conjur-cli 6.0.1 → 6.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. checksums.yaml +4 -4
  2. data/.github/CODEOWNERS +10 -0
  3. data/.github/ISSUE_TEMPLATE/bug.md +42 -0
  4. data/.github/ISSUE_TEMPLATE/feature_request.md +27 -0
  5. data/.github/PULL_REQUEST_TEMPLATE.md +21 -0
  6. data/.gitleaks.toml +216 -0
  7. data/CHANGELOG.md +63 -209
  8. data/CONTRIBUTING.md +81 -0
  9. data/Jenkinsfile +84 -40
  10. data/LICENSE +202 -0
  11. data/NOTICES.txt +421 -0
  12. data/README.md +285 -41
  13. data/Rakefile +0 -1
  14. data/SECURITY.md +42 -0
  15. data/VERSION +1 -1
  16. data/bin/conjur +3 -1
  17. data/bin/parse-changelog.sh +12 -0
  18. data/build-standalone +42 -3
  19. data/ci/cli-test.sh +5 -1
  20. data/ci/submit-coverage +36 -0
  21. data/ci/test.sh +1 -1
  22. data/conjur-cli.gemspec +15 -13
  23. data/dev/docker-compose.yml +1 -0
  24. data/dev/start.sh +24 -4
  25. data/docker-compose.yml +2 -1
  26. data/features/authorization/resource/check.feature +6 -0
  27. data/features/authorization/resource/exists.feature +10 -3
  28. data/features/hostfactory/tokens.feature +1 -1
  29. data/features/pubkeys/show.feature +0 -4
  30. data/features/step_definitions/authn_steps.rb +1 -1
  31. data/features/step_definitions/cli_steps.rb +0 -19
  32. data/features/step_definitions/overrides.rb +3 -5
  33. data/features/support/env.rb +3 -1
  34. data/features/support/hooks.rb +0 -11
  35. data/lib/conjur/cli.rb +4 -3
  36. data/lib/conjur/command/hosts.rb +1 -1
  37. data/lib/conjur/command/ldap_sync.rb +37 -0
  38. data/lib/conjur/command/rspec/mock_services.rb +7 -1
  39. data/lib/conjur/command/users.rb +5 -1
  40. data/lib/conjur/version.rb +1 -1
  41. data/needs-publishing +28 -0
  42. data/push-image +46 -28
  43. data/spec/authn_spec.rb +4 -4
  44. data/spec/command/authn_spec.rb +2 -2
  45. data/spec/command/hosts_spec.rb +23 -3
  46. data/spec/command/init_spec.rb +37 -27
  47. data/spec/command/ldap_sync_spec.rb +38 -0
  48. data/spec/command/users_spec.rb +13 -0
  49. data/spec/spec_helper.rb +5 -2
  50. data/test.sh +5 -0
  51. metadata +80 -77
  52. data/LICENSE.md +0 -195
@@ -36,7 +36,7 @@ class Conjur::Command::Hosts < Conjur::Command
36
36
  host_resourceid = full_resource_id("host:#{host}")
37
37
 
38
38
  unless api.resource(host_resourceid).exists?
39
- exit_now! "host '#{host}' not found"
39
+ exit_now! "Host '#{host}' not found"
40
40
  end
41
41
 
42
42
  # Prepend 'host/' if it wasn't passed in
@@ -0,0 +1,37 @@
1
+ require 'conjur/command'
2
+
3
+ class Conjur::Command::LDAPSync < Conjur::Command
4
+ desc 'LDAP sync management commands'
5
+ command :'ldap-sync' do |cgrp|
6
+
7
+ cgrp.desc 'Manage the policy used to sync Conjur and the LDAP server'
8
+ cgrp.command :policy do |policy|
9
+
10
+ policy.desc 'Show the current policy'
11
+ policy.command :show do |show|
12
+
13
+ show.desc 'LDAP Sync profile to use (defined in UI)'
14
+ show.arg_name 'profile'
15
+ show.flag ['p', 'profile'], default_value: 'default'
16
+
17
+ show.action do |_,options,_|
18
+ begin
19
+ resp = api.ldap_sync_policy(config_name: options[:profile])
20
+
21
+ if (policy = resp['policy'])
22
+ if resp['ok']
23
+ puts(policy)
24
+ else
25
+ exit_now! 'Failed creating the policy.'
