conjur-cli 6.1.0 → 6.2.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (54) hide show
  1. checksums.yaml +4 -4
  2. data/.github/CODEOWNERS +10 -0
  3. data/.github/ISSUE_TEMPLATE/bug.md +42 -0
  4. data/.github/ISSUE_TEMPLATE/feature_request.md +27 -0
  5. data/.github/PULL_REQUEST_TEMPLATE.md +21 -0
  6. data/.gitleaks.toml +216 -0
  7. data/CHANGELOG.md +69 -209
  8. data/CONTRIBUTING.md +81 -0
  9. data/Jenkinsfile +83 -40
  10. data/LICENSE +202 -0
  11. data/NOTICES.txt +421 -0
  12. data/README.md +278 -48
  13. data/Rakefile +0 -1
  14. data/SECURITY.md +42 -0
  15. data/VERSION +1 -1
  16. data/bin/conjur +3 -1
  17. data/bin/parse-changelog.sh +12 -0
  18. data/build-standalone +42 -3
  19. data/ci/cli-test.sh +5 -1
  20. data/ci/submit-coverage +36 -0
  21. data/ci/test.sh +1 -1
  22. data/conjur-cli.gemspec +15 -13
  23. data/dev/docker-compose.yml +1 -0
  24. data/dev/start.sh +3 -3
  25. data/docker-compose.yml +2 -1
  26. data/features/authorization/resource/check.feature +6 -0
  27. data/features/authorization/resource/exists.feature +10 -3
  28. data/features/hostfactory/tokens.feature +1 -1
  29. data/features/pubkeys/show.feature +0 -4
  30. data/features/step_definitions/authn_steps.rb +1 -1
  31. data/features/step_definitions/cli_steps.rb +0 -19
  32. data/features/step_definitions/overrides.rb +3 -5
  33. data/features/support/env.rb +3 -1
  34. data/features/support/hooks.rb +0 -11
  35. data/jenkins.sh +1 -1
  36. data/lib/conjur/cli.rb +4 -3
  37. data/lib/conjur/command/hosts.rb +1 -1
  38. data/lib/conjur/command/ldap_sync.rb +37 -0
  39. data/lib/conjur/command/rspec/describe_command.rb +26 -7
  40. data/lib/conjur/command/rspec/mock_services.rb +7 -1
  41. data/lib/conjur/command/users.rb +5 -1
  42. data/lib/conjur/version.rb +1 -1
  43. data/needs-publishing +28 -0
  44. data/push-image +46 -28
  45. data/spec/authn_spec.rb +4 -4
  46. data/spec/command/authn_spec.rb +2 -2
  47. data/spec/command/hosts_spec.rb +26 -3
  48. data/spec/command/init_spec.rb +28 -28
  49. data/spec/command/ldap_sync_spec.rb +38 -0
  50. data/spec/command/users_spec.rb +18 -2
  51. data/spec/spec_helper.rb +5 -2
  52. data/test.sh +6 -1
  53. metadata +80 -77
  54. data/LICENSE.md +0 -195
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0533b1c7e9164260ba4a86d41004a71811d24b034230909cbcb6967cc8ac71e5
4
- data.tar.gz: 305ee4fc8b00b049b65eb7bd8742bd69d4bf41716c926291f21801b2139ce8f5
3
+ metadata.gz: a430b83a83643bf129f213a63931ff989ec59a28dbb8391f9e3ee6a616d756fa
4
+ data.tar.gz: 844a47f03073f23efdcbfb53fcf03c673cfaa6bbe65a806148b386870ff1aa85
5
5
  SHA512:
6
- metadata.gz: f4bdae507abdcb0032bb312bbdba75fb5e6f94bc5292cfe773ee2ca691951ca3fe3616018b54bd9993e2d1f45bcb7ce5c7d87f9884f1d16e0d73e4dc238bddb3
7
- data.tar.gz: 4a2d081ada6358818ec5b1607600e5b841e8d85bb3299da4fc9107a13bfc25700ebe72a1fbb3ac05b7b3dbf09834ec76b38df50def439292f958c5025bd4346a
6
+ metadata.gz: 38d0b11e66da5052391604861b7b402e2313c0d80d880f9f03698cc751dd0ac216a518c30fdd9d145b3002ce0f89ea14bb8e1f226470827f1c6e57a4609f1033
7
+ data.tar.gz: 26bd3810c8c343b2f9f414418b6980c6cbc02fd354e86cc2aa27f855200f4474dd7f812e0a124aab70be04c3d4d2b57b7c34d8cc69dea8e9c450e6fdc7d6cf37
@@ -0,0 +1,10 @@
1
+ * @cyberark/community-and-integrations-team @conjurinc/community-and-integrations-team @conjurdemos/community-and-integrations-team
2
+
3
+ # Changes to .trivyignore require Security Architect approval
4
+ .trivyignore @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects
5
+
6
+ # Changes to .codeclimate.yml require Quality Architect approval
7
+ .codeclimate.yml @cyberark/quality-architects @conjurinc/quality-architects @conjurdemos/quality-architects
8
+
9
+ # Changes to SECURITY.md require Security Architect approval
10
+ SECURITY.md @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects
@@ -0,0 +1,42 @@
1
+ ---
2
+ name: Bug
3
+ about: Create a bug report to help us improve
4
+ title: ''
5
+ labels: component/cli, kind/bug
6
+ assignees: ''
7
+
8
+ ---
9
+
10
+ ## Summary
11
+ A clear and concise description of what the bug is.
