RubyGems - conjur-cli - Versions diffs - 4.4.0 → 4.5.0 - Mend

conjur-cli 4.4.0 → 4.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

data/features/support/hooks.rb +5 -2
data/lib/conjur/audit/follower.rb +52 -0
data/lib/conjur/authn.rb +5 -1
data/lib/conjur/command/audit.rb +66 -8
data/lib/conjur/dsl/runner.rb +4 -2
data/lib/conjur/version.rb +1 -1
data/spec/audit/follower_spec.rb +5 -0
data/spec/authn_spec.rb +28 -0
data/spec/command/audit_spec.rb +1 -1
metadata +64 -27
checksums.yaml +0 -7

data/features/support/hooks.rb CHANGED

@@ -18,11 +18,11 @@ class MockAPI
     else
       id = SecureRandom.uuid
     end
-    host ||= create_thing(:host, id, options, role: true)
+    host ||= create_thing(:host, id, options, role: true, api_key: true)
   end
   def create_user(id, options = {})
-    thing(:user, id) || create_thing(:user, id, options, role: true)
+    thing(:user, id) || create_thing(:user, id, options, role: true, api_key: true)
   end
   def create_variable(mime_type, kind)
@@ -70,6 +70,9 @@ class MockAPI
       end
     end
+    if kind_options[:api_key]
+      thing.api_key = SecureRandom.uuid
+    end
     if kind_options[:role]
       thing.roleid = id
       class << thing

data/lib/conjur/audit/follower.rb ADDED

@@ -0,0 +1,52 @@
+module Conjur
+  module Audit
+    class Follower
+      # Initialize a follower that will fetch more records by
+      # calling :block: with options to merge into the options passed
+      # to the audit method (eg, limit, offset)
+      def initialize &block
+        @fetch = block
+      end
+      # Follow audit events, yielding non-empty
+      # arrays of new events to :block: as they
+      # are fetched.
+      def follow &block
+        @last_event_id = nil
+        loop do
+          new_events = fetch_new_events
+          block.call new_events unless new_events.empty?
+          sleep 1 if new_events.empty?
+        end
+      end
+      protected
+      # Fetch all events after @last_event_id, updating it
+      # to point to the last event returned by this method.
+      # May return an empty array if no new events are available.
+      def fetch_new_events
+        # If @last_event_id is nil just fetch and return the
+        # most recent events, updating @last_event_id
+        if @last_event_id.nil?
+          events = @fetch.call(offset: 0)
+          @last_event_id = events.last['event_id'] unless events.empty?
+          return events
+        end
+        # We have a @last_event_id, fetch batches of events until we
+        # find it.
+        events = []
+        while (index = events.find_index{|e| e['event_id'] == @last_event_id}).nil?
+          events = @fetch.call(offset: events.length - 1, limit: 10).reverse.concat events
+        end
+        # Update @last_event_id and return the sliced events, reversing it one
+        # last time (because the block given to follow expects events to be reversed)
+        @last_event_id = events.last['event_id'] unless events.empty?
+        events[index + 1..-1].reverse
+      end
+    end
+  end
+end

data/lib/conjur/authn.rb CHANGED

@@ -43,7 +43,11 @@ module Conjur::Authn
     end
     def netrc
-      @netrc ||= Netrc.read
+      args = []
+      if path = Conjur::Config[:netrc_path]
+        args.unshift(path)
+      end
+      @netrc ||= Netrc.read(*args)
     end
     def get_credentials(options = {})

