Authz::API).to receive(:host) { authz_host }
+    allow(Conjur::Core::API).to receive(:host) { core_host }
 
     ENV['GLI_DEBUG'] = 'true'
   end
@@ -17,8 +17,8 @@ shared_context "with mock authn" do
   let(:netrc) { Netrc.read(netrcfile.path) }
   let(:account) { 'the-account' }
   before do
-    Conjur::Core::API.stub conjur_account: account
-    Conjur::Authn.stub netrc: netrc, host: authn_host
+    allow(Conjur::Core::API).to receive(:conjur_account) { account }
+    allow(Conjur::Authn).to receive_messages(netrc: netrc, host: authn_host)
     Conjur::Config.merge 'account' => account
   end
 end
@@ -29,9 +29,9 @@ shared_context "when logged in", logged_in: true do
   let(:api_key) { 'sekrit' }
   let(:api) { Conjur::API.new_from_key(username, api_key) }
   before do
-    api.stub credentials: {}
+    allow(api).to receive(:credentials) { {} }
     netrc[authn_host] = [username, api_key]
-    Conjur::Command.stub api: api
+    allow(Conjur::Command).to receive_messages api: api
   end
 end
 

data/lib/conjur/command/rspec/output_matchers.rb

@@ -1,6 +1,4 @@
-# from https://gist.github.com/elgalu/5073871
-require 'rspec'
-require 'stringio'
+require 'io/grab'
 
 # Custom matcher to test text written to standard output and standard error
 #
@@ -12,17 +10,23 @@ require 'stringio'
 #
 # @note http://greyblake.com/blog/2012/12/14/custom-expectations-with-rspec/
 RSpec::Matchers.define :write do |message|
+  supports_block_expectations
+
   chain(:to) do |io|
     @io = io
   end
 
   match do |block|
-    output =
-      case io
-      when :stdout then fake_stdout(&block)
-      when :stderr  then fake_stderr(&block)
-      else fail("Allowed values for `to` are :stdout and :stderr, got `#{io.inspect}`")
-      end
+    stream = case io
+    when :stdout
+      $stdout
+    when :stderr
+      $stderr
+    else
+      io
+    end
+
+    @actual = output = stream.grab &block
 
     case message
     when Hash then output.include?(JSON.pretty_generate message)
@@ -37,36 +41,10 @@ RSpec::Matchers.define :write do |message|
     %Q[write #{message.inspect} to #{@io}]
   end
 
-  def failure_message(to = 'to')
-    %Q[expected #{to} #{description} but got #{@buffer.inspect}]
-  end
-
-  failure_message_for_should do
-    failure_message 'to'
-  end
-
-  failure_message_for_should_not do
-    failure_message 'not to'
-  end
-
-  # Fake STDERR and return a string written to it.
-  def fake_stderr
-    original_stderr = $stderr
-    $stderr = StringIO.new
-    yield
-    @buffer = $stderr.string
-  ensure
-    $stderr = original_stderr
-  end
+  diffable
 
-  # Fake STDOUT and return a string written to it.
-  def fake_stdout
-    original_stdout = $stdout
-    $stdout = StringIO.new
-    yield
-    @buffer = $stdout.string
-  ensure
-    $stdout = original_stdout
+  failure_message do
+    %Q[expected to #{description} but got #{@actual.inspect}]
   end
 
   # default IO is standard output

data/lib/conjur/command/users.rb

@@ -74,6 +74,24 @@ class Conjur::Command::Users < Conjur::Command
       end
     end
 
+    user.desc "Decommission a user"
+    user.arg_name "id"
+    user.command :retire do |c|
+      c.action do |global_options,options,args|
+        id = require_arg(args, 'id')
+        
+        user = api.user(id)
+        
+        retire_resource user
+        retire_role user
+        
+        puts "Giving ownership to 'attic'"
+        user.resource.give_to api.user('attic')
+        
+        puts "User retired"
+      end
+    end
+
     user.desc "List users"
     user.command :list do |c|
       command_options_for_list c

data/lib/conjur/command/variables.rb

@@ -65,6 +65,23 @@ class Conjur::Command::Variables < Conjur::Command
       end
     end
 
