conjur-cli 5.6.6 → 6.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: 8cc3ac80bea03dc862fae9891a7ddc2397ada7c1a1c1fda95e5f87bcdb310b3e
-  data.tar.gz: 7c60ea0c636462b00c0bcc8e0eb6a5f8feeba86caecb022599603d72f39fcbf4
+SHA1:
+  metadata.gz: 6c66aad137ca989c44d4457f7310664747027f0a
+  data.tar.gz: 2c6db52a45ae0b89b1c361d63385bc6a67ea86dd
 SHA512:
-  metadata.gz: 879008991469f78a22f2814f3f8d9eb2627a746ff46d89a992422d69bc8e14338d29d12415c0f4665af5311407139c9882a55f4efb220eb0ae7e92caa19a099f
-  data.tar.gz: e7d5716bb41eab4b46ce11d07baf1d73714a0e14382584472c9073ac0b5e6a39cf452d70a7f3f9207f9ea55c6cf4e33b35e5cbc78c329f132f0f1f8db43ead5a
+  metadata.gz: 33eb8f41c248b2954cec5efe6aeaf7bd0996b69cacfc6d6af3544a3c6da1239e426aa1d3b69940deb3d6917aa084548f9c8506dee535fdf6c9c50c75fa85edc5
+  data.tar.gz: db6e99feb08b30907df699d09142c52dcb70c10db7f666cd0e5909b91b0b6b3fb495e6c863ab2523ee0cb2dc4e0110f8828b91de1b819dec871fbea3dc235a66

data/.dockerignore

@@ -1,7 +1,7 @@
+Gemfile.lock
 tmp
 *.deb
 coverage
 */reports
 vendor
-.idea
 pkg

data/.gitignore

@@ -10,12 +10,14 @@
 *.json
 *.pem
 testdata/
+dev/data_key
 *.gem
 *.rbc
 .bundle
 .config
 .yardoc
 Gemfile.lock
+Dockerfile.*
 InstalledFiles
 _yardoc
 coverage

data/.rubocop.yml

@@ -5,7 +5,7 @@ Style/MethodDefParentheses:
   EnforcedStyle: require_no_parentheses
 
 Style/StringLiterals:
-  Enabled: false # more trouble than it's worth
+  EnforcedStyle: double_quotes
 
 Lint/EndAlignment:
   EnforcedStyleAlignWith: start_of_line

data/APPLIANCE_VERSION

@@ -1 +1 @@
-4.9
+5.0

data/CHANGELOG.md

@@ -1,46 +1,7 @@
-# [5.6.6](https://github.com/cyberark/conjur-cli/releases/tag/v5.6.6)
+# 6.0.0.rc1
 
-* Adds standalone Docker image (`cyberark/conjur-cli:4`)
-
-# 5.6.5
-
-* Fix init cert check when Conjur behind a SNI - [#209](https://github.com/cyberark/conjur-cli/pull/209)
-
-# 5.6.4
-
-* Allow activesupport 5 as a dependency.
-
-# 5.6.3
-
-* Fix the gemspec to reflect dependency changes.
-
-# 5.6.2
-
-* License changed to Apache 2.0
-* Don't let conjur-api drift to v5.
-
-# 5.6.1
-
-* Fix handling of `-k / --kind` argument to `resource list`.
-
-# 5.6.0
-
-The following enhancements require Conjur server 4.9.1.0 or later:
-
-* Supports filter and pagination of role-listing methods `role memberships`, `role members`, and `resource permitted_roles`.
-* Supports non-recursive (`--no-recursive`) retrieval of `role memberships`.
-
-On older server versions, the new options will be ignored by the server.
-
-# 5.5.0
-
-* Use `CONJUR_AUTHN_TOKEN_FILE` as the Conjur access token file, if it's available in the environment.
-
-# 5.4.0
-
-* Deprecated several commands in favor of using policy.
-* Add `policy` subcommand for `ldap-sync`, get rid of `jobs` and `now` subcommands.
-* Relax constraint on activesupport gem
+* Provides compatibility with [cyberark/conjur](https://github.com/cyberark/conjur), Conjur 5 CE.
+* License changed to Apache 2.0.
 