26
+ end
27
+ else
28
+ exit_now! resp['error']['message']
29
+ end
30
+ rescue RestClient::ResourceNotFound => ex
31
+ exit_now! "LDAP sync is not supported by the server #{Conjur.configuration.appliance_url}"
32
+ end
33
+ end
34
+ end
35
+ end
36
+ end
37
+ end
@@ -29,7 +29,13 @@ end
29
29
  shared_context "when logged in", logged_in: true do
30
30
  include_context "with mock authn"
31
31
  before do
32
- allow(api).to receive(:credentials) { {} }
32
+ allow(api).to receive(:credentials) do
33
+ {
34
+ :username => 'dknuth',
35
+ :headers => { :authorization => "fakeauth" },
36
+ }
37
+ end
38
+
33
39
  netrc[authn_host] = [username, api_key]
34
40
  allow(Conjur::Command).to receive_messages api: api
35
41
  end
@@ -47,7 +47,11 @@ class Conjur::Command::Users < Conjur::Command
47
47
  if api.username == options[:user]
48
48
  exit_now! 'To rotate the API key of the currently logged-in user, use this command without any flags or options'
49
49
  end
50
- puts api.resource([ Conjur.configuration.account, "user", options[:user] ].join(":")).rotate_api_key
50
+ user_resource_id = [Conjur.configuration.account, "user", options[:user]].join(":")
51
+ unless api.resource(user_resource_id).exists?
52
+ exit_now! "User '#{options[:user]}' not found"
53
+ end
54
+ puts api.resource(user_resource_id).rotate_api_key
51
55
  else
52
56
  username, password = Conjur::Authn.read_credentials
53
57
  new_api_key = Conjur::API.rotate_api_key username, password
@@ -19,6 +19,6 @@
19
19
  # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
20
  #
21
21
  module Conjur
22
- VERSION = '6.0.1'
22
+ VERSION = '6.2.3'
23
23
  ::Version=VERSION
24
24
  end
@@ -0,0 +1,28 @@
1
+ #!/bin/bash -ex
2
+
3
+ echo "Determining if publishing is requested..."
4
+
5
+ VERSION=$(ruby -I lib -r conjur/version -e 'puts Conjur::VERSION')
6
+ echo Declared version: $VERSION
7
+
8
+ if curl -s https://rubygems.org/api/v1/versions/conjur-cli.json | jq -e ".[] | select(.number == \"$VERSION\")" >/dev/null; then
9
+ echo "Found $VERSION on rubygems, not republishing"
10
+ exit 1
11
+ fi
12
+
13
+ # Jenkins git plugin is broken and always fetches with `--no-tags`
14
+ # (or `--tags`, neither of which is what you want), so tags end up
15
+ # not being fetched. Try to fix that.
16
+ # (Unfortunately this fetches all remote heads, so we may have to find
17
+ # another solution for bigger repos.)
18
+ git fetch -q
19
+
20
+ # note when tag not found git rev-parse will just print its name
21
+ # TAG=`git rev-parse tags/v$VERSION 2>/dev/null || :`
22
+ TAG=`git rev-list -n 1 "v$VERSION" 2>/dev/null || :`
23
+ echo Tag v$VERSION: $TAG
24
+
25
+ HEAD=`git rev-parse HEAD`
26
+ echo HEAD: $HEAD
27
+
28
+ test "$HEAD" = "$TAG"
data/push-image CHANGED
@@ -1,28 +1,46 @@
1
- #!/bin/bash -eu
2
-
3
- # Push the 'cli:5' image to Dockerhub when on the 'master' branch
4
-
5
- cd "$(git rev-parse --show-toplevel)"
6
-
7
- IMAGE='cyberark/conjur-cli'
8
-
9
- function tag_and_push() {
10
- local image="$1"
11
- local tag="$2"
12
- local description="$3"
13
-
14
- echo "TAG = $tag, $description"
15
-
16
- docker tag "$image" "$image:$tag"
17
- docker push "$image:$tag"
18
- }
19
-
20
- version_tag="5-$(cat VERSION)"
21
-
22
- tag_and_push $IMAGE '5' 'latest image'
23
- tag_and_push $IMAGE '5-latest' 'same as "5"'
24
- tag_and_push $IMAGE $version_tag 'version-specific image'
25
-
26
- # push to legacy `conjurinc/cli5` tag
27
- docker tag "$IMAGE" conjurinc/cli5:latest
28
- docker push conjurinc/cli5:latest
1
+ #!/bin/bash
2
+
3
+ set -e
4
+
5
+ readonly REGISTRY="cyberark"
6
+ readonly INTERNAL_REGISTRY="registry2.itci.conjur.net"
7
+ readonly VERSION="$(cat VERSION)"
8
+ readonly VERSION_TAG="5-${VERSION}"
9
+ readonly image_name="conjur-cli"
10
+ readonly full_image_name="${REGISTRY}/${image_name}:latest"
11
+
12
+ readonly TAGS=(
13
+ "5"
14
+ "5-latest"
15
+ "$VERSION_TAG"
16
+ )
17
+
18
+ # fetching tags is required for git_description to work
19
+ git fetch --tags
20
+ git_description=$(git describe)
21
+
22
+ # if it’s not a tagged commit, VERSION will have extra junk (i.e. -g666c4b2), so we won’t publish that commit
23
+ # only when tag matches the VERSION, push VERSION and latest releases
24
+ # and x and x.y releases
25
+ #Ex: v5-6.2.1
26
+ if [ "${git_description}" = "v${VERSION}" ]; then
27
+ echo "Revision ${git_description} matches version ${VERSION} exactly. Pushing to Dockerhub..."