+    var.desc "Decommission a variable"
+    var.arg_name "id"
+    var.command :retire do |c|
+      c.action do |global_options,options,args|
+        id = require_arg(args, 'id')
+        
+        variable = api.variable(id)
+        
+        retire_resource variable
+        
+        puts "Giving ownership to 'attic'"
+        variable.resource.give_to api.user('attic')
+        
+        puts "Variable retired"
+      end
+    end
+
     var.desc "List variables"
     var.command :list do |c|
       command_options_for_list c

data/lib/conjur/version.rb

@@ -19,6 +19,6 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 module Conjur
-  VERSION = "4.14.0"
+  VERSION = "4.15.0"
   ::Version=VERSION
 end

data/spec/authn_spec.rb

@@ -5,24 +5,24 @@ describe Conjur::Authn do
   describe "credentials from environment" do
     before {
       Conjur::Authn.instance_variable_set("@credentials", nil)
-      ENV.should_receive(:[]).with("CONJUR_AUTHN_LOGIN").and_return "the-login"
-      ENV.should_receive(:[]).with("CONJUR_AUTHN_API_KEY").and_return "the-api-key"
+      expect(ENV).to receive(:[]).with("CONJUR_AUTHN_LOGIN").and_return "the-login"
+      expect(ENV).to receive(:[]).with("CONJUR_AUTHN_API_KEY").and_return "the-api-key"
     }
     after {
       Conjur::Authn.instance_variable_set("@credentials", nil)
     }
     it "are used to authn" do
-      Conjur::Authn.get_credentials.should == [ "the-login", "the-api-key" ]
+      expect(Conjur::Authn.get_credentials).to eq([ "the-login", "the-api-key" ])
     end
     it "are not written to netrc" do
-      Conjur::Authn.stub(:write_credentials).and_raise "should not write credentials"
+      allow(Conjur::Authn).to receive(:write_credentials).and_raise "should not write credentials"
       Conjur::Authn.get_credentials
     end
   end
   describe "netrc" do
     before {
       Conjur::Authn.instance_variable_set("@netrc", nil)
-      Conjur::Config.should_receive(:[]).with(:netrc_path).and_return path
+      expect(Conjur::Config).to receive(:[]).with(:netrc_path).and_return path
     }
     after {
       Conjur::Authn.instance_variable_set("@netrc", nil)
@@ -30,15 +30,15 @@ describe Conjur::Authn do
     context "with specified netrc_path" do
       let(:path) { double("path") }
       it "consults Conjur::Config for netrc_path" do
-        Netrc.should_receive(:read).with(path).and_return netrc = double("netrc")
-        Conjur::Authn.netrc.should == netrc
+        expect(Netrc).to receive(:read).with(path).and_return netrc = double("netrc")
+        expect(Conjur::Authn.netrc).to eq(netrc)
       end
     end
     context "without specified netrc_path" do
       let(:path) { nil }
       it "uses default netrc path" do
-        Netrc.should_receive(:read).with().and_return netrc = double("netrc")
-        Conjur::Authn.netrc.should == netrc
+        expect(Netrc).to receive(:read).with(no_args).and_return netrc = double("netrc")
+        expect(Conjur::Authn.netrc).to eq(netrc)
       end
     end
   end

data/spec/command/assets_spec.rb

@@ -4,55 +4,55 @@ describe Conjur::Command::Assets, logged_in: true do
 
   let(:asset) {  double(attributes: asset_attributes ) }
   let(:asset_attributes) { {"some"=>"attributes" } }
-  before(:each) { api.stub(KIND.to_sym).and_return(asset) }
+  before(:each) { allow(api).to receive(KIND.to_sym).and_return(asset) }
   def invoke_silently
     expect { invoke }.to write
   end
 
