conjur-cli 4.10.1 → 4.10.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5d219c046cb6b4a44c0b1754f925b0ea77882eb2
-  data.tar.gz: 2986ef662a9d837d49e30e66b3d465d82b541099
+  metadata.gz: 9364641a7961f68f6327900c82a3b48df392a8ff
+  data.tar.gz: aa7a0645cba4fc6055263fb7893e1a87272759a1
 SHA512:
-  metadata.gz: 4ef2f8845165add6f0e3c0988f5b919bc241194738f2561190bf2c7b159394f0b3db202efa854123dd3e28a6aae0a60add5b618844ab7feae2707f70dc44f598
-  data.tar.gz: 88176c1f04a89cc484dc6cfc7c4f32aa7a9938d1818e5e29a44f3d9799642277929c41314234d6259120233ac080d4a93e5130d0820592cdec80a267f16deb06
+  metadata.gz: 885fe1eed115b3f3ca176a89cbbf50538a582f0610327a5b20bc77e8d4698bcc4781d45cb94927ddd3b2d76f3a849b718e5c7bbd3f62a267b09a9c76c294fdda
+  data.tar.gz: 85d230b34bd07280dc4d24c495e24bae284073c66c0e58e4d01267b918f35d0ca1a836ba71768ca71dad3879bf0c3a39792d49e480bd8a8bba5423dce9eb8e2f

data/conjur.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |gem|
 
 
   gem.add_dependency 'activesupport'
-  gem.add_dependency 'conjur-api', '>=4.9.0'
+  gem.add_dependency 'conjur-api', '>=4.9.1'
   gem.add_dependency 'gli', '>=2.8.0'
   gem.add_dependency 'highline'
   gem.add_dependency 'netrc'

data/lib/conjur/authn.rb

@@ -19,6 +19,7 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 require 'active_support/deprecation'
+require 'active_support/dependencies/autoload'
 require 'conjur/api'
 require 'netrc'
 
@@ -102,4 +103,4 @@ module Conjur::Authn
       cls.new_from_key(*get_credentials(options))
     end
   end
-end
+end

data/lib/conjur/command/env.rb

@@ -150,7 +150,7 @@ TEMPLATEDESC
     env.command :help do |c|
       c.action do |global_options,options,args|
         puts """
-Environment configuration (either stored in file referred by -f option or provided inline with --yaml option) should be a YAML document describing one-level Hash.
+Environment configuration (either stored in file referred by -c option or provided inline with --yaml option) should be a YAML document describing one-level Hash.
 Keys of the hash are 'local names', used to refer to variable values in convenient manner.  (See help for env:run and env:template for more details about how they are interpreted).
 
 Values of the hash may take one of the following forms: a) string b) string preceeded with !var tag c) string preceeded with !tmp tag.

data/lib/conjur/command/init.rb

@@ -94,10 +94,7 @@ class Conjur::Command::Init < Conjur::Command
       
       exit_now! "account is required" if account.blank?
       
-      config = {
-        account: account,
-        plugins: %w(environment layer key-pair pubkeys)
-      }
+      config = { account: account }
       
       config[:appliance_url] = "https://#{hostname}/api" unless hostname.blank?
       

data/lib/conjur/command/policy.rb

@@ -65,7 +65,7 @@ owner of the policy role is the logged-in user (you), as always.
     policy.command :load do |c|
       acting_as_option(c)
 