28
+
29
+ for tag in "${TAGS[@]}"; do
30
+ echo "Tagging and pushing ${REGISTRY}/${image_name}:${tag}"
31
+
32
+ # push to dockerhub
33
+ docker tag "${full_image_name}" "${REGISTRY}/${image_name}:${tag}"
34
+ docker push "${REGISTRY}/${image_name}:${tag}"
35
+
36
+ # push to internal registry
37
+ # necessary because some cyberark teams/networks can't pull from dockerhub
38
+ docker tag "${full_image_name}" "${INTERNAL_REGISTRY}/${image_name}:${tag}"
39
+ docker push "${INTERNAL_REGISTRY}/${image_name}:${tag}"
40
+
41
+ done
42
+
43
+ # push to legacy `conjurinc/cli5` tag
44
+ docker tag "${full_image_name}" conjurinc/cli5:latest
45
+ docker push conjurinc/cli5:latest
46
+ fi
@@ -37,11 +37,11 @@ describe Conjur::Authn do
37
37
  allow(ENV).to receive(:[]).with("CONJUR_AUTHN_LOGIN").and_return "the-login"
38
38
  allow(ENV).to receive(:[]).with("CONJUR_AUTHN_API_KEY").and_return "the-api-key"
39
39
  end
40
-
40
+
41
41
  context "login and API key" do
42
42
  it "are used to authn" do
43
43
  expect(Conjur::Authn.get_credentials).to eq([ "the-login", "the-api-key" ])
44
-
44
+
45
45
  expect(api.username).to eq('the-login')
46
46
  expect(api.api_key).to eq('the-api-key')
47
47
  end
@@ -94,7 +94,7 @@ describe Conjur::Authn do
94
94
  before do
95
95
  allow(Conjur::Config).to receive(:[]).with(:netrc_path).and_return path
96
96
  end
97
-
97
+
98
98
  context "with specified netrc_path" do
99
99
  let(:path) { "/a/dummy/netrc/path" }
100
100
  it "consults Conjur::Config for netrc_path" do
@@ -102,7 +102,7 @@ describe Conjur::Authn do
102
102
  expect(Conjur::Authn.netrc).to eq(netrc)
103
103
  end
104
104
  end
105
-
105
+
106
106
  context "without specified netrc_path" do
107
107
  let(:path) { nil }
108
108
  it "uses default netrc path" do
@@ -10,14 +10,14 @@ describe Conjur::Command::Authn do
10
10
  describe_command "#{cmd}" do
11
11
  it "prompts for username and password and logs in the user" do
12
12
  expect(Conjur::Authn).to receive(:ask_for_credentials).with({}).and_return [ "the-user", "the-api-key" ]
13
-
13
+
14
14
  expect { invoke }.to write("Logged in")
15
15
  end
16
16
  end
17
17
  describe_command "#{cmd} -u the-user" do
18
18
  it "prompts for password and logs in the user" do
19
19
  expect(Conjur::Authn).to receive(:ask_for_credentials).with({username: 'the-user'}).and_return [ "the-user", "the-api-key" ]
20
-
20
+
21
21
  expect { invoke }.to write("Logged in")
22
22
  end
23
23
  end
@@ -9,13 +9,19 @@ describe Conjur::Command::Hosts, logged_in: true do
9
9
  expect(RestClient::Request).to receive(:execute).with({
10
10
  method: :head,
11
11
  url: "https://core.example.com/api/resources/#{account}/host/redis001",
12
- headers: {}
12
+ headers: {
13
+ authorization: "fakeauth",
14
+ },
15
+ username: "dknuth",
13
16
  }).and_return true
14
17
  expect(RestClient::Request).to receive(:execute).with({
15
18
  method: :put,
16
19
  url: "https://core.example.com/api/authn/#{account}/api_key?role=#{account}:host:redis001",
17
- headers: {},
18
- payload: ''
20
+ headers: {
21
+ authorization: "fakeauth",
22
+ },
23
+ payload: '',
24
+ username: "dknuth",
19
25
  }).and_return double(:response, body: 'new api key')
20
26
  end
21
27
 
@@ -23,5 +29,19 @@ describe Conjur::Command::Hosts, logged_in: true do
23
29
  invoke
24
30
  end
25
31
  end
32
+
33
+ describe_command 'host rotate_api_key --host non-existing' do
34
+ before do
35
+ expect(RestClient::Request).to receive(:execute).with({
36
+ method: :head,
37
+ url: "https://core.example.com/api/resources/#{account}/host/non-existing",
38
+ headers: {authorization: "fakeauth"},
