conjur-cli 4.9.3 → 4.10.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5d219c046cb6b4a44c0b1754f925b0ea77882eb2
+  data.tar.gz: 2986ef662a9d837d49e30e66b3d465d82b541099
+SHA512:
+  metadata.gz: 4ef2f8845165add6f0e3c0988f5b919bc241194738f2561190bf2c7b159394f0b3db202efa854123dd3e28a6aae0a60add5b618844ab7feae2707f70dc44f598
+  data.tar.gz: 88176c1f04a89cc484dc6cfc7c4f32aa7a9938d1818e5e29a44f3d9799642277929c41314234d6259120233ac080d4a93e5130d0820592cdec80a267f16deb06

data/.gitignore

@@ -27,3 +27,5 @@ tmp
 .idea
 .rvmrc
 update_ci.sh
+.ruby-version
+.ruby-gemset

data/Gemfile

@@ -3,8 +3,9 @@ source 'https://rubygems.org'
 # Specify your gem's dependencies in conjur.gemspec
 gemspec
 
-gem 'conjur-api', '>=4.8', git: 'https://github.com/conjurinc/api-ruby.git', branch: 'master'
+gem 'conjur-api', git: 'https://github.com/conjurinc/api-ruby.git', branch: 'master'
 
 group :test, :development do
   gem 'pry'
+  gem 'ruby-prof'
 end

data/Rakefile

@@ -16,4 +16,35 @@ task :jenkins => ['ci:setup:rspec', :spec, 'ci:setup:cucumber_report_cleanup'] d
   File.write('build_number', ENV['BUILD_NUMBER']) if ENV['BUILD_NUMBER']
 end
 
-task default: [:spec, :features]
+task :completions do
+  # having 'lib' in the load path, which happens to be the case when running rake,
+  # messes up GLIs commands_from
+  $:.delete('lib')
+  require 'conjur/cli'
+  require 'yaml'
+
+  Conjur::CLI.init!
+  def ignore? name
+    name = name.to_s
+    # Ignore GLIs internal commands and one of our deprecated ones
+    name.start_with?('_') or name.include?(':')
+  end
+
+  def visit cmd
+    child = {}
+    cmd.commands.each do |name, ccmd|
+      next if ignore?(name)
+      child[name] = visit(ccmd)
+      child[name] = true if child[name].empty?
+    end
+    child
+  end
+
+  commands = visit Conjur::CLI
+
+  File.open("#{File.dirname(__FILE__)}/bin/_conjur_completions.yaml", "w") do |io|
+    YAML.dump(commands, io)
+  end
+end
+
+task default: [:completions, :spec, :features]

data/bin/_conjur_completions

@@ -0,0 +1,48 @@
+#!/usr/bin/env ruby
+#
+# Copyright (C) 2013 Conjur Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+# You can use this file by adding the following to something that gets sourced (like .bashrc)
+#
+# _conjur()
+# {
+#     COMPREPLY=($(_conjur_completions $COMP_CWORD ${COMP_WORDS[@]}))
+# }
+# complete -F _conjur conjur
+
+require 'yaml'
+completions = File.open("#{File.dirname(__FILE__)}/_conjur_completions.yaml"){ |_| YAML.load(_) }
+# ARGV[0] is the index into ARGV[1...] of the current word
+index = ARGV[0].to_i - 1
+words = ARGV[2..-1]
+parents = words[0...index]
+word = words[index] || ""
+
+current = completions
+previous = current
+until parents.empty? or current.nil? or not current.kind_of?(Hash) # make sure to stop if we hit a 'true' entry
+  previous = current
+  current = current[parents.shift.to_sym]
+end
+
+if current.kind_of?(Hash)
+  puts current.keys.map(&:to_s).select{|k| k.start_with?(word)}.sort.join("\n")
+end

