conjur-cli 4.25.2 → 4.26.0

data/lib/conjur/command/plugin.rb

@@ -49,31 +49,31 @@ class Conjur::Command::Plugin < Conjur::Command
     end
 
     cmd.desc 'Install a plugin'
-    cmd.arg_name 'name'
+    cmd.arg_name 'PLUGIN'
     cmd.command :install do |c|
       c.arg_name 'version'
       c.desc 'Version of the plugin to install'
       c.flag [:v, :version], :default_value => Gem::Requirement.default
 
       c.action do |_, options, args|
-        install_plugin(require_arg(args, 'name'), options[:version])
+        install_plugin(require_arg(args, 'PLUGIN'), options[:version])
       end
     end
 
     cmd.desc 'Uninstall a plugin'
-    cmd.arg_name 'name'
+    cmd.arg_name 'PLUGIN'
     cmd.command :uninstall do |c|
       c.action do |_, _, args|
-        name = require_arg(args, 'name')
+        name = require_arg(args, 'PLUGIN')
         uninstall_plugin(name)
       end
     end
 
     cmd.desc "Show a plugin's details"
-    cmd.arg_name 'name'
+    cmd.arg_name 'PLUGIN'
     cmd.command :show do |c|
       c.action do |_, _, args|
-        name = require_arg(args, 'name')
+        name = require_arg(args, 'PLUGIN')
         begin
           gem = Gem::Specification.find_by_name "conjur-asset-#{name}"
           puts "Name: #{name}"

data/lib/conjur/command/policy.rb

@@ -62,7 +62,7 @@ annotations on the policy. The policy role becomes the owner of the owned policy
 --as-group and --as-role options can be used to set the owner of the policy role. The default
 owner of the policy role is the logged-in user (you), as always.
     DESC
-    policy.arg_name "(policy-file | STDIN)"
+    policy.arg_name "FILE"
     policy.command :load do |c|
       acting_as_option(c)
 
@@ -71,7 +71,7 @@ owner of the policy role is the logged-in user (you), as always.
       c.flag [:collection]
 
       c.desc "Load context from this config file, and save it when finished. The file permissions will be 0600 by default."
-      c.arg_name "context"
+      c.arg_name "FILE"
       c.flag [:c, :context]
 
       c.action do |global_options,options,args|

data/lib/conjur/command/pubkeys.rb

@@ -26,19 +26,19 @@ class Conjur::Command::Pubkeys < Conjur::Command
   command :pubkeys do |pubkeys|
 
     pubkeys.desc "List public keys for the given user"
-    pubkeys.arg_name "username"
+    pubkeys.arg_name "USER"
     pubkeys.command :show do |c|
       c.action do |global_options, options, args|
-        username = require_arg args, "username"
+        username = require_arg args, "USER"
         puts api.public_keys(username)
       end
     end
 
     pubkeys.desc "List the names of a user's public keys"
-    pubkeys.arg_name "username"
+    pubkeys.arg_name "USER"
     pubkeys.command :names do |c|
       c.action do |global_options, options, args|
-        username = require_arg args, "username"
+        username = require_arg args, "USER"
         api.public_keys(username)
         .split("\n")
         .map{|k| k.split(' ').last}
@@ -65,7 +65,7 @@ The public key itself may be provided in several ways.
       
       c.action do |global_options, options, args|
         options[:interactive] = $stdin.isatty if options[:interactive].nil?
-        username = require_arg args, "username"
+        username = require_arg args, "USER"
         if key = args.shift
           if /^@(.+)$/ =~ key
             key = File.read(File.expand_path($1))
@@ -86,11 +86,11 @@ The public key itself may be provided in several ways.
     end
 
     pubkeys.desc "Removes a public key for a user"
-    pubkeys.arg_name "username keyname"
+    pubkeys.arg_name "USER KEY"
     pubkeys.command :delete do |c|
       c.action do |global_options, options, args|
-        username = require_arg args, "username"
-        keyname = require_arg args, "keyname"
+        username = require_arg args, "USER"
+        keyname = require_arg args, "KEY"
         api.delete_public_key username, keyname
         puts "Public key '#{keyname}' deleted"
       end

data/lib/conjur/command/resources.rb

@@ -24,12 +24,12 @@ class Conjur::Command::Resources < Conjur::Command
   command :resource do |resource|
 
     resource.desc "Create a new resource"
-    resource.arg_name "resource-id"
+    resource.arg_name "RESOURCE"
     resource.command :create do |c|
       acting_as_option(c)
 