39
+ username: username,
40
+ }).and_raise RestClient::ResourceNotFound
41
+ end
42
+ it 'rotate_api_key with non-existing --host option' do
43
+ expect { invoke }.to raise_error(GLI::CustomExit, /Host 'non-existing' not found/i)
44
+ end
45
+ end
26
46
  end
27
47
  end
@@ -1,36 +1,46 @@
1
1
  require 'spec_helper'
2
2
  require 'highline'
3
3
 
4
- GITHUB_FP = "SHA1 Fingerprint=D7:9F:07:61:10:B3:92:93:E3:49:AC:89:84:5B:03:80:C1:9E:2F:8B"
4
+ GITHUB_FP = "SHA1 Fingerprint=5F:3F:7A:C2:56:9F:50:A4:66:76:47:C6:A1:8C:A0:07:AA:ED:BB:8E"
5
5
  GITHUB_CERT = <<EOF
6
6
  -----BEGIN CERTIFICATE-----
7
- MIIEtjCCA56gAwIBAgIQDHmpRLCMEZUgkmFf4msdgzANBgkqhkiG9w0BAQsFADBs
7
+ MIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw
8
8
  MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
9
- d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
10
- ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowdTEL
11
- MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
12
- LmRpZ2ljZXJ0LmNvbTE0MDIGA1UEAxMrRGlnaUNlcnQgU0hBMiBFeHRlbmRlZCBW
13
- YWxpZGF0aW9uIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
14
- ggEBANdTpARR+JmmFkhLZyeqk0nQOe0MsLAAh/FnKIaFjI5j2ryxQDji0/XspQUY
15
- uD0+xZkXMuwYjPrxDKZkIYXLBxA0sFKIKx9om9KxjxKws9LniB8f7zh3VFNfgHk/
16
- LhqqqB5LKw2rt2O5Nbd9FLxZS99RStKh4gzikIKHaq7q12TWmFXo/a8aUGxUvBHy
17
- /Urynbt/DvTVvo4WiRJV2MBxNO723C3sxIclho3YIeSwTQyJ3DkmF93215SF2AQh
18
- cJ1vb/9cuhnhRctWVyh+HA1BV6q3uCe7seT6Ku8hI3UarS2bhjWMnHe1c63YlC3k
19
- 8wyd7sFOYn4XwHGeLN7x+RAoGTMCAwEAAaOCAUkwggFFMBIGA1UdEwEB/wQIMAYB
20
- Af8CAQAwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
21
- BQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp
22
- Z2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2Vy
23
- dC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2
24
- MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5j
25
- b20vQ1BTMB0GA1UdDgQWBBQ901Cl1qCt7vNKYApl0yHU+PjWDzAfBgNVHSMEGDAW
26
- gBSxPsNpA/i/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAnbbQkIbh
27
- hgLtxaDwNBx0wY12zIYKqPBKikLWP8ipTa18CK3mtlC4ohpNiAexKSHc59rGPCHg
28
- 4xFJcKx6HQGkyhE6V6t9VypAdP3THYUYUN9XR3WhfVUgLkc3UHKMf4Ib0mKPLQNa
29
- 2sPIoc4sUqIAY+tzunHISScjl2SFnjgOrWNoPLpSgVh5oywM395t6zHyuqB8bPEs
30
- 1OG9d4Q3A84ytciagRpKkk47RpqF/oOi+Z6Mo8wNXrM9zwR4jxQUezKcxwCmXMS1
31
- oVWNWlZopCJwqjyBcdmdqEU79OX2olHdx3ti6G8MdOu42vi/hw15UJGQmxg7kVkn
32
- 8TUoE6smftX3eg==
33
- -----END CERTIFICATE-----
9
+ d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
10
+ dXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa
11
+ MGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
12
+ YW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp
13
+ dGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a
14
+ nox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm
15
+ ARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV
16
+ UtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41
17
+ Z/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b
18
+ rr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8
19
+ cgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk
20
+ YqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w
21
+ HIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G
22
+ A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o
23
+ dHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg
24
+ MqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu
25
+ Y3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz
26
+ Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3
27
+ MHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF
28
+ BQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp
29
+ Z2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB
30
+ 1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd
31
+ x4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg
32
+ rVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk
33
+ VpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa
34
+ UDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh
35
+ ndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl
36
+ AAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn
37
+ 4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B
38
+ AQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC
39
+ yCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q
40
+ B0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY
41
+ z7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK
42
+ 5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi
43
+ Pb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==
34
44
  EOF
35
45
 
36
46
  describe Conjur::Command::Init do
@@ -0,0 +1,38 @@
1
+ require 'spec_helper'
2
+
3
+ describe Conjur::Command::LDAPSync, logged_in: true do
4
+ let (:policy_response) { { 'ok' => true, 'events' => [], 'policy' => <<eop
5
+ "---
6
+ - !user
7
+ annotations:
8
+ ldap-sync/source: ldap-server:389
9
+ ldap-sync/upstream-dn: CN=Administrator,OU=functest,OU=testdata,OU=dev-ci,DC=dev-ci,DC=conjur
10
+ id: Administrator
11
+ uidnumber:"}
12
+ eop
13
+ }
14
+ }
15
+
16
+ describe_command "ldap-sync policy show" do
17
+
18
+ context "on a server that supports LDAP sync" do
19
+ before do
20
+ expect_any_instance_of(Conjur::API).to receive(:ldap_sync_policy).with(config_name: 'default').and_return policy_response
21
+ end
22
+
23
+ it "shows the policy" do
24
+ expect { invoke }.to write policy_response['policy']
25
+ end
26
+ end
27
+
28
+ context "on a server that doesn't support LDAP sync" do
29
+ before do
30
+ expect_any_instance_of(Conjur::API).to receive(:ldap_sync_policy).and_raise(RestClient::ResourceNotFound)
31
+ end
32
+
33
+ it "shows an error message" do
34
+ expect {invoke}.to raise_error(GLI::CustomExit, /LDAP sync is not supported by the server/)
35
+ end
36
+ end
37
+ end
38
+ end
@@ -52,5 +52,18 @@ describe Conjur::Command::Users, logged_in: true do
52
52
  invoke
53
53
  end
54
54
  end
55
+ describe_command 'user rotate_api_key --user non-existing' do
56
+ before do
57
+ expect(RestClient::Request).to receive(:execute).with({
58
+ method: :head,
59
+ url: "https://core.example.com/api/resources/#{account}/user/non-existing",
60
+ headers: {authorization: "fakeauth"},
61
+ username: username,
62
+ }).and_raise RestClient::ResourceNotFound
63
+ end
64
+ it 'rotate_api_key with non-existing --user option' do
65
+ expect { invoke }.to raise_error(GLI::CustomExit, /User 'non-existing' not found/i)
66
+ end
67
+ end
55
68
  end
56
69
  end
@@ -4,8 +4,11 @@ require 'tempfile'
4
4
  require 'ostruct'
5
5
 
6
6
  require "simplecov"
7
- SimpleCov.start
8
-
7
+
8
+ SimpleCov.start do
9
+ command_name "#{ENV['RUBY_VERSION']}"
10
+ end
11
+
9
12
  def post_response(id, attributes = {})
10
13
  attributes[:id] = id
11
14
 
data/test.sh CHANGED
@@ -6,6 +6,11 @@
6
6
  RUBY_VERSION=$(cut -d '-' -f 2 <<< $RUBY_VERSION)
7
7
 
8
8
  main() {
9
+
10
+ # set up the containers to run in their own namespace
11
+ COMPOSE_PROJECT_NAME="$(basename "$PWD")_$(openssl rand -hex 3)"
12
+ export COMPOSE_PROJECT_NAME
13
+
9
14
  build
10
15
 
11
16
  start_conjur
metadata CHANGED
@@ -1,15 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: conjur-cli
