conjur-cli 6.0.1 → 6.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/CODEOWNERS +10 -0
- data/.github/ISSUE_TEMPLATE/bug.md +42 -0
- data/.github/ISSUE_TEMPLATE/feature_request.md +27 -0
- data/.github/PULL_REQUEST_TEMPLATE.md +21 -0
- data/.gitleaks.toml +216 -0
- data/CHANGELOG.md +63 -209
- data/CONTRIBUTING.md +81 -0
- data/Jenkinsfile +84 -40
- data/LICENSE +202 -0
- data/NOTICES.txt +421 -0
- data/README.md +285 -41
- data/Rakefile +0 -1
- data/SECURITY.md +42 -0
- data/VERSION +1 -1
- data/bin/conjur +3 -1
- data/bin/parse-changelog.sh +12 -0
- data/build-standalone +42 -3
- data/ci/cli-test.sh +5 -1
- data/ci/submit-coverage +36 -0
- data/ci/test.sh +1 -1
- data/conjur-cli.gemspec +15 -13
- data/dev/docker-compose.yml +1 -0
- data/dev/start.sh +24 -4
- data/docker-compose.yml +2 -1
- data/features/authorization/resource/check.feature +6 -0
- data/features/authorization/resource/exists.feature +10 -3
- data/features/hostfactory/tokens.feature +1 -1
- data/features/pubkeys/show.feature +0 -4
- data/features/step_definitions/authn_steps.rb +1 -1
- data/features/step_definitions/cli_steps.rb +0 -19
- data/features/step_definitions/overrides.rb +3 -5
- data/features/support/env.rb +3 -1
- data/features/support/hooks.rb +0 -11
- data/lib/conjur/cli.rb +4 -3
- data/lib/conjur/command/hosts.rb +1 -1
- data/lib/conjur/command/ldap_sync.rb +37 -0
- data/lib/conjur/command/rspec/mock_services.rb +7 -1
- data/lib/conjur/command/users.rb +5 -1
- data/lib/conjur/version.rb +1 -1
- data/needs-publishing +28 -0
- data/push-image +46 -28
- data/spec/authn_spec.rb +4 -4
- data/spec/command/authn_spec.rb +2 -2
- data/spec/command/hosts_spec.rb +23 -3
- data/spec/command/init_spec.rb +37 -27
- data/spec/command/ldap_sync_spec.rb +38 -0
- data/spec/command/users_spec.rb +13 -0
- data/spec/spec_helper.rb +5 -2
- data/test.sh +5 -0
- metadata +80 -77
- data/LICENSE.md +0 -195
data/lib/conjur/command/hosts.rb
CHANGED
@@ -36,7 +36,7 @@ class Conjur::Command::Hosts < Conjur::Command
|
|
36
36
|
host_resourceid = full_resource_id("host:#{host}")
|
37
37
|
|
38
38
|
unless api.resource(host_resourceid).exists?
|
39
|
-
exit_now! "
|
39
|
+
exit_now! "Host '#{host}' not found"
|
40
40
|
end
|
41
41
|
|
42
42
|
# Prepend 'host/' if it wasn't passed in
|
@@ -0,0 +1,37 @@
|
|
1
|
+
require 'conjur/command'
|
2
|
+
|
3
|
+
class Conjur::Command::LDAPSync < Conjur::Command
|
4
|
+
desc 'LDAP sync management commands'
|
5
|
+
command :'ldap-sync' do |cgrp|
|
6
|
+
|
7
|
+
cgrp.desc 'Manage the policy used to sync Conjur and the LDAP server'
|
8
|
+
cgrp.command :policy do |policy|
|
9
|
+
|
10
|
+
policy.desc 'Show the current policy'
|
11
|
+
policy.command :show do |show|
|
12
|
+
|
13
|
+
show.desc 'LDAP Sync profile to use (defined in UI)'
|
14
|
+
show.arg_name 'profile'
|
15
|
+
show.flag ['p', 'profile'], default_value: 'default'
|
16
|
+
|
17
|
+
show.action do |_,options,_|
|
18
|
+
begin
|
19
|
+
resp = api.ldap_sync_policy(config_name: options[:profile])
|
20
|
+
|
21
|
+
if (policy = resp['policy'])
|
22
|
+
if resp['ok']
|
23
|
+
puts(policy)
|
24
|
+
else
|
25
|
+
exit_now! 'Failed creating the policy.'
