conjur-cli 2.1.9 → 2.2.1

data/.gitignore

@@ -1,3 +1,7 @@
+*.cert
+*.credential
+*.json
+*.pem
 testdata/
 *.gem
 *.rbc
@@ -13,8 +17,11 @@ lib/bundler/man
 pkg
 rdoc
 spec/reports
+features/reports
 test/tmp
 test/version_tmp
 tmp
 .kateproject.d
 .idea
+.rvmrc
+

data/Gemfile

@@ -3,8 +3,9 @@ source 'https://rubygems.org'
 # Specify your gem's dependencies in conjur.gemspec
 gemspec
 
-gem 'slosilo', git: 'https://github.com/inscitiv/slosilo.git', branch: 'master'
-gem 'conjur-api', '~> 2.2', git: 'https://github.com/inscitiv/api-ruby.git', branch: 'master'
+# when developing in parallel, you might want to uncomment the following:
+# gem 'conjur-api', git: 'https://github.com/inscitiv/api-ruby.git', branch: 'master'
+
 gem 'conjur-asset-cmi-study', git: 'https://inscitiv-ops-dev:Me5aswes@github.com/inscitiv/conjur-asset-cmi-study', branch: 'master'
 gem 'conjur-asset-environment', git: 'https://inscitiv-ops-dev:Me5aswes@github.com/inscitiv/conjur-asset-environment', branch: 'master'
 gem 'conjur-asset-deployment',  git: 'https://inscitiv-ops-dev:Me5aswes@github.com/inscitiv/conjur-asset-deployment',  branch: 'master'

data/Rakefile

@@ -1,20 +1,19 @@
 #!/usr/bin/env rake
 require "bundler/gem_tasks"
+require 'ci/reporter/rake/rspec'
+require 'ci/reporter/rake/cucumber'
+require 'cucumber'
+require 'cucumber/rake/task'
+require 'rspec/core/rake_task'
 
-begin
-  require 'rspec/core/rake_task'
-  RSpec::Core::RakeTask.new(:spec)
-rescue LoadError
-  $stderr.puts "RSpec Rake tasks not available in environment #{ENV['RACK_ENV']}"
-end
+RSpec::Core::RakeTask.new :spec
+Cucumber::Rake::Task.new :features
 
-task :jenkins do
-  if ENV['BUILD_NUMBER']
-    File.write('build_number', ENV['BUILD_NUMBER'])
-  end
-  require 'ci/reporter/rake/rspec'
-  Rake::Task["ci:setup:rspec"].invoke
-  Rake::Task["spec"].invoke
+task :jenkins => ['ci:setup:rspec', :spec, 'ci:setup:cucumber_report_cleanup'] do
+  Cucumber::Rake::Task.new do |t|
+    t.cucumber_opts = "--format CI::Reporter::Cucumber"
+  end.runner.run
+  File.write('build_number', ENV['BUILD_NUMBER']) if ENV['BUILD_NUMBER']
 end
 
-task default: :spec
+task default: [:spec, :features]

data/bin/jsonfield

@@ -0,0 +1,50 @@
+#!/usr/bin/env ruby
+
+require 'json'
+require 'methadone'
+
+class JsonField
+  include Methadone::Main
+  include Methadone::CLILogging
+
+  description "parse JSON and extract a field value"
+  arg :json_path, "path to object to extract, eg. 'headers.0' or 'document.author.name'"
+  arg :json, :optional, "data to parse (reads from stdin if not given)"
+
+  main do |path, input = nil|
+    input ||= STDIN.read
+    data = JSON.parse input
+    result = data.extract_field *(path.split '.', -1)
+    puts result
+  end
+end
+
+class Hash
+  def extract_field head = nil, *tail
+    return self unless head
+    field_not_found! head unless has_key? head
+    self[head].extract_field *tail
+  end
+end
+
+class Array
+  def extract_field head = nil, *tail
+    return self unless head
+    index = Integer(head) rescue field_not_found!(head)
+    field_not_found! index if index >= size
+    self[index].extract_field *tail
+  end
+end
+
+class Object
+  def extract_field head = nil, *tail
+    field_not_found! head if head
+    self
+  end
+
+  def field_not_found! field
+    raise Methadone::Error.new(2, "No field #{field} in #{inspect}")
+  end
+end
+
+JsonField.go!

