conjur-cli 5.6.6 → 6.0.0.rc1

data/publish-deb.sh

@@ -1,6 +0,0 @@
-#!/bin/bash -e
-
-distribution=$1
-component=${2:-`echo $BRANCH_NAME | sed 's/^origin\///' | tr '/' '.'`}
-
-exec summon -f ci/secrets/publish.yml ./ci/publish.sh $distribution $component

data/push-image

@@ -1,29 +0,0 @@
-#!/bin/bash -e
-
-# Push the 'cli:4' image to Dockerhub when on the 'v4' branch
-
-cd "$(git rev-parse --show-toplevel)"
-
-TAG="4-${1:-$(cat VERSION)-$(git rev-parse --short HEAD)}"
-IMAGE='cyberark/conjur-cli'
-
-function tag_and_push() {
-    local image="$1"
-    local tag="$2"
-    local description="$3"
-
-    echo "TAG = $tag, $description"
-
-    docker tag "$image" "$image:$tag"
-    docker push "$image:$tag"
-}
-
-if [[ "$BRANCH_NAME" == 'v4' ]]; then
-    bare_tag='4'
-    latest_tag='4-latest'
-    stable_tag="4-$(cat VERSION)"
-
-    tag_and_push $IMAGE $bare_tag   'latest image (bare)'
-    tag_and_push $IMAGE $latest_tag 'latest image'
-    tag_and_push $IMAGE $stable_tag 'stable image'
-fi

data/spec/command/assets_spec.rb

@@ -1,115 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::Command::Assets, logged_in: true do
-
-  let(:asset) {  double(attributes: asset_attributes ) }
-  let(:asset_attributes) { {"some"=>"attributes" } }
-  before(:each) { allow(api).to receive(KIND.to_sym).and_return(asset) }
-
-  context "asset:create" do
-    before(:each) { 
-      allow(api).to receive(:method).with("create_#{KIND}").and_return(double(arity:1))
-      allow(api).to receive("create_#{KIND}".to_sym).and_return(asset)
-    }
-    describe_command "asset:create #{KIND}:#{ID}" do
-      it "calls api.create_#{KIND}(id:#{ID})" do
-        expect(api).to receive("create_#{KIND}".to_sym).with(id: ID)
-        invoke_silently
-      end
-      it "writes JSONised attributes to stdout" do
-        expect(JSON.parse( expect { invoke }.to write )).to eq(asset_attributes)
-      end
-    end
-    describe_command "asset:create #{KIND}" do
-      it "calls api.create_#{KIND}({})" do
-        expect(api).to receive("create_#{KIND}".to_sym).with({})
-        invoke_silently
-      end
-      it "writes JSONised attributes to stdout" do
-        expect(JSON.parse( expect { invoke }.to write )).to eq(asset_attributes)
-      end
-    end
-  end
-
-  describe_command "asset:show #{KIND}:#{ID}" do
-    it "obtains asset instance as api.#{KIND}(#{ID})" do
-      expect(api).to receive(KIND.to_sym).with(ID)
-      invoke_silently
-    end
-    it "writes JSONised attributes to stdout" do
-      expect(JSON.parse( expect { invoke }.to write )).to eq(asset_attributes)
-    end
-  end
-
-  describe_command "asset:exists #{KIND}:#{ID}" do
-    let(:exists_response) { "exists? response" }
-    before(:each) { allow(asset).to receive(:exists?).and_return(exists_response) }
-    it "obtains asset instance as api.#{KIND}(#{ID})" do
-      expect(api).to receive(KIND.to_sym).with(ID)
-      invoke_silently
-    end
-    it "calls asset.exists?" do
-      expect(asset).to receive(:exists?)
-      invoke_silently
-    end
-    it "writes response to stdout" do
-      expect { invoke }.to write exists_response
-    end
-  end
-
-  describe_command "asset:list #{KIND}" do
-    let(:assets_names) { %W[klaatu barada nikto] }
-    let(:assets_list) { 
-      assets_names.map { |x| 
-        double(attributes: { "id" => x } )
-      }
-    }
-    before(:each) { allow(api).to receive("#{KIND}s".to_sym).and_return(assets_list) }
-
-    it "calls api.#{KIND}s" do
-      expect(api).to receive("#{KIND}s".to_sym)
-      invoke_silently
-    end
-    it "for each asset from response displays it's attributes" do
-      expect { invoke }.to write assets_names.