12
+
13
+ ## Steps to Reproduce
14
+ Steps to reproduce the behavior:
15
+ 1. Go to '...'
16
+ 2. Click on '....'
17
+ 3. Scroll down to '....'
18
+ 4. See error
19
+
20
+ ## Expected Results
21
+ A clear and concise description of what you expected to happen.
22
+
23
+ ## Actual Results (including error logs, if applicable)
24
+ A clear and concise description of what actually did happen.
25
+
26
+ ## Reproducible
27
+ * [ ] Always
28
+ * [ ] Sometimes
29
+ * [ ] Non-Reproducible
30
+
31
+ ## Version/Tag number
32
+ What version of the product are you running? Any version info that you can share is helpful.
33
+ For example, you might give the version from Docker logs, the Docker tag, a specific download URL,
34
+ the output of the `/info` route, etc.
35
+
36
+ ## Environment setup
37
+ Can you describe the environment in which this product is running? Is it running on a VM / in a container / in a cloud?
38
+ Which cloud provider? Which container orchestrator (including version)?
39
+ The more info you can share about your runtime environment, the better we may be able to reproduce the issue.
40
+
41
+ ## Additional Information
42
+ Add any other context about the problem here.
@@ -0,0 +1,27 @@
1
+ ---
2
+ name: Feature request
3
+ about: Suggest an idea for this project
4
+ title: ''
5
+ labels: kind/enhancement, component/cli
6
+ assignees: ''
7
+
8
+ ---
9
+
10
+ ## Is your feature request related to a problem? Please describe.
11
+
12
+ A clear and concise description of what the problem is. Ex. `I would like to see [...] because [...]`.
13
+ Please include the intended use case and what the feature would improve on so that we can prioritize
14
+ the feature accordingly.
15
+
16
+ ## Describe the solution you would like
17
+
18
+ A clear and concise description of what the desired end result(s) would be.
19
+
20
+ ## Describe alternatives you have considered
21
+
22
+ A clear and concise description of any alternative solutions or features that may be related to this that
23
+ you have considered.
24
+
25
+ ## Additional context
26
+
27
+ Add any other context information about the feature request here.
@@ -0,0 +1,21 @@
1
+ ### What does this PR do?
2
+ - _What's changed? Why were these changes made?_
3
+ - _How should the reviewer approach this PR, especially if manual tests are required?_
4
+ - _Are there relevant screenshots you can add to the PR description?_
5
+
6
+ ### What ticket does this PR close?
7
+ Resolves #[relevant GitHub issues, eg 76]
8
+
9
+ ### Checklists
10
+
11
+ #### Change log
12
+ - [ ] The CHANGELOG has been updated, or
13
+ - [ ] This PR does not include user-facing changes and doesn't require a CHANGELOG update
14
+
15
+ #### Test coverage
16
+ - [ ] This PR includes new unit and integration tests to go with the code changes, or
17
+ - [ ] The changes in this PR do not require tests
18
+
19
+ #### Documentation
20
+ - [ ] Docs (e.g. `README`s) were updated in this PR, and/or there is a follow-on issue to update docs, or
21
+ - [ ] This PR does not require updating any documentation
data/.gitleaks.toml ADDED
@@ -0,0 +1,216 @@
1
+ title = "Secretless Broker gitleaks config"
2
+
3
+ # This is the config file for gitleaks. You can configure gitleaks what to search for and what to whitelist.
