conjur-cli 4.15.0 → 4.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/lib/conjur/authn.rb +3 -3
  4. data/lib/conjur/command.rb +14 -0
  5. data/lib/conjur/command/bootstrap.rb +64 -0
  6. data/lib/conjur/command/users.rb +3 -16
  7. data/lib/conjur/conjurenv.rb +1 -0
  8. data/lib/conjur/version.rb +1 -1
  9. metadata +5 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9a7286b596f4e9bfdcac76be7e5d79b813aa2a52
4
- data.tar.gz: 6e4d13583b0c704139bcfcea5cc4e6fa1a8a3335
3
+ metadata.gz: 7841ac532c814a5dbbcb6ac87ea78ab2e72f6e7a
4
+ data.tar.gz: 438f120d06064aa3fc2fbe4e8e59918629ac8ddc
5
5
  SHA512:
6
- metadata.gz: 88490f66539ca80f3456abd2331763ff23b01ba62c35b389a446ab0d92d0a2a193478342d1dd27a7ea95af36a1777bb70d39c299d9bb30212ca4b56d180c8194
7
- data.tar.gz: 9aa6c11cda54ecb915470c0c9a8915f84ad8bcc9c8664e25364dfa90da8dd2cf7a44b10862b222a986f8b8584c4526a49bf38f5162aa581ed3198104ca55963b
6
+ metadata.gz: 8b9798edb33f962ed5cb1955aadd23e68a68bcf845e5e365280438596bafe7337706e2d650d8e8653f82cf407ce328d2b300ea5ba2b146817fc863183b22b295
7
+ data.tar.gz: 1883d777e70a3ae5d53d3129f7779b948b3b86a88364923d6f81a2e19bd47dfa173133925cb4a9c426f2d0abcfb774e4ce29272d7ffaecf89e37145512b76c4c
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ # 4.16.0
2
+
3
+ * Add 'bootstrap' CLI command
4
+ * Raise a better error if conjur env encounters a variable with no value
5
+
1
6
  # 4.15.0
2
7
 
3
8
  * Migration to rspec 3
data/lib/conjur/authn.rb CHANGED
@@ -89,10 +89,10 @@ module Conjur::Authn
89
89
  require 'conjur/api'
90
90
 
91
91
  hl = HighLine.new $stdin, $stderr
92
-
92
+
93
93
  user = options[:username] || hl.ask("Enter your username to log into Conjur: ")
94
- pass = options[:password] || hl.ask("Please enter your password (it will not be echoed): "){ |q| q.echo = false }
95
-
94
+ pass = options[:password] || hl.ask("Please enter #{options[:username] ? [ options[:username] , "'s" ].join : "your"} password (it will not be echoed): "){ |q| q.echo = false }
95
+
96
96
  api_key = if cas_server = options[:"cas-server"]
97
97
  Conjur::API.login_cas(user, pass, cas_server)
98
98
  else
data/lib/conjur/command.rb CHANGED
@@ -147,6 +147,20 @@ module Conjur
147
147
  end
148
148
  puts str
149
149
  end
150
+
151
+ def prompt_for_password
152
+ require 'highline'
153
+ # use stderr to allow output redirection, e.g.
154
+ # conjur user:create -p username > user.json
155
+ hl = HighLine.new($stdin, $stderr)
156
+
157
+ password = hl.ask("Enter the password (it will not be echoed): "){ |q| q.echo = false }
158
+ confirmation = hl.ask("Confirm the password: "){ |q| q.echo = false }
159
+
160
+ raise "Password does not match confirmation" unless password == confirmation
161
+
162
+ password
163
+ end