conjur-cli 5.6.6 → 6.0.0.rc1

data/lib/conjur/command/rspec/helpers.rb

@@ -1,4 +1,3 @@
 require 'conjur/command/rspec/describe_command'
 require 'conjur/command/rspec/output_matchers'
 require 'conjur/command/rspec/mock_services'
-require 'conjur/command/rspec/audit_helpers'

data/lib/conjur/command/rspec/mock_services.rb

@@ -3,9 +3,10 @@ shared_context "with fake endpoints and test config" do
   let(:authz_host) { 'https://authz.example.com' }
   let(:core_host) { 'https://core.example.com/api' }
   before do
-    allow(Conjur::Authn::API).to receive(:host) { authn_host }
-    allow(Conjur::Authz::API).to receive(:host) { authz_host }
-    allow(Conjur::Core::API).to receive(:host) { core_host }
+    allow(Conjur.configuration).to receive(:account) { account }
+    allow(Conjur.configuration).to receive(:authn_url) { authn_host }
+    allow(Conjur.configuration).to receive(:authz_url) { authz_host }
+    allow(Conjur.configuration).to receive(:core_url) { core_host }
 
     ENV['GLI_DEBUG'] = 'true'
   end
@@ -20,7 +21,6 @@ shared_context "with mock authn" do
   let(:api_key) { 'sekrit' }
   let(:api) { Conjur::API.new_from_key(username, api_key) }
   before do
-    allow(Conjur::Core::API).to receive(:conjur_account) { account }
     allow(Conjur::Authn).to receive_messages(netrc: netrc, host: authn_host)
     Conjur::Config.merge 'account' => account
   end

data/lib/conjur/command/users.rb

@@ -24,116 +24,6 @@ class Conjur::Command::Users < Conjur::Command
   desc "Manage users"
   command :user do |user|
 
-    user.desc "Create a new user [DEPRECATED]"
-    user.arg_name "NAME"
-    user.command :create do |c|
-      c.desc "Prompt for a password for the user (default: --no-password)"
-      c.switch [:p,:password]
-
-      c.desc "UID number to be associated with user (optional)"
-      c.flag [:uidnumber]
-
-      c.desc "A comma-delimited list of CIDR addresses to restrict user to (optional)"
-      c.flag [:cidr]
-
-      acting_as_option(c)
-
-      interactive_option c
-
-      c.action do |global_options,options,args|
-        notify_deprecated
-
-        login = args.shift
-
-        interactive = options[:interactive] || login.blank?
-
-        groupid = options[:ownerid]
-        uidnumber = options[:uidnumber]
-        cidr = format_cidr(options[:cidr])
-        password = nil
-
-        validate_uidnumber(uidnumber)
-
-        if interactive
-          login ||= prompt_for_id :user, "login name"
-          
-          groupid ||= prompt_for_group hint: "press enter to have the user own their own record"
-          uidnumber ||= prompt_for_uidnumber
-          password = prompt_for_password unless options[:"no-password"]
-          
-          attributes = {
-            "Login"    => login,
-            "Owner" => groupid,
-            "UID Number"  => uidnumber,
-            "CIDR" => cidr
-          }
-          attributes["Password"] = "********" unless password.blank?
-          prompt_to_confirm :user, attributes
-        end
-        
-        if options[:p] && password.blank?
-          password = prompt_for_password
-        end
-        
-        user_options = { }
-        user_options[:ownerid] = groupid if groupid
-        user_options[:uidnumber] = uidnumber.to_i if uidnumber
-        user_options[:cidr] = cidr unless cidr.nil?
-        user_options[:password] = password if password
-        user = api.create_user(login, user_options)
-
-        display user
-        
-        if interactive
-          public_key = prompt_for_public_key
-          if public_key
-            api.add_public_key user.login, public_key
-            puts "Public key added"
-          end
-        end
-      end
-    end
-
-    user.desc "Show a user"
-    user.arg_name "USER"
-    user.command :show do |c|
-      c.action do |global_options,options,args|
-        id = require_arg(args, 'USER')
-        display(api.user(id), options)
-      end
-    end
-
-    user.desc "Decommission a user [DEPRECATED]"
-    user.arg_name "USER"
-    user.command :retire do |c|
-      retire_options c
-
-      c.action do |global_options,options,args|
-        notify_deprecated
-
-        id = require_arg(args, 'USER')
-        
-        user = api.user(id)
-        
-        validate_retire_privileges user, options
-
-        retire_resource user
-        retire_role user
-        give_away_resource user, options
-        
-        puts "User retired"
-      end
-    end
-
-    user.desc "List users"
-    user.command :list do |c|
-      command_options_for_list c
-
-      c.action do |global_options, options, args|
-        command_impl_for_list global_options, options.merge(kind: "user"), args
-      end
-    end
-
     user.desc "Update the password of the logged-in user"
     user.command :update_password do |c|
       c.desc "Password to use, otherwise you will be prompted"
@@ -155,9 +45,9 @@ class Conjur::Command::Users < Conjur::Command
         if options.include?(:user)
           # Make sure we're not trying to rotate our own key with the user flag.
           if api.username == options[:user]
-            exit_now! 'To rotate your own API key, use this command without the --user flag'
+            exit_now! 'To rotate the API key of the currently logged-in user, use this command without any flags or options'
           end
-          puts api.user(options[:user]).rotate_api_key
+          puts api.resource([ Conjur.configuration.account, "user", options[:user] ].join(":")).rotate_api_key
         else
           username, password = Conjur::Authn.read_credentials
           new_api_key = Conjur::API.rotate_api_key username, password
@@ -167,49 +57,6 @@ class Conjur::Command::Users < Conjur::Command
         end
       end
     end
-
-    user.desc "Update a user's attributes [DEPRECATED]"
-    user.arg_name "USER"
-    user.command :update do |c|
-      c.desc "UID number to be associated with user (optional)"
-      c.flag [:uidnumber]
-
-      c.desc "A comma-delimited list of CIDR addresses to restrict user to (optional). Use 'all' to reset"
-      c.flag [:cidr]
-
-      c.action do |global_options, options, args|
-        notify_deprecated
-
-        login=require_arg(args,'USER')
-
-        uidnumber = options[:uidnumber]
-        cidr = format_cidr(options[:cidr])
-
-        validate_uidnumber(uidnumber)
-
-        user_options = { }
-        user_options[:uidnumber] = uidnumber.to_i if uidnumber
-        user_options[:cidr] = cidr unless cidr.nil?
-
-        api.user(login).update(user_options)
-        puts "User updated"
-      end
-    end
-
-    user.desc "Find the user by UID" 
-    user.arg_name "uid"
-    user.command :uidsearch do |c| 
-      c.action do |global_options, options, args| 
-        uidnumber = require_arg(args,'uid')
-        raise "Uidnumber should be integer" unless /\d+/ =~ uidnumber
-        uidnumber=uidnumber.to_i
-        display api.find_users(uidnumber: uidnumber)
-      end
-    end
-  end
-    
-  def self.prompt_for_uidnumber
-    prompt_for_idnumber "uid number"
   end
 