4
+ # If GITLEAKS_CONFIG environment variable
5
+ # is set, gitleaks will load configurations from that path. If option --config-path is set, gitleaks will load
6
+ # configurations from that path. Gitleaks does not whitelist anything by default.
7
+ # - https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf
8
+ # - https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json
9
+ [[rules]]
10
+ description = "AWS Client ID"
11
+ regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
12
+ tags = ["key", "AWS"]
13
+
14
+ [[rules]]
15
+ description = "AWS Secret Key"
16
+ regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
17
+ tags = ["key", "AWS"]
18
+
19
+ [[rules]]
20
+ description = "AWS MWS key"
21
+ regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
22
+ tags = ["key", "AWS", "MWS"]
23
+
24
+ [[rules]]
25
+ description = "PKCS8"
26
+ regex = '''-----BEGIN PRIVATE KEY-----'''
27
+ tags = ["key", "PKCS8"]
28
+
29
+ [[rules]]
30
+ description = "RSA"
31
+ regex = '''-----BEGIN RSA PRIVATE KEY-----'''
32
+ tags = ["key", "RSA"]
33
+
34
+ [[rules]]
35
+ description = "SSH"
36
+ regex = '''-----BEGIN OPENSSH PRIVATE KEY-----'''
37
+ tags = ["key", "SSH"]
38
+
39
+ [[rules]]
40
+ description = "PGP"
41
+ regex = '''-----BEGIN PGP PRIVATE KEY BLOCK-----'''
42
+ tags = ["key", "PGP"]
43
+
44
+ [[rules]]
45
+ description = "Facebook Secret Key"
46
+ regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
47
+ tags = ["key", "Facebook"]
48
+
49
+ [[rules]]
50
+ description = "Facebook Client ID"
51
+ regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
52
+ tags = ["key", "Facebook"]
53
+
54
+ [[rules]]
55
+ description = "Facebook access token"
56
+ regex = '''EAACEdEose0cBA[0-9A-Za-z]+'''
57
+ tags = ["key", "Facebook"]
58
+
59
+ [[rules]]
60
+ description = "Twitter Secret Key"
61
+ regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
62
+ tags = ["key", "Twitter"]
63
+
64
+ [[rules]]
65
+ description = "Twitter Client ID"
66
+ regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
67
+ tags = ["client", "Twitter"]
68
+
69
+ [[rules]]
70
+ description = "Github"
71
+ regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]'''
72
+ tags = ["key", "Github"]
73
+
74
+ [[rules]]
75
+ description = "LinkedIn Client ID"
76
+ regex = '''(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]'''
77
+ tags = ["client", "Twitter"]
78
+
79
+ [[rules]]
80
+ description = "LinkedIn Secret Key"
81
+ regex = '''(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]'''
82
+ tags = ["secret", "Twitter"]
83
+
84
+ [[rules]]
85
+ description = "Slack"
86
+ regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
87
+ tags = ["key", "Slack"]
88
+
89
+ [[rules]]
90
+ description = "EC"
91
+ regex = '''-----BEGIN EC PRIVATE KEY-----'''
92
+ tags = ["key", "EC"]
93
+
94
+ [[rules]]
95
+ description = "Generic API key"
96
+ regex = '''(?i)(api_key|apikey)(.{0,20})?['|"][0-9a-zA-Z]{32,45}['|"]'''
97
+ tags = ["key", "API", "generic"]
98
+
99
+ [[rules]]
100
+ description = "Generic Secret"
101
+ regex = '''(?i)secret(.{0,20})?['|"][0-9a-zA-Z]{32,45}['|"]'''
102
+ tags = ["key", "Secret", "generic"]
103
+
104
+ [[rules]]
105
+ description = "Google API key"
106
+ regex = '''AIza[0-9A-Za-z\\-_]{35}'''
107
+ tags = ["key", "Google"]
108
+
109
+ [[rules]]
110
+ description = "Google Cloud Platform API key"
111
+ regex = '''(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"][AIza[0-9a-z\\-_]{35}]['\"]'''
112
+ tags = ["key", "Google", "GCP"]
113
+
114
+ [[rules]]
