conjur-cli 5.2.5 → 5.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3e4d7900d35da02505f1bfb843f9f79414fc49b5
-  data.tar.gz: 4c382758571b68d6de8c2e501c81726179cc987c
+  metadata.gz: 45db6cca737f188f732a2684c54952df012e4da0
+  data.tar.gz: c39fc7be243e1508a4a71459e77c1248efff5ba4
 SHA512:
-  metadata.gz: 48fa15fa3e402e2d72bfffb14b8e895f5078ca2de8840abad219a76d65e07e64fd0e4c30dc7f78a16e24717738c0dc1dd31718d95ec9dd96e7c5655788df4512
-  data.tar.gz: 27f5ef9102d531e69a8d8821d71678914632ab4a398ff00ce934b968916709194bbb0d2b2467d6723087f61220132d6af2c059ca7c1fa9f548c8663f37495c56
+  metadata.gz: 3c2db8ea4d3cef7dbb0c099e89fe02416dc2247a3463c9796d46ad572a591e4c7d796d17bee5f3b7eb479ebf047469491459116a654205575d2932cb36c019ea
+  data.tar.gz: 302e5e260a4169265c2b2cae9e7f23fcfb37197ef51532662cc71dac1fe2abd463e831c15db8b043d2e690c3bb3d9e3c16f513b21cd60d809b79e3beb3fbb438

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+# 5.3.0
+
+* Add `jobs` subcommands for `ldap-sync`.
+* Add `--detach` switch to `now` subcommand.
+* Relax dependency gem versions.
+
 # 5.2.5
 
 * Fix behavior of `conjur env` when [policy plugin](https://github.com/conjurinc/conjur-asset-policy) is installed.

data/Gemfile

@@ -6,7 +6,7 @@ source 'https://rubygems.org'
 # Specify your gem's dependencies in conjur.gemspec
 gemspec
 
-gem 'conjur-api', '>= 4.26', git: 'https://github.com/conjurinc/api-ruby.git', branch: 'master'
+gem 'conjur-api', '>= 4.26.2', git: 'https://github.com/conjurinc/api-ruby.git', branch: 'master'
 gem 'semantic', '>= 1.4.1', git: 'https://github.com/jlindsey/semantic.git'
 
 group :test, :development do

data/acceptance-features/step_definitions/cli_steps.rb

@@ -1,3 +1,23 @@
+Transform /\$ns/ do |s|
+  s.gsub('$ns', namespace)
+end
+
+Transform /\$user_role/ do |s|
+  s.gsub('$user_role', test_user.role_id)
+end
+
+Transform /^table:/ do |table|
+  table.tap do |t|
+    t.hashes.each do |row|
+      row.each do |_,v|
+        v.gsub!('$ns', namespace)
+        v.gsub!('$user_role', test_user.role_id)
+      end
+    end
+  end
+end
+
+
 Then /^I reset the command list/ do
   aruba.command_monitor.clear
 end
@@ -9,7 +29,6 @@ When /^the command completes successfully/ do
 end
 
 Then /^I send the audit event:/ do |event|
-  event = event.gsub('$ns',@namespace)
   step "I run `env RESTCLIENT_LOG=stderr conjur audit send` interactively"
   last_command_started.write event
   last_command_started.close_io :stdin
@@ -19,12 +38,11 @@ end
 # this is step copypasted from https://github.com/cucumber/aruba/blob/master/lib/aruba/cucumber.rb#L24 
 # original has typo in regexp, which is fixed here
 Given(/^a file named "([^"]*?)" with: '(.*?)'$/) do |file_name, file_content|
-  file_content.gsub!('$ns',@namespace)
   write_file(file_name, file_content)
 end
 
 Given(/^a file named "([^"]*?)" with namespace substitution:$/) do |file_name, file_content|
-  step "a file named \"#{file_name}\" with:", file_content.gsub('$ns',@namespace)
+  step "a file named \"#{file_name}\" with:", file_content
 end
 