-                                  map { |x| 
-                                    JSON.pretty_generate(id:x)
-                                  }.join("\n")
-    end
-  end
-
-  shared_examples 'it obtains asset by kind and id' do
-    it "obtains asset instance as api.#{KIND}(#{ID})" do
-      expect(api).to receive(KIND.to_sym).with(ID)
-      invoke_silently
-    end
-  end
-  
-  shared_context "asset instance" do
-    before(:each) { 
-      allow(api).to receive(KIND.to_sym).and_return(asset) 
-      allow(asset).to receive(:add_member)
-      allow(asset).to receive(:remove_member)
-    }
-  end
-
-  describe_command "asset:members:add #{KIND}:#{ID} #{ROLE} #{MEMBER}" do
-    include_context "asset instance"
-    it_behaves_like "it obtains asset by kind and id"
-    it 'calls role.grant_to(member,...)' do
-      expect(asset).to receive(:add_member).with(ROLE, MEMBER, anything)
-      invoke_silently
-    end
-    it { expect { invoke }.to write "Membership granted" }
-  end
-  
-  describe_command "asset:members:remove #{KIND}:#{ID} #{ROLE} #{MEMBER}" do
-    include_context "asset instance"
-    it_behaves_like "it obtains asset by kind and id"
-    it 'calls role.revoke_from(member)' do
-      expect(asset).to receive(:remove_member).with(ROLE, MEMBER)
-      invoke_silently
-    end
-    it { expect { invoke }.to write "Membership revoked" }
-  end
-end

data/spec/command/audit_spec.rb

@@ -1,376 +0,0 @@
-require 'spec_helper'
-
-describe Conjur::Command::Audit, logged_in: true do
-  let(:events) { [{'foo' => 'bar', 'zelda' => 'link', 'abc' => 'xyz'}, {'some' => 'other event'}] }
-
-  def expect_api_call method, *args
-    expect(api).to receive(method.to_sym).with(*args).and_return events
-    #described_class.should_receive(:show_audit_events).with(events, an_instance_of(Hash))
-  end
-
-  def invoke_expecting_api_call method, *args
-    expect_api_call method, *args
-    invoke
-  end
-
-  def self.describe_command_success cmd, method, *expected_args, &block
-    describe_command cmd do
-      it "calls api.#{method}(#{expected_args.map(&:inspect).join(',')})" do
-        instance_eval(&block) if block
-        invoke_expecting_api_call method, *expected_args
-      end
-    end
-  end
-
-  def self.it_calls_the_api command, api_method, *api_args, &block
-    describe_command_success command, api_method, *api_args, &block
-  end
-
-
-  def self.it_fails command, *raise_error_args
-    unless raise_error_args.empty? or ::Class === raise_error_args.first
-      raise_error_args.unshift Exception
-    end
-    describe_command command do
-      it "raises #{raise_error_args.map(&:inspect).join ' '}" do
-        expect { invoke_silently }.to raise_error(*raise_error_args)
-      end
-    end
-  end
-
-  describe "audit:role" do
-    context "with an argument" do
-      context "of a full id" do
-        it_calls_the_api "audit:role foo:bar:baz", :audit_role, 'foo:bar:baz', {}
-      end
-      context "without an account" do
-        it_calls_the_api "audit:role bar:baz", :audit_role, 'the-conjur-account:bar:baz', {} do
-          allow(Conjur::Command).to receive_messages(conjur_account: "the-conjur-account")
-        end
-      end
-      context "without enough tokens" do
-        it_fails "audit:role not-enough-tokens", RuntimeError, /expecting at least two tokens/i
-      end
-    end
-  end
-
-  describe "audit:resource" do
-    context "without an argument" do
-      it_fails "audit:resource", /missing parameter: resource/i
-    end
-    context "with an argument of" do
-      context "a full id" do
-        it_calls_the_api "audit:resource foo:bar:baz", :audit_resource, "foo:bar:baz", {}
-      end
-      context "an id with two tokens" do
-        it_calls_the_api "audit:resource foo:bar", :audit_resource, "the-conjur-account:foo:bar", {} do
-          allow(Conjur::Command).to receive_messages(conjur_account: "the-conjur-account")
-        end
-      end
-      context "an id with one token" do
-        it_fails "audit:resource foo", /expecting at least two tokens/i
-      end
-    end
-  end
-  
-  describe "audit:all" do
-    it_calls_the_api "audit:all", :audit, {}
-  end
-
-  describe "output formatting:" do
-    include_context "default audit behavior"
-    
-    before {