|
26
|
+
end
|
27
|
+
else
|
28
|
+
exit_now! resp['error']['message']
|
29
|
+
end
|
30
|
+
rescue RestClient::ResourceNotFound => ex
|
31
|
+
exit_now! "LDAP sync is not supported by the server #{Conjur.configuration.appliance_url}"
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
@@ -29,7 +29,13 @@ end
|
|
29
29
|
shared_context "when logged in", logged_in: true do
|
30
30
|
include_context "with mock authn"
|
31
31
|
before do
|
32
|
-
allow(api).to receive(:credentials)
|
32
|
+
allow(api).to receive(:credentials) do
|
33
|
+
{
|
34
|
+
:username => 'dknuth',
|
35
|
+
:headers => { :authorization => "fakeauth" },
|
36
|
+
}
|
37
|
+
end
|
38
|
+
|
33
39
|
netrc[authn_host] = [username, api_key]
|
34
40
|
allow(Conjur::Command).to receive_messages api: api
|
35
41
|
end
|
data/lib/conjur/command/users.rb
CHANGED
@@ -47,7 +47,11 @@ class Conjur::Command::Users < Conjur::Command
|
|
47
47
|
if api.username == options[:user]
|
48
48
|
exit_now! 'To rotate the API key of the currently logged-in user, use this command without any flags or options'
|
49
49
|
end
|
50
|
-
|
50
|
+
user_resource_id = [Conjur.configuration.account, "user", options[:user]].join(":")
|
51
|
+
unless api.resource(user_resource_id).exists?
|
52
|
+
exit_now! "User '#{options[:user]}' not found"
|
53
|
+
end
|
54
|
+
puts api.resource(user_resource_id).rotate_api_key
|
51
55
|
else
|
52
56
|
username, password = Conjur::Authn.read_credentials
|
53
57
|
new_api_key = Conjur::API.rotate_api_key username, password
|
data/lib/conjur/version.rb
CHANGED
data/needs-publishing
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
#!/bin/bash -ex
|
2
|
+
|
3
|
+
echo "Determining if publishing is requested..."
|
4
|
+
|
5
|
+
VERSION=$(ruby -I lib -r conjur/version -e 'puts Conjur::VERSION')
|
6
|
+
echo Declared version: $VERSION
|
7
|
+
|
8
|
+
if curl -s https://rubygems.org/api/v1/versions/conjur-cli.json | jq -e ".[] | select(.number == \"$VERSION\")" >/dev/null; then
|
9
|
+
echo "Found $VERSION on rubygems, not republishing"
|
10
|
+
exit 1
|
11
|
+
fi
|
12
|
+
|
13
|
+
# Jenkins git plugin is broken and always fetches with `--no-tags`
|
14
|
+
# (or `--tags`, neither of which is what you want), so tags end up
|
15
|
+
# not being fetched. Try to fix that.
|
16
|
+
# (Unfortunately this fetches all remote heads, so we may have to find
|
17
|
+
# another solution for bigger repos.)
|
18
|
+
git fetch -q
|
19
|
+
|
20
|
+
# note when tag not found git rev-parse will just print its name
|
21
|
+
# TAG=`git rev-parse tags/v$VERSION 2>/dev/null || :`
|
22
|
+
TAG=`git rev-list -n 1 "v$VERSION" 2>/dev/null || :`
|
23
|
+
echo Tag v$VERSION: $TAG
|
24
|
+
|
25
|
+
HEAD=`git rev-parse HEAD`
|
26
|
+
echo HEAD: $HEAD
|
27
|
+
|
28
|
+
test "$HEAD" = "$TAG"
|
data/push-image
CHANGED
@@ -1,28 +1,46 @@
|
|
1
|
-
#!/bin/bash
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
set -e
|
4
|
+
|
5
|
+
readonly REGISTRY="cyberark"
|
6
|
+
readonly INTERNAL_REGISTRY="registry2.itci.conjur.net"
|
7
|
+
readonly VERSION="$(cat VERSION)"
|
8
|
+
readonly VERSION_TAG="5-${VERSION}"
|
9
|
+
readonly image_name="conjur-cli"
|
10
|
+
readonly full_image_name="${REGISTRY}/${image_name}:latest"
|
11
|
+
|
12
|
+
readonly TAGS=(
|
13
|
+
"5"
|
14
|
+
"5-latest"
|
15
|
+
"$VERSION_TAG"
|
16
|
+
)
|
17
|
+
|
18
|
+
# fetching tags is required for git_description to work
|
19
|
+
git fetch --tags
|
20
|
+
git_description=$(git describe)
|
21
|
+
|
22
|
+
# if it’s not a tagged commit, VERSION will have extra junk (i.e. -g666c4b2), so we won’t publish that commit
|
23
|
+
# only when tag matches the VERSION, push VERSION and latest releases
|
24
|
+
# and x and x.y releases
|
25
|
+
#Ex: v5-6.2.1
|
26
|
+
if [ "${git_description}" = "v${VERSION}" ]; then
|
27
|
+
echo "Revision ${git_description} matches version ${VERSION} exactly. Pushing to Dockerhub..."