 Then /^it prints the path to temporary file which contains: '(.*)'$/ do |content|

data/acceptance-features/step_definitions/http_steps.rb

@@ -0,0 +1,24 @@
+When /^I send a (GET|POST|PATCH|PUT|DELETE) request forwarded from "(.*?)" to "(.*?)"$/ do |method, ip, url|
+  headers['X-Forwarded-For'] = ip
+  step %Q{I send a #{method} request to "#{url}"}
+end
+
+When /^I send a (GET|POST|PATCH|PUT|DELETE) request forwarded from "(.*?)" to "(.*?)" with:$/ do |method, ip, url, params_table|
+  headers['X-Forwarded-For'] = ip
+  step %Q{I send a #{method} request to "#{url}" with:}, params_table
+end
+
+
+When /^I set the( JSON)? request body to:$/ do |is_json, body|
+  step("I send and accept JSON") if is_json
+  @body = body
+end
+
+When /^I set the( JSON)? request body to "(.*?)"/ do |is_json, body|
+  step("I send and accept JSON") if is_json
+  @body = body
+end
+
+Then /^the HTTP JSON response at "(.*?)" should be "(.*?)"$/ do |path, value|
+  expect(@response.get(path)).to eq(value)
+end

data/acceptance-features/step_definitions/trusted_proxy_steps.rb

@@ -0,0 +1,44 @@
+When /^I create a hostfactory token for "(.*?)" with CIDR "(.*?)"$/ do |hf, cidr|
+  step %Q{I successfully run `conjur hostfactory token create --cidr #{cidr} #{hf}`}
+  @hostfactory_token = JSON.parse(last_command_started.stdout)[0]['token']
+end
+
+When /^I(?: can)? use the hostfactory token from "(.*?)" to create host "(.*?)"$/ do |ip, host|
+  headers['Authorization'] = %Q{Token token="#{@hostfactory_token}"}
+  step %Q{I send a POST request forwarded from "#{ip}" to "/api/host_factories/hosts" with:}, table([["id"], [host]]) 
+  step %Q{the response status should be "201"}
+end
+
+When /^I get the audit event for the resource "(.*?)" with action "(.*?)"$/ do |resource, action|
+  # resource needs to be URL-encoded, but cucumber-api URL-encodes the
+  # whole string.
+  response = RestClient.get(resolve("/api/audit/resources/#{CGI.escape(resource)}"), @headers)
+  @response = CucumberApi::Response.create(response)
+  @headers = nil
+  @body = nil
+  step %Q{the response status should be "200"}
+
+  json = JSON.parse(@response)
+  @audit_event = json.find {|e| e['action'] == action}
+end
+
+Then /^the audit event should show the request from "(.*?)"$/ do |ip|
+  expect(@audit_event['request']['ip']).to eq(ip)
+end
+
+When /^I create a pubkey for "(.*?)" from "(.*?)" with "(.*?)"$/ do |user, ip, key|
+  steps %Q{
+    Given I send "text/plain" and accept JSON
+    And I set the request body to "#{key}"
+    When I send a POST request forwarded from "#{ip}" to "/api/pubkeys/#{user}"
+    Then the response status should be "200"
+  }
+  @pubkey_var = @response.get "resource_identifier"
+end
+
+When /^I get the audit event for the pubkey variable with action "(.*?)"$/ do |action|
+  # Need reveal, test user doesn't have privilege to see resources
+  # created by pubkeys.
+  headers['X-Conjur-Privilege'] = 'reveal'
+  step %Q{I get the audit event for the resource "#{@pubkey_var}" with action "#{action}"}
+end

data/acceptance-features/step_definitions/user_steps.rb

@@ -8,16 +8,14 @@ Given(/^I login as a new user$/) do
 end
 
 Given(/^I create a new user named "(.*?)"$/) do |username|
-  username_ns = username.gsub('$ns',@namespace)
- 
-  step "I successfully run `conjur user create --as-role user:admin@#{@namespace} #{username_ns}`"
+  step "I successfully run `conjur user create --as-role user:admin@#{namespace} #{username}`"
   
   user_info = JSON.parse(last_command_started.stdout)
-  save_password username_ns, user_info['api_key']
+  save_password username, user_info['api_key']
 end
 
