conjur-cli 4.7.3 → 4.7.4
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +1 -1
- data/lib/conjur/command/init.rb +17 -7
- data/lib/conjur/command/roles.rb +3 -3
- data/lib/conjur/command/search.rb +34 -0
- data/lib/conjur/command/variables.rb +15 -0
- data/lib/conjur/version.rb +1 -1
- data/spec/command/init_spec.rb +19 -6
- metadata +5 -6
- data/tamr.rb +0 -15
data/Gemfile
CHANGED
@@ -12,5 +12,5 @@ group :development do
|
|
12
12
|
gem 'conjur-asset-environment-api'
|
13
13
|
gem 'conjur-asset-key-pair-api'
|
14
14
|
gem 'conjur-asset-layer-api'
|
15
|
-
gem 'conjur-asset-ui-api', git: 'git@github.com:conjurinc/conjur-asset-ui', branch: '
|
15
|
+
gem 'conjur-asset-ui-api', git: 'git@github.com:conjurinc/conjur-asset-ui', branch: 'master'
|
16
16
|
end
|
data/lib/conjur/command/init.rb
CHANGED
@@ -37,13 +37,13 @@ class Conjur::Command::Init < Conjur::Command
|
|
37
37
|
end
|
38
38
|
|
39
39
|
Conjur::CLI.command :init do |c|
|
40
|
-
c.desc "Conjur account name (required)"
|
41
|
-
c.flag ["a", "account"]
|
42
|
-
|
43
40
|
c.desc "Hostname of the Conjur endpoint (required for virtual appliance)"
|
44
41
|
c.flag ["h", "hostname"]
|
45
42
|
|
46
|
-
c.desc "Conjur
|
43
|
+
c.desc "Conjur account name (will be obtained from the host unless provided by this option)"
|
44
|
+
c.flag ["a", "account"]
|
45
|
+
|
46
|
+
c.desc "Conjur SSL certificate (will be obtained from host unless provided by this option)"
|
47
47
|
c.flag ["c", "certificate"]
|
48
48
|
|
49
49
|
c.desc "File to write the configuration to"
|
@@ -56,9 +56,19 @@ class Conjur::Command::Init < Conjur::Command
|
|
56
56
|
c.action do |global_options,options,args|
|
57
57
|
hl = HighLine.new $stdin, $stderr
|
58
58
|
|
59
|
-
# using .to_s to overcome https://github.com/JEG2/highline/issues/69
|
60
|
-
account = options[:account] || hl.ask("Enter your account name: ").to_s
|
61
59
|
hostname = options[:hostname] || hl.ask("Enter the hostname (and optional port) of your Conjur endpoint: ").to_s
|
60
|
+
exit_now! "Hostname should not include the protocol" if hostname =~ /^https?\:/
|
61
|
+
if hostname
|
62
|
+
Conjur.configuration.core_url = "https://#{hostname}/api"
|
63
|
+
end
|
64
|
+
|
65
|
+
account = options[:account]
|
66
|
+
account ||= if hostname
|
67
|
+
account = Conjur::Core::API.info['account'] or raise "Exepcting 'account' in Core info"
|
68
|
+
else
|
69
|
+
# using .to_s to overcome https://github.com/JEG2/highline/issues/69
|
70
|
+
hl.ask("Enter your account name: ").to_s
|
71
|
+
end
|
62
72
|
|
63
73
|
if (certificate = options[:certificate]).blank?
|
64
74
|
unless hostname.blank?
|
@@ -80,7 +90,7 @@ class Conjur::Command::Init < Conjur::Command
|
|
80
90
|
|
81
91
|
puts "\nPlease verify this certificate on the appliance using command:
|
82
92
|
openssl x509 -fingerprint -noout -in ~conjur/etc/ssl/conjur.pem\n\n"
|
83
|
-
exit_now! unless hl.ask("Trust this certificate (yes/no): ").strip == "yes"
|
93
|
+
exit_now! "You decided not to trust the certificate" unless hl.ask("Trust this certificate (yes/no): ").strip == "yes"
|
84
94
|
end
|
85
95
|
end
|
86
96
|
|
data/lib/conjur/command/roles.rb
CHANGED
@@ -52,7 +52,7 @@ class Conjur::Command::Roles < Conjur::Command
|
|
52
52
|
end
|
53
53
|
end
|
54
54
|
|
55
|
-
desc "Lists role memberships"
|
55
|
+
desc "Lists role memberships. The role membership list is recursively expanded."
|
56
56
|
arg_name "role"
|
57
57
|
command :memberships do |c|
|
58
58
|
c.action do |global_options,options,args|
|
@@ -62,7 +62,7 @@ class Conjur::Command::Roles < Conjur::Command
|
|
62
62
|
end
|
63
63
|
end
|
64
64
|
|
65
|
-
desc "Lists all members of the role"
|
65
|
+
desc "Lists all direct members of the role. The membership list is not recursively expanded."
|
66
66
|
arg_name "role"
|
67
67
|
command :members do |c|
|
68
68
|
c.desc "Verbose output"
|
@@ -102,7 +102,7 @@ class Conjur::Command::Roles < Conjur::Command
|
|
102
102
|
end
|
103
103
|
end
|
104
104
|
|
105
|
-
desc "Revoke a role from another role."
|
105
|
+
desc "Revoke a role from another role. You must have admin permission on the revoking role."