|
28
|
+
|
29
|
+
for tag in "${TAGS[@]}"; do
|
30
|
+
echo "Tagging and pushing ${REGISTRY}/${image_name}:${tag}"
|
31
|
+
|
32
|
+
# push to dockerhub
|
33
|
+
docker tag "${full_image_name}" "${REGISTRY}/${image_name}:${tag}"
|
34
|
+
docker push "${REGISTRY}/${image_name}:${tag}"
|
35
|
+
|
36
|
+
# push to internal registry
|
37
|
+
# necessary because some cyberark teams/networks can't pull from dockerhub
|
38
|
+
docker tag "${full_image_name}" "${INTERNAL_REGISTRY}/${image_name}:${tag}"
|
39
|
+
docker push "${INTERNAL_REGISTRY}/${image_name}:${tag}"
|
40
|
+
|
41
|
+
done
|
42
|
+
|
43
|
+
# push to legacy `conjurinc/cli5` tag
|
44
|
+
docker tag "${full_image_name}" conjurinc/cli5:latest
|
45
|
+
docker push conjurinc/cli5:latest
|
46
|
+
fi
|
data/spec/authn_spec.rb
CHANGED
@@ -37,11 +37,11 @@ describe Conjur::Authn do
|
|
37
37
|
allow(ENV).to receive(:[]).with("CONJUR_AUTHN_LOGIN").and_return "the-login"
|
38
38
|
allow(ENV).to receive(:[]).with("CONJUR_AUTHN_API_KEY").and_return "the-api-key"
|
39
39
|
end
|
40
|
-
|
40
|
+
|
41
41
|
context "login and API key" do
|
42
42
|
it "are used to authn" do
|
43
43
|
expect(Conjur::Authn.get_credentials).to eq([ "the-login", "the-api-key" ])
|
44
|
-
|
44
|
+
|
45
45
|
expect(api.username).to eq('the-login')
|
46
46
|
expect(api.api_key).to eq('the-api-key')
|
47
47
|
end
|
@@ -94,7 +94,7 @@ describe Conjur::Authn do
|
|
94
94
|
before do
|
95
95
|
allow(Conjur::Config).to receive(:[]).with(:netrc_path).and_return path
|
96
96
|
end
|
97
|
-
|
97
|
+
|
98
98
|
context "with specified netrc_path" do
|
99
99
|
let(:path) { "/a/dummy/netrc/path" }
|
100
100
|
it "consults Conjur::Config for netrc_path" do
|
@@ -102,7 +102,7 @@ describe Conjur::Authn do
|
|
102
102
|
expect(Conjur::Authn.netrc).to eq(netrc)
|
103
103
|
end
|
104
104
|
end
|
105
|
-
|
105
|
+
|
106
106
|
context "without specified netrc_path" do
|
107
107
|
let(:path) { nil }
|
108
108
|
it "uses default netrc path" do
|
data/spec/command/authn_spec.rb
CHANGED
@@ -10,14 +10,14 @@ describe Conjur::Command::Authn do
|
|
10
10
|
describe_command "#{cmd}" do
|
11
11
|
it "prompts for username and password and logs in the user" do
|
12
12
|
expect(Conjur::Authn).to receive(:ask_for_credentials).with({}).and_return [ "the-user", "the-api-key" ]
|
13
|
-
|
13
|
+
|
14
14
|
expect { invoke }.to write("Logged in")
|
15
15
|
end
|
16
16
|
end
|
17
17
|
describe_command "#{cmd} -u the-user" do
|
18
18
|
it "prompts for password and logs in the user" do
|
19
19
|
expect(Conjur::Authn).to receive(:ask_for_credentials).with({username: 'the-user'}).and_return [ "the-user", "the-api-key" ]
|
20
|
-
|
20
|
+
|
21
21
|
expect { invoke }.to write("Logged in")
|
22
22
|
end
|
23
23
|
end
|
data/spec/command/hosts_spec.rb
CHANGED
@@ -9,13 +9,19 @@ describe Conjur::Command::Hosts, logged_in: true do
|
|
9
9
|
expect(RestClient::Request).to receive(:execute).with({
|
10
10
|
method: :head,
|
11
11
|
url: "https://core.example.com/api/resources/#{account}/host/redis001",
|
12
|
-
headers: {
|
12
|
+
headers: {
|
13
|
+
authorization: "fakeauth",
|
14
|
+
},
|
15
|
+
username: "dknuth",
|
13
16
|
}).and_return true
|
14
17
|
expect(RestClient::Request).to receive(:execute).with({
|
15
18
|
method: :put,
|
16
19
|
url: "https://core.example.com/api/authn/#{account}/api_key?role=#{account}:host:redis001",
|
17
|
-
headers: {
|
18
|
-
|
20
|
+
headers: {
|
21
|
+
authorization: "fakeauth",
|
22
|
+
},
|
23
|
+
payload: '',
|
24
|
+
username: "dknuth",
|
19
25
|
}).and_return double(:response, body: 'new api key')
|
20
26
|
end
|
21
27
|
|
@@ -23,5 +29,19 @@ describe Conjur::Command::Hosts, logged_in: true do
|
|
23
29
|
invoke
|
24
30
|
end
|
25
31
|
end
|
32
|
+
|
33
|
+