 # 5.3.0
 

data/Gemfile

@@ -1,14 +1,11 @@
 source 'https://rubygems.org'
 
-#ruby=ruby-2.4.1
+#ruby=ruby-2.2.5
 #ruby-gemset=conjur-cli
 
 # Specify your gem's dependencies in conjur.gemspec
 gemspec
 
-group :test, :development do
-  gem 'pry'                     # Don't be tempted to change this to pry-byebug until we drop support for 1.9
-  gem 'pry-doc'
-  gem 'ruby-prof'
-  gem 'conjur-debify', '~> 1.0', require: false
-end
+gem 'activesupport', '~> 4.2'
+
+gem 'conjur-api', '~> 5'

data/Humanfile.md

@@ -0,0 +1,31 @@
+This text file is intended to describe in human terms the actions that are
+needed to set this project up which cannot be easily specified in a
+machine-readable way due to lack of required tools (or the lack of my
+knowledge of them).
+
+The intent is for this document to reflect the current state. The timestamp of
+when the state was changed/checked should be included with the description
+to emphasize this, even though in principle git log should also have this information.
+
+For pull requests, when the requester is unable to perform the change of state
+or state should only be changed after merging, a note to that effect should be
+included instead. The onus is then on whoever is merging to actually apply the
+changes and update the timestamp in this document.
+
+# Dockerhub builds
+
+The dockerhub repository should be created as a public automatic build
+repository, linked to the github repo for automatic build on push.
+
+To accomplish that, follow the guide at https://docs.docker.com/docker-hub/github/
+
+## Settings
+
+Dockerhub repo: https://hub.docker.com/r/conjurinc/cli5/
+Github repo: https://github.com/conjurinc/cli-ruby
+
+### [Automated build settings](https://hub.docker.com/r/conjurinc/cli5/~/settings/automated-builds/):
+
+- Automatically build on pushes: yes.
+
+[Configuration true as of 2017-06-14T20:41+00:00.]

data/Jenkinsfile

@@ -3,14 +3,13 @@ pipeline {
 
   options {
     timestamps()
-    buildDiscarder(logRotator(numToKeepStr: '30'))
+    buildDiscarder(logRotator(daysToKeepStr: '30'))
   }
 
   stages {
-
     stage('Test 2.2') {
       environment {
-        RUBY_VERSION = '2.2'
+        RUBY_VERSION = '2.2.8'
       }
       steps {
         sh './test.sh'
@@ -20,7 +19,7 @@ pipeline {
 
     stage('Test 2.3') {
       environment {
-        RUBY_VERSION = '2.3'
+        RUBY_VERSION = '2.3.5'
       }
       steps {
         sh './test.sh'
@@ -30,7 +29,7 @@ pipeline {
 
     stage('Test 2.4') {
       environment {
-        RUBY_VERSION = '2.4'
+        RUBY_VERSION = '2.4.2'
       }
       steps {
         sh './test.sh'
@@ -38,70 +37,42 @@ pipeline {
       }
     }
 
-    stage('Build deb') {
-      steps {
-        sh './build-deb.sh'
-        archiveArtifacts "tmp/deb/*"
-      }
-    }
-
-    stage('Publish deb') {
-      when {
-        branch 'v4'
-      }
-
-      steps {
-        sh './publish-deb.sh $(cat APPLIANCE_VERSION) stable'
-      }
-    }
-
-    stage('Build standalone Docker image') {
-      steps {
-        sh './build-standalone'
-      }
-    }
-
-    stage('Publish standalone Docker image to DockerHub') {
-      steps {
-        sh './push-image'
-      }
-    }
-
-    // Only publish to RubyGems if the HEAD is
-    // tagged with the same version as in version.rb
-    stage('Publish to RubyGems') {
+    // Only publish to RubyGems if branch is 'master'
+    // AND someone confirms this stage within 5 minutes
+    stage('Publish to RubyGems?') {
       agent { label 'releaser-v2' }
 
