conjur-cli 4.10.1 → 4.10.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/conjur.gemspec +1 -1
- data/lib/conjur/authn.rb +2 -1
- data/lib/conjur/command/env.rb +1 -1
- data/lib/conjur/command/init.rb +1 -4
- data/lib/conjur/command/policy.rb +1 -1
- data/lib/conjur/command/resources.rb +9 -2
- data/lib/conjur/command/variables.rb +1 -1
- data/lib/conjur/config.rb +9 -1
- data/lib/conjur/conjurenv.rb +2 -0
- data/lib/conjur/dsl/runner.rb +2 -1
- data/lib/conjur/version.rb +1 -1
- data/spec/command/init_spec.rb +0 -1
- data/spec/command/resources_spec.rb +7 -0
- data/spec/config_spec.rb +15 -2
- data/spec/conjurrc +2 -1
- data/spec/env_spec.rb +8 -2
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9364641a7961f68f6327900c82a3b48df392a8ff
|
4
|
+
data.tar.gz: aa7a0645cba4fc6055263fb7893e1a87272759a1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 885fe1eed115b3f3ca176a89cbbf50538a582f0610327a5b20bc77e8d4698bcc4781d45cb94927ddd3b2d76f3a849b718e5c7bbd3f62a267b09a9c76c294fdda
|
7
|
+
data.tar.gz: 85d230b34bd07280dc4d24c495e24bae284073c66c0e58e4d01267b918f35d0ca1a836ba71768ca71dad3879bf0c3a39792d49e480bd8a8bba5423dce9eb8e2f
|
data/conjur.gemspec
CHANGED
@@ -17,7 +17,7 @@ Gem::Specification.new do |gem|
|
|
17
17
|
|
18
18
|
|
19
19
|
gem.add_dependency 'activesupport'
|
20
|
-
gem.add_dependency 'conjur-api', '>=4.9.
|
20
|
+
gem.add_dependency 'conjur-api', '>=4.9.1'
|
21
21
|
gem.add_dependency 'gli', '>=2.8.0'
|
22
22
|
gem.add_dependency 'highline'
|
23
23
|
gem.add_dependency 'netrc'
|
data/lib/conjur/authn.rb
CHANGED
@@ -19,6 +19,7 @@
|
|
19
19
|
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
20
|
#
|
21
21
|
require 'active_support/deprecation'
|
22
|
+
require 'active_support/dependencies/autoload'
|
22
23
|
require 'conjur/api'
|
23
24
|
require 'netrc'
|
24
25
|
|
@@ -102,4 +103,4 @@ module Conjur::Authn
|
|
102
103
|
cls.new_from_key(*get_credentials(options))
|
103
104
|
end
|
104
105
|
end
|
105
|
-
end
|
106
|
+
end
|
data/lib/conjur/command/env.rb
CHANGED
@@ -150,7 +150,7 @@ TEMPLATEDESC
|
|
150
150
|
env.command :help do |c|
|
151
151
|
c.action do |global_options,options,args|
|
152
152
|
puts """
|
153
|
-
Environment configuration (either stored in file referred by -
|
153
|
+
Environment configuration (either stored in file referred by -c option or provided inline with --yaml option) should be a YAML document describing one-level Hash.
|
154
154
|
Keys of the hash are 'local names', used to refer to variable values in convenient manner. (See help for env:run and env:template for more details about how they are interpreted).
|
155
155
|
|
156
156
|
Values of the hash may take one of the following forms: a) string b) string preceeded with !var tag c) string preceeded with !tmp tag.
|
data/lib/conjur/command/init.rb
CHANGED
@@ -94,10 +94,7 @@ class Conjur::Command::Init < Conjur::Command
|
|
94
94
|
|
95
95
|
exit_now! "account is required" if account.blank?
|
96
96
|
|
97
|
-
config = {
|
98
|
-
account: account,
|
99
|
-
plugins: %w(environment layer key-pair pubkeys)
|
100
|
-
}
|
97
|
+
config = { account: account }
|
101
98
|
|
102
99
|
config[:appliance_url] = "https://#{hostname}/api" unless hostname.blank?
|
103
100
|
|
@@ -65,7 +65,7 @@ owner of the policy role is the logged-in user (you), as always.