describe_command 'host rotate_api_key --host non-existing' do
|
34
|
+
before do
|
35
|
+
expect(RestClient::Request).to receive(:execute).with({
|
36
|
+
method: :head,
|
37
|
+
url: "https://core.example.com/api/resources/#{account}/host/non-existing",
|
38
|
+
headers: {authorization: "fakeauth"},
|
39
|
+
username: username,
|
40
|
+
}).and_raise RestClient::ResourceNotFound
|
41
|
+
end
|
42
|
+
it 'rotate_api_key with non-existing --host option' do
|
43
|
+
expect { invoke }.to raise_error(GLI::CustomExit, /Host 'non-existing' not found/i)
|
44
|
+
end
|
45
|
+
end
|
26
46
|
end
|
27
47
|
end
|
data/spec/command/init_spec.rb
CHANGED
@@ -1,36 +1,46 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
require 'highline'
|
3
3
|
|
4
|
-
GITHUB_FP = "SHA1 Fingerprint=
|
4
|
+
GITHUB_FP = "SHA1 Fingerprint=5F:3F:7A:C2:56:9F:50:A4:66:76:47:C6:A1:8C:A0:07:AA:ED:BB:8E"
|
5
5
|
GITHUB_CERT = <<EOF
|
6
6
|
-----BEGIN CERTIFICATE-----
|
7
|
-
|
7
|
+
MIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw
|
8
8
|
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
/
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
9
|
+
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
|
10
|
+
dXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa
|
11
|
+
MGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
|
12
|
+
YW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp
|
13
|
+
dGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a
|
14
|
+
nox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm
|
15
|
+
ARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV
|
16
|
+
UtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41
|
17
|
+
Z/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b
|
18
|
+
rr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8
|
19
|
+
cgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk
|
20
|
+
YqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w
|
21
|
+
HIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G
|
22
|
+
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o
|
23
|
+
dHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg
|
24
|
+
MqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu
|
25
|
+
Y3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz
|
26
|
+
Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3
|
27
|
+
MHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF
|
28
|
+
BQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp
|
29
|
+
Z2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB
|
30
|
+
1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd
|
31
|
+
x4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg
|
32
|
+
rVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk
|
33
|
+
VpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa
|
34
|
+
UDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh
|
35
|
+
ndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl
|
36
|
+
AAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn
|
37
|
+
4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B
|
38
|
+
AQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC
|
39
|
+
yCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q
|
40
|
+
B0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY
|
41
|
+
z7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK
|
42
|
+
5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi
|
43
|
+
Pb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==
|
34
44
|
EOF
|
35
45
|
|
36
46
|
describe Conjur::Command::Init do
|
@@ -0,0 +1,38 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Conjur::Command::LDAPSync, logged_in: true do
|
4
|
+
let (:policy_response) { { 'ok' => true, 'events' => [], 'policy' => <<eop
|
5
|
+
"---
|
6
|
+
- !user
|
7
|
+