115
+ description = "Google OAuth"
116
+ regex = '''(?i)(google|gcp|auth)(.{0,20})?['"][0-9]+-[0-9a-z_]{32}\.apps\.googleusercontent\.com['"]'''
117
+ tags = ["key", "Google", "OAuth"]
118
+
119
+ [[rules]]
120
+ description = "Google OAuth access token"
121
+ regex = '''ya29\.[0-9A-Za-z\-_]+'''
122
+ tags = ["key", "Google", "OAuth"]
123
+
124
+ [[rules]]
125
+ description = "Heroku API key"
126
+ regex = '''(?i)heroku(.{0,20})?['"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]'''
127
+ tags = ["key", "Heroku"]
128
+
129
+ [[rules]]
130
+ description = "MailChimp API key"
131
+ regex = '''(?i)(mailchimp|mc)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]'''
132
+ tags = ["key", "Mailchimp"]
133
+
134
+ [[rules]]
135
+ description = "Mailgun API key"
136
+ regex = '''(?i)(mailgun|mg)(.{0,20})?['"][0-9a-z]{32}['"]'''
137
+ tags = ["key", "Mailgun"]
138
+
139
+ [[rules]]
140
+ description = "Password in URL"
141
+ regex = '''[a-zA-Z]{3,10}:\/\/[^\/\s:@]{3,20}:[^\/\s:@]{3,20}@.{1,100}\/?.?'''
142
+ tags = ["key", "URL", "generic"]
143
+
144
+ [[rules]]
145
+ description = "PayPal Braintree access token"
146
+ regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
147
+ tags = ["key", "Paypal"]
148
+
149
+ [[rules]]
150
+ description = "Picatic API key"
151
+ regex = '''sk_live_[0-9a-z]{32}'''
152
+ tags = ["key", "Picatic"]
153
+
154
+ [[rules]]
155
+ description = "Slack Webhook"
156
+ regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'''
157
+ tags = ["key", "slack"]
158
+
159
+ [[rules]]
160
+ description = "Stripe API key"
161
+ regex = '''(?i)stripe(.{0,20})?['\"][sk|rk]_live_[0-9a-zA-Z]{24}'''
162
+ tags = ["key", "Stripe"]
163
+
164
+ [[rules]]
165
+ description = "Square access token"
166
+ regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
167
+ tags = ["key", "square"]
168
+
169
+ [[rules]]
170
+ description = "Square OAuth secret"
171
+ regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
172
+ tags = ["key", "square"]
173
+
174
+ [[rules]]
175
+ description = "Twilio API key"
176
+ regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]'''
177
+ tags = ["key", "twilio"]
178
+
179
+ [whitelist]
180
+ files = [
181
+ # "(.*?)(jpg|gif|doc|pdf|bin)$",
182
+ ".gitleaks.toml"
183
+ ]
184
+ regexes = [
185
+ "3a4rb19rpjejr89h6r29kd2fb3808cpy" # sample host API key in test data
186
+ ]
187
+
188
+ # Additional Examples
189
+
190
+ # [[rules]]
191
+ # description = "Generic Key"
192
+ # regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
193
+ # entropies = [
194
+ # "4.1-4.3",
195
+ # "5.5-6.3",
196
+ # ]
197
+ # entropyROI = "line"
198
+ # filetypes = [".go", ".py", ".c"]
199
+ # tags = ["key"]
200
+ # severity = "8"
201
+ #
202
+ #
203
+ # [[rules]]
204
+ # description = "Generic Key"
205
+ # regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
206
+ # entropies = ["4.1-4.3"]
207
+ # filetypes = [".gee"]
208
+ # entropyROI = "line"
209
+ # tags = ["key"]
210
+ # severity = "medium"
211
+
212
+ # [[rules]]
213
+ # description = "Any pem file"
214
+ # filetypes = [".key"]
215
+ # tags = ["pem"]
216
+ # severity = "high"
data/CHANGELOG.md CHANGED
@@ -1,209 +1,69 @@
1
- # 6.0.1
2
-
3
- * Pushes to `cyberark/conjur-cli:5` on DockerHub when tests pass
4
- * Use SNI when fetching certificate with `conjur init`.
5
- * Correctly specify dependency versions in gemspec.
6
- * Allow ActiveSupport v5 as a dependency.
7
-
8
- # 6.0.0
9
-
10
- * Provides compatibility with [cyberark/conjur](https://github.com/cyberark/conjur), Conjur 5 CE.