data/bin/_conjur_completions.yaml

@@ -0,0 +1,96 @@
+---
+:help: true
+:asset:
+  :create: true
+  :show: true
+  :exists: true
+  :list: true
+  :members:
+    :add: true
+    :remove: true
+:audit:
+  :all: true
+  :role: true
+  :resource: true
+:authn:
+  :login: true
+  :authenticate: true
+  :logout: true
+  :whoami: true
+:env:
+  :run: true
+  :check: true
+  :template: true
+  :help: true
+:group:
+  :create: true
+  :list: true
+  :show: true
+  :members:
+    :list: true
+    :add: true
+    :remove: true
+:host:
+  :create: true
+  :show: true
+  :list: true
+  :enroll: true
+  :layers: true
+:id:
+  :create: true
+:init: true
+:layer:
+  :create: true
+  :list: true
+  :show: true
+  :provision: true
+  :hosts:
+    :permit: true
+    :deny: true
+    :permitted_roles: true
+    :add: true
+    :remove: true
+:policy:
+  :load: true
+:pubkeys:
+  :show: true
+  :names: true
+  :add: true
+  :delete: true
+:resource:
+  :create: true
+  :show: true
+  :exists: true
+  :permit: true
+  :deny: true
+  :check: true
+  :give: true
+  :permitted_roles: true
+  :annotate: true
+  :annotation: true
+  :annotations: true
+  :list: true
+:role:
+  :create: true
+  :exists: true
+  :memberships: true
+  :members: true
+  :grant_to: true
+  :revoke_from: true
+:script:
+  :execute: true
+:secret:
+  :create: true
+  :value: true
+:user:
+  :create: true
+  :show: true
+  :list: true
+  :update_password: true
+:variable:
+  :create: true
+  :show: true
+  :list: true
+  :values:
+    :add: true
+  :value: true

data/conjur.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |gem|
 
 
   gem.add_dependency 'activesupport'
-  gem.add_dependency 'conjur-api', '>=4.8'
+  gem.add_dependency 'conjur-api', '>=4.9.0'
   gem.add_dependency 'gli', '>=2.8.0'
   gem.add_dependency 'highline'
   gem.add_dependency 'netrc'
@@ -26,7 +26,7 @@ Gem::Specification.new do |gem|
   
   gem.add_runtime_dependency 'cas_rest_client'
   
-  gem.add_development_dependency 'rspec'
+  gem.add_development_dependency 'rspec', '>= 2.14', '< 3.0'
   gem.add_development_dependency 'simplecov'
   gem.add_development_dependency 'aruba'
   gem.add_development_dependency 'ci_reporter', '~> 1.8'

data/lib/conjur/authn.rb

@@ -18,13 +18,12 @@
 # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
-require 'highline'
-require 'active_support'
 require 'active_support/deprecation'
 require 'conjur/api'
 require 'netrc'
 
 module Conjur::Authn
+  autoload :API,      'conjur/authn-api'
   class << self
     def login(options = {})
       delete_credentials
@@ -32,6 +31,7 @@ module Conjur::Authn
     end
     
     def authenticate(options = {})
+      require 'conjur/api'
       Conjur::API.authenticate(*get_credentials(options))
     end
     
@@ -74,12 +74,17 @@ module Conjur::Authn
     def ask_for_credentials(options = {})
       raise "No credentials provided or found" if options[:noask]
 
+
       # also use stderr here, because we might be prompting for a password as part
       # of a command like user:create that we'd want to send to a file.
+      require 'highline'
+      require 'conjur/api'
+
       hl = HighLine.new $stdin, $stderr
 
       user = options[:username] || hl.ask("Enter your username to log into Conjur: ")
       pass = options[:password] || hl.ask("Please enter your password (it will not be echoed): "){ |q| q.echo = false }
+
       api_key = if cas_server = options[:"cas-server"]
         Conjur::API.login_cas(user, pass, cas_server)
       else
@@ -87,8 +92,13 @@ module Conjur::Authn
       end
       @credentials = [user, api_key]
     end
-    
-    def connect(cls = Conjur::API, options = {})
+
+    def connect(cls = nil, options = {})
+      if cls.nil?
+        require 'conjur/api'
+        require 'conjur/base'
+        cls = Conjur::API
+      end
       cls.new_from_key(*get_credentials(options))
     end
   end

data/lib/conjur/cli.rb

@@ -19,11 +19,24 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 require 'gli'
-require 'conjur/config'
-require 'conjur/log'
-require 'conjur/identifier_manipulation'
+# need this to prevent an active support bug in some versions
+require 'active_support'
+require 'active_support/deprecation'
+
 
 module Conjur
+  autoload :Config,                 'conjur/config'
+  autoload :Log,                    'conjur/log'
+  autoload :IdentifierManipulation, 'conjur/identifier_manipulation'
+  autoload :Authn,                  'conjur/authn'
+  autoload :Command,                'conjur/command'
+  autoload :DSL,                    'conjur/dsl/runner'
+  autoload :DSLCommand,             'conjur/command/dsl_command'
+
+  module Audit
+    autoload :Follower,             'conjur/audit/follower'
+  end
+
   class CLI
     extend GLI::App
 
@@ -31,36 +44,58 @@ module Conjur
       def load_config
         Conjur::Config.load
       end
-      
+
       def apply_config
         Conjur::Config.apply
       end
-    end
-          
-    load_config
 