       c.action do |global_options,options,args|
-        id = full_resource_id( require_arg(args, "resource-id") )
+        id = full_resource_id( require_arg(args, "RESOURCE") )
         resource = api.resource(id)
 
         if ownerid = options.delete(:ownerid)
@@ -42,32 +42,32 @@ class Conjur::Command::Resources < Conjur::Command
     end
 
     resource.desc "Show a resource"
-    resource.arg_name "resource-id"
+    resource.arg_name "RESOURCE"
     resource.command :show do |c|
       c.action do |global_options,options,args|
-        id = full_resource_id( require_arg(args, "resource-id") )
+        id = full_resource_id( require_arg(args, "RESOURCE") )
         display api.resource(id).attributes
       end
     end
 
     resource.desc "Determines whether a resource exists"
-    resource.arg_name "resource-id"
+    resource.arg_name "RESOURCE"
     resource.command :exists do |c|
       c.action do |global_options,options,args|
-        id = full_resource_id( require_arg(args, "resource-id") )
+        id = full_resource_id( require_arg(args, "RESOURCE") )
         puts api.resource(id).exists?
       end
     end
 
     resource.desc "Give a privilege on a resource"
-    resource.arg_name "resource-id role privilege"
+    resource.arg_name "RESOURCE ROLE PRIVILEGE"
     resource.command :permit do |c|
       c.desc "allow transfer to other roles"
       c.switch [:g, :grantable]
       c.action do |global_options,options,args|
-        id = full_resource_id( require_arg(args, "resource-id") )
-        role = require_arg(args, "role")
-        privilege = require_arg(args, "privilege")
+        id = full_resource_id( require_arg(args, "RESOURCE") )
+        role = require_arg(args, "ROLE")
+        privilege = require_arg(args, "PRIVILEGE")
         unless options[:g]
           api.resource(id).permit privilege, role
         else
@@ -79,12 +79,12 @@ class Conjur::Command::Resources < Conjur::Command
     end
 
     resource.desc "Deny a privilege on a resource"
-    resource.arg_name "resource-id role privilege"
+    resource.arg_name "RESOURCE ROLE PRIVILEGE"
     resource.command :deny do |c|
       c.action do |global_options,options,args|
-        id = full_resource_id( require_arg(args, "resource-id") )
-        role = require_arg(args, "role")
-        privilege = require_arg(args, "privilege")
+        id = full_resource_id( require_arg(args, "RESOURCE") )
+        role = require_arg(args, "ROLE")
+        privilege = require_arg(args, "PRIVILEGE")
         api.resource(id).deny privilege, role
         puts "Permission revoked"
       end
@@ -97,13 +97,13 @@ class Conjur::Command::Resources < Conjur::Command
   When the role argument is used, either the logged-in user must either own the specified
   resource or be an admin of the specified role (i.e. be granted the specified role with grant option).
   """
-    resource.arg_name "resource-id privilege"
+    resource.arg_name "RESOURCE PRIVILEGE"
     resource.command :check do |c|
       c.desc "Role to check. By default, the current logged-in role is used"
       c.flag [:r,:role]
 
       c.action do |global_options,options,args|
-        id = full_resource_id( require_arg(args, "resource-id") )
+        id = full_resource_id( require_arg(args, "RESOURCE") )
         privilege = args.shift or raise "Missing parameter: privilege"
         if role = options[:role]
           role = api.role(role)
@@ -115,38 +115,38 @@ class Conjur::Command::Resources < Conjur::Command
     end
 
     resource.desc "Grant ownership on a resource to a new owner"
-    resource.arg_name "resource-id owner"
+    resource.arg_name "RESOURCE USER"
     resource.command :give do |c|
       c.action do |global_options,options,args|
-        id = full_resource_id( require_arg(args, "resource-id") )
-        owner = require_arg(args, "owner")
+        id = full_resource_id( require_arg(args, "RESOURCE") )
+        owner = require_arg(args, "USER")
         api.resource(id).give_to owner
         puts "Ownership granted"
       end
     end
 
     resource.desc "List roles with a specified permission on the resource"
-    resource.arg_name "resource-id permission"
+    resource.arg_name "RESOURCE PERMISSION"
     resource.command :permitted_roles do |c|
       c.action do |global_options,options,args|
-        id = full_resource_id( require_arg(args, "resource-id") )
-        permission = require_arg(args, "permission")
+        id = full_resource_id( require_arg(args, "RESOURCE") )
+        permission = require_arg(args, "PERMISSION")
         display api.resource(id).permitted_roles(permission)
       end
     end
 