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.0.1
4
+ version: 6.2.3
5
5
  platform: ruby
6
6
  authors:
7
- - Rafal Rzepecki
8
- - Kevin Gilpin
7
+ - Conjur Maintainers
9
8
  autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2018-04-05 00:00:00.000000000 Z
11
+ date: 2020-12-22 00:00:00.000000000 Z
13
12
  dependencies:
14
13
  - !ruby/object:Gem::Dependency
15
14
  name: activesupport
@@ -37,84 +36,70 @@ dependencies:
37
36
  requirements:
38
37
  - - "~>"
39
38
  - !ruby/object:Gem::Version
40
- version: '5.0'
39
+ version: '5.3'
41
40
  type: :runtime
42
41
  prerelease: false
43
42
  version_requirements: !ruby/object:Gem::Requirement
44
43
  requirements:
45
44
  - - "~>"
46
45
  - !ruby/object:Gem::Version
47
- version: '5.0'
46
+ version: '5.3'
48
47
  - !ruby/object:Gem::Dependency
49
- name: gli
50
- requirement: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - ">="
53
- - !ruby/object:Gem::Version
54
- version: 2.8.0
55
- type: :runtime
56
- prerelease: false
57
- version_requirements: !ruby/object:Gem::Requirement
58
- requirements:
59
- - - ">="
60
- - !ruby/object:Gem::Version
61
- version: 2.8.0
62
- - !ruby/object:Gem::Dependency
63
- name: highline
48
+ name: deep_merge
64
49
  requirement: !ruby/object:Gem::Requirement
65
50
  requirements:
66
51
  - - "~>"
67
52
  - !ruby/object:Gem::Version
68
- version: '1.7'
53
+ version: '1.0'
69
54
  type: :runtime
70
55
  prerelease: false
71
56
  version_requirements: !ruby/object:Gem::Requirement
72
57
  requirements:
73
58
  - - "~>"
74
59
  - !ruby/object:Gem::Version
75
- version: '1.7'
60
+ version: '1.0'
76
61
  - !ruby/object:Gem::Dependency
77
- name: netrc
62
+ name: gli
78
63
  requirement: !ruby/object:Gem::Requirement
79
64
  requirements:
80
- - - "~>"
65
+ - - ">="
81
66
  - !ruby/object:Gem::Version
82
- version: '0.10'
67
+ version: 2.8.0
83
68
  type: :runtime
84
69
  prerelease: false
85
70
  version_requirements: !ruby/object:Gem::Requirement
86
71
  requirements:
87
- - - "~>"
72
+ - - ">="
88
73
  - !ruby/object:Gem::Version
89
- version: '0.10'
74
+ version: 2.8.0
90
75
  - !ruby/object:Gem::Dependency
91
- name: deep_merge
76
+ name: highline
92
77
  requirement: !ruby/object:Gem::Requirement
93
78
  requirements:
94
79
  - - "~>"
95
80
  - !ruby/object:Gem::Version
96
- version: '1.0'
81
+ version: '1.7'
97
82
  type: :runtime
98
83
  prerelease: false
99
84
  version_requirements: !ruby/object:Gem::Requirement
100
85
  requirements:
101
86
  - - "~>"
102
87
  - !ruby/object:Gem::Version
103
- version: '1.0'
88
+ version: '1.7'
104
89
  - !ruby/object:Gem::Dependency
105
- name: xdg
90
+ name: netrc
106
91
  requirement: !ruby/object:Gem::Requirement
107
92
  requirements:
108
93
  - - "~>"
109
94
  - !ruby/object:Gem::Version
110
- version: '2.2'
95
+ version: '0.10'
111
96
  type: :runtime
112
97
  prerelease: false
113
98
  version_requirements: !ruby/object:Gem::Requirement
114
99
  requirements:
115
100
  - - "~>"
116
101
  - !ruby/object:Gem::Version
117
- version: '2.2'
102
+ version: '0.10'
118
103
  - !ruby/object:Gem::Dependency
119
104
  name: table_print
120
105
  requirement: !ruby/object:Gem::Requirement
@@ -130,21 +115,21 @@ dependencies:
130
115
  - !ruby/object:Gem::Version
131
116
  version: '1.5'
132
117
  - !ruby/object:Gem::Dependency
133
- name: rspec
118
+ name: xdg
134
119
  requirement: !ruby/object:Gem::Requirement
135
120
  requirements:
136
- - - "~>"
121
+ - - '='
137
122
  - !ruby/object:Gem::Version
138
- version: '3.0'
139
- type: :development
123
+ version: 2.2.3
124
+ type: :runtime
140
125
  prerelease: false
