conjur-cli 4.15.0 → 4.16.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/lib/conjur/authn.rb +3 -3
- data/lib/conjur/command.rb +14 -0
- data/lib/conjur/command/bootstrap.rb +64 -0
- data/lib/conjur/command/users.rb +3 -16
- data/lib/conjur/conjurenv.rb +1 -0
- data/lib/conjur/version.rb +1 -1
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7841ac532c814a5dbbcb6ac87ea78ab2e72f6e7a
|
|
4
|
+
data.tar.gz: 438f120d06064aa3fc2fbe4e8e59918629ac8ddc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8b9798edb33f962ed5cb1955aadd23e68a68bcf845e5e365280438596bafe7337706e2d650d8e8653f82cf407ce328d2b300ea5ba2b146817fc863183b22b295
|
|
7
|
+
data.tar.gz: 1883d777e70a3ae5d53d3129f7779b948b3b86a88364923d6f81a2e19bd47dfa173133925cb4a9c426f2d0abcfb774e4ce29272d7ffaecf89e37145512b76c4c
|
data/CHANGELOG.md
CHANGED
data/lib/conjur/authn.rb
CHANGED
|
@@ -89,10 +89,10 @@ module Conjur::Authn
|
|
|
89
89
|
require 'conjur/api'
|
|
90
90
|
|
|
91
91
|
hl = HighLine.new $stdin, $stderr
|
|
92
|
-
|
|
92
|
+
|
|
93
93
|
user = options[:username] || hl.ask("Enter your username to log into Conjur: ")
|
|
94
|
-
pass = options[:password] || hl.ask("Please enter your password (it will not be echoed): "){ |q| q.echo = false }
|
|
95
|
-
|
|
94
|
+
pass = options[:password] || hl.ask("Please enter #{options[:username] ? [ options[:username] , "'s" ].join : "your"} password (it will not be echoed): "){ |q| q.echo = false }
|
|
95
|
+
|
|
96
96
|
api_key = if cas_server = options[:"cas-server"]
|
|
97
97
|
Conjur::API.login_cas(user, pass, cas_server)
|
|
98
98
|
else
|
data/lib/conjur/command.rb
CHANGED
|
@@ -147,6 +147,20 @@ module Conjur
|
|
|
147
147
|
end
|
|
148
148
|
puts str
|
|
149
149
|
end
|
|
150
|
+
|
|
151
|
+
def prompt_for_password
|
|
152
|
+
require 'highline'
|
|
153
|
+
# use stderr to allow output redirection, e.g.
|
|
154
|
+
# conjur user:create -p username > user.json
|
|
155
|
+
hl = HighLine.new($stdin, $stderr)
|
|
156
|
+
|
|
157
|
+
password = hl.ask("Enter the password (it will not be echoed): "){ |q| q.echo = false }
|
|
158
|
+
confirmation = hl.ask("Confirm the password: "){ |q| q.echo = false }
|
|
159
|
+
|
|
160
|
+
raise "Password does not match confirmation" unless password == confirmation
|
|
161
|
+
|
|
162
|
+
password
|
|
163
|
+
end
|
|
150
164
|
end
|
|
151
165
|
end
|
|
152
166
|
end
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
#
|
|
2
|
+
# Copyright (C) 2014 Conjur Inc
|
|
3
|
+
#
|
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
5
|
+
# this software and associated documentation files (the "Software"), to deal in
|
|
6
|
+
# the Software without restriction, including without limitation the rights to
|
|
7
|
+
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
|
8
|
+
# the Software, and to permit persons to whom the Software is furnished to do so,
|
|
9
|
+
# subject to the following conditions:
|
|
10
|
+
#
|
|
11
|
+
# The above copyright notice and this permission notice shall be included in all
|
|
12
|
+
# copies or substantial portions of the Software.
|
|
13
|
+
#
|
|
14
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
15
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
|
16
|
+
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
|
17
|
+
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
|
18
|
+
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
19
|
+
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
20
|
+
#
|
|
21
|
+
|
|
22
|
+
class Conjur::Command::Bootstrap < Conjur::Command
|
|
23
|
+
desc "Create initial users, groups, and permissions"
|
|
24
|
+
|
|
25
|
+
Conjur::CLI.command :bootstrap do |c|
|
|
26
|
+
c.action do |global_options,options,args|
|
|
27
|
+
require 'highline/import'
|
|
28
|
+
|
|
29
|
+
exit_now! "You must be logged in as 'admin' to bootstrap Conjur" unless api.username == "admin"
|
|
30
|
+
|
|
31
|
+
if (security_admin = api.group("security_admin")).exists?