     resource.desc "Set an annotation on a resource"
-    resource.arg_name "resource-id name value"
+    resource.arg_name "RESOURCE ANNOTATION value"
     resource.command :annotate do |c|
       interactive_option c
       
       c.action do |global_options, options, args|
-        id = full_resource_id require_arg(args, 'resource-id')
+        id = full_resource_id require_arg(args, 'RESOURCE')
 
         annotations = if options[:interactive]
           prompt_for_annotations
         else
-          name = require_arg args, 'name'
+          name = require_arg args, 'ANNOTATION'
           value = require_arg args, 'value'
           { name => value }
         end
@@ -158,21 +158,21 @@ class Conjur::Command::Resources < Conjur::Command
     end
 
     resource.desc "Show an annotation for a resource"
-    resource.arg_name "resource-id name"
+    resource.arg_name "RESOURCE ANNOTATION"
     resource.command :annotation do |c|
       c.action do |global_options, options, args|
-        id = full_resource_id require_arg args, 'resource-id'
-        name = require_arg args, 'name'
+        id = full_resource_id require_arg args, 'RESOURCE'
+        name = require_arg args, 'ANNOTATION'
         value = api.resource(id).annotations[name]
         puts value unless value.nil?
       end
     end
 
     resource.desc "Print annotations as JSON"
-    resource.arg_name 'resource-id'
+    resource.arg_name 'RESOURCE'
     resource.command :annotations do |c|
       c.action do |go, o, args|
-        id = full_resource_id require_arg args, 'resource-id'
+        id = full_resource_id require_arg args, 'RESOURCE'
         annots = api.resource(id).annotations.to_h
         puts annots.to_json
       end

data/lib/conjur/command/roles.rb

@@ -27,7 +27,7 @@ class Conjur::Command::Roles < Conjur::Command
   command :role do |role|
 
     role.desc "Create a new role"
-    role.arg_name "role"
+    role.arg_name "ROLE"
     role.command :create do |c|
       acting_as_option(c)
       
@@ -35,7 +35,7 @@ class Conjur::Command::Roles < Conjur::Command
       c.switch "json"
 
       c.action do |global_options,options,args|
-        id = require_arg(args, 'role')
+        id = require_arg(args, 'ROLE')
         role = api.role(id)
 
         if ownerid = options.delete(:ownerid)
@@ -54,13 +54,13 @@ class Conjur::Command::Roles < Conjur::Command
     end
 
     role.desc "Determines whether a role exists"
-    role.arg_name "role"
+    role.arg_name "ROLE"
     role.command :exists do |c|
       c.desc "Output a JSON response with a single field, exists"
       c.switch "json"
       
       c.action do |global_options,options,args|
-        id = require_arg(args, 'role')
+        id = require_arg(args, 'ROLE')
         role = api.role(id)
         if options[:json]
           display({
@@ -73,7 +73,7 @@ class Conjur::Command::Roles < Conjur::Command
     end
 
     role.desc "Lists role memberships. The role membership list is recursively expanded."
-    role.arg_name "role"
+    role.arg_name "ROLE"
 
     role.command :memberships do |c|
       c.desc "Whether to show system (internal) roles"
@@ -91,7 +91,7 @@ class Conjur::Command::Roles < Conjur::Command
     end
 
     role.desc "Lists all direct members of the role. The membership list is not recursively expanded."
-    role.arg_name "role"
+    role.arg_name "ROLE"
     role.command :members do |c|
       c.desc "Verbose output"
       c.switch [:V,:verbose]
@@ -103,14 +103,14 @@ class Conjur::Command::Roles < Conjur::Command
     end
 
     role.desc "Grant a role to another role. You must have admin permission on the granting role."
-    role.arg_name "role member"
+    role.arg_name "ROLE-1 ROLE-2"
     role.command :grant_to do |c|
       c.desc "Whether to grant with admin option"
       c.switch [:a,:admin]
 
       c.action do |global_options,options,args|
-        id = require_arg(args, 'role')
-        member = require_arg(args, 'member')
+        id = require_arg(args, 'ROLE-1')
+        member = require_arg(args, 'ROLE-2')
         role = api.role(id)
         grant_options = {}
         grant_options[:admin_option] = true if options[:admin]
@@ -121,11 +121,11 @@ class Conjur::Command::Roles < Conjur::Command
 