-      c.desc "Policy collection (default: #{default_collection_user}@#{default_collection_hostname})"
+      c.desc "Policy collection, defaulting to $USER@$HOSTNAME"
       c.arg_name "collection"
       c.flag [:collection]
 

data/lib/conjur/command/resources.rb

@@ -62,11 +62,18 @@ class Conjur::Command::Resources < Conjur::Command
     resource.desc "Give a privilege on a resource"
     resource.arg_name "resource-id role privilege"
     resource.command :permit do |c|
+      c.desc "allow transfer to other roles"
+      c.switch [:g, :grantable]
       c.action do |global_options,options,args|
         id = full_resource_id( require_arg(args, "resource-id") )
         role = require_arg(args, "role")
         privilege = require_arg(args, "privilege")
-        api.resource(id).permit privilege, role
+        unless options[:g]
+          api.resource(id).permit privilege, role
+        else
+          api.resource(id).permit privilege, role, grant_option: true
+        end
+        
         puts "Permission granted"
       end
     end
@@ -173,4 +180,4 @@ class Conjur::Command::Resources < Conjur::Command
       end
     end
   end
-end
+end

data/lib/conjur/command/variables.rb

@@ -74,7 +74,7 @@ class Conjur::Command::Variables < Conjur::Command
       end
     end
 
-    var.desc "Access varialbe values"
+    var.desc "Access variable values"
     var.command :values do |values|
       values.desc "Add a value"
       values.arg_name "variable ( value | STDIN )"

data/lib/conjur/config.rb

@@ -55,9 +55,17 @@ module Conjur
         require 'conjur/configuration'
         keys = Config.keys.dup
         keys.delete(:plugins)
+
+        cfg = Conjur.configuration
         keys.each do |k|
+          begin
+            next if cfg.send(k)
+          rescue
+            # we use try..rescue because Conjur.configuration
+            # provides no API to see if key is set
+          end
           value = Config[k]
-          Conjur.configuration.set k, value if value
+          cfg.set k, value if value
         end
   
         if Conjur.log

data/lib/conjur/conjurenv.rb

@@ -79,6 +79,8 @@ module Conjur
       YAML.add_tag("!tmp", ConjurTempfile)
       definition = YAML.load(yaml)
       raise "Definition should be a Hash" unless definition.kind_of?(Hash)
+      # convert fixnums to literals -- to make definitions of e.g. ports more convenient
+      definition.keys.select { |k| definition[k].kind_of? Fixnum }.each { |k| definition[k]="#{definition[k]}" }
       bad_types = definition.values.select { |v| not (v.kind_of?(String) or v.kind_of?(CustomTag)) }.map {|v| v.class}.uniq
       raise "Definition can not include values of types: #{bad_types}" unless bad_types.empty?
       definition

data/lib/conjur/dsl/runner.rb

@@ -1,3 +1,4 @@
+require 'conjur/identifier_manipulation'
 
 module Conjur
   module DSL
@@ -176,7 +177,7 @@ module Conjur
 
         # TODO: find a way to pass annotations as part of top-level options hash
         #   https://basecamp.com/1949725/projects/4268938-api-version-4-x/todos/84965324-low-dsl-design
-        annotations = options.delete(:annotations)
+        annotations = options.delete(:annotations) || {}
 
         unless (obj = api.send(find_method, id)) && obj.exists?
           options = expand_options(options)

data/lib/conjur/version.rb

@@ -19,6 +19,6 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 module Conjur
-  VERSION = "4.10.1"
+  VERSION = "4.10.3"
   ::Version=VERSION
 end

data/spec/command/init_spec.rb

@@ -110,7 +110,6 @@ describe Conjur::Command::Init do
           
           expect(YAML.load(File.read(File.join(tmpdir, ".conjurrc")))).to eq({
             account: 'the-account',
-            plugins: %w(environment layer key-pair pubkeys),
             appliance_url: "https://localhost/api",
             cert_file: "#{tmpdir}/conjur-the-account.pem"
           }.stringify_keys)

data/spec/command/resources_spec.rb

@@ -80,6 +80,13 @@ describe Conjur::Command::Resources, logged_in: true do
     it {  expect { invoke }.to write "Permission granted" }
   end
 