|
|
32
|
+
puts "Group 'security_admin' exists"
|
|
33
|
+
else
|
|
34
|
+
puts "Creating group 'security_admin'"
|
|
35
|
+
security_admin = api.create_group("security_admin")
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
puts "Permitting group 'security_admin' to manage public keys"
|
|
39
|
+
api.group("pubkeys-1.0/key-managers").add_member security_admin, admin_option: true
|
|
40
|
+
|
|
41
|
+
security_administrators = security_admin.role.members.select{|m| m.member.roleid.split(':')[1..-1] != [ 'user', 'admin'] }
|
|
42
|
+
puts "Current 'security_admin' members are : #{security_administrators.map{|m| m.member.roleid.split(':')[-1]}.join(', ')}" unless security_administrators.blank?
|
|
43
|
+
if security_administrators.empty? || agree("Create a new security_admin? (answer 'y' or 'yes'):")
|
|
44
|
+
username = ask("Enter #{security_administrators.empty? ? 'your' : 'the'} username:")
|
|
45
|
+
password = prompt_for_password
|
|
46
|
+
puts "Creating user '#{username}'"
|
|
47
|
+
user = api.create_user(username, password: password)
|
|
48
|
+
Conjur::API.new_from_key(user.login, password).user(user.login).resource.give_to security_admin
|
|
49
|
+
puts "User created"
|
|
50
|
+
puts "Making '#{username}' a member and admin of group 'security_admin'"
|
|
51
|
+
security_admin.add_member user, admin_option: true
|
|
52
|
+
security_admin.resource.permit "read", user
|
|
53
|
+
puts "Adminship granted"
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
if (attic = api.user("attic")).exists?
|
|
57
|
+
puts "User 'attic' exists"
|
|
58
|
+
else
|
|
59
|
+
puts "Creating user 'attic'"
|
|
60
|
+
attic = api.create_user("attic")
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
data/lib/conjur/command/users.rb
CHANGED
|
@@ -21,19 +21,6 @@
|
|
|
21
21
|
|
|
22
22
|
class Conjur::Command::Users < Conjur::Command
|
|
23
23
|
|
|
24
|
-
def self.prompt_for_password
|
|
25
|
-
# use stderr to allow output redirection, e.g.
|
|
26
|
-
# conjur user:create -p username > user.json
|
|
27
|
-
hl = HighLine.new($stdin, $stderr)
|
|
28
|
-
|
|
29
|
-
password = hl.ask("Enter the password (it will not be echoed): "){ |q| q.echo = false }
|
|
30
|
-
confirmation = hl.ask("Confirm the password: "){ |q| q.echo = false }
|
|
31
|
-
|
|
32
|
-
raise "Password does not match confirmation" unless password == confirmation
|
|
33
|
-
|
|
34
|
-
password
|
|
35
|
-
end
|
|
36
|
-
|
|
37
24
|
desc "Manage users"
|
|
38
25
|
command :user do |user|
|
|
39
26
|
|
|
@@ -51,10 +38,10 @@ class Conjur::Command::Users < Conjur::Command
|
|
|
51
38
|
c.action do |global_options,options,args|
|
|
52
39
|
login = require_arg(args, 'login')
|
|
53
40
|
|
|
54
|
-
opts = options.slice(:ownerid
|
|
41
|
+
opts = options.slice(:ownerid, :uidnumber)
|
|
55
42
|
if opts[:uidnumber]
|
|
56
|
-
raise "
|
|
57
|
-
opts[:uidnumber]=opts[:uidnumber].to_i
|
|
43
|
+
raise "uidnumber should be integer" unless /\d+/ =~ opts[:uidnumber]
|
|
44
|
+
opts[:uidnumber] = opts[:uidnumber].to_i
|
|
58
45
|
end
|
|
59
46
|
|
|
60
47
|
if options[:p]
|
data/lib/conjur/conjurenv.rb
CHANGED
data/lib/conjur/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: conjur-cli
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.16.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rafał Rzepecki
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2014-
|
|
12
|
+
date: 2014-10-14 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: activesupport
|
|
@@ -266,6 +266,7 @@ files:
|
|
|
266
266
|
- lib/conjur/command/assets.rb
|
|
267
267
|
- lib/conjur/command/audit.rb
|
|
268
268
|
- lib/conjur/command/authn.rb
|
|
269
|
+
- lib/conjur/command/bootstrap.rb
|
|
269
270
|
- lib/conjur/command/dsl_command.rb
|
|
270
271
|
- lib/conjur/command/env.rb
|
|
271
272
|
- lib/conjur/command/field.rb
|
|
@@ -335,7 +336,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
335
336
|
version: '0'
|
|
336
337
|
requirements: []
|
|
337
338
|
rubyforge_project:
|
|
338
|
-
rubygems_version: 2.2.
|
|
339
|
+
rubygems_version: 2.2.2
|
|
339
340
|
signing_key:
|
|
340
341
|
specification_version: 4
|
|
341
342
|
summary: Conjur command line interface
|
|
@@ -373,3 +374,4 @@ test_files:
|
|
|
373
374
|
- spec/dsl/runner_spec.rb
|
|
374
375
|
- spec/env_spec.rb
|
|
375
376
|
- spec/spec_helper.rb
|
|
377
|
+
has_rdoc:
|