   def self.format_cidr(cidr)
@@ -222,8 +69,4 @@ class Conjur::Command::Users < Conjur::Command
       cidr.split(',').each {|x| x.strip!}
     end
   end
-
-  def self.validate_uidnumber(uidnumber)
-    exit_now! 'uidnumber should be integer' unless uidnumber.blank? || /\d+/ =~ uidnumber
-  end
 end

data/lib/conjur/command/variables.rb

@@ -21,116 +21,6 @@
 class Conjur::Command::Variables < Conjur::Command
   desc "Manage variables"
   command :variable do |var|
-    var.desc "Create and store a variable [DEPRECATED]"
-    var.arg_name "NAME VALUE"
-    var.command :create do |c|
-      c.arg_name "MIME-TYPE"
-      c.flag [:m, :"mime-type"], default_value: 'text/plain'
-
-      c.arg_name "KIND"
-      c.flag [:k, :"kind"], default_value: 'secret'
-
-      c.arg_name "VALUE"
-      c.desc "Initial value, which may also be specified as the second command argument after the variable id"
-      c.flag [:v, :"value"]
-
-      acting_as_option c
-      
-      annotate_option c
-      
-      interactive_option c
-
-      c.action do |global_options,options, args|
-        notify_deprecated
-
-        @default_mime_type = c.flags[:m].default_value
-        @default_kind = c.flags[:k].default_value
-        
-        id = args.shift unless args.empty?
-        value = args.shift unless args.empty?
-        
-        exit_now! "Received conflicting value arguments" if value && options[:value]
-
-        groupid = options[:ownerid]
-        mime_type = options[:m]
-        kind = options[:k]
-        value ||= options[:v]
-        interactive = options[:interactive] || id.blank?
-        annotate = options[:annotate]
-          
-        exit_now! "Received --annotate option without --interactive" if annotate && !interactive
-          
-        annotations = {}
-        # If the user asked for interactive mode, or he didn't specify and id
-        # prompt for any missing options.
-        if interactive
-          id ||= prompt_for_id :variable
-          
-          groupid ||= prompt_for_group
-
-          kind = prompt_for_kind if !kind || kind == @default_kind
-          
-          mime_type = prompt_for_mime_type if mime_type.blank? || mime_type == @default_mime_type
-
-          annotations = prompt_for_annotations if annotate
-
-          value ||= prompt_for_value
-          
-          prompt_to_confirm :variable, "Id"    => id,
-            "Kind"  => kind,
-            "MIME type" => mime_type,
-            "Owner" => groupid,
-            "Value" => value
-        end
-        
-        variable_options = { id: id }
-        variable_options[:ownerid] = groupid if groupid
-        variable_options[:value] = value unless value.blank?
-        var = api.create_variable(mime_type, kind, variable_options)
-        api.resource(var).annotations.merge!(annotations) if annotations && !annotations.empty?
-        display(var, options)
-      end
-    end
-
-    var.desc "Show a variable"
-    var.arg_name "VARIABLE"
-    var.command :show do |c|
-      c.action do |global_options,options,args|
-        id = require_arg(args, 'VARIABLE')
-        display(api.variable(id), options)
-      end
-    end
-
-    var.desc "Decommission a variable [DEPRECATED]"
-    var.arg_name "VARIABLE"
-    var.command :retire do |c|
-      retire_options c
-      
-      c.action do |global_options,options,args|
-        notify_deprecated
-
-        id = require_arg(args, 'VARIABLE')
-        
-        variable = api.variable(id)
-
-        validate_retire_privileges variable, options
-        
-        retire_resource variable
-        give_away_resource variable, options
-        
-        puts "Variable retired"
-      end
-    end
-
-    var.desc "List variables"
-    var.command :list do |c|
-      command_options_for_list c
-
-      c.action do |global_options, options, args|
-        command_impl_for_list global_options, options.merge(kind: "variable"), args
-      end
-    end
-
     var.desc "Access variable values"
     var.command :values do |values|
       values.desc "Add a value"
@@ -139,8 +29,9 @@ class Conjur::Command::Variables < Conjur::Command
         c.action do |global_options,options,args|
           id = require_arg(args, 'VARIABLE')
           value = args.shift || STDIN.read
+          assert_empty(args)
 
