conjur-cli 2.2.1 → 2.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. data/lib/conjur/cli.rb +7 -8
  2. data/lib/conjur/command/groups.rb +18 -4
  3. data/lib/conjur/version.rb +1 -1
  4. data/spec/command/groups_spec.rb +39 -0
  5. data/spec/spec_helper.rb +2 -1
  6. metadata +6 -4
data/lib/conjur/cli.rb CHANGED
@@ -18,22 +18,21 @@ module Conjur
18
18
  end
19
19
  end
20
20
  end
21
-
22
-
21
+
22
+ load_config
23
+
24
+ Conjur::Config.plugins.each do |plugin|
25
+ require "conjur-asset-#{plugin}"
26
+ end
27
+
23
28
  commands_from 'conjur/command'
24
29
 
25
30
  pre do |global,command,options,args|
26
- load_config
27
-
28
31
  ENV['CONJUR_ENV'] = Config[:env] || "production"
29
32
  ENV['CONJUR_STACK'] = Config[:stack] if Config[:stack]
30
33
  ENV['CONJUR_STACK'] ||= 'v3' if ENV['CONJUR_ENV'] == 'production'
31
34
  ENV['CONJUR_ACCOUNT'] = Config[:account] or raise "Missing configuration setting: account. Please set it in ~/.conjurrc"
32
35
 
33
- Conjur::Config.plugins.each do |plugin|
34
- require "conjur-asset-#{plugin}"
35
- end
36
-
37
36
  if Conjur.log
38
37
  Conjur.log << "Using host #{Conjur::Authn::API.host}\n"
39
38
  end
data/lib/conjur/command/groups.rb CHANGED
@@ -20,17 +20,31 @@ class Conjur::Command::Groups < Conjur::Command
20
20
  desc "Add a new group member"
21
21
  arg_name "group member"
22
22
  command :"members:add" do |c|
23
- c.desc "Grant with admin option"
23
+ c.desc "Also grant the admin option"
24
24
  c.switch [:a, :admin]
25
+
26
+ # perhaps this belongs to member:remove, but then either
27
+ # it would be possible to grant membership with member:revoke,
28
+ # or we would need two round-trips to authz
29
+ c.desc "Revoke the grant option if it's granted"
30
+ c.switch [:r, :'revoke-admin']
25
31
 
26
32
  c.action do |global_options,options,args|
27
33
  group = require_arg(args, 'group')
28
34
  member = require_arg(args, 'member')
29
35
 
30
36
  group = api.group(group)
31
- api.role(group.roleid).grant_to member, !!options[:admin]
32
-
33
- puts "Membership granted"
37
+ opts = nil
38
+ message = "Membership granted"
39
+ if options[:admin] then
40
+ opts = { admin_option: true }
41
+ message = "Adminship granted"
42
+ elsif options[:'revoke-admin'] then
43
+ opts = { admin_option: false }
44
+ message = "Adminship revoked"
45
+ end
46
+ api.role(group.roleid).grant_to member, opts
47
+ puts message
34
48
  end
35
49
  end
36
50
 
data/lib/conjur/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Conjur
2
- VERSION = "2.2.1"
2
+ VERSION = "2.3.0"
3
3
  end
data/spec/command/groups_spec.rb ADDED
@@ -0,0 +1,39 @@
1
+ require 'spec_helper'
2
+
3
+ describe Conjur::Command::Groups, logged_in: true do
4
+ describe_command "group:members:add group role" do
5
+ it "adds the role to the group" do
6
+ RestClient::Request.should_receive(:execute).with(
7
+ method: :put,
8
+ url: "https://authz.example.com/the-account/roles/group/group/?members&member=role",
9
+ headers: {},
10
+ payload: nil
11
+ )
12
+ invoke
13
+ end
14
+ end
15
+
16
+ describe_command "group:members:add -a group role" do
17
+ it "adds the role to the group with admin option" do
18
+ RestClient::Request.should_receive(:execute).with(
19
+ method: :put,
20
+ url: "https://authz.example.com/the-account/roles/group/group/?members&member=role",
21
+ headers: {},
22
+ payload: { admin_option: true }
23
+ )
24
+ invoke
25
+ end
26
+ end
27
+
28
+ describe_command "group:members:add -r group role" do
29
+ it "revokes the admin rights" do
30
+ RestClient::Request.should_receive(:execute).with(
31
+ method: :put,
32
+ url: "https://authz.example.com/the-account/roles/group/group/?members&member=role",
33
+ headers: {},
34
+ payload: { admin_option: false }
35
+ )
36
+ invoke
37
+ end
38
+ end
39
+ end
data/spec/spec_helper.rb CHANGED
@@ -47,8 +47,9 @@ shared_context "when logged in", logged_in: true do
47
47
  include_context "with mock authn"
48
48
  let(:username) { 'dknuth' }
49
49
  let(:api_key) { 'sekrit' }
50
- let(:api) { Conjur::API.new_from_token({ 'data' => username }) }
50
+ let(:api) { Conjur::API.new_from_key(username, api_key) }
51
51
  before do
52
+ api.stub credentials: {}
52
53
  netrc[authn_host] = [username, api_key]
53
54
  Conjur::Command.stub api: api
54
55
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: conjur-cli
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.1
4
+ version: 2.3.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2013-06-24 00:00:00.000000000 Z
13
+ date: 2013-07-03 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: conjur-api
@@ -228,6 +228,7 @@ files:
228
228
  - lib/conjur/config.rb
229
229
  - lib/conjur/version.rb
230
230
  - spec/command/authn_spec.rb
231
+ - spec/command/groups_spec.rb
231
232
  - spec/command/roles_spec.rb
232
233
  - spec/spec_helper.rb
233
234
  - spec/write_expectation.rb
@@ -245,7 +246,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
245
246
  version: '0'
246
247
  segments:
247
248
  - 0
248
- hash: -1479172198194627634
249
+ hash: 1906770823961939842
249
250
  required_rubygems_version: !ruby/object:Gem::Requirement
250
251
  none: false
251
252
  requirements:
@@ -254,7 +255,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
254
255
  version: '0'
255
256
  segments:
256
257
  - 0
257
- hash: -1479172198194627634
258
+ hash: 1906770823961939842
258
259
  requirements: []
259
260
  rubyforge_project:
260
261
  rubygems_version: 1.8.25
@@ -265,6 +266,7 @@ test_files:
265
266
  - features/jsonfield.feature
266
267
  - features/support/env.rb
267
268
  - spec/command/authn_spec.rb
269
+ - spec/command/groups_spec.rb
268
270
  - spec/command/roles_spec.rb
269
271
  - spec/spec_helper.rb
270
272
  - spec/write_expectation.rb