|
|
65
65
|
policy.command :load do |c|
|
66
66
|
acting_as_option(c)
|
67
67
|
|
68
|
-
c.desc "Policy collection
|
68
|
+
c.desc "Policy collection, defaulting to $USER@$HOSTNAME"
|
69
69
|
c.arg_name "collection"
|
70
70
|
c.flag [:collection]
|
71
71
|
|
@@ -62,11 +62,18 @@ class Conjur::Command::Resources < Conjur::Command
|
|
62
62
|
resource.desc "Give a privilege on a resource"
|
63
63
|
resource.arg_name "resource-id role privilege"
|
64
64
|
resource.command :permit do |c|
|
65
|
+
c.desc "allow transfer to other roles"
|
66
|
+
c.switch [:g, :grantable]
|
65
67
|
c.action do |global_options,options,args|
|
66
68
|
id = full_resource_id( require_arg(args, "resource-id") )
|
67
69
|
role = require_arg(args, "role")
|
68
70
|
privilege = require_arg(args, "privilege")
|
69
|
-
|
71
|
+
unless options[:g]
|
72
|
+
api.resource(id).permit privilege, role
|
73
|
+
else
|
74
|
+
api.resource(id).permit privilege, role, grant_option: true
|
75
|
+
end
|
76
|
+
|
70
77
|
puts "Permission granted"
|
71
78
|
end
|
72
79
|
end
|
@@ -173,4 +180,4 @@ class Conjur::Command::Resources < Conjur::Command
|
|
173
180
|
end
|
174
181
|
end
|
175
182
|
end
|
176
|
-
end
|
183
|
+
end
|
data/lib/conjur/config.rb
CHANGED
@@ -55,9 +55,17 @@ module Conjur
|
|
55
55
|
require 'conjur/configuration'
|
56
56
|
keys = Config.keys.dup
|
57
57
|
keys.delete(:plugins)
|
58
|
+
|
59
|
+
cfg = Conjur.configuration
|
58
60
|
keys.each do |k|
|
61
|
+
begin
|
62
|
+
next if cfg.send(k)
|
63
|
+
rescue
|
64
|
+
# we use try..rescue because Conjur.configuration
|
65
|
+
# provides no API to see if key is set
|
66
|
+
end
|
59
67
|
value = Config[k]
|
60
|
-
|
68
|
+
cfg.set k, value if value
|
61
69
|
end
|
62
70
|
|
63
71
|
if Conjur.log
|
data/lib/conjur/conjurenv.rb
CHANGED
@@ -79,6 +79,8 @@ module Conjur
|
|
79
79
|
YAML.add_tag("!tmp", ConjurTempfile)
|
80
80
|
definition = YAML.load(yaml)
|
81
81
|
raise "Definition should be a Hash" unless definition.kind_of?(Hash)
|
82
|
+
# convert fixnums to literals -- to make definitions of e.g. ports more convenient
|
83
|
+
definition.keys.select { |k| definition[k].kind_of? Fixnum }.each { |k| definition[k]="#{definition[k]}" }
|
82
84
|
bad_types = definition.values.select { |v| not (v.kind_of?(String) or v.kind_of?(CustomTag)) }.map {|v| v.class}.uniq
|
83
85
|
raise "Definition can not include values of types: #{bad_types}" unless bad_types.empty?
|
84
86
|
definition
|
data/lib/conjur/dsl/runner.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
require 'conjur/identifier_manipulation'
|
1
2
|
|
2
3
|
module Conjur
|
3
4
|
module DSL
|
@@ -176,7 +177,7 @@ module Conjur
|
|
176
177
|
|
177
178
|
# TODO: find a way to pass annotations as part of top-level options hash
|
178
179
|
# https://basecamp.com/1949725/projects/4268938-api-version-4-x/todos/84965324-low-dsl-design
|
179
|
-
annotations = options.delete(:annotations)
|
180
|
+
annotations = options.delete(:annotations) || {}
|
180
181
|
|
181
182
|
unless (obj = api.send(find_method, id)) && obj.exists?
|
182
183
|
options = expand_options(options)
|
data/lib/conjur/version.rb
CHANGED
data/spec/command/init_spec.rb
CHANGED
@@ -110,7 +110,6 @@ describe Conjur::Command::Init do
|
|
110
110
|
|
111
111
|
expect(YAML.load(File.read(File.join(tmpdir, ".conjurrc")))).to eq({
|
112
112
|
account: 'the-account',
|
113
|
-
plugins: %w(environment layer key-pair pubkeys),
|
114
113
|
appliance_url: "https://localhost/api",
|
115
114
|
cert_file: "#{tmpdir}/conjur-the-account.pem"
|
116
115
|
}.stringify_keys)
|
@@ -80,6 +80,13 @@ describe Conjur::Command::Resources, logged_in: true do
|
|
80
80
|
it { expect { invoke }.to write "Permission granted" }
|
81
81
|
end
|
82
82
|
|
83
|
+
describe_command "resource:permit -g #{KIND}:#{ID} #{ROLE} #{PRIVILEGE}" do
|
84
|
+
it 'calls resource.permit() with grant option' do
|
85
|
+
resource_instance.should_receive(:permit).with(PRIVILEGE, ROLE, grant_option: true)
|
86
|
+
invoke_silently
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
83
90
|
describe_command "resource:deny #{KIND}:#{ID} #{ROLE} #{PRIVILEGE}" do
|
84
91
|
before(:each) { resource_instance.stub(:deny).and_return(true) }
|
85
92
|
it_behaves_like "it obtains resource by id"
|
data/spec/config_spec.rb
CHANGED
@@ -26,19 +26,32 @@ describe Conjur::Config do
|
|
26
26
|
end
|
27
27
|
end
|
28
28
|
|
29
|
+
let(:load!) { Conjur::Config.load([ File.expand_path('conjurrc', File.dirname(__FILE__)) ]) }
|
30
|
+
let(:cert_path) { File.expand_path('conjur-ci.pem', File.dirname(__FILE__)) }
|
31
|
+
|
29
32
|
describe "#load" do
|
30
33
|
it "resolves the cert_file" do
|
31
|
-
|
34
|
+
load!