141
126
  version_requirements: !ruby/object:Gem::Requirement
142
127
  requirements:
143
- - - "~>"
128
+ - - '='
144
129
  - !ruby/object:Gem::Version
145
- version: '3.0'
130
+ version: 2.2.3
146
131
  - !ruby/object:Gem::Dependency
147
- name: simplecov
132
+ name: addressable
148
133
  requirement: !ruby/object:Gem::Requirement
149
134
  requirements:
150
135
  - - ">="
@@ -186,49 +171,49 @@ dependencies:
186
171
  - !ruby/object:Gem::Version
187
172
  version: '1.0'
188
173
  - !ruby/object:Gem::Dependency
189
- name: ci_reporter_cucumber
174
+ name: cucumber-api
190
175
  requirement: !ruby/object:Gem::Requirement
191
176
  requirements:
192
- - - "~>"
177
+ - - ">="
193
178
  - !ruby/object:Gem::Version
194
- version: '1.0'
179
+ version: '0'
195
180
  type: :development
196
181
  prerelease: false
197
182
  version_requirements: !ruby/object:Gem::Requirement
198
183
  requirements:
199
- - - "~>"
184
+ - - ">="
200
185
  - !ruby/object:Gem::Version
201
- version: '1.0'
186
+ version: '0'
202
187
  - !ruby/object:Gem::Dependency
203
- name: rake
188
+ name: io-grab
204
189
  requirement: !ruby/object:Gem::Requirement
205
190
  requirements:
206
191
  - - "~>"
207
192
  - !ruby/object:Gem::Version
208
- version: '10.0'
193
+ version: '0.0'
209
194
  type: :development
210
195
  prerelease: false
211
196
  version_requirements: !ruby/object:Gem::Requirement
212
197
  requirements:
213
198
  - - "~>"
214
199
  - !ruby/object:Gem::Version
215
- version: '10.0'
200
+ version: '0.0'
216
201
  - !ruby/object:Gem::Dependency
217
- name: io-grab
202
+ name: json_spec
218
203
  requirement: !ruby/object:Gem::Requirement
219
204
  requirements:
220
- - - "~>"
205
+ - - ">="
221
206
  - !ruby/object:Gem::Version
222
- version: '0.0'
207
+ version: '0'
223
208
  type: :development
224
209
  prerelease: false
225
210
  version_requirements: !ruby/object:Gem::Requirement
226
211
  requirements:
227
- - - "~>"
212
+ - - ">="
228
213
  - !ruby/object:Gem::Version
229
- version: '0.0'
214
+ version: '0'
230
215
  - !ruby/object:Gem::Dependency
231
- name: json_spec
216
+ name: pry-byebug
232
217
  requirement: !ruby/object:Gem::Requirement
233
218
  requirements:
234
219
  - - ">="
@@ -242,51 +227,56 @@ dependencies:
242
227
  - !ruby/object:Gem::Version
243
228
  version: '0'
244
229
  - !ruby/object:Gem::Dependency
245
- name: cucumber-api
230
+ name: rake
246
231
  requirement: !ruby/object:Gem::Requirement
247
232
  requirements:
248
- - - ">="
233
+ - - "~>"
249
234
  - !ruby/object:Gem::Version
250
- version: '0'
235
+ version: 12.3.3
251
236
  type: :development
252
237
  prerelease: false
253
238
  version_requirements: !ruby/object:Gem::Requirement
254
239
  requirements:
255
- - - ">="
240
+ - - "~>"
256
241
  - !ruby/object:Gem::Version
257
- version: '0'
242
+ version: 12.3.3
258
243
  - !ruby/object:Gem::Dependency
259
- name: addressable
244
+ name: rspec
260
245
  requirement: !ruby/object:Gem::Requirement
261
246
  requirements:
262
- - - ">="
247
+ - - "~>"
263
248
  - !ruby/object:Gem::Version
264
- version: '0'
249
+ version: '3.0'
265
250
  type: :development
266
251
  prerelease: false
267
252
  version_requirements: !ruby/object:Gem::Requirement
268
253
  requirements:
269
- - - ">="
254
+ - - "~>"
270
255
  - !ruby/object:Gem::Version
271
- version: '0'
256
+ version: '3.0'
272
257
  - !ruby/object:Gem::Dependency
273
- name: pry-byebug
258
+ name: simplecov
274
259
  requirement: !ruby/object:Gem::Requirement
275
260
  requirements:
276
- - - ">="
261
+ - - "~>"
277
262
  - !ruby/object:Gem::Version
278
- version: '0'