 Given(/^I create a new host with id "(.*?)"$/) do |hostid|
-  step "I successfully run `conjur host create #{@namespace}/monitoring/server`"
+  step "I successfully run `conjur host create #{namespace}/monitoring/server`"
   host = JSON.parse(last_json)
   @host_id = host['id']
   @host_api_key = host['api_key']
@@ -29,16 +27,14 @@ Given(/^I login as the new host/) do
 end
 
 Given(/^I login as new user "(.*?)"$/) do |username|
-  username_ns = username.gsub('$ns',@namespace)
-  step %Q(I create a new user named "#{username_ns}")
-  step %Q(I login as "#{username_ns}")
+  step %Q(I create a new user named "#{username}")
+  step %Q(I login as "#{username}")
 end
 
 Given(/^I login as "(.*?)"$/) do |username|
-  username_ns = username.gsub('$ns',@namespace)
-  password = find_password(username_ns)
+  password = find_password(username)
   
-  step %Q(I set the environment variable "CONJUR_AUTHN_LOGIN" to "#{username_ns}")
+  step %Q(I set the environment variable "CONJUR_AUTHN_LOGIN" to "#{username}")
   step %Q(I set the environment variable "CONJUR_AUTHN_API_KEY" to "#{password}")
 end
 

data/acceptance-features/support/env.rb

@@ -1,4 +1,23 @@
 require "aruba/cucumber"
 require "json_spec/cucumber"
+require 'cucumber-api'
+require 'addressable/uri'
 
 $LOAD_PATH.unshift File.expand_path('../..', File.dirname(__FILE__))
+
+# Overwrite cucumber-api's resolve function so it will use the scheme
+# and host from ENV['CONJUR_APPLIANCE_URL'] if url doesn't already
+# have a host.
+$orig_resolve = self.method(:resolve)
+def resolve url
+  # disable cucumber-api's ill-considered cache. Re-authenticate in
+  # case it (cucumber-api) wiped out the headers
+  $cache = {} 
+  add_user_auth_header
+  url = Addressable::URI.parse(url)
+  unless url.host
+    conjur_url = Addressable::URI.parse(Conjur.configuration.appliance_url)
+    url.merge!(:scheme => conjur_url.scheme, :host => conjur_url.host)
+  end
+  $orig_resolve.call(url.to_s)
+end

data/acceptance-features/support/hooks.rb

@@ -21,32 +21,35 @@ end
 Before do
   step %Q(I set the environment variable "CONJUR_AUTHN_LOGIN" to "#{username}")
   step %Q(I set the environment variable "CONJUR_AUTHN_API_KEY" to "#{password}")
-  
-  @admin_api = conjur_api = Conjur::Authn.connect
-  
-  @namespace = conjur_api.create_variable("text/plain", "id").id
-  user = conjur_api.create_user "admin@#{@namespace}", ownerid: "#{Conjur.configuration.account}:user:#{username}"
 
-  conjur_api = Conjur::Authn.connect
-  @security_admin = conjur_api.create_group [ @namespace, "security_admin" ].join('/')
-  @security_admin.add_member user, admin_option: true
+  @admin_api = Conjur::Authn.connect
+  @test_user = admin_api.create_user "admin@#{namespace}", ownerid: "#{Conjur.configuration.account}:user:#{username}"
+
+  @security_admin = admin_api.create_group [ namespace, "security_admin" ].join('/')
+  @security_admin.add_member test_user, admin_option: true
   
-  JsonSpec.memorize "MY_ROLEID", %Q("#{user.roleid}")
-  JsonSpec.memorize "NAMESPACE", @namespace
+  JsonSpec.memorize "MY_ROLEID", %Q("#{test_user.roleid}")
+  JsonSpec.memorize "NAMESPACE", namespace
   