-          api.variable(id).add_value(value)
+          api.resource(full_resource_id("variable:#{id}")).add_value(value)
           puts "Value added"
         end
       end
@@ -154,114 +45,10 @@ class Conjur::Command::Variables < Conjur::Command
 
       c.action do |global_options,options,args|
         id = require_arg(args, 'VARIABLE')
-        $stdout.write api.variable(id).value(options[:version])
-      end
-    end
-
-    var.desc 'Set the expiration for a variable'
-    var.command :expire do |c|
-      c.arg_name "NOW"
-      c.desc 'Set variable to expire immediately'
-      min_version c, '4.6.0'
-      c.switch [:n, :'now'], :negatable => false
-
-      c.arg_name "DAYS"
-      c.desc 'Set variable to expire after the given number of days'
-      c.flag [:d, :'days']
-
-      c.arg_name "MONTHS"
-      c.desc 'Set variable to expire after the given number of months'
-      c.flag [:m, :'months']
-
-      c.arg_name "DURATION"
-      c.desc 'Set variable to expire after the given ISO8601 duration'
-      c.flag [:i, :'in']
-
-      c.action do |global_options, options, args|
-        id = require_arg(args, 'VARIABLE')
-
-        exit_now! 'Specify only one duration' if durations(options) > 1
-        exit_now! 'Specify at least one duration' if durations(options) == 0
-
-        now = options[:n]
-        days = options[:d]
-        months = options[:m]
-
-        case
-        when now.present?
-          duration = 'P0Y'
-        when days.present?
-          duration = "P#{days.to_i}D"
-        when months.present?
-          duration = "P#{months.to_i}M"
-        else
-          duration = options[:i]
-        end
-
-        display api.variable(id).expires_in(duration)
-      end
-    end
-
-    var.desc 'Display expiring variables'
-    var.long_desc 'Only variables that expire within the given duration are displayed. If no duration is provided, show all visible variables that are set to expire.'
-    var.command :expirations do |c|
-      c.arg_name 'DAYS'
-      c.desc 'Display variables that expire within the given number of days'
-      min_version c, '4.6.0'
-      c.flag [:d, :'days']
-
-      c.arg_name 'MONTHS'
-      c.desc 'Display variables that expire within the given number of months'
-      c.flag [:m, :'months']
-
-      c.arg_name 'IN'
-      c.desc 'Display variables that expire within the given ISO8601 interval'
-      c.flag [:i, :'in']
-
-      c.action do | global_options, options, args|
-
-        days = options[:d]
-        months = options[:m]
-        duration = options[:i]
-
-        exit_now! 'Specify only one duration' if durations(options) > 1
-
-        case
-        when days.present?
-          duration = "P#{days.to_i}D"
-        when months.present?
-          duration = "P#{months.to_i}M"
-        end
-
-        display api.variable_expirations(duration)
-      end
-    end
-
-  end
-
-  class << self
-    def prompt_for_kind
-      highline.ask('Enter the kind: ') {|q| q.default = @default_kind }
-    end
-    
-    def prompt_for_mime_type
-      highline.choose do |menu|
-        menu.prompt = 'Enter the MIME type: '
-        menu.choice  @default_mime_type 
-        menu.choices *%w(application/json application/xml application/x-yaml application/x-pem-file)
-        menu.choice "other", nil do |c|
-          @highline.ask('Enter a custom mime type: ')
-        end
+        assert_empty(args)
+        
+        $stdout.write api.resource(full_resource_id("variable:#{id}")).value(options[:version])
       end
     end
-    
-    def prompt_for_value
-      read_till_eof('Enter the secret value (^D on its own line to finish):')
-    end
-    
-    def durations(options)
-      [options[:n],options[:d],options[:m],options[:i]].count {|o| o.present?}
-    end
   end
-
 end