annotations:
|
8
|
+
ldap-sync/source: ldap-server:389
|
9
|
+
ldap-sync/upstream-dn: CN=Administrator,OU=functest,OU=testdata,OU=dev-ci,DC=dev-ci,DC=conjur
|
10
|
+
id: Administrator
|
11
|
+
uidnumber:"}
|
12
|
+
eop
|
13
|
+
}
|
14
|
+
}
|
15
|
+
|
16
|
+
describe_command "ldap-sync policy show" do
|
17
|
+
|
18
|
+
context "on a server that supports LDAP sync" do
|
19
|
+
before do
|
20
|
+
expect_any_instance_of(Conjur::API).to receive(:ldap_sync_policy).with(config_name: 'default').and_return policy_response
|
21
|
+
end
|
22
|
+
|
23
|
+
it "shows the policy" do
|
24
|
+
expect { invoke }.to write policy_response['policy']
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
context "on a server that doesn't support LDAP sync" do
|
29
|
+
before do
|
30
|
+
expect_any_instance_of(Conjur::API).to receive(:ldap_sync_policy).and_raise(RestClient::ResourceNotFound)
|
31
|
+
end
|
32
|
+
|
33
|
+
it "shows an error message" do
|
34
|
+
expect {invoke}.to raise_error(GLI::CustomExit, /LDAP sync is not supported by the server/)
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
data/spec/command/users_spec.rb
CHANGED
@@ -52,5 +52,18 @@ describe Conjur::Command::Users, logged_in: true do
|
|
52
52
|
invoke
|
53
53
|
end
|
54
54
|
end
|
55
|
+
describe_command 'user rotate_api_key --user non-existing' do
|
56
|
+
before do
|
57
|
+
expect(RestClient::Request).to receive(:execute).with({
|
58
|
+
method: :head,
|
59
|
+
url: "https://core.example.com/api/resources/#{account}/user/non-existing",
|
60
|
+
headers: {authorization: "fakeauth"},
|
61
|
+
username: username,
|
62
|
+
}).and_raise RestClient::ResourceNotFound
|
63
|
+
end
|
64
|
+
it 'rotate_api_key with non-existing --user option' do
|
65
|
+
expect { invoke }.to raise_error(GLI::CustomExit, /User 'non-existing' not found/i)
|
66
|
+
end
|
67
|
+
end
|
55
68
|
end
|
56
69
|
end
|
data/spec/spec_helper.rb
CHANGED
data/test.sh
CHANGED
metadata
CHANGED
@@ -1,15 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-cli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.
|
4
|
+
version: 6.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
-
|
8
|
-
- Kevin Gilpin
|
7
|
+
- Conjur Maintainers
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
10
|
cert_chain: []
|
12
|
-
date:
|
11
|
+
date: 2020-12-22 00:00:00.000000000 Z
|
13
12
|
dependencies:
|
14
13
|
- !ruby/object:Gem::Dependency
|
15
14
|
name: activesupport
|
@@ -37,84 +36,70 @@ dependencies:
|
|
37
36
|
requirements:
|
38
37
|
- - "~>"
|
39
38
|
- !ruby/object:Gem::Version
|
40
|
-
version: '5.
|
39
|
+
version: '5.3'
|
41
40
|
type: :runtime
|
42
41
|
prerelease: false
|
43
42
|
version_requirements: !ruby/object:Gem::Requirement
|
44
43
|
requirements:
|
45
44
|
- - "~>"
|
46
45
|
- !ruby/object:Gem::Version
|
47
|
-
version: '5.
|
46
|
+
version: '5.3'
|
48
47
|
- !ruby/object:Gem::Dependency
|
49
|
-
name:
|
50
|
-
requirement: !ruby/object:Gem::Requirement
|
51
|
-
requirements:
|
52
|
-
- - ">="
|
53
|
-
- !ruby/object:Gem::Version
|
54
|
-
version: 2.8.0
|
55
|
-
type: :runtime
|
56
|
-
prerelease: false
|
57
|
-
version_requirements: !ruby/object:Gem::Requirement
|
58
|
-
requirements:
|
59
|
-
- - ">="
|
60
|
-
- !ruby/object:Gem::Version
|
61
|
-
version: 2.8.0
|
62
|
-
- !ruby/object:Gem::Dependency
|
63
|
-
name: highline
|
48
|
+
name: deep_merge
|
64
49
|
requirement: !ruby/object:Gem::Requirement
|
65
50
|
requirements:
|
66
51
|
- - "~>"
|
67
52
|
- !ruby/object:Gem::Version
|
68
|
-
version: '1.
|
53
|
+
version: '1.0'
|
69
54
|
type: :runtime
|
70
55
|
prerelease: false
|
71
56
|
version_requirements: !ruby/object:Gem::Requirement
|
72
57
|
requirements:
|
73
58
|
- - "~>"
|
74
59
|
- !ruby/object:Gem::Version
|
75
|
-
version: '1.