-  @admin_api.group("pubkeys-1.0/key-managers").add_member @security_admin
-  @admin_api.resource('!:!:conjur').permit 'elevate', user, grant_option: true
-  @admin_api.resource('!:!:conjur').permit 'reveal',  user, grant_option: true
+  admin_api.group("pubkeys-1.0/key-managers").add_member @security_admin
+  admin_api.resource('!:!:conjur').permit 'elevate', test_user, grant_option: true
+  admin_api.resource('!:!:conjur').permit 'reveal',  test_user, grant_option: true
   
-  conjur_api.create_user "attic@#{@namespace}"
-
-  step %Q(I set the environment variable "CONJUR_AUTHN_LOGIN" to "#{user.login}")
-  step %Q(I set the environment variable "CONJUR_AUTHN_API_KEY" to "#{user.api_key}")
+  admin_api.create_user "attic@#{namespace}"
+
+  # Set up the environment so the CLI will authenticate
+  # correctly. Note that the API caches credentials, so these
+  # variables won't have any effect on future calls to
+  # Conjur::Authn.connect
+  step %Q(I set the environment variable "CONJUR_AUTHN_LOGIN" to "#{test_user.login}")
+  step %Q(I set the environment variable "CONJUR_AUTHN_API_KEY" to "#{test_user.api_key}")
 end
 
 After do
-  if @admin_api
-    @admin_api.group("pubkeys-1.0/key-managers").remove_member @security_admin
+  if admin_api
+    admin_api.group("pubkeys-1.0/key-managers").remove_member @security_admin
+    admin_api = nil
+    namespace = nil
   end
   tempfiles.each { |tempfile| File.unlink(tempfile) unless tempfile.nil? }
 end

data/acceptance-features/support/world.rb

@@ -4,6 +4,8 @@ require 'conjur/api'
 module ConjurCLIWorld
   include Aruba::Api
   
+  attr_accessor :admin_api, :namespace, :test_user, :headers
+
   def last_json
     process_cmd last_command_started.stdout
   end
@@ -28,8 +30,12 @@ module ConjurCLIWorld
     password
   end
 
+  def admin_role
+    admin_api.current_role.role_id
+  end
+
   def namespace
-    @namespace or raise "@namespace is not initialized"
+    @namespace ||= admin_api.create_variable("text/plain", "id").id
   end
   
   # Aruba's method
@@ -51,6 +57,19 @@ module ConjurCLIWorld
   def tempfiles 
     @tempfiles||=[]
   end       
+
+  def headers
+    @headers ||= {}
+  end
+
+  def add_user_auth_header
+    return if headers['Authorization']
+
+    token = Conjur::API.authenticate(test_user.login, test_user.api_key)
+    headers.merge!(
+      'Authorization' => %Q{Token token="#{Base64.strict_encode64(token.to_json)}"}
+    )
+  end
  