       when {
-        expression {
-          def exitCode = sh returnStatus: true, script: ''' set +x
-            echo "Determining if publishing is requested..."
-
-            VERSION=`cat lib/conjur/version.rb | grep \'VERSION\\s*=\' | sed -e "s/.*\'\\(.*\\)\'.*/\\1/"`
-            echo Declared version: $VERSION
-
-            # Jenkins git plugin is broken and always fetches with `--no-tags`
-            # (or `--tags`, neither of which is what you want), so tags end up
-            # not being fetched. Try to fix that.
-            # (Unfortunately this fetches all remote heads, so we may have to find
-            # another solution for bigger repos.)
-            git fetch -q
-
-            # note when tag not found git rev-parse will just print its name
-            TAG=`git rev-parse tags/v$VERSION 2>/dev/null || :`
-            echo Tag v$VERSION: $TAG
-
-            HEAD=`git rev-parse HEAD`
-            echo HEAD: $HEAD
-
-            test "$HEAD" = "$TAG"
-          '''
-          return exitCode == 0
+        allOf {
+          branch 'master'
+          expression {
+            boolean publish = false
+
+            if(env.PUBLISH_GEM == "true") {
+              return true
+            }
+
+            try {
+              timeout(time: 5, unit: 'MINUTES') {
+                input(message: 'Publish to RubyGems?')
+                publish = true
+              }
+            } catch (final ignore) {
+              publish = false
+            }
+
+            return publish
+          }
         }
       }
       steps {
-        checkout scm
-        sh './publish-rubygem.sh'
+        // Clean up first
+        sh 'docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd'
+
+        sh './publish.sh'
+        
+        // Clean up again...
+        sh 'docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd'
         deleteDir()
       }
     }

data/README.md

@@ -1,84 +1,70 @@
 # Conjur
 
-Command-line interface to Conjur.
+*NOTE*: This is work-in-progress, for a future (as yet unreleased) version of Conjur.
+_It will not work with Conjur 4._
 
-A complete reference guide is available at [developer.conjur.net](http://developer.conjur.net/reference).
-
-Note that this `v4` branch is for Conjur 4.x. Use `master` for Conjur 5.x and later.
+Command-line interface to Conjur 5.
 
-## Installation
+A complete reference guide is available at [developer.conjur.net](http://developer.conjur.net/reference).
 
-Add this line to your application's Gemfile:
+## Quick start
 
-    gem 'conjur-cli', require: 'conjur/cli'
+```sh-session
+$ docker run -it -v $PWD:/work conjurinc/cli5
+root@2b5f618dfdcb:/# conjur -v
+conjur version 6.0.0.pre.beta.2
+```
 
-And then execute:
+## Docker images
 
-    $ bundle
+[![Docker Build Status](https://img.shields.io/docker/build/conjurinc/cli5.svg)](https://hub.docker.com/r/conjurinc/cli5/)
 
-Or install it yourself as:
+Images for development/experimental use are automatically built [on docker hub](https://hub.docker.com/r/conjurinc/cli5/).
+These are based off [Dockerfile.standalone](Dockerfile.standalone) and can be rebuilt with:
 
-    $ gem install conjur-cli
+    docker build . -f Dockerfile.standalone -t conjurinc/cli5
 
-### Using Docker
+Note these images are not subject to any QA at the moment and so should never be used in production, especially without specific image id pin.
 
-This software is included in the standalone `cyberark/conjur-cli:4` Docker
-image. Docker containers are designed to be ephemeral, which means they don't
-store state after the container exits.
+## Development
 
-You can start an ephemeral session with the Conjur CLI software like so:
+Create a sandbox environment in Docker using the `./dev` folder:
 
 ```sh-session
-$ docker run --rm -it cyberark/conjur-cli:4
-root@b27a95721e7d:~# 
+$ cd dev
+dev $ ./start.sh
 ```
 
-Any initialization you do or files you create in that session will be discarded
-(permanently lost) when you exit the shell. Changes that you make to the Conjur
-server will remain.
+This will drop you into a bash shell in a container called `cli`. The sandbox also includes a Postgres container and Conjur server container. The environment is already setup to connect the CLI to the server:
+
+* **CONJUR_APPLIANCE_URL** `http://conjur`
+* **CONJUR_ACCOUNT** `cucumber`
 