   context "asset:create" do
     before(:each) { 
-      api.stub(:method).with("create_#{KIND}").and_return(double(arity:1))
-      api.stub("create_#{KIND}".to_sym).and_return(asset)
+      allow(api).to receive(:method).with("create_#{KIND}").and_return(double(arity:1))
+      allow(api).to receive("create_#{KIND}".to_sym).and_return(asset)
     }
     describe_command "asset:create #{KIND}:#{ID}" do
       it "calls api.create_#{KIND}(id:#{ID})" do
-        api.should_receive("create_#{KIND}".to_sym).with(id: ID)
+        expect(api).to receive("create_#{KIND}".to_sym).with(id: ID)
         invoke_silently
       end
       it "writes JSONised attributes to stdout" do
-        JSON.parse( expect { invoke }.to write ).should == asset_attributes
+        expect(JSON.parse( expect { invoke }.to write )).to eq(asset_attributes)
       end
     end
     describe_command "asset:create #{KIND}" do
       it "calls api.create_#{KIND}({})" do
-        api.should_receive("create_#{KIND}".to_sym).with({})
+        expect(api).to receive("create_#{KIND}".to_sym).with({})
         invoke_silently
       end
       it "writes JSONised attributes to stdout" do
-        JSON.parse( expect { invoke }.to write ).should == asset_attributes
+        expect(JSON.parse( expect { invoke }.to write )).to eq(asset_attributes)
       end
     end
   end
 
   describe_command "asset:show #{KIND}:#{ID}" do
     it "obtains asset instance as api.#{KIND}(#{ID})" do
-      api.should_receive(KIND.to_sym).with(ID)
+      expect(api).to receive(KIND.to_sym).with(ID)
       invoke_silently
     end
     it "writes JSONised attributes to stdout" do
-      JSON.parse( expect { invoke }.to write ).should == asset_attributes
+      expect(JSON.parse( expect { invoke }.to write )).to eq(asset_attributes)
     end
   end
 
   describe_command "asset:exists #{KIND}:#{ID}" do
     let(:exists_response) { "exists? response" }
-    before(:each) { asset.stub(:exists?).and_return(exists_response) }
+    before(:each) { allow(asset).to receive(:exists?).and_return(exists_response) }
     it "obtains asset instance as api.#{KIND}(#{ID})" do
-      api.should_receive(KIND.to_sym).with(ID)
+      expect(api).to receive(KIND.to_sym).with(ID)
       invoke_silently
     end
     it "calls asset.exists?" do
-      asset.should_receive(:exists?)
+      expect(asset).to receive(:exists?)
       invoke_silently
     end
     it "writes response to stdout" do
@@ -67,10 +67,10 @@ describe Conjur::Command::Assets, logged_in: true do
         double(attributes: { "id" => x } )
       }
     }
-    before(:each) { api.stub("#{KIND}s".to_sym).and_return(assets_list) }
+    before(:each) { allow(api).to receive("#{KIND}s".to_sym).and_return(assets_list) }
 
     it "calls api.#{KIND}s" do
-      api.should_receive("#{KIND}s".to_sym)
+      expect(api).to receive("#{KIND}s".to_sym)
       invoke_silently
     end
     it "for each asset from response displays it's attributes" do
@@ -83,16 +83,16 @@ describe Conjur::Command::Assets, logged_in: true do
 
   shared_examples 'it obtains asset by kind and id' do
     it "obtains asset instance as api.#{KIND}(#{ID})" do
-      api.should_receive(KIND.to_sym).with(ID)
+      expect(api).to receive(KIND.to_sym).with(ID)
       invoke_silently
     end
   end
   
   shared_context "asset instance" do
     before(:each) { 
-      api.stub(KIND.to_sym).and_return(asset) 
-      asset.stub(:add_member)
-      asset.stub(:remove_member)
+      allow(api).to receive(KIND.to_sym).and_return(asset) 
+      allow(asset).to receive(:add_member)
+      allow(asset).to receive(:remove_member)
     }
   end
 
@@ -100,7 +100,7 @@ describe Conjur::Command::Assets, logged_in: true do
     include_context "asset instance"
     it_behaves_like "it obtains asset by kind and id"
     it 'calls role.grant_to(member,...)' do
-      asset.should_receive(:add_member).with(ROLE, MEMBER, anything)
+      expect(asset).to receive(:add_member).with(ROLE, MEMBER, anything)
       invoke_silently
     end
     it { expect { invoke }.to write "Membership granted" }
@@ -110,7 +110,7 @@ describe Conjur::Command::Assets, logged_in: true do
     include_context "asset instance"
     it_behaves_like "it obtains asset by kind and id"
     it 'calls role.revoke_from(member)' do
-      asset.should_receive(:remove_member).with(ROLE, MEMBER)
+      expect(asset).to receive(:remove_member).with(ROLE, MEMBER)
       invoke_silently
     end
     it { expect { invoke }.to write "Membership revoked" }