-    Conjur::Config.plugins.each do |plugin|
-      begin
-        filename = "conjur-asset-#{plugin}"
-        require filename
-      rescue LoadError
-        warn "Could not load plugin '#{plugin}' specified in your config file.\nMake sure you have the #{filename}-api gem installed."
+      # Horible hack!
+      # We want to support legacy commands like host:list, but we don't want to
+      # do too much effort, and GLIs support for aliasing doesn't work out so well with
+      # subcommands.
+      def run args
+       args = args.shift.split(':') + args unless args.empty?
+        super args
+      end
+
+      def load_plugins
+        # These used to be plugins but now they are in the core CLI
+        plugins = Conjur::Config.plugins - %w(layer pubkeys)
+        
+        plugins.each do |plugin|
+          begin
+            filename = "conjur-asset-#{plugin}"
+            require filename
+          rescue LoadError
+            warn "Could not load plugin '#{plugin}' specified in your config file.\nMake sure you have the #{filename}-api gem installed."
+          end
+        end
+      end
+
+      # This makes our generate-commands script a little bit cleaner.  We can call this from that script
+      # to ensure that commands for all plugins are loaded.
+      def init!
+        subcommand_option_handling :normal
+        load_config
+        apply_config
+        load_plugins
+        commands_from 'conjur/command'
       end
     end
 
-    commands_from 'conjur/command'
+    init!
 
     pre do |global,command,options,args|
+      require 'conjur/api'
 
-      if command.name_for_help.first == "init" and options.has_key?("account") 
+      if command.name_for_help.first == "init" and options.has_key?("account")
         ENV["CONJUR_ACCOUNT"]=options["account"]
       end
       apply_config
-
       require 'active_support/core_ext'
       options.delete_if{|k,v| v.blank?}
       options.symbolize_keys!
-      
+
       if as_group = options.delete(:"as-group")
         group = Conjur::Command.api.group(as_group)
         role = Conjur::Command.api.role(group.roleid)
@@ -77,6 +112,7 @@ module Conjur
     end
     
     on_error do |exception|
+      require 'rest-client'
       if exception.is_a?(RestClient::Exception)
         begin
           body = JSON.parse(exception.response.body)
@@ -85,7 +121,7 @@ module Conjur
           $stderr.puts exception.response.body if exception.response
         end
       end
-      
+      require 'conjur/log'
       if Conjur.log
         Conjur.log << "error: #{exception}\n#{exception.backtrace.join("\n") rescue 'NO BACKTRACE?'}"
       end

data/lib/conjur/command.rb

@@ -20,21 +20,21 @@
 #
 module Conjur
   class Command
-    extend IdentifierManipulation
+    extend Conjur::IdentifierManipulation
     
     @@api = nil
     
     class << self
       attr_accessor :prefix
-      
-      def method_missing *a
-        Conjur::CLI.send *a
+      def method_missing *a, &b
+        Conjur::CLI.send *a, &b
       end
-      
+
       def command name, *a, &block
-        Conjur::CLI.command "#{prefix}:#{name}", *a, &block
+        name = "#{prefix}:#{name}" if prefix
+        Conjur::CLI.command(name, *a, &block)
       end
-      
+
       def require_arg(args, name)
         args.shift or raise "Missing parameter: #{name}"
       end
@@ -42,8 +42,14 @@ module Conjur
       def api
         @@api ||= Conjur::Authn.connect
       end
-      
+
+      # Prevent a deprecated command from being displayed in the help output
+      def hide_docs(command)
+        def command.nodoc; true end
+      end
+
       def acting_as_option(command)
+        return if command.flags.member?(:"as-group") # avoid duplicate flags
         command.arg_name 'Perform all actions as the specified Group'
         command.flag [:"as-group"]
 
@@ -52,6 +58,7 @@ module Conjur
       end
       
       def command_options_for_list(c)
+        return if c.flags.member?(:role) # avoid duplicate flags
         c.desc "Role to act as. By default, the current logged-in role is used."
         c.flag [:role]
     
@@ -74,9 +81,10 @@ module Conjur
       def command_impl_for_list(global_options, options, args)
         opts = options.slice(:search, :limit, :options, :kind) 
         opts[:acting_as] = options[:role] if options[:role]
+        opts[:search]=opts[:search].gsub('-',' ') if opts[:search]
         resources = api.resources(opts)
         if options[:ids]
-          puts resources.map(&:resourceid)
+          puts JSON.pretty_generate(resources.map(&:resourceid))
         else
           resources = resources.map &:attributes
           unless options[:'raw-annotations']
@@ -114,10 +122,14 @@ module Conjur
         elsif obj.respond_to?(:id)
           obj.id
         else
-          JSON.pretty_generate obj
+          begin
+            JSON.pretty_generate(obj)
+          rescue JSON::GeneratorError
+            obj.to_json
+          end
         end
         puts str
       end
     end
   end
-end
+end