|
60
|
+
version: '1.0'
|
76
61
|
- !ruby/object:Gem::Dependency
|
77
|
-
name:
|
62
|
+
name: gli
|
78
63
|
requirement: !ruby/object:Gem::Requirement
|
79
64
|
requirements:
|
80
|
-
- - "
|
65
|
+
- - ">="
|
81
66
|
- !ruby/object:Gem::Version
|
82
|
-
version:
|
67
|
+
version: 2.8.0
|
83
68
|
type: :runtime
|
84
69
|
prerelease: false
|
85
70
|
version_requirements: !ruby/object:Gem::Requirement
|
86
71
|
requirements:
|
87
|
-
- - "
|
72
|
+
- - ">="
|
88
73
|
- !ruby/object:Gem::Version
|
89
|
-
version:
|
74
|
+
version: 2.8.0
|
90
75
|
- !ruby/object:Gem::Dependency
|
91
|
-
name:
|
76
|
+
name: highline
|
92
77
|
requirement: !ruby/object:Gem::Requirement
|
93
78
|
requirements:
|
94
79
|
- - "~>"
|
95
80
|
- !ruby/object:Gem::Version
|
96
|
-
version: '1.
|
81
|
+
version: '1.7'
|
97
82
|
type: :runtime
|
98
83
|
prerelease: false
|
99
84
|
version_requirements: !ruby/object:Gem::Requirement
|
100
85
|
requirements:
|
101
86
|
- - "~>"
|
102
87
|
- !ruby/object:Gem::Version
|
103
|
-
version: '1.
|
88
|
+
version: '1.7'
|
104
89
|
- !ruby/object:Gem::Dependency
|
105
|
-
name:
|
90
|
+
name: netrc
|
106
91
|
requirement: !ruby/object:Gem::Requirement
|
107
92
|
requirements:
|
108
93
|
- - "~>"
|
109
94
|
- !ruby/object:Gem::Version
|
110
|
-
version: '
|
95
|
+
version: '0.10'
|
111
96
|
type: :runtime
|
112
97
|
prerelease: false
|
113
98
|
version_requirements: !ruby/object:Gem::Requirement
|
114
99
|
requirements:
|
115
100
|
- - "~>"
|
116
101
|
- !ruby/object:Gem::Version
|
117
|
-
version: '
|
102
|
+
version: '0.10'
|
118
103
|
- !ruby/object:Gem::Dependency
|
119
104
|
name: table_print
|
120
105
|
requirement: !ruby/object:Gem::Requirement
|
@@ -130,21 +115,21 @@ dependencies:
|
|
130
115
|
- !ruby/object:Gem::Version
|
131
116
|
version: '1.5'
|
132
117
|
- !ruby/object:Gem::Dependency
|
133
|
-
name:
|
118
|
+
name: xdg
|
134
119
|
requirement: !ruby/object:Gem::Requirement
|
135
120
|
requirements:
|
136
|
-
- -
|
121
|
+
- - '='
|
137
122
|
- !ruby/object:Gem::Version
|
138
|
-
version:
|
139
|
-
type: :
|
123
|
+
version: 2.2.3
|
124
|
+
type: :runtime
|
140
125
|
prerelease: false
|
141
126
|
version_requirements: !ruby/object:Gem::Requirement
|
142
127
|
requirements:
|
143
|
-
- -
|
128
|
+
- - '='
|
144
129
|
- !ruby/object:Gem::Version
|
145
|
-
version:
|
130
|
+
version: 2.2.3
|
146
131
|
- !ruby/object:Gem::Dependency
|
147
|
-
name:
|
132
|
+
name: addressable
|
148
133
|
requirement: !ruby/object:Gem::Requirement
|
149
134
|
requirements:
|
150
135
|
- - ">="
|
@@ -186,49 +171,49 @@ dependencies:
|
|
186
171
|
- !ruby/object:Gem::Version
|
187
172
|
version: '1.0'
|
188
173
|
- !ruby/object:Gem::Dependency
|
189
|
-
name:
|
174
|
+
name: cucumber-api
|
190
175
|
requirement: !ruby/object:Gem::Requirement
|
191
176
|
requirements:
|
192
|
-
- - "
|
177
|
+
- - ">="
|
193
178
|
- !ruby/object:Gem::Version
|
194
|
-
version: '
|
179
|
+
version: '0'
|
195
180
|
type: :development
|
196
181
|
prerelease: false
|
197
182
|
version_requirements: !ruby/object:Gem::Requirement
|
198
183
|
requirements:
|
199
|
-
- - "
|
184
|
+
- - ">="
|
200
185
|
- !ruby/object:Gem::Version
|
201
|
-
version: '
|
186
|
+
version: '0'
|
202
187
|
- !ruby/object:Gem::Dependency
|
203
|
-
name:
|
188
|
+