|
106
106
|
arg_name "role member"
|
107
107
|
command :revoke_from do |c|
|
108
108
|
c.action do |global_options,options,args|
|
@@ -0,0 +1,34 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (C) 2014 Conjur Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
+
# this software and associated documentation files (the "Software"), to deal in
|
6
|
+
# the Software without restriction, including without limitation the rights to
|
7
|
+
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
+
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
+
# subject to the following conditions:
|
10
|
+
#
|
11
|
+
# The above copyright notice and this permission notice shall be included in all
|
12
|
+
# copies or substantial portions of the Software.
|
13
|
+
#
|
14
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
+
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
+
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
+
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
+
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
+
#
|
21
|
+
require 'conjur/api'
|
22
|
+
require 'conjur/command'
|
23
|
+
|
24
|
+
class Conjur::Command::Init < Conjur::Command
|
25
|
+
desc "Search through Conjur assets"
|
26
|
+
|
27
|
+
arg_name "pattern"
|
28
|
+
Conjur::CLI.command :search do |c|
|
29
|
+
c.action do |global_options,options,args|
|
30
|
+
pattern = args.shift
|
31
|
+
puts api.resources(search: pattern).map {|r| r.resource_id }
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -82,4 +82,19 @@ class Conjur::Command::Variables < Conjur::Command
|
|
82
82
|
$stdout.write api.variable(id).value(options[:version])
|
83
83
|
end
|
84
84
|
end
|
85
|
+
|
86
|
+
desc "Store value into temporary file and print out it's name"
|
87
|
+
arg_name "variable"
|
88
|
+
command :"to_file" do |c|
|
89
|
+
c.desc "Version number"
|
90
|
+
c.flag [:v, :version]
|
91
|
+
c.action do |global_options,options,args|
|
92
|
+
id = require_arg(args, 'variable')
|
93
|
+
value = api.variable(id).value(options[:version])
|
94
|
+
tempfile = `mktemp /dev/shm/conjur.XXXXXX`.strip
|
95
|
+
File.open(tempfile,'w') { |f| f.write(value) }
|
96
|
+
puts tempfile
|
97
|
+
end
|
98
|
+
|
99
|
+
end
|
85
100
|
end
|
data/lib/conjur/version.rb
CHANGED
data/spec/command/init_spec.rb
CHANGED
@@ -7,12 +7,25 @@ describe Conjur::Command::Init do
|
|
7
7
|
before {
|
8
8
|
File.stub(:exists?).and_return false
|
9
9
|
}
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
10
|
+
context "auto-fetching fingerprint" do
|
11
|
+
before {
|
12
|
+
HighLine.any_instance.stub(:ask).with("Enter the hostname (and optional port) of your Conjur endpoint: ").and_return "the-host"
|
13
|
+
Object.any_instance.should_receive(:`).with("echo | openssl s_client -connect the-host:443 2>/dev/null | openssl x509 -fingerprint").and_return "the-fingerprint"
|
14
|
+
HighLine.any_instance.stub(:ask).with(/^Trust this certificate/).and_return "yes"
|
15
|
+
}
|
16
|
+
describe_command 'init' do
|
17
|
+
it "fetches account and writes config file" do
|
18
|
+
# Stub hostname
|
19
|
+
Conjur::Core::API.should_receive(:info).and_return "account" => "the-account"
|
20
|
+
File.should_receive(:open)
|
21
|
+
invoke
|
22
|
+
end
|
23
|
+
end
|
24
|
+
describe_command 'init -a the-account' do
|
25
|
+
it "writes config file" do
|
26
|
+
File.should_receive(:open)
|
27
|
+
invoke
|
28
|
+
end
|
16
29
|
end
|
17
30
|
end
|
18
31
|
describe_command 'init -a the-account -h foobar' do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-cli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.7.
|
4
|
+
version: 4.7.4
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2014-03-
|
13
|
+
date: 2014-03-26 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: conjur-api
|
@@ -258,6 +258,7 @@ files:
|
|
258
258
|
- lib/conjur/command/rspec/mock_services.rb
|
259
259
|
- lib/conjur/command/rspec/output_matchers.rb
|
260
260
|
- lib/conjur/command/script.rb
|
261
|
+
- lib/conjur/command/search.rb
|
261
262
|
- lib/conjur/command/secrets.rb
|
262
263
|
- lib/conjur/command/users.rb
|
263
264
|
- lib/conjur/command/variables.rb
|
@@ -283,8 +284,6 @@ files:
|
|
283
284
|
- spec/conjurrc
|
284
285
|
- spec/dsl/runner_spec.rb
|
285
286
|
- spec/spec_helper.rb
|
286
|
-
- tamr.rb
|
287
|
-
- update_ci.sh
|
288
287
|
homepage: https://github.com/conjurinc/cli-ruby
|
289
288
|
licenses:
|
290
289
|
- MIT
|
@@ -300,7 +299,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
300
299
|
version: '0'
|
301
300
|
segments:
|
302
301
|
- 0
|
303
|
-
hash: -
|
302
|
+
hash: -2016326109517341057
|
304
303
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
305
304
|
none: false
|
306
305
|
requirements:
|
@@ -309,7 +308,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
309
308
|
version: '0'
|
310
309
|
segments:
|
311
310
|
- 0
|
312
|
-
hash: -
|
311
|
+
hash: -2016326109517341057
|
313
312
|
requirements: []
|
314
313
|
rubyforge_project:
|
315
314
|
rubygems_version: 1.8.25
|
data/tamr.rb
DELETED