|
32
35
|
|
33
|
-
Conjur::Config[:cert_file].should ==
|
36
|
+
Conjur::Config[:cert_file].should == cert_path
|
34
37
|
end
|
35
38
|
end
|
36
39
|
describe "#apply" do
|
40
|
+
before { OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.stub(:add_file) }
|
41
|
+
|
37
42
|
let(:cert_file) { "/path/to/cert.pem" }
|
38
43
|
it "trusts the cert_file" do
|
39
44
|
Conjur::Config.class_variable_set("@@attributes", { 'cert_file' => cert_file })
|
40
45
|
OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.should_receive(:add_file).with cert_file
|
41
46
|
Conjur::Config.apply
|
42
47
|
end
|
48
|
+
|
49
|
+
it "shadows rc with envars" do
|
50
|
+
url = 'https://other-conjur.example.com'
|
51
|
+
ENV['CONJUR_APPLIANCE_URL'] = url
|
52
|
+
load!
|
53
|
+
Conjur::Config.apply
|
54
|
+
expect(Conjur.configuration.appliance_url).to eq url
|
55
|
+
end
|
43
56
|
end
|
44
57
|
end
|
data/spec/conjurrc
CHANGED
@@ -1 +1,2 @@
|
|
1
|
-
cert_file: ./conjur-ci.pem
|
1
|
+
cert_file: ./conjur-ci.pem
|
2
|
+
appliance_url: https://conjur.example.com
|
data/spec/env_spec.rb
CHANGED
@@ -62,9 +62,9 @@ describe Conjur::Env do
|
|
62
62
|
expect { Conjur::Env.new(yaml: "[ 1,2,3 ]") }.to raise_error "Definition should be a Hash"
|
63
63
|
end
|
64
64
|
|
65
|
-
it "fails if values are not literal, !tmp or !var" do
|
65
|
+
it "fails if values are not literal, number, !tmp or !var" do
|
66
66
|
expect { Conjur::Env.new(yaml: "{a: literal, b: !tmp tempfile, c: !var conjurvar, d: { x: another literal }}") }.to raise_error /^Definition can not include values of types/
|
67
|
-
expect { Conjur::Env.new(yaml: "{a: literal, b: !tmp tempfile,
|
67
|
+
expect { Conjur::Env.new(yaml: "{a: literal, b: 123, c: !tmp tempfile, d: !var conjurvar}") }.to_not raise_error
|
68
68
|
end
|
69
69
|
|
70
70
|
it 'does not allow empty values for !tmp and !var' do
|
@@ -80,6 +80,12 @@ describe Conjur::Env do
|
|
80
80
|
result["b"].should be_a_kind_of(Conjur::Env::ConjurTempfile)
|
81
81
|
result["c"].should be_a_kind_of(Conjur::Env::ConjurVariable)
|
82
82
|
end
|
83
|
+
|
84
|
+
it "Converts numbers to string literals" do
|
85
|
+
result = Conjur::Env.new(yaml: "{a: 123}").instance_variable_get("@definition")
|
86
|
+
result["a"].should == "123"
|
87
|
+
end
|
88
|
+
|
83
89
|
end
|
84
90
|
|
85
91
|
describe "#obtain", logged_in: true do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-cli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.10.
|
4
|
+
version: 4.10.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rafał Rzepecki
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2014-
|
12
|
+
date: 2014-07-17 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activesupport
|
@@ -31,14 +31,14 @@ dependencies:
|
|
31
31
|
requirements:
|
32
32
|
- - '>='
|
33
33
|
- !ruby/object:Gem::Version
|
34
|
-
version: 4.9.
|
34
|
+
version: 4.9.1
|
35
35
|
type: :runtime
|
36
36
|
prerelease: false
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
38
38
|
requirements:
|
39
39
|
- - '>='
|
40
40
|
- !ruby/object:Gem::Version
|
41
|
-
version: 4.9.
|
41
|
+
version: 4.9.1
|
42
42
|
- !ruby/object:Gem::Dependency
|
43
43
|
name: gli
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
@@ -311,7 +311,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
311
311
|
version: '0'
|
312
312
|
requirements: []
|
313
313
|
rubyforge_project:
|
314
|
-
rubygems_version: 2.
|
314
|
+
rubygems_version: 2.2.2
|
315
315
|
signing_key:
|
316
316
|
specification_version: 4
|
317
317
|
summary: Conjur command line interface
|