name: io-grab
|
204
189
|
requirement: !ruby/object:Gem::Requirement
|
205
190
|
requirements:
|
206
191
|
- - "~>"
|
207
192
|
- !ruby/object:Gem::Version
|
208
|
-
version: '
|
193
|
+
version: '0.0'
|
209
194
|
type: :development
|
210
195
|
prerelease: false
|
211
196
|
version_requirements: !ruby/object:Gem::Requirement
|
212
197
|
requirements:
|
213
198
|
- - "~>"
|
214
199
|
- !ruby/object:Gem::Version
|
215
|
-
version: '
|
200
|
+
version: '0.0'
|
216
201
|
- !ruby/object:Gem::Dependency
|
217
|
-
name:
|
202
|
+
name: json_spec
|
218
203
|
requirement: !ruby/object:Gem::Requirement
|
219
204
|
requirements:
|
220
|
-
- - "
|
205
|
+
- - ">="
|
221
206
|
- !ruby/object:Gem::Version
|
222
|
-
version: '0
|
207
|
+
version: '0'
|
223
208
|
type: :development
|
224
209
|
prerelease: false
|
225
210
|
version_requirements: !ruby/object:Gem::Requirement
|
226
211
|
requirements:
|
227
|
-
- - "
|
212
|
+
- - ">="
|
228
213
|
- !ruby/object:Gem::Version
|
229
|
-
version: '0
|
214
|
+
version: '0'
|
230
215
|
- !ruby/object:Gem::Dependency
|
231
|
-
name:
|
216
|
+
name: pry-byebug
|
232
217
|
requirement: !ruby/object:Gem::Requirement
|
233
218
|
requirements:
|
234
219
|
- - ">="
|
@@ -242,51 +227,56 @@ dependencies:
|
|
242
227
|
- !ruby/object:Gem::Version
|
243
228
|
version: '0'
|
244
229
|
- !ruby/object:Gem::Dependency
|
245
|
-
name:
|
230
|
+
name: rake
|
246
231
|
requirement: !ruby/object:Gem::Requirement
|
247
232
|
requirements:
|
248
|
-
- - "
|
233
|
+
- - "~>"
|
249
234
|
- !ruby/object:Gem::Version
|
250
|
-
version:
|
235
|
+
version: 12.3.3
|
251
236
|
type: :development
|
252
237
|
prerelease: false
|
253
238
|
version_requirements: !ruby/object:Gem::Requirement
|
254
239
|
requirements:
|
255
|
-
- - "
|
240
|
+
- - "~>"
|
256
241
|
- !ruby/object:Gem::Version
|
257
|
-
version:
|
242
|
+
version: 12.3.3
|
258
243
|
- !ruby/object:Gem::Dependency
|
259
|
-
name:
|
244
|
+
name: rspec
|
260
245
|
requirement: !ruby/object:Gem::Requirement
|
261
246
|
requirements:
|
262
|
-
- - "
|
247
|
+
- - "~>"
|
263
248
|
- !ruby/object:Gem::Version
|
264
|
-
version: '0'
|
249
|
+
version: '3.0'
|
265
250
|
type: :development
|
266
251
|
prerelease: false
|
267
252
|
version_requirements: !ruby/object:Gem::Requirement
|
268
253
|
requirements:
|
269
|
-
- - "
|
254
|
+
- - "~>"
|
270
255
|
- !ruby/object:Gem::Version
|
271
|
-
version: '0'
|
256
|
+
version: '3.0'
|
272
257
|
- !ruby/object:Gem::Dependency
|
273
|
-
name:
|
258
|
+
name: simplecov
|
274
259
|
requirement: !ruby/object:Gem::Requirement
|
275
260
|
requirements:
|
276
|
-
- - "
|
261
|
+
- - "~>"
|
277
262
|
- !ruby/object:Gem::Version
|
278
|
-
version: '0'
|
263
|
+
version: '0.17'
|
264
|
+
- - "<"
|
265
|
+
- !ruby/object:Gem::Version
|
266
|
+
version: '0.18'
|
279
267
|
type: :development
|
280
268
|
prerelease: false
|
281
269
|
version_requirements: !ruby/object:Gem::Requirement
|
282
270
|
requirements:
|
283
|
-
- - "
|
271
|
+
- - "~>"
|
284
272
|
- !ruby/object:Gem::Version
|
285
|
-
version: '0'
|
273
|
+
version: '0.17'
|
274
|
+
- - "<"
|
275
|
+
- !ruby/object:Gem::Version
|
276
|
+
version: '0.18'
|
286
277
|
description:
|
287
278
|
email:
|
288
|
-
-
|
289
|
-
- kgilpin@conjur.net
|
279
|
+
- conj_maintainers@cyberark.com