   protected
   

data/acceptance-features/trusted_proxies.feature

@@ -0,0 +1,82 @@
+Feature: Conjur services support trusted proxies
+
+  As an administrator of the Conjur Appliance, I want to be able to
+  specify CIDRs for machines that should be regarded as trusted
+  proxies. IP addresses that match those CIDRs can be regarded as
+  coming from localhost. Other addresses should not be remapped (even
+  if those addresses are non-routable), and so will appear in audit
+  events and be used to validate CIDR restrictions (e.g. on
+  hostfactory tokens).
+
+  Scenario: authn supports trusted proxies for CIDR restrictions
+    Given I set the JSON request body to:
+    """
+    {
+      "login": "restricted@$ns",
+      "password": "restricted",
+      "ownerid": "cucumber:user:admin@$ns",
+      "cidr": ["192.168.0.0/24"]
+    }
+    """
+    And I send a POST request to "/api/users"
+    And the response status should be "201"
+    Given I send "text/plain" and accept JSON
+    And I set the request body to "restricted"
+    When I send a POST request forwarded from "192.168.0.1" to "/api/authn/users/restricted@$ns/authenticate"
+    Then the response status should be "200"
+
+  Scenario: authz supports trusted proxies
+    Given I send a PUT request forwarded from "192.168.0.1" to "/api/authz/cucumber/resources/test/$ns/resource?acting_as=$user_role" 
+    And the response status should be "204"
+    When I successfully run `conjur audit resource test:$ns/resource`
+    Then the JSON response at "request/ip" should be "192.168.0.1"
+
+  Scenario: core supports trusted proxies
+    Given I set the JSON request body to:
+    """
+    {
+      "id": "$ns/var",
+      "kind": "password",
+      "mime_type": "text/plain"
+    }    
+    """
+    And I send a POST request forwarded from "192.168.0.1" to "/api/variables"
+    And the response status should be "201"
+    When I successfully run `conjur audit resource variable:$ns/var`
+    Then the JSON response at "request/ip" should be "192.168.0.1"
+
+  Scenario: expiration supports trusted proxies
+    Given I successfully run `conjur variable create $ns_expiration_var value`
+    And I send a GET request forwarded from "192.168.0.1" to "/api/variables/$ns_expiration_var/value"
+    And the response status should be "200"
+    When I get the audit event for the resource "cucumber:variable:$ns_expiration_var" with action "check"
+    Then the audit event should show the request from "192.168.0.1"
+
+  Scenario: host-factory supports trusted proxies when creating hostfactories
+    Given I successfully run `conjur layer create --as-role $user_role $ns/layer`
+    When I send a POST request forwarded from "192.168.0.1" to "/api/host_factories" with: 
+      | id     | roleid    | ownerid    | layers[]  |
+      | $ns/hf | $user_role | $user_role | $ns/layer |
+
+    And the response status should be "201"
+    And I successfully run `conjur audit resource host_factory:$ns/hf`
+    Then the JSON response at "request/ip" should be "192.168.0.1"
+
+  Scenario: hostfactory supports trusted proxies when creating hosts
+    Given I successfully run `conjur layer create --as-role $user_role $ns/layer`
+    And I successfully run `conjur hostfactory create --as-role $user_role --layer $ns/layer $ns/hf`
+    And I create a hostfactory token for "$ns/hf" with CIDR "192.168.0.0/16"
+    When I use the hostfactory token from "192.168.0.1" to create host "$ns/host"
+    And I get the audit event for the resource "cucumber:host:$ns/host" with action "create"
+    Then the audit event should show the request from "192.168.0.1"
+
+  Scenario: hostfactory supports trusted proxies when validating token CIDR restrictions
+    Given I successfully run `conjur layer create --as-role $user_role $ns/layer`
+    And I successfully run `conjur hostfactory create --as-role $user_role --layer $ns/layer $ns/hf`
+    And I create a hostfactory token for "$ns/hf" with CIDR "192.168.0.0/16"
+    Then I can use the hostfactory token from "192.168.0.1" to create host "$ns/host1"
+
+  Scenario: pubkeys supports trusted proxies
+    Given I create a pubkey for "pubkeys_user@$ns" from "192.168.0.1" with "ssh-rsa foobar pubkeys_user@host"
+    When I get the audit event for the pubkey variable with action "create"
+    Then the audit event should show the request from "192.168.0.1"

data/conjur.gemspec

@@ -16,23 +16,25 @@ Gem::Specification.new do |gem|
   gem.version       = Conjur::VERSION
 
   gem.add_dependency 'activesupport', '~> 4.2'
-  gem.add_dependency 'bundler', '< 1.12.0'
   gem.add_dependency 'conjur-api', '~> 4.21'
   gem.add_dependency 'gli', '>=2.8.0'
   gem.add_dependency 'highline', '~> 1.7'
-  gem.add_dependency 'netrc', '~> 0.10.2'
+  gem.add_dependency 'netrc', '~> 0.10'
   gem.add_dependency 'methadone', '~> 1.9'
   gem.add_dependency 'deep_merge', '~> 1.0'
   gem.add_dependency 'xdg', '~> 2.2'
+  gem.add_dependency 'table_print', '~> 1.5'
 