11
- * License changed to Apache 2.0.
12
- * **Codebase forked: for changes to the 5.x (API [v4][v4-branch]) series, see
13
- [CHANGELOG in `v4` branch][v4-changelog]**
14
-
15
- [v4-branch]: https://github.com/cyberark/conjur-cli/tree/v4
16
- [v4-changelog]: https://github.com/cyberark/conjur-cli/blob/v4/CHANGELOG.md
17
-
18
- # 5.3.0
19
-
20
- * Add `jobs` subcommands for `ldap-sync`.
21
- * Add `--detach` switch to `now` subcommand.
22
- * Relax dependency gem versions.
23
-
24
- # 5.2.5
25
-
26
- * Fix behavior of `conjur env` when [policy plugin](https://github.com/conjurinc/conjur-asset-policy) is installed.
27
-
28
- # 5.2.4
29
-
30
- * Fix behavior of `conjur env`, when detecting variables vs literals
31
-
32
- # 5.2.3
33
-
34
- * Disable prompts in bootstrap when there's no tty
35
- * Bump api-ruby, fixes 404 core bug
36
-
37
- # 5.2.1
38
-
39
- * Fix handling of `ldap-sync` dry-run argument.
40
-
41
- # 5.2.0
42
-
43
- * Add `ldap-sync` management commands (requires Conjur 4.7 or later).
44
- * Use `CONJUR_AUTHN_TOKEN` as the Conjur access token, if it's available in the environment.
45
- * `conjurize` will ignore `conjur` cookbook releases that don't have an associated tarball.
46
- * Pass `--recipe-url` argument to Chef, which is now required.
47
-
48
- # 5.1.2
49
-
50
- * Fix problem finding config files for plugin installation.
51
-
52
- # 5.1.1
53
-
54
- * Global CLI plugin config is now stored in `/opt/conjur/etc/plugins.yml`.
55
-
56
- # 5.0.0
57
-
58
- * **Breaking change** Ruby Policy DSL is now deprecated in favor of
59
- [new YML policy markup](https://developer.conjur.net/reference/policy-markup.html).
60
- The existing `policy` subcommand has been moved to the `rubydsl` subcommand.
61
- The new `policy` command operates on YML policies.
62
- * Created a new non-Omnibus Debian packaging of the Ruby gems.
63
-
64
- # 4.30.1
65
-
66
- * Fix the `conjur-api` gem dependency version
67
-
68
- # 4.30.0
69
-
70
- * Implementation of `conjur bootstrap` is moved to the API gem, and made extensible.
71
- * Added new steps to `conjur bootstrap`, including the creation of service identities, and giving `elevate` and `reveal` to the `security_admin` group.
72
- * `hostfactory create` verifies that the current role is able to admin the host factory group; otherwise, host factory creation will fail.
73
-
74
- # 4.29.0
75
- * Add `conjur host rotate_api_key` command.
76
- * Add `conjur version` (as well as `conjur server version`) command to show server version info.
77
- * Add `conjur server health` and `conjur server info` to display server health and info.
78
- * Add `conjur version` (as well as `conjur server version`) command to show server version info.
79
- * Add `conjur server health` and `conjur server info` to display server health and info.
80
- * Check server version compatibility if exception occurs and command has configured minimum version
81
- * Add `conjur layer retire` to allow retiring a layer.
82
- * Add `cidr` commands to `user`, `host`, and `hostfactory token`
83
- * Move `audit send` and `host factory` commands from plugins into the core CLI
84
- * Add `variable expire` and `variable expirations` subcommands. Variable expirations is available in version 4.6 of the Conjur server.
85
- * Add `--json` option to `conjurize` to print the Conjur configuration and host identity as a JSON file
86
- * Require `--layer` argument to `hostfactory create`, ensure that the owner is an admin of the layer.
87
-
88
- # 4.28.2
89
- * `--collection` is now optional (with no default) for both `conjur script execute` and `conjur policy load`.
90
-
91
- # 4.28.1
92
- * Add `--collection` option for `conjur script execute`. Scripts are now portable across environments, like policies.
93
-
94
- # 4.28.0
95
- * Add `conjur policy retire` to allow retiring a policy.
96
- * Fix `--as-group` and `--as-role` options for `conjur policy load`. Either can now be used to specify ownership of the policy.
