conjur-cli 2.1.6 → 2.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/conjur/authn.rb +4 -0
- data/lib/conjur/command/authn.rb +16 -0
- data/lib/conjur/command/resources.rb +13 -0
- data/lib/conjur/version.rb +1 -1
- metadata +2 -3
- data/lib/conjur/command/permissions.rb +0 -48
data/lib/conjur/authn.rb
CHANGED
data/lib/conjur/command/authn.rb
CHANGED
|
@@ -29,6 +29,22 @@ DESC
|
|
|
29
29
|
end
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
+
desc "Obtains an authentication token using the current logged-in user"
|
|
33
|
+
command :authenticate do |c|
|
|
34
|
+
c.arg_name 'header'
|
|
35
|
+
c.desc "Base64 encode the result and format as an HTTP Authorization header"
|
|
36
|
+
c.switch [:H,:header]
|
|
37
|
+
|
|
38
|
+
c.action do |global_options,options,args|
|
|
39
|
+
token = Conjur::Authn.authenticate(options)
|
|
40
|
+
if options[:header]
|
|
41
|
+
puts "Authorization: Token token=\"#{Base64.strict_encode64(token.to_json)}\""
|
|
42
|
+
else
|
|
43
|
+
puts token
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
32
48
|
desc "Logs out"
|
|
33
49
|
command :logout do |c|
|
|
34
50
|
c.action do
|
|
@@ -62,6 +62,19 @@ class Conjur::Command::Resources < Conjur::Command
|
|
|
62
62
|
api.resource([ Conjur.account, kind, id ].join(':')).deny privilege, role
|
|
63
63
|
end
|
|
64
64
|
end
|
|
65
|
+
|
|
66
|
+
desc "Check whether a role has a privilege on a resource"
|
|
67
|
+
arg_name "kind resource-id role privilege"
|
|
68
|
+
command :check do |c|
|
|
69
|
+
c.action do |global_options,options,args|
|
|
70
|
+
kind = args.shift or raise "Missing parameter: resource-kind"
|
|
71
|
+
resource_id = args.shift or raise "Missing parameter: resource-id"
|
|
72
|
+
role = args.shift or raise "Missing parameter: role"
|
|
73
|
+
privilege = args.shift or raise "Missing parameter: privilege"
|
|
74
|
+
role = api.role(role)
|
|
75
|
+
puts role.permitted? kind, resource_id, privilege
|
|
76
|
+
end
|
|
77
|
+
end
|
|
65
78
|
|
|
66
79
|
desc "Grant ownership on a resource to a new owner"
|
|
67
80
|
arg_name "kind resource-id owner"
|
data/lib/conjur/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: conjur-cli
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.7
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2013-05-
|
|
13
|
+
date: 2013-05-23 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: conjur-api
|
|
@@ -152,7 +152,6 @@ files:
|
|
|
152
152
|
- lib/conjur/command/field.rb
|
|
153
153
|
- lib/conjur/command/groups.rb
|
|
154
154
|
- lib/conjur/command/hosts.rb
|
|
155
|
-
- lib/conjur/command/permissions.rb
|
|
156
155
|
- lib/conjur/command/resources.rb
|
|
157
156
|
- lib/conjur/command/roles.rb
|
|
158
157
|
- lib/conjur/command/secrets.rb
|
|
@@ -1,48 +0,0 @@
|
|
|
1
|
-
require 'conjur/authn'
|
|
2
|
-
require 'conjur/command'
|
|
3
|
-
|
|
4
|
-
class Conjur::Command::Resources < Conjur::Command
|
|
5
|
-
self.prefix = :permission
|
|
6
|
-
|
|
7
|
-
desc "Grants permission on a resource to a role"
|
|
8
|
-
arg_name "resource-kind"
|
|
9
|
-
arg_name "resource-id"
|
|
10
|
-
arg_name "role"
|
|
11
|
-
arg_name "privilege"
|
|
12
|
-
command :grant do |c|
|
|
13
|
-
c.desc "Whether to give the grant option"
|
|
14
|
-
c.switch :grant
|
|
15
|
-
|
|
16
|
-
c.action do |global_options,options,args|
|
|
17
|
-
kind = args.shift or raise "Missing parameter: resource-kind"
|
|
18
|
-
resource_id = args.shift or raise "Missing parameter: resource-id"
|
|
19
|
-
role = args.shift or raise "Missing parameter: role"
|
|
20
|
-
privilege = args.shift or raise "Missing parameter: privilege"
|
|
21
|
-
resource = api.resource(kind, resource_id)
|
|
22
|
-
options = {}
|
|
23
|
-
options[:grant_option] = true if options[:grant]
|
|
24
|
-
resource.permit privilege, role, options
|
|
25
|
-
end
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
desc "Check whether a role has a privilege on a resource"
|
|
29
|
-
arg_name "resource-kind"
|
|
30
|
-
arg_name "resource-id"
|
|
31
|
-
arg_name "role"
|
|
32
|
-
arg_name "privilege"
|
|
33
|
-
command :check do |c|
|
|
34
|
-
c.action do |global_options,options,args|
|
|
35
|
-
kind = args.shift or raise "Missing parameter: resource-kind"
|
|
36
|
-
resource_id = args.shift or raise "Missing parameter: resource-id"
|
|
37
|
-
role = args.shift or raise "Missing parameter: role"
|
|
38
|
-
privilege = args.shift or raise "Missing parameter: privilege"
|
|
39
|
-
role = api.role(role)
|
|
40
|
-
begin
|
|
41
|
-
role.permitted? kind, resource_id, privilege
|
|
42
|
-
puts "true"
|
|
43
|
-
rescue RestClient::ResourceNotFound
|
|
44
|
-
puts "false"
|
|
45
|
-
end
|
|
46
|
-
end
|
|
47
|
-
end
|
|
48
|
-
end
|