   gem.add_runtime_dependency 'cas_rest_client', '~> 1.3'
 
   gem.add_development_dependency 'rspec', '~> 3.0'
   gem.add_development_dependency 'simplecov'
-  gem.add_development_dependency 'aruba', '~> 0.12.0'
+  gem.add_development_dependency 'aruba', '~> 0.12'
   gem.add_development_dependency 'ci_reporter_rspec', '~> 1.0'
   gem.add_development_dependency 'ci_reporter_cucumber', '~> 1.0'
   gem.add_development_dependency 'rake', '~> 10.0'
-  gem.add_development_dependency 'io-grab', '~> 0.0.1'
+  gem.add_development_dependency 'io-grab', '~> 0.0'
   gem.add_development_dependency 'json_spec'
+  gem.add_development_dependency 'cucumber-api'
+  gem.add_development_dependency 'addressable'
 end

data/lib/conjur/command/ldapsync.rb

@@ -1,9 +1,74 @@
 require 'conjur/command'
 
 class Conjur::Command::LDAPSync < Conjur::Command
+
+  LIST_FORMATS = %w(pretty json)
+
+  def self.find_job_by_id args
+    job_id = require_arg args, 'JOB-ID'
+
+    if (job = api.ldap_sync_jobs.find{|j| j.id == job_id})
+      job
+    else
+      exit_now! "No job found with ID '#{job_id}'"
+    end
+  end
+
   desc 'LDAP sync management commands'
   command :'ldap-sync' do |cgrp|
 
+    cgrp.desc 'Manage detached LDAP sync jobs'
+    cgrp.command :jobs do |jobs|
+
+      jobs.desc 'List detached jobs'
+      jobs.command :list do |cmd|
+
+        cmd.desc "Specify output format (#{LIST_FORMATS.join(',')})"
+        cmd.flag %w(f format), default_value: 'json', must_match: LIST_FORMATS
+
+        cmd.desc 'Show only JOB ids'
+        cmd.switch %w(i ids-only), default_value: false
+
+        cmd.action do |_,options,_|
+          jobs = api.ldap_sync_jobs.map(&:to_h)
+
+
+          if options[:format] == 'pretty'
+            require 'table_print'
+            fields = [{id: {width: 38}}]
+
+            fields.concat([:type, :state, :exclusive]) unless options[:'ids-only']
+
+            tp jobs, *fields
+          else
+            jobs = jobs.map{|j| j[:id]} if options[:'ids-only']
+
+            display(jobs)
+          end
+
+        end
+      end
+
+      jobs.desc 'Delete a detached job'
+      jobs.arg_name 'JOB-ID'
+      jobs.command :delete do |cmd|
+        cmd.action do |_, _, args|
+          find_job_by_id(args).delete
+          puts "Job deleted"
+        end
+      end
+
+      jobs.desc 'Show the output from a detached job'
+      jobs.arg_name 'JOB-ID'
+      jobs.command :show do |cmd|
+        cmd.action do |_,_,args|
+          find_job_by_id(args).output do |event|
+            display(event)
+          end
+        end
+      end
+    end
+
     cgrp.desc 'Trigger a sync of users/groups from LDAP to Conjur'
     cgrp.command :now do |cmd|
       cmd.desc 'LDAP Sync profile to use (defined in UI)'
@@ -19,33 +84,45 @@ class Conjur::Command::LDAPSync < Conjur::Command
       cmd.default_value 'text'
       cmd.arg_name 'format'
       cmd.flag ['f', 'format'], :must_match => ['text', 'yaml']
-  
+
+      cmd.desc 'Run sync as a detached job'
+      cmd.default_value true
+      cmd.switch ['detach']
+
       cmd.action do |_ ,options, args|
         assert_empty args
         
         format = options[:format] == 'text' ? 'application/json' : 'text/yaml'
 