data/lib/conjur/command/audit.rb CHANGED

@@ -1,5 +1,6 @@
 require 'conjur/command'
 require 'active_support/ordered_hash'
+require 'conjur/audit/follower'
 class Conjur::Command
   class Audit < self
@@ -7,6 +8,40 @@ class Conjur::Command
     class << self
       private
+      SHORT_FORMATS = {
+        'resource:check' => lambda{|e| "checked that they can #{e[:privilege]} #{e[:resource]} (#{e[:allowed]})" },
+        'resource:create' => lambda{|e| "created resource #{e[:resource_id]} owned by #{e[:owner]}" },
+        'resource:update' => lambda{|e| "gave #{e[:resource]} to #{e[:owner]}" },
+        'resource:destroy' => lambda{|e| "destroyed resource #{e[:resource]}" },
+        'resource:permit' => lambda{|e| "permitted #{e[:grantee]} to #{e[:privilege]} #{e[:resource]} (grant option: #{!!e[:grant_option]})" },
+        'resource:deny' => lambda{|e| "denied #{e[:privilege]} from #{e[:grantee]} on #{e[:resource]}" },
+        'resource:permitted_roles' => lambda{|e| "listed roles permitted to #{e[:permission]} on #{e[:resource]}" },
+        'role:check' => lambda{|e| "checked that #{e[:role] == e[:conjur_user] ? 'they' : e[:role]} can #{e[:privilege]} #{e[:resource]} (#{e[:allowed]})" },
+        'role:grant' => lambda{|e| "granted role #{e[:role]} to #{e[:member]} #{e[:admin_option] ? ' with ' : ' without '}admin" },
+        'role:revoke' => lambda{|e| "revoked role #{e[:role]} from #{e[:member]}" },
+        'role:create' => lambda{|e| "created role #{e[:role_id]}" }
+      }
+      def short_event_format e
+        e.symbolize_keys!
+        # hack: sometimes resource is a hash.  We don't want that!
+        if e[:resource] && e[:resource].kind_of?(Hash)
+          e[:resource] = e[:resource]['id']
+        end
+        s = "[#{Time.at(e[:timestamp])}] "
+        s << " #{e[:conjur_user]}"
+        s << " (as #{e[:conjur_role]})" if e[:conjur_role] != e[:conjur_user]
+        formatter = SHORT_FORMATS["#{e[:asset]}:#{e[:action]}"]
+        if formatter
+          s << " " << formatter.call(e)
+        else
+          s << " unknown event: #{e[:asset]}:#{e[:action]}!"
+        end
+        s << " (failed with #{e[:error]})" if e[:error]
+        s
+      end
       def extract_int_option(source, name, dest=nil)
         if val = source[name]
           raise "Expected an integer for #{name}, but got #{val}" unless /\d+/ =~ val
@@ -15,15 +50,24 @@ class Conjur::Command
       end
       def extract_audit_options options
-        {}.tap do |opts|
-          [:limit, :offset].each do |name|
-            extract_int_option(options, name, opts)
-          end
+        # Do a little song and dance to simplify testing
+        extracted = options.slice :follow, :short
+        [:limit, :offset].each do |name|
+            extract_int_option(options, name, extracted)
         end
+        if extracted[:follow] && extracted[:offset]
+            exit_now! "--offset option not allowed for --follow", 1
+        end
+        extracted
       end
-      def show_audit_events events
-        puts JSON.pretty_generate(events)
+      def show_audit_events events, options
+        events.reverse!
+        if options[:short]
+          events.each{|e| puts short_event_format(e)}
+        else
+          puts JSON.pretty_generate(events)
+        end
       end
       def audit_feed_command kind, &block
@@ -34,9 +78,23 @@ class Conjur::Command
           c.desc "Offset of the first event to return"
           c.flag [:o, :offset]
+          c.desc "Short output format"
+          c.switch [:s, :short]
+          c.desc "Follow events as they are generated"
+          c.switch [:f, :follow]
           c.action do |global_options, options, args|
-            opts = extract_audit_options options
-            show_audit_events instance_exec(args, opts, &block)
+            options = extract_audit_options options
+            if options[:follow]
+              Conjur::Audit::Follower.new do |merge_options|
+                instance_exec(args, options.merge(merge_options), &block)
+              end.follow do |events|
+                show_audit_events events, options
+              end
+            else
+              show_audit_events instance_exec(args, options, &block), options
+            end
           end
         end
       end

data/lib/conjur/dsl/runner.rb CHANGED

@@ -93,8 +93,10 @@ module Conjur
       def create_variable id = nil, options = {}, &block
         options[:id] = id if id
-        mime_type = options.delete(:mime_type)
-        kind = options.delete(:kind)
+        mime_type = options.delete(:mime_type) || 'text/plain'
+        kind = options.delete(:kind) || 'secret'
+        var = api.create_variable(mime_type, kind, options)
+        do_object var, &block
       end
       def owns

data/lib/conjur/version.rb CHANGED

@@ -19,5 +19,5 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 module Conjur
-  VERSION = "4.4.0"
+  VERSION = "4.5.0"
 end