data/conjur.gemspec

@@ -14,13 +14,17 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
   gem.version       = Conjur::VERSION
   
-  gem.add_dependency 'conjur-api'
+  gem.add_dependency 'conjur-api', '~> 2.4'
   gem.add_dependency 'gli'
   gem.add_dependency 'highline'
   gem.add_dependency 'netrc'
+  gem.add_dependency 'methadone'
   
   gem.add_runtime_dependency 'cas_rest_client'
   
   gem.add_development_dependency 'rspec'
   gem.add_development_dependency 'simplecov'
+  gem.add_development_dependency 'aruba'
+  gem.add_development_dependency 'ci_reporter', '~> 1.8'
+  gem.add_development_dependency 'rake', '~> 10.0'
 end

data/features/jsonfield.feature

@@ -0,0 +1,49 @@
+Feature: Extracting JSON fields
+
+  In order to use conjur output in shell scripts
+  As a Conjur user
+  I want to extract fields from JSON data
+
+  Scenario: An array element
+    When I successfully run `jsonfield 2 '[1, 2, 3]'`
+    Then the output should contain "3"
+
+  Scenario: An out of bounds array element
+    When I run `jsonfield 3 '[1, 2, 3]'`
+    Then the output should contain "No field 3"
+    And the exit status should be 2
+
+  Scenario: A hash element
+    When I successfully run `jsonfield a '{"a": 4}'`
+    Then the output should contain "4"
+
+  Scenario: A non-existent hash element
+    When I run `jsonfield b '{"a": 4}'`
+    Then the output should contain "No field b"
+    And the exit status should be 2
+
+  Scenario: Nested elements
+    When I successfully run `jsonfield 0.a.1.b '[{"a": [42, {"b": "foo", "d": null}, 33], "bar": true}]'`
+    Then the output should contain "foo"
+
+  Scenario: Standard input
+    Given a file named "test.json" with:
+      """
+        {
+          "a": [
+            42,
+            {
+              "b": "foo",
+              "d": null
+            },
+            33
+          ],
+          "bar": true
+        }
+      """
+    When I run `cat test.json | jsonfield 0.a.1.b`
+    Then the output should contain "foo"
+
+  Scenario: An element with hyphen in key
+    When I successfully run `jsonfield variables.db-password '{"variables": {"db-password": "foo"}}'`
+    Then the output should contain "foo"

data/features/support/env.rb

@@ -0,0 +1,4 @@
+require 'simplecov'
+require 'aruba/cucumber'
+
+SimpleCov.start

data/lib/conjur/cli.rb

@@ -19,24 +19,25 @@ module Conjur
       end
     end
             
-    load_config
-            
-    ENV['CONJUR_ENV'] = Config[:env] || "production"
-    ENV['CONJUR_STACK'] = Config[:stack] if Config[:stack]
-    ENV['CONJUR_STACK'] ||= 'v3' if ENV['CONJUR_ENV'] == 'production'
-    ENV['CONJUR_ACCOUNT'] = Config[:account] or raise "Missing configuration setting: account. Please set it in ~/.conjurrc"
-    
-    Conjur::Config.plugins.each do |plugin|
-      require "conjur-asset-#{plugin}"
-    end
     
     commands_from 'conjur/command'
 
-    if Conjur.log
-      Conjur.log << "Using host #{Conjur::Authn::API.host}\n"
-    end
-
     pre do |global,command,options,args|
+      load_config
+
+      ENV['CONJUR_ENV'] = Config[:env] || "production"
+      ENV['CONJUR_STACK'] = Config[:stack] if Config[:stack]
+      ENV['CONJUR_STACK'] ||= 'v3' if ENV['CONJUR_ENV'] == 'production'
+      ENV['CONJUR_ACCOUNT'] = Config[:account] or raise "Missing configuration setting: account. Please set it in ~/.conjurrc"
+
+      Conjur::Config.plugins.each do |plugin|
+        require "conjur-asset-#{plugin}"
+      end
+
+      if Conjur.log
+        Conjur.log << "Using host #{Conjur::Authn::API.host}\n"
+      end
+
       require 'active_support/core_ext'
       options.delete_if{|k,v| v.blank?}
       options.symbolize_keys!
@@ -57,9 +58,7 @@ module Conjur
     end
     