-        # options[:'dry-run'] is nil when dry_run should be disabled (either --no-dry-run
-        # or no option given at all). It is true when --dry-run is given.
-        dry_run = options[:'dry-run']
-        dry_run = false if dry_run.nil?
+        dry_run = !!options[:'dry-run']
+
+        # Don't ever run dry-run jobs detached
+        options[:detach] = false if dry_run
 
         $stderr.puts "Performing #{dry_run ? 'dry run ' : ''}LDAP sync"
   
-        response = api.ldap_sync_now(options[:profile], format, dry_run)
+        response = api.ldap_sync_now(:config_name => options[:profile], 
+          :format => format, 
+          :dry_run => dry_run,
+          :detach_job => options[:detach]
+        )
   
-        if options[:format] == 'text'
-          puts "Messages:"
-          response['events'].each do |event|
-            puts [ event['timestamp'], event['severity'], event['message'] ].join("\t")
-          end
-          puts
-          puts "Actions:"
-          response['result']['actions'].each do |action|
-            puts action
+        if !options[:detach]
+          if options[:format] == 'text'
+            puts "Messages:"
+            response['events'].each do |event|
+              puts [ event['timestamp'], event['severity'], event['message'] ].join("\t")
+            end
+            puts
+            puts "Actions:"
+            response['result']['actions'].each do |action|
+              puts action
+            end
+          else
+            puts response
           end
         else
-          puts response
+          display response
         end
       end
     end

data/lib/conjur/version.rb

@@ -19,6 +19,6 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 module Conjur
-  VERSION = '5.2.5'
+  VERSION = '5.3.0'
   ::Version=VERSION
 end

data/spec/command/ldapsync_spec.rb

@@ -22,7 +22,78 @@ describe Conjur::Command::LDAPSync, logged_in: true do
       }
   ].to_yaml }
 
-  describe_command 'ldap-sync now -f text' do
+
+
+  context 'when testing ldap-sync jobs commands' do
+    let(:jobs){
+      [
+          Conjur::LdapSyncJob.new(api, :id => 'job-1', :type => 'sync', :state => 'running', :exclusive => true),
+          Conjur::LdapSyncJob.new(api, :id => 'job-2', :type => 'connect', :state => 'success', :exclusive => false)
+      ]
+    }
+
+    before do
+      expect_any_instance_of(Conjur::API).to receive(:ldap_sync_jobs).and_return jobs
+    end
+
+    describe_command 'ldap-sync jobs list' do
+      it 'prints the jobs as json' do
+        expect { invoke }.to write(JSON.pretty_generate jobs.map(&:as_json))
+      end
+    end
+
+    describe_command 'ldap-sync jobs list -i' do
+      it 'prints the job ids only' do
+        expect { invoke }.to write(JSON.pretty_generate jobs.map(&:id))
+      end
+    end
+
+    describe_command 'ldap-sync jobs list -f pretty' do
+
+      it 'prints the jobs in a fancy table' do
+        expect{ invoke }.to write /ID\s*|\s*TYPE\s*|\s*STATE\s*|\s*EXCLUSIVE.*?
+job-1\s*|\s*sync\s*|\s*running\s*|\s*true
+job-2\s*|\s*connect\s*|\s*success\s*|\s*false/x
+      end
+    end
+
+
+    describe_command 'ldap-sync jobs delete job-2' do
+      let(:victim){ jobs[1] }
+      it 'deletes the job' do
+        expect(victim).to receive(:delete)
+        invoke
+      end
+    end
+
+    describe_command 'ldap-sync jobs delete no-such-job' do
+      it 'fails with a sensible error message' do
+        expect{ invoke }.to raise_exception(/No job found with ID 'no-such-job'/)
+      end
+    end
+
+    describe_command 'ldap-sync jobs show job-1' do
+      let(:victim){ jobs[0] }
+      it 'prints the values passed to output' do
+        expect(victim).to receive(:output) do |&block|
+          block.call({foo: 'bar'})
+          block.call({spam: 'eggs'})
+        end
+
+        expect{invoke}.to write(<<EOS)
+{
+  "foo": "bar"
+}
+{
+  "spam": "eggs"
+}
+EOS
+
+      end
+    end
+  end
+
+  describe_command 'ldap-sync now --no-detach -f text' do
     before {
       expect_any_instance_of(Conjur::API).to receive(:ldap_sync_now).and_return json_response
     }
@@ -34,7 +105,7 @@ describe Conjur::Command::LDAPSync, logged_in: true do
     end
   end
 