-      allow(api).to receive(:audit_event_feed).and_yield([audit_event])
-    }
-
-    describe_command "audit all" do
-      let(:audit_event) { default_audit_event }
-      it 'prints full JSON retrieved from API' do
-        expect { invoke }.to write( JSON.pretty_generate(audit_event)  )
-      end
-    end
-
-    describe_command "audit all -s" do
-      let(:common_prefix) { "[#{default_audit_event["timestamp"]}] #{default_audit_event["user"]}" }
-      let(:audit_event) { test_event }
-      shared_examples_for "it supports standard prefix:" do
-        describe "if acting_as is the same as user" do
-          let(:audit_event) { test_event.tap { |e| e["acting_as"]=e["user"] } }
-          it "prints default prefix" do
-            expect { invoke }.to write(common_prefix)
-          end
-          it "does not print 'acting_as' statement" do
-            expect { invoke }.to_not write(common_prefix+" (as ")
-          end
-        end
-
-        describe "if acting_as is different from user" do
-          it 'prints default prefix followed by (acting as..) statement' do
-            expect { invoke }.to write(common_prefix+" (as #{audit_event['acting_as']})")
-          end
-        end
-      end
-
-      shared_examples_for "it recognizes error messages:" do
-        describe "if :error is not empty" do
-          let(:audit_event) { test_event.merge("error"=>"everything's down") }
-          it 'appends (failed with...) statement' do
-            expect { invoke }.to write(" (failed with everything's down)")
-          end
-        end
-        describe "if :error is empty" do
-          it 'does not print "failed with" statement' do
-            expect { invoke }.not_to write(" (failed with ")
-          end
-        end
-        
-      end       
-
-      describe "(unknown kind:action)" do
-        let(:test_event) { default_audit_event }
-        it_behaves_like "it supports standard prefix:" 
-        it_behaves_like "it recognizes error messages:"
-        it "prints 'unknown event: <kind>:<action>'" do
-          expect { invoke }.to write(" unknown event: some_asset:some_action!")
-        end
-      end
-
-      describe "(resource:check)" do
-        let(:test_event) { default_audit_event.merge("kind"=>"resource",
-                                                      "action"=>"check", 
-                                                      "privilege"=>"fry", 
-                                                      "resource"=>"food:bacon",
-                                                      "allowed" => "false" 
-                                                     ) 
-                          }
-        it_behaves_like "it supports standard prefix:" 
-        it_behaves_like "it recognizes error messages:"
-        it "prints 'checked that they...'" do
-          expect { invoke }.to write(" checked that they can fry food:bacon (false)")
-        end
-      
-      end
-
-      describe "(resource:create)" do
-        let(:test_event) { default_audit_event.merge("kind"=>"resource", "action" => "create",
-                                                      "resource" => "food:bacon", 
-                                                      "owner" => "user:cook" 
-                                                    ) 
-                         }
-        it_behaves_like "it supports standard prefix:" 
-        it_behaves_like "it recognizes error messages:"
-        it "prints 'created resource ... owned by ... '" do
-          expect { invoke }.to write(" created resource food:bacon owned by user:cook")
-        end
-      end
-
-      describe "(resource:update)" do
-        let(:test_event) { default_audit_event.merge("kind"=>"resource", "action" => "update",
-                                                      "resource" => "food:bacon", 
-                                                      "owner" => "user:cook" 
-                                                    ) 
-                         }
-        it_behaves_like "it supports standard prefix:" 
-        it_behaves_like "it recognizes error messages:"
-        it "prints 'gave .. to .. '" do
-          expect { invoke }.to write(" gave food:bacon to user:cook")
-        end
-      end
- 
-      describe "(resource:destroy)" do