     on_error do |exception|
-      if exception.is_a?(GLI::StandardException)
-        # pass
-      elsif exception.is_a?(RestClient::Exception)
+      if exception.is_a?(RestClient::Exception)
         begin
           body = JSON.parse(exception.response.body)
           $stderr.puts body['error']

data/lib/conjur/command/authn.rb

@@ -54,9 +54,12 @@ DESC
 
   desc "Prints out the current logged in username"
   command :whoami do |c|
-    c.action do |global_options,options,args|
-      token = Conjur::Authn.authenticate(options)
-      puts({ account: Conjur::Core::API.conjur_account, username: token['data'] }.to_json)
+    c.action do
+      if creds = Conjur::Authn.read_credentials
+        puts({account: Conjur::Core::API.conjur_account, username: creds[0]}.to_json)
+      else
+        exit_now! 'Not logged in.', -1
+      end
     end
   end
 end

data/lib/conjur/command/field.rb

@@ -3,13 +3,13 @@ require 'conjur/command'
 class Conjur::Command::Field < Conjur::Command
   self.prefix = :field
   
-  desc "Selects a field from structured input"
-  arg_name "pattern (value | STDIN)"
+  desc "(Deprecated. See standalone jsonfield command instead.)"
   command :select do |c|
     c.action do |global_options,options,args|
       pattern = require_arg(args, 'pattern')
       value = args.shift || STDIN.read
-      
+
+      warn "field:select is deprecated. Please use jsonfield command instead."
       require 'json'
       json = JSON.parse(value)
       class << json

data/lib/conjur/command/hosts.rb

@@ -27,7 +27,7 @@ class Conjur::Command::Hosts < Conjur::Command
       enrollment_url = api.host(id).enrollment_url
       puts enrollment_url
       $stderr.puts "On the target host, please execute the following command:"
-      $stderr.puts "sudo true && curl -L #{enrollment_url} | sudo bash"
+      $stderr.puts "curl -L #{enrollment_url} | bash"
     end
   end
 end

data/lib/conjur/command/resources.rb

@@ -15,6 +15,7 @@ class Conjur::Command::Resources < Conjur::Command
       id = require_arg(args, "resource-id")
       resource = api.resource([ conjur_account, kind, id ].join(':'))
       resource.create(options)
+      display resource.attributes
     end
   end
   
@@ -48,6 +49,7 @@ class Conjur::Command::Resources < Conjur::Command
       role = require_arg(args, "role")
       privilege = require_arg(args, "privilege")
       api.resource([ conjur_account, kind, id ].join(':')).permit privilege, role
+      puts "Permission granted"
     end
   end
 
@@ -60,6 +62,7 @@ class Conjur::Command::Resources < Conjur::Command
       role = require_arg(args, "role")
       privilege = require_arg(args, "privilege")
       api.resource([ conjur_account, kind, id ].join(':')).deny privilege, role
+      puts "Permission revoked"
     end
   end
   
@@ -84,6 +87,7 @@ class Conjur::Command::Resources < Conjur::Command
       id = require_arg(args, "resource-id")
       owner = require_arg(args, "owner")
       api.resource([ conjur_account, kind, id ].join(':')).give_to owner
+      puts "Role granted"
     end
   end
 

data/lib/conjur/command/roles.rb

@@ -13,6 +13,7 @@ class Conjur::Command::Roles < Conjur::Command
       id = require_arg(args, 'role')
       role = api.role(id)
       role.create(options)
+      puts "Created #{role}"
     end
   end
   
@@ -30,24 +31,18 @@ class Conjur::Command::Roles < Conjur::Command
   arg_name "role"
   command :memberships do |c|
     c.action do |global_options,options,args|
-      role = args.shift || api.user(api.username).roleid
-      display api.role(role).all.map(&:roleid)
+      roleid = args.shift
+      role = roleid.nil? && api.current_role || api.role(roleid)
+      display role.all.map(&:roleid)
     end
   end
 