+  describe_command "resource:permit -g #{KIND}:#{ID} #{ROLE} #{PRIVILEGE}" do
+    it 'calls resource.permit() with grant option' do
+      resource_instance.should_receive(:permit).with(PRIVILEGE, ROLE, grant_option: true)
+      invoke_silently
+    end
+  end
+
   describe_command "resource:deny #{KIND}:#{ID} #{ROLE} #{PRIVILEGE}" do
     before(:each) { resource_instance.stub(:deny).and_return(true) }
     it_behaves_like "it obtains resource by id"

data/spec/config_spec.rb

@@ -26,19 +26,32 @@ describe Conjur::Config do
     end
   end
 
+  let(:load!) { Conjur::Config.load([ File.expand_path('conjurrc', File.dirname(__FILE__)) ]) }
+  let(:cert_path) { File.expand_path('conjur-ci.pem', File.dirname(__FILE__)) }
+
   describe "#load" do
     it "resolves the cert_file" do
-      Conjur::Config.load([ File.expand_path('conjurrc', File.dirname(__FILE__)) ])
+      load!
       
-      Conjur::Config[:cert_file].should == File.expand_path('conjur-ci.pem', File.dirname(__FILE__))
+      Conjur::Config[:cert_file].should == cert_path
     end
   end
   describe "#apply" do
+    before { OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.stub(:add_file) }
+
     let(:cert_file) { "/path/to/cert.pem" }
     it "trusts the cert_file" do
       Conjur::Config.class_variable_set("@@attributes", { 'cert_file' => cert_file })
       OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.should_receive(:add_file).with cert_file  
       Conjur::Config.apply
     end
+
+    it "shadows rc with envars" do
+      url = 'https://other-conjur.example.com'
+      ENV['CONJUR_APPLIANCE_URL'] = url
+      load!
+      Conjur::Config.apply
+      expect(Conjur.configuration.appliance_url).to eq url
+    end
   end
 end

data/spec/conjurrc

@@ -1 +1,2 @@
-cert_file: ./conjur-ci.pem
+cert_file: ./conjur-ci.pem
+appliance_url: https://conjur.example.com

data/spec/env_spec.rb

@@ -62,9 +62,9 @@ describe Conjur::Env do
       expect { Conjur::Env.new(yaml: "[ 1,2,3 ]") }.to raise_error "Definition should be a Hash"
     end
 
-    it "fails if values are not literal, !tmp or !var" do
+    it "fails if values are not literal, number, !tmp or !var" do
       expect { Conjur::Env.new(yaml: "{a: literal, b: !tmp tempfile, c: !var conjurvar, d: { x: another literal }}") }.to raise_error /^Definition can not include values of types/
-      expect { Conjur::Env.new(yaml: "{a: literal, b: !tmp tempfile, c: !var conjurvar}") }.to_not raise_error 
+      expect { Conjur::Env.new(yaml: "{a: literal, b: 123, c: !tmp tempfile, d: !var conjurvar}") }.to_not raise_error 
     end 
 
     it 'does not allow empty values for !tmp and !var' do
@@ -80,6 +80,12 @@ describe Conjur::Env do
       result["b"].should be_a_kind_of(Conjur::Env::ConjurTempfile)
       result["c"].should be_a_kind_of(Conjur::Env::ConjurVariable)
     end
+
+    it "Converts numbers to string literals" do
+      result = Conjur::Env.new(yaml: "{a: 123}").instance_variable_get("@definition")
+      result["a"].should == "123"
+    end
+
   end
 
   describe "#obtain", logged_in: true do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 4.10.1
+  version: 4.10.3
 platform: ruby
 authors:
 - Rafał Rzepecki
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-06-06 00:00:00.000000000 Z
+date: 2014-07-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -31,14 +31,14 @@ dependencies:
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
-        version: 4.9.0
+        version: 4.9.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
-        version: 4.9.0
+        version: 4.9.1
 - !ruby/object:Gem::Dependency
   name: gli
   requirement: !ruby/object:Gem::Requirement
@@ -311,7 +311,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Conjur command line interface