data/spec/audit/follower_spec.rb ADDED

@@ -0,0 +1,5 @@
+require 'spec_helper'
+describe Conjur::Audit::Follower do
+end

data/spec/authn_spec.rb ADDED

@@ -0,0 +1,28 @@
+require 'conjur/authn'
+require 'conjur/config'
+describe Conjur::Authn do
+  describe "netrc" do
+    before {
+      Conjur::Authn.instance_variable_set("@netrc", nil)
+      Conjur::Config.should_receive(:[]).with(:netrc_path).and_return path
+    }
+    after {
+      Conjur::Authn.instance_variable_set("@netrc", nil)
+    }
+    context "with specified netrc_path" do
+      let(:path) { double("path") }
+      it "consults Conjur::Config for netrc_path" do
+        Netrc.should_receive(:read).with(path).and_return netrc = double("netrc")
+        Conjur::Authn.netrc.should == netrc
+      end
+    end
+    context "without specified netrc_path" do
+      let(:path) { nil }
+      it "uses default netrc path" do
+        Netrc.should_receive(:read).with().and_return netrc = double("netrc")
+        Conjur::Authn.netrc.should == netrc
+      end
+    end
+  end
+end

data/spec/command/audit_spec.rb CHANGED

@@ -5,7 +5,7 @@ describe Conjur::Command::Audit, logged_in: true do
   def expect_api_call method, *args
     api.should_receive(method.to_sym).with(*args).and_return events
-    described_class.should_receive(:show_audit_events).with(events)
+    described_class.should_receive(:show_audit_events).with(events, an_instance_of(Hash))
   end
   def invoke_expecting_api_call method, *args

metadata CHANGED

@@ -1,7 +1,8 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 4.4.0
+  version: 4.5.0
+  prerelease:
 platform: ruby
 authors:
 - Rafał Rzepecki
@@ -9,151 +10,172 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-12-24 00:00:00.000000000 Z
+date: 2014-01-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: conjur-api
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '4.0'
 - !ruby/object:Gem::Dependency
   name: gli
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: highline
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: netrc
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: methadone
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: deep_merge
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: cas_rest_client
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: aruba
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: ci_reporter
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -161,6 +183,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -168,6 +191,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -175,6 +199,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -212,6 +237,7 @@ files:
 - features/support/env.rb
 - features/support/hooks.rb
 - lib/conjur.rb
+- lib/conjur/audit/follower.rb
 - lib/conjur/authn.rb
 - lib/conjur/cli.rb
 - lib/conjur/command.rb
@@ -236,6 +262,8 @@ files:
 - lib/conjur/dsl/runner.rb
 - lib/conjur/identifier_manipulation.rb
 - lib/conjur/version.rb
+- spec/audit/follower_spec.rb
+- spec/authn_spec.rb
 - spec/command/assets_spec.rb
 - spec/command/audit_spec.rb
 - spec/command/authn_spec.rb
@@ -251,26 +279,33 @@ files:
 homepage: https://github.com/inscitiv/cli-ruby
 licenses:
 - MIT
-metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: 1871278325472077316
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: 1871278325472077316
 requirements: []
 rubyforge_project:
-rubygems_version: 2.0.3
+rubygems_version: 1.8.25
 signing_key:
-specification_version: 4
+specification_version: 3
 summary: Conjur command line interface
 test_files:
 - features/dsl_context.feature
@@ -284,6 +319,8 @@ test_files:
 - features/step_definitions/dsl_steps.rb
 - features/support/env.rb
 - features/support/hooks.rb
+- spec/audit/follower_spec.rb
+- spec/authn_spec.rb
 - spec/command/assets_spec.rb
 - spec/command/audit_spec.rb
 - spec/command/authn_spec.rb

checksums.yaml DELETED

@@ -1,7 +0,0 @@
----
-SHA1:
-  metadata.gz: 873f90a23b9e22be41441f80c9086f5c005137fe
-  data.tar.gz: 7c6d8a46e66a871415dc3085bc28ef6551c30289
-SHA512:
-  metadata.gz: efe1fdb784cd353cbf45d0b60ab4744bc5bdd83c9ee333257e4ca0515b4e486426edd03645a125b349443729c241a18e42966adb773fd11b9ab533a9eab56a01
-  data.tar.gz: 5bec66f78fdccf45d679b2f58a8f4c7cec8e2a65d2bafe116b8e266832b9590fc6c50200278b806b22847664a41a53a03bdd601107bb9fc6a47f74630ac87664