97
- * Fix `--follow` option for `conjur audit`.
98
- * Remove support for per-project `.conjurrc` files.
99
-
100
- # 4.27.0
101
-
102
- * New commands `elevate` and `reveal` for execution of privileged commands on Conjur 4.5+.
103
-
104
- # 4.26.0
105
-
106
- * New implementation of bash completions.
107
-
108
- # 4.25.2
109
- * Fixes a conflict with RVM: Sets `GEM_HOME` and `GEM_PATH to nil.
110
-
111
- # 4.25.1
112
-
113
- * Remove spurious line written to stdout during user creation.
114
- * Fix up-front permission checking in `conjur bootstrap` so that it will run on a fresh server.
115
-
116
- # 4.25.0
117
-
118
- * A record can be retired to a specific role, in addition to the default behavior of retiring to the `attic` user.
119
- * Variable can be created with the id only, without becoming interactive.
120
- * Run `conjur variable create -i -a` to create interactively with annotations.
121
- * Interactive annotation can be performed on bare resources with `conjur resource annotate -i`.
122
- * Don't require 'admin' user to bootstrap, prompt to create a new security admin during bootstrap.
123
- * Check if user privileges are sufficient before running `retire`.
124
- * Don't revoke a user's access to a record in the middle of retire, because doing so leads to 403 errors later on.
125
- * Interactive mode of user, group and pubkey creation.
126
-
127
- # 4.24.0
128
-
129
- * Interactive mode for variable creation.
130
-
131
- # 4.23.0
132
-
133
- * Don't check if netrc is world-readable on Windows, since the answer is not reliable.
134
- * Use new [conjur](https://supermarket.chef.io/cookbooks/conjur) cookbook for conjurize.
135
- * Fix faulty initialization of plugins list, if it's nil, in the .conjurrc.
136
- * Log DSL commands to stderr, even if CONJURAPI_LOG is not explicitly configured.
137
- * In policy DSL, allow creation of records without an explicit `id`. In this case, the current scope is used as the `id`.
138
-
139
- # 4.22.0
140
-
141
- * New 'plugin' subcommand to manage CLI plugins.
142
- * Configure SSL certificate from Conjur.configuration.
143
- * Print the error message if there's a problem loading a plugin.
144
-
145
- # 4.21.1
146
-
147
- * Configure trust to the new certificate in `conjur init`, before attempting to contact the Conjur server.
148
-
149
- # 4.21.0
150
-
151
- * Use user cache dir for mimetype cache.
152
- * Retrieve the whole certificate chain on conjur init.
153
-
154
- # 4.20.1
155
-
156
- * Improve the error reporting.
157
-
158
- # 4.20.0
159
-
160
- * GID manipulation commands.
161
-
162
- # 4.19.0
163
-
164
- * Add command `conjur role graph` for batch retrieval of role relationships.
165
-
166
- # 4.18.5
167
-
168
- * Bump conjur-api version to mime-types problem
169
-
170
- # 4.18.4
171
-
172
- * Revert "Find (and store) credentials by only a hostname as the machine in netrc"
173
-
174
- # 4.18.3
175
-
176
- * Use the latest conjur-ssh cookbook version for conjurize
177
-
178
- # 4.18.2
179
-
180
- * Require a recent version of netrc
181
- * Complain if netrc is world readable
182
- * Find (and store) credentials by only a hostname as the machine in netrc
183
- * Make the command start up faster by lazy loading some gems
184
- * `authn whoami` will notice if the user is logged in via env vars
185
- * `conjurize` default conjur-ssh cookbook updated to 1.2.2
186
-
187
- # 4.18.0
188
-
189
- * New `conjurize` command
190
- * Deprecate the `host enroll` command
191
- * `variable create` command now takes an optional value for the variable after the variable id
192
- * Configure "permissive" netrc to allow the `conjur` Unix group to read the `.netrc` or `conjur.identity` file.
193
-
194
- # 4.17.0
195
-
196
- * Support --policy parameter in `conjur env`
197
- * Bugfix: failures on 'variable retire'
198
- * Raise a better error in case of missing config
199
-
200
- # 4.16.0
201
-
202
- * Add 'bootstrap' CLI command
203
- * Raise a better error if conjur env encounters a variable with no value
204
-
205
- # 4.15.0
206
-
207
- * Migration to rspec 3
208
- * Commands to retire(decommission) variable, host, user, group
209
- * Bugfix (in some situations `conjur init` logged config file location incorrectly)
1
+ # Changelog
2
+ All notable changes to this project will be documented in this file.