263
+ version: '0.17'
264
+ - - "<"
265
+ - !ruby/object:Gem::Version
266
+ version: '0.18'
279
267
  type: :development
280
268
  prerelease: false
281
269
  version_requirements: !ruby/object:Gem::Requirement
282
270
  requirements:
283
- - - ">="
271
+ - - "~>"
284
272
  - !ruby/object:Gem::Version
285
- version: '0'
273
+ version: '0.17'
274
+ - - "<"
275
+ - !ruby/object:Gem::Version
276
+ version: '0.18'
286
277
  description:
287
278
  email:
288
- - rafal@conjur.net
289
- - kgilpin@conjur.net
279
+ - conj_maintainers@cyberark.com
290
280
  executables:
291
281
  - _conjur
292
282
  - conjur
@@ -294,23 +284,32 @@ extensions: []
294
284
  extra_rdoc_files: []
295
285
  files:
296
286
  - ".dockerignore"
287
+ - ".github/CODEOWNERS"
288
+ - ".github/ISSUE_TEMPLATE/bug.md"
289
+ - ".github/ISSUE_TEMPLATE/feature_request.md"
290
+ - ".github/PULL_REQUEST_TEMPLATE.md"
297
291
  - ".gitignore"
292
+ - ".gitleaks.toml"
298
293
  - ".kateproject"
299
294
  - ".overcommit.yml"
300
295
  - ".project"
301
296
  - ".rubocop.yml"
302
297
  - APPLIANCE_VERSION
303
298
  - CHANGELOG.md
299
+ - CONTRIBUTING.md
304
300
  - Gemfile
305
301
  - Humanfile.md
306
302
  - Jenkinsfile
307
- - LICENSE.md
303
+ - LICENSE
304
+ - NOTICES.txt
308
305
  - PUBLISH.md
309
306
  - README.md
310
307
  - Rakefile
308
+ - SECURITY.md
311
309
  - VERSION
312
310
  - bin/_conjur
313
311
  - bin/conjur
312
+ - bin/parse-changelog.sh
314
313
  - build-deb.sh
315
314
  - build-standalone
316
315
  - ci/cli-test.sh
@@ -318,6 +317,7 @@ files:
318
317
  - ci/package.sh
319
318
  - ci/publish.sh
320
319
  - ci/secrets/publish.yml
320
+ - ci/submit-coverage
321
321
  - ci/test.sh
322
322
  - ci/wait_for_server.sh
323
323
  - conjur-cli.gemspec
@@ -372,6 +372,7 @@ files:
372
372
  - lib/conjur/command/host_factories.rb
373
373
  - lib/conjur/command/hosts.rb
374
374
  - lib/conjur/command/init.rb
375
+ - lib/conjur/command/ldap_sync.rb
375
376
  - lib/conjur/command/plugin.rb
376
377
  - lib/conjur/command/policies.rb
377
378
  - lib/conjur/command/pubkeys.rb
@@ -391,6 +392,7 @@ files:
391
392
  - lib/conjur/version.rb
392
393
  - lib/patches/conjur/error.rb
393
394
  - lib/patches/gli.rb
395
+ - needs-publishing
394
396
  - profile.rb
395
397
  - publish.sh
396
398
  - push-image
@@ -398,6 +400,7 @@ files:
398
400
  - spec/command/authn_spec.rb
399
401
  - spec/command/hosts_spec.rb
400
402
  - spec/command/init_spec.rb
403
+ - spec/command/ldap_sync_spec.rb
401
404
  - spec/command/pubkeys_spec.rb
402
405
  - spec/command/resources_spec.rb
403
406
  - spec/command/roles_spec.rb
@@ -409,9 +412,9 @@ files:
409
412
  - spec/spec_helper.rb
410
413
  - standalone.entrypoint
411
414
  - test.sh
412
- homepage: https://github.com/conjurinc/cli-ruby
415
+ homepage: https://github.com/cyberark/conjur-cli
413
416
  licenses:
414
- - MIT
417
+ - Apache 2.0
415
418
  metadata: {}
416
419
  post_install_message:
417
420
  rdoc_options: []
@@ -428,8 +431,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
428
431
  - !ruby/object:Gem::Version
429
432
  version: '0'
430
433
  requirements: []
431
- rubyforge_project:
432
- rubygems_version: 2.7.6
434
+ rubygems_version: 3.1.2
433
435
  signing_key:
434
436
  specification_version: 4
435
437
  summary: Conjur command line interface
@@ -471,6 +473,7 @@ test_files:
471
473
  - spec/command/authn_spec.rb
472
474
  - spec/command/hosts_spec.rb
473
475
  - spec/command/init_spec.rb
476
+ - spec/command/ldap_sync_spec.rb
474
477
  - spec/command/pubkeys_spec.rb
475
478
  - spec/command/resources_spec.rb
476
479
  - spec/command/roles_spec.rb