 
     role.desc "Revoke a role from another role. You must have admin permission on the revoking role."
-    role.arg_name "role member"
+    role.arg_name "ROLE-1 ROLE-2"
     role.command :revoke_from do |c|
       c.action do |global_options,options,args|
-        id = require_arg(args, 'role')
-        member = require_arg(args, 'member')
+        id = require_arg(args, 'ROLE-1')
+        member = require_arg(args, 'ROLE-2')
         role = api.role(id)
         role.revoke_from member
         puts "Role revoked"
@@ -176,7 +176,7 @@ If the --short flag is not present, the JSON output will be more verbose:
 EOD
     
     role.desc "Describe role memberships as a digraph"
-    role.arg_name "role", :multiple
+    role.arg_name "ROLE", :multiple
     role.command :graph do |c|
       c.desc "Output formats [#{GRAPH_FORMATS}]"
       c.flag [:f,:format], default_value: 'json', must_match: GRAPH_FORMATS
@@ -214,4 +214,4 @@ EOD
       end
     end
   end
-end
+end

data/lib/conjur/command/rspec/audit_helpers.rb

@@ -14,7 +14,6 @@ shared_context "default audit behavior" do
                     "account"=>"the-account"
                     }
                   },
-      "user" => "account:user:alice",
       "acting_as" => "account:group:admins",
       "conjur" =>   { # new behaviour
                   "user" => "account:user:alice",

data/lib/conjur/command/script.rb

@@ -28,7 +28,7 @@ class Conjur::Command::Script < Conjur::DSLCommand
       acting_as_option(c)
 
       c.desc "Load context from this config file, and save it when finished. The file permissions will be 0600 by default."
-      c.arg_name "context"
+      c.arg_name "FILE"
       c.flag [:c, :context]
 
       c.action do |global_options,options,args|
@@ -36,4 +36,4 @@ class Conjur::Command::Script < Conjur::DSLCommand
       end
     end
   end
-end
+end

data/lib/conjur/command/shellinit.rb

@@ -0,0 +1,36 @@
+#
+# Copyright (C) 2014 Conjur Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+require 'conjur/command'
+
+class Conjur::Command::ShellInit < Conjur::Command
+  desc 'Provide the command to initialize the shell for conjur'
+
+  Conjur::CLI.command :shellinit do |c|
+    hide_docs c
+    c.desc 'Provide the command to initialize the shell for conjur'
+    c.action do |global_options,options,args|
+      cmd = <<-eoc
+complete -o nospace -C _conjur conjur;
+eoc
+      puts cmd.tr "\n", " "
+    end
+  end
+end

data/lib/conjur/command/users.rb

@@ -25,7 +25,7 @@ class Conjur::Command::Users < Conjur::Command
   command :user do |user|
 
     user.desc "Create a new user"
-    user.arg_name "login"
+    user.arg_name "NAME"
     user.command :create do |c|
       c.desc "Prompt for a password for the user (default: --no-password)"
       c.switch [:p,:password]
@@ -86,21 +86,21 @@ class Conjur::Command::Users < Conjur::Command
     end
 
     user.desc "Show a user"
-    user.arg_name "id"
+    user.arg_name "USER"
     user.command :show do |c|
       c.action do |global_options,options,args|
-        id = require_arg(args, 'id')
+        id = require_arg(args, 'USER')
         display(api.user(id), options)
       end
     end
 
     user.desc "Decommission a user"
-    user.arg_name "id"
+    user.arg_name "USER"
     user.command :retire do |c|
       retire_options c
 
       c.action do |global_options,options,args|
-        id = require_arg(args, 'id')
+        id = require_arg(args, 'USER')
         
         user = api.user(id)
         
@@ -137,12 +137,12 @@ class Conjur::Command::Users < Conjur::Command
     end
 
     user.desc "Update user's attributes (only uidnumber supported now)"
-    user.arg_name "login" 
+    user.arg_name "USER" 
     user.command :update do |c|
       c.desc "UID number to be associated with user"
       c.flag [:uidnumber]
       c.action do |global_options, options, args|
-        login=require_arg(args,'login')
+        login=require_arg(args,'USER')
         raise "Uidnumber should be integer" unless /\d+/ =~ options[:uidnumber]
         options[:uidnumber]=options[:uidnumber].to_i
         api.user(login).update(options)
@@ -151,7 +151,7 @@ class Conjur::Command::Users < Conjur::Command
     end
 
     user.desc "Find the user by UID" 
-    user.arg_name "uid" 
+    user.arg_name "uid"
     user.command :uidsearch do |c| 
       c.action do |global_options, options, args| 
         uidnumber = require_arg(args,'uid')