-You can also use a folder on your filesystem to persist the data that the Conjur
-CLI uses to connect. For example:
+You can obtain the API key for the role `cucumber:user:admin` from the Docker logs of the Conjur container. Use it to login:
 
 ```sh-session
-$ mkdir mydata
-$ chmod 700 mydata
-$ docker run --rm -it -v $(PWD)/mydata:/root cyberark/conjur-cli:4 init -h https://conjur.myorg.com
-SHA1 Fingerprint=16:C8:F8:AC:7B:57:BD:5B:58:B4:13:27:22:8E:3F:A2:12:01:DB:68
-
-Please verify this certificate on the appliance using command:
-                openssl x509 -fingerprint -noout -in ~conjur/etc/ssl/conjur.pem
-
-Trust this certificate (yes/no): yes
-Wrote certificate to /root/conjur-conjur.pem
-Wrote configuration to /root/.conjurrc
-$ ls -lA mydata
-total 8
-drwxr-xr-x 2 you staff   64 Mar 28 19:30 .cache
--rw-r--r-- 1 you staff  128 Mar 28 19:30 .conjurrc
--rw-r--r-- 1 you staff 2665 Mar 28 19:30 conjur-conjur.pem
-$ docker run --rm -it -v $(PWD)/mydata:/root cyberark/conjur-cli:4 authn login -u your-user-name
-Please enter your password (it will not be echoed): 
+root@2b5f618dfdcb:/# conjur authn login admin
+Please enter admin's password (it will not be echoed):
 Logged in
-$ ls -lA mydata
-total 12
-drwxr-xr-x 2 you staff   64 Mar 28 19:26 .cache
--rw-r--r-- 1 you staff  128 Mar 28 19:20 .conjurrc
--rw------- 1 you staff  143 Mar 28 19:27 .netrc
--rw-r--r-- 1 you staff 2665 Mar 28 19:20 conjur-conjur.pem
-$ 
 ```
 
-*Security notice:* the file `.netrc`, created or updated by `conjur authn
-login`, contains a user identity credential that can be used to access the
-Conjur API. You should remove it after use or otherwise secure it like you would
-another netrc file.
+At this point, you can use any CLI command you like.
 
-### Bash completion
+### Running Cucumber
 
-To enable bash completions, run this command:
+To install dev packages, run `bundle` from within the container:
 
-    $ conjur shellinit >> ~/.bashrc
+```sh-session
+root@2b5f618dfdcb:/# cd /usr/src/cli-ruby/
+root@2b5f618dfdcb:/usr/src/cli-ruby# bundle
+```
+
+Then you can run the cucumber tests:
+
+```sh-session
+root@2b5f618dfdcb:/usr/src/cli-ruby# cucumber
+...
+```
 
 ## Contributing
 

data/Rakefile

@@ -8,7 +8,11 @@ begin
   require 'cucumber/rake/task'
   require 'rspec/core/rake_task'
 
-  RSpec::Core::RakeTask.new :spec
+  # ci_reporter_rspec cleans and then writes results to spec/reports
+  RSpec::Core::RakeTask.new :spec do |t|
+    t.rspec_opts = '--tag ~wip --format junit'
+  end
+
   Cucumber::Rake::Task.new :features
 
   task :jenkins => ['ci:setup:rspec', :spec] do

data/bin/conjur

@@ -23,6 +23,4 @@
 require 'active_support'
 require 'conjur/cli'
 
-require 'patches/gli'
-
 exit Conjur::CLI.run(ARGV)

data/build-deb.sh

@@ -3,9 +3,7 @@
 export DEBUG=true 
 export GLI_DEBUG=true 
 
-if [[ "$(id -un)" == "jenkins" ]]; then
-  docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd
-fi  
+debify clean
 
 docker build -t conjur-cli-fpm -f Dockerfile.fpm .
 docker build -t conjur-cli-validate-packaging -f Dockerfile.validate-packaging .