-        let(:test_event) { default_audit_event.merge("kind"=>"resource", "action" => "destroy",
-                                                      "resource" => "food:bacon"
-                                                    ) 
-                         }
-        it_behaves_like "it supports standard prefix:" 
-        it_behaves_like "it recognizes error messages:"
-        it "prints 'destroyed resource ... '" do
-          expect { invoke }.to write(" destroyed resource food:bacon")
-        end
-      end
-      
-      describe "(resource:permit)" do
-        let(:test_event) { default_audit_event.merge("kind"=>"resource", "action" => "permit",
-                                                     "resource" => "food:bacon",
-                                                     "privilege" => "fry",
-                                                     "grantee" => "user:cook"
-                                                    ) 
-                         }
-        it_behaves_like "it supports standard prefix:" 
-        it_behaves_like "it recognizes error messages:"
-        it "prints 'permitted .. to .. (grant option: .. ) '" do
-          expect { invoke }.to write(" permitted user:cook to fry food:bacon (grant option: false)")
-        end
-      end
-      
-      describe "(resource:deny)" do
-        let(:test_event) { default_audit_event.merge("kind"=>"resource", "action" => "deny",
-                                                     "resource" => "food:bacon",
-                                                     "privilege" => "fry",
-                                                     "grantee" => "user:cook"
-                                                    ) 
-                         }
-        it_behaves_like "it supports standard prefix:" 
-        it_behaves_like "it recognizes error messages:"
-        it "prints 'denied .. from .. on ..'" do
-          expect { invoke }.to write(" denied fry from user:cook on food:bacon")
-        end
-      end
-
-      describe "(resource:permitted_roles)" do
-        let(:test_event) { default_audit_event.merge("kind"=>"resource", "action" => "permitted_roles",
-                                                     "resource" => "food:bacon",
-                                                     "privilege" => "fry"
-                                                    ) 
-                         }
-        it_behaves_like "it supports standard prefix:" 
-        it_behaves_like "it recognizes error messages:"
-        it "prints 'listed roles permitted to .. on ..'" do
-          expect { invoke }.to write(" listed roles permitted to fry on food:bacon")
-        end
-      end
-
-      describe "(role:check)" do
-        let(:options_set) { 
-          {
-             "kind"=>"role", "action" => "check",
-             "resource" => "food:bacon",
-             "privilege" => "fry",
-             "allowed" => "false"
-          }
-        }
-        describe 'on themselves' do
-          let(:test_event) { default_audit_event.merge(options_set).merge("role" => default_audit_event["user"]) }
-          it_behaves_like "it supports standard prefix:" 
-          it_behaves_like "it recognizes error messages:"
-          it "prints 'checked that they...'" do
-            expect { invoke }.to write(" checked that they can fry food:bacon (false)")
-          end
-        end
-        describe 'on others' do
-          let(:test_event) { default_audit_event.merge(options_set).merge("role" => "some:other:guy") }
-          it_behaves_like "it supports standard prefix:" 
-          it_behaves_like "it recognizes error messages:"
-          it "prints 'checked that they...'" do
-            expect { invoke }.to write(" checked that some:other:guy can fry food:bacon (false)")
-          end
-        end
-      end
-
-      describe "(role:grant)" do
-        let(:options_set) { 
-          {
-             "kind"=>"role", "action" => "grant",
-             "member" => "other:guy",
-             "role" => "super:user"
-          }
-        }
-        describe 'without admin option' do
-          let(:test_event) { default_audit_event.merge(options_set) }
-          it_behaves_like "it supports standard prefix:" 