-  desc "Lists members of the role"
+  desc "Lists all members of the role"
   arg_name "role"
   command :members do |c|
-    c.desc "List all members recursively"
-    c.switch :a
-
     c.action do |global_options,options,args|
       role = args.shift || api.user(api.username).roleid
-      if options[:a]
-        display api.role(role).all.map(&:roleid)
-      else
-        display api.role(role).members.map(&:member).map(&:roleid)
-      end
+      display api.role(role).members.map(&:member).map(&:roleid)
     end
   end
 
@@ -62,6 +57,7 @@ class Conjur::Command::Roles < Conjur::Command
       member = require_arg(args, 'member')
       role = api.role(id)
       role.grant_to member, options[:admin]
+      puts "Role granted"
     end
   end
 
@@ -73,6 +69,7 @@ class Conjur::Command::Roles < Conjur::Command
       member = require_arg(args, 'member')
       role = api.role(id)
       role.revoke_from member
+      puts "Role revoked"
     end
   end
 end

data/lib/conjur/version.rb

@@ -1,3 +1,3 @@
 module Conjur
-  VERSION = "2.1.9"
+  VERSION = "2.2.1"
 end

data/spec/command/authn_spec.rb

@@ -1,39 +1,25 @@
 require 'spec_helper'
-require 'tempfile'
-require 'write_expectation'
 
 describe Conjur::Command::Authn do
-  let(:netrcfile) { Tempfile.new 'authtest' }
-  let(:netrc) { Netrc.read(netrcfile.path) }
-  let(:host) { 'https://authn.example.com' }
-
-  before do
-    Conjur::Authn.stub netrc: netrc, host: host
-  end
-
-  context "when not logged in" do
+  context logged_in: false do
     describe_command 'authn:whoami' do
       it "errors out" do
-        expect{ invoke }.to write(/not logged in/i).to :stderr
+        expect { invoke }.to raise_error(GLI::CustomExit, /not logged in/i)
       end
     end
   end
 
-  context "when logged in" do
-    let(:username) { 'dknuth' }
-    let(:api_key) { 'sekrit' }
-    before { netrc[host] = [username, api_key] }
-
+  context logged_in: true do
     describe_command 'authn:logout' do
       it "deletes credentials" do
         invoke
-        netrc[host].should_not be
+        netrc[authn_host].should_not be
       end
     end
 
     describe_command 'authn:whoami' do
-      it "prints the current username to stdout" do
-        expect { invoke }.to write username
+      it "prints the current account and username to stdout" do
+        expect { invoke }.to write({ account: account, username: username }.to_json)
       end
     end
   end

data/spec/command/roles_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+
+describe Conjur::Command::Roles, logged_in: true do
+  let(:all_roles) { %w(foo:user:joerandom foo:something:cool foo:something:else foo:group:admins) }
+  let(:role) do
+    double "the role", all: all_roles.map{|r| double r, roleid: r }
+  end
+
+  before do
+    api.stub(:role).with(rolename).and_return role
+  end
+
+  context "when logged in as a user" do
+    let(:username) { "joerandom" }
+    let(:rolename) { "user:joerandom" }
+
+    describe_command "role:memberships" do
+      it "lists all roles" do
+        JSON::parse(expect { invoke }.to write).should == all_roles
+      end
+    end
+
+    describe_command "role:memberships foo:bar" do
+      let(:rolename) { 'foo:bar' }
+      it "lists all roles of foo:bar" do
+        JSON::parse(expect { invoke }.to write).should == all_roles
+      end
+    end
+  end
+
+  context "when logged in as a host" do
+    let(:username) { "host/foobar" }
+    let(:rolename) { "host:foobar" }
+
+    describe_command "role:memberships" do
+      it "lists all roles" do
+        JSON::parse(expect { invoke }.to write).should == all_roles
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -1,5 +1,6 @@
 require "rubygems"
 require "bundler/setup"
+require 'tempfile'
 
 require "simplecov"
 SimpleCov.start
@@ -9,11 +10,54 @@ module RSpec::Core::DSL
     describe *argv do
       let(:invoke) do
         Conjur::CLI.error_device = $stderr
-        Conjur::CLI.run argv 
+        Conjur::CLI.run argv.first.split(' ')
       end
       instance_eval &block
     end
   end
 end
 