|
290
280
|
executables:
|
291
281
|
- _conjur
|
292
282
|
- conjur
|
@@ -294,23 +284,32 @@ extensions: []
|
|
294
284
|
extra_rdoc_files: []
|
295
285
|
files:
|
296
286
|
- ".dockerignore"
|
287
|
+
- ".github/CODEOWNERS"
|
288
|
+
- ".github/ISSUE_TEMPLATE/bug.md"
|
289
|
+
- ".github/ISSUE_TEMPLATE/feature_request.md"
|
290
|
+
- ".github/PULL_REQUEST_TEMPLATE.md"
|
297
291
|
- ".gitignore"
|
292
|
+
- ".gitleaks.toml"
|
298
293
|
- ".kateproject"
|
299
294
|
- ".overcommit.yml"
|
300
295
|
- ".project"
|
301
296
|
- ".rubocop.yml"
|
302
297
|
- APPLIANCE_VERSION
|
303
298
|
- CHANGELOG.md
|
299
|
+
- CONTRIBUTING.md
|
304
300
|
- Gemfile
|
305
301
|
- Humanfile.md
|
306
302
|
- Jenkinsfile
|
307
|
-
- LICENSE
|
303
|
+
- LICENSE
|
304
|
+
- NOTICES.txt
|
308
305
|
- PUBLISH.md
|
309
306
|
- README.md
|
310
307
|
- Rakefile
|
308
|
+
- SECURITY.md
|
311
309
|
- VERSION
|
312
310
|
- bin/_conjur
|
313
311
|
- bin/conjur
|
312
|
+
- bin/parse-changelog.sh
|
314
313
|
- build-deb.sh
|
315
314
|
- build-standalone
|
316
315
|
- ci/cli-test.sh
|
@@ -318,6 +317,7 @@ files:
|
|
318
317
|
- ci/package.sh
|
319
318
|
- ci/publish.sh
|
320
319
|
- ci/secrets/publish.yml
|
320
|
+
- ci/submit-coverage
|
321
321
|
- ci/test.sh
|
322
322
|
- ci/wait_for_server.sh
|
323
323
|
- conjur-cli.gemspec
|
@@ -372,6 +372,7 @@ files:
|
|
372
372
|
- lib/conjur/command/host_factories.rb
|
373
373
|
- lib/conjur/command/hosts.rb
|
374
374
|
- lib/conjur/command/init.rb
|
375
|
+
- lib/conjur/command/ldap_sync.rb
|
375
376
|
- lib/conjur/command/plugin.rb
|
376
377
|
- lib/conjur/command/policies.rb
|
377
378
|
- lib/conjur/command/pubkeys.rb
|
@@ -391,6 +392,7 @@ files:
|
|
391
392
|
- lib/conjur/version.rb
|
392
393
|
- lib/patches/conjur/error.rb
|
393
394
|
- lib/patches/gli.rb
|
395
|
+
- needs-publishing
|
394
396
|
- profile.rb
|
395
397
|
- publish.sh
|
396
398
|
- push-image
|
@@ -398,6 +400,7 @@ files:
|
|
398
400
|
- spec/command/authn_spec.rb
|
399
401
|
- spec/command/hosts_spec.rb
|
400
402
|
- spec/command/init_spec.rb
|
403
|
+
- spec/command/ldap_sync_spec.rb
|
401
404
|
- spec/command/pubkeys_spec.rb
|
402
405
|
- spec/command/resources_spec.rb
|
403
406
|
- spec/command/roles_spec.rb
|
@@ -409,9 +412,9 @@ files:
|
|
409
412
|
- spec/spec_helper.rb
|
410
413
|
- standalone.entrypoint
|
411
414
|
- test.sh
|
412
|
-
homepage: https://github.com/
|
415
|
+
homepage: https://github.com/cyberark/conjur-cli
|
413
416
|
licenses:
|
414
|
-
-
|
417
|
+
- Apache 2.0
|
415
418
|
metadata: {}
|
416
419
|
post_install_message:
|
417
420
|
rdoc_options: []
|
@@ -428,8 +431,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
428
431
|
- !ruby/object:Gem::Version
|
429
432
|
version: '0'
|
430
433
|
requirements: []
|
431
|
-
|
432
|
-
rubygems_version: 2.7.6
|
434
|
+
rubygems_version: 3.1.2
|
433
435
|
signing_key:
|
434
436
|
specification_version: 4
|
435
437
|
summary: Conjur command line interface
|
@@ -471,6 +473,7 @@ test_files:
|
|
471
473
|
- spec/command/authn_spec.rb
|
472
474
|
- spec/command/hosts_spec.rb
|
473
475
|
- spec/command/init_spec.rb
|
476
|
+
- spec/command/ldap_sync_spec.rb
|
474
477
|
- spec/command/pubkeys_spec.rb
|
475
478
|
- spec/command/resources_spec.rb
|
476
479
|
- spec/command/roles_spec.rb
|