-          it_behaves_like "it recognizes error messages:"
-          it "prints 'granted role .. to .. without admin'" do
-            expect { invoke }.to write(" granted role super:user to other:guy without admin")
-          end
-        end
-        describe 'with admin option' do
-          let(:test_event) { default_audit_event.merge(options_set).merge("admin_option" => true) }
-          it_behaves_like "it supports standard prefix:" 
-          it_behaves_like "it recognizes error messages:"
-          it "prints 'granted role .. to .. with admin'" do
-            expect { invoke }.to write(" granted role super:user to other:guy with admin")
-          end
-        end
-      end
-    
-      describe "(role:revoke)" do
-        let(:test_event) { default_audit_event.merge("kind"=>"role", "action" => "revoke",
-                                                     "role" => "super:user",
-                                                     "member" => "other:guy"
-                                                    ) 
-                         }
-        it_behaves_like "it supports standard prefix:" 
-        it_behaves_like "it recognizes error messages:"
-        it "prints 'revoked role .. from .." do
-          expect { invoke }.to write(" revoked role super:user from other:guy")
-        end
-      end
-
-      describe "(role:create)" do
-        let(:test_event) { default_audit_event.merge("kind"=>"role", "action" => "create",
-                                                     "role" => "super:user",
-                                                    ) 
-                         }
-        it_behaves_like "it supports standard prefix:" 
-        it_behaves_like "it recognizes error messages:"
-        it "prints 'created role .. " do
-          expect { invoke }.to write(" created role super:user")
-        end
-      end
-
-      describe 'audit of ssh:sudo' do
-        let(:ssh_event) { default_audit_event.merge('kind' => 'audit', 'facility' => 'ssh',  'action' => 'sudo', 'command' => '/bin/ls', 'system_user' => 'test_user', 'target_user' => 'root') }
-        context 'when sudo successful' do
-          let(:test_event) { ssh_event.merge('allowed' => true) }
-          it 'prints <user> ran <command>' do
-            expect { invoke }.to write(" test_user ran '/bin/ls' as root")
-          end
-        end
-
-        context 'when sudo fails' do
-          let(:test_event) { ssh_event.merge('allowed' => false) }
-          
-          it 'prints <user> attempted to run <command>' do
-            expect { invoke }.to write(" test_user attempted to run '/bin/ls' as root")
-          end
-        end
-      end
-
-      describe '(conjur:use_extra_privilege)' do
-        let(:priv) { 'elevate' }
-        let(:test_event) { default_audit_event.merge('kind' => 'conjur', 'action' => 'use_extra_privilege', 'privilege' => priv) }
-        
-        it_behaves_like 'it supports standard prefix:'
-        it_behaves_like 'it recognizes error messages:'
-        it 'prints the extra privilege' do
-          expect { invoke }.to write(" requested extra privilege #{priv}")
-        end
-      end
-        
-    end
-  end
-
-  describe "limit and offset" do
-    let(:events) { (1 .. 5).map { |x| { event: x } } }
-    before {
-      allow(api).to receive(:audit_event_feed).and_yield(events)
-    }
-
-    describe_command "audit all" do 
-      it "prints all the elements" do
-        expect(expect { invoke }.to write).to eq(events.map {|e| JSON.pretty_generate(e)}.join("\n")+"\n")  
-      end
-    end
-
-    describe_command "audit all -l 2" do  
-      it "prints only <limit> elements" do
-        expect(expect { invoke }.to write).to eq(events[0..1].map {|e| JSON.pretty_generate(e)}.join("\n")+"\n")  
-      end
-    end
-
-    describe_command "audit all -o 2" do  
-      it "skips <offset> elements" do
-        expect(expect { invoke }.to write).to eq(events[2..4].map {|e| JSON.pretty_generate(e)}.join("\n")+"\n")   
-      end
-    end
-
-    describe_command "audit all -o 2 -l 2" do
-      it "skips <offset> elements and prints only <limit> of remaining part" do
-        expect(expect { invoke }.to write).to eq(events[2..3].map {|e| JSON.pretty_generate(e)}.join("\n")+"\n")
-      end
-    end
-
-  end
-
-end