+shared_context "with fake endpoints and test config" do
+  let(:authn_host) { 'https://authn.example.com' }
+  let(:authz_host) { 'https://authz.example.com' }
+  let(:core_host) { 'https://core.example.com' }
+  before do
+    Conjur::Authn::API.stub host: authn_host
+    Conjur::Authz::API.stub host: authz_host
+    Conjur::Core::API.stub host: core_host
+
+    ENV['GLI_DEBUG'] = 'true'
+  end
+end
+
+shared_context "with mock authn" do
+  include_context "with fake endpoints and test config"
+  let(:netrcfile) { Tempfile.new 'authtest' }
+  let(:netrc) { Netrc.read(netrcfile.path) }
+  let(:account) { 'the-account' }
+  before do
+    Conjur::Core::API.stub conjur_account: account
+    Conjur::Authn.stub netrc: netrc, host: authn_host
+    Conjur::Config.merge 'account' => account
+  end
+
+end
+
+shared_context "when logged in", logged_in: true do
+  include_context "with mock authn"
+  let(:username) { 'dknuth' }
+  let(:api_key) { 'sekrit' }
+  let(:api) { Conjur::API.new_from_token({ 'data' => username }) }
+  before do
+    netrc[authn_host] = [username, api_key]
+    Conjur::Command.stub api: api
+  end
+end
+
+shared_context "when not logged in", logged_in: false do
+  include_context "with mock authn"
+end
+
+require 'write_expectation'
+
 require 'conjur/cli'

data/spec/write_expectation.rb

@@ -27,6 +27,7 @@ RSpec::Matchers.define :write do |message|
     case message
     when String then output.include? message
     when Regexp then output.match message
+    when nil then output
     else fail("Allowed types for write `message` are String or Regexp, got `#{message.class}`")
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 2.1.9
+  version: 2.2.1
   prerelease: 
 platform: ruby
 authors:
@@ -10,10 +10,26 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-06-04 00:00:00.000000000 Z
+date: 2013-06-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: conjur-api
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.4'
+- !ruby/object:Gem::Dependency
+  name: gli
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
@@ -29,7 +45,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: gli
+  name: highline
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
@@ -45,7 +61,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: highline
+  name: netrc
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
@@ -61,7 +77,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: netrc
+  name: methadone
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
@@ -124,25 +140,76 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: aruba
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ci_reporter
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
 description: 
 email:
 - divided.mind@gmail.com
 - kevin.gilpin@inscitiv.com
 executables:
 - conjur
+- jsonfield
 extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
 - .kateproject
 - .project
-- .rvmrc
 - Gemfile
 - LICENSE
 - README.md
 - Rakefile
 - bin/conjur
+- bin/jsonfield
 - conjur.gemspec
+- features/jsonfield.feature
+- features/support/env.rb
 - lib/conjur.rb
 - lib/conjur/authn.rb
 - lib/conjur/cli.rb
@@ -161,6 +228,7 @@ files:
 - lib/conjur/config.rb
 - lib/conjur/version.rb
 - spec/command/authn_spec.rb
+- spec/command/roles_spec.rb
 - spec/spec_helper.rb
 - spec/write_expectation.rb
 homepage: https://github.com/inscitiv/cli-ruby
@@ -175,19 +243,28 @@ required_ruby_version: !ruby/object:Gem::Requirement
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: -1479172198194627634
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: -1479172198194627634
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.24
+rubygems_version: 1.8.25
 signing_key: 
 specification_version: 3
 summary: Conjur command line interface
 test_files:
+- features/jsonfield.feature
+- features/support/env.rb
 - spec/command/authn_spec.rb
+- spec/command/roles_spec.rb
 - spec/spec_helper.rb
 - spec/write_expectation.rb

data/.rvmrc

@@ -1 +0,0 @@
-rvm use 1.9.3@conjur-cli --create