3
+
4
+ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
5
+ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
6
+
7
+ ## [Unreleased]
8
+
9
+ ## [6.2.4] - 2021-07-01
10
+ ### Changed
11
+ - Upgraded `conjur-api` dependency to 5.3.5.
12
+ [cyberark/conjur-cli#310](https://github.com/cyberark/conjur-cli/issues/310)
13
+
14
+ ## [6.2.3] - 2020-12-22
15
+ ### Fixed
16
+ - The Conjur CLI now raises a proper error when trying to rotate a non-existing
17
+ user's API key.
18
+ [cyberark/conjur#979](https://github.com/cyberark/conjur/issues/979)
19
+
20
+ ## [6.2.2] - 2020-04-02
21
+ ### Changed
22
+ - Docker image updated to flatten to a single layer and reduce the image
23
+ size ([cyberark/conjur-cli#253](https://github.com/cyberark/conjur-cli/issues/253))
24
+
25
+ ### Fixed
26
+ - CLI image is only updated in DockerHub when the project has a new tag
27
+ ([cyberark/conjur-cli#270](https://github.com/cyberark/conjur-cli/issues/270))
28
+
29
+ ### Security
30
+ - Update rake for CVE-2020-8130 ([cyberark/conjur-cli#263](https://github.com/cyberark/conjur-cli/issues/263))
31
+
32
+ ## [6.2.1] - 2019-05-22
33
+ ### Added
34
+ - Pin to xdg gem v2.2.3 due to a [crashing CLI](https://github.com/cyberark/conjur-cli/issues/243).
35
+
36
+ ## 6.2.0 - 2018-06-22
37
+ ### Added
38
+ - Add `ldap-sync` subcommand.
39
+
40
+ ## 6.1.1 - 0000-00-00
41
+ ### Added
42
+ - No longer displaying error stack traces by default when an exception occurs duing CLI initialization (e.g when trying to open a missing conjur certificate file). Stack traces can be enabled for all errors in the CLI by setting the environment variable `GLI_DEBUG=true`.
43
+
44
+ ## [6.1.0] - 2018-04-09
45
+ ### Added
46
+ - Pin dependency 'conjur-api' to '~> 5.1'. This update adds authn-local support to the API. [conjur-api PR #131](https://github.com/cyberark/conjur-api-ruby/pull/131)
47
+
48
+ ## [6.0.1] - 2018-04-09
49
+ ### Added
50
+ - Pushes to `cyberark/conjur-cli:5` on DockerHub when tests pass
51
+ - Use SNI when fetching certificate with `conjur init`.
52
+ - Correctly specify dependency versions in gemspec.
53
+ - Allow ActiveSupport v5 as a dependency.
54
+
55
+ ## [6.0.0] - 2017-10-13
56
+ ### Added
57
+ - Provides compatibility with [cyberark/conjur](https://github.com/cyberark/conjur), Conjur 5 CE.
58
+ - License changed to Apache 2.0.
59
+ - **Codebase forked: for changes to the 5.x (API [v4](https://github.com/cyberark/conjur-cli/tree/v4)) series, see
60
+ [CHANGELOG in `v4` branch][v4-changelog](https://github.com/cyberark/conjur-cli/blob/v4/CHANGELOG.md)**
61
+
62
+ [Unreleased]: https://github.com/cyberark/conjur-cli/compare/v6.2.4...HEAD
63
+ [6.2.4]: https://github.com/cyberark/conjur-cli/compare/v6.2.3...v6.2.4
64
+ [6.2.3]: https://github.com/cyberark/conjur-cli/compare/v6.2.2...v6.2.3
65
+ [6.2.2]: https://github.com/cyberark/conjur-cli/compare/v6.2.1...v6.2.2
66
+ [6.2.1]: https://github.com/cyberark/conjur-cli/compare/v6.2.0...v6.2.1
67
+ [6.1.0]: https://github.com/cyberark/conjur-cli/compare/v6.0.1...v6.1.0
68
+ [6.0.1]: https://github.com/cyberark/conjur-cli/compare/v6.0.0...v6.0.1
69
+ [6.0.0]: https://github.com/cyberark/conjur-cli/compare/v5.6.6...v6.0.0