-  describe_command 'ldap-sync now -f yaml' do
+  describe_command 'ldap-sync now --no-detach -f yaml' do
     it 'prints out actions as unparsed yaml' do
       expect_any_instance_of(Conjur::API).to receive(:ldap_sync_now).and_return yaml_response
       expect { invoke }.to write(yaml_response)
@@ -42,9 +113,10 @@ describe Conjur::Command::LDAPSync, logged_in: true do
   end
 
   context 'when testing dry-run' do
+    let (:detach) { true }
     before do
       expect_any_instance_of(Conjur::API).to receive(:ldap_sync_now)
-                                              .with('default', 'application/json', dry_run)
+                                              .with(:config_name => 'default', :format => 'application/json', :dry_run => dry_run, :detach_job => detach)
                                               .and_return json_response
     end
 
@@ -64,6 +136,7 @@ describe Conjur::Command::LDAPSync, logged_in: true do
 
     describe_command 'ldap-sync now --dry-run' do
       let(:dry_run) { true }
+      let(:detach) { false }
       it 'passes truthy dry-run value' do
         invoke
       end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 5.2.5
+  version: 5.3.0
 platform: ruby
 authors:
 - Rafal Rzepecki
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-07-14 00:00:00.000000000 Z
+date: 2016-10-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -25,20 +25,6 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version
         version: '4.2'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - <
-      - !ruby/object:Gem::Version
-        version: 1.12.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - <
-      - !ruby/object:Gem::Version
-        version: 1.12.0
 - !ruby/object:Gem::Dependency
   name: conjur-api
   requirement: !ruby/object:Gem::Requirement
@@ -87,14 +73,14 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.10.2
+        version: '0.10'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.10.2
+        version: '0.10'
 - !ruby/object:Gem::Dependency
   name: methadone
   requirement: !ruby/object:Gem::Requirement
@@ -137,6 +123,20 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version
         version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: table_print
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: cas_rest_client
   requirement: !ruby/object:Gem::Requirement
@@ -185,14 +185,14 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.12.0
+        version: '0.12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.12.0
+        version: '0.12'
 - !ruby/object:Gem::Dependency
   name: ci_reporter_rspec
   requirement: !ruby/object:Gem::Requirement
@@ -241,14 +241,14 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.0.1
+        version: '0.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.0.1
+        version: '0.0'
 - !ruby/object:Gem::Dependency
   name: json_spec
   requirement: !ruby/object:Gem::Requirement
@@ -263,6 +263,34 @@ dependencies:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: cucumber-api
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: 
 email:
 - rafal@conjur.net
@@ -347,10 +375,13 @@ files:
 - acceptance-features/pubkeys/show.feature
 - acceptance-features/step_definitions/cli_steps.rb
 - acceptance-features/step_definitions/graph_steps.rb
+- acceptance-features/step_definitions/http_steps.rb
+- acceptance-features/step_definitions/trusted_proxy_steps.rb
 - acceptance-features/step_definitions/user_steps.rb
 - acceptance-features/support/env.rb
 - acceptance-features/support/hooks.rb
 - acceptance-features/support/world.rb
+- acceptance-features/trusted_proxies.feature
 - bin/_conjur
 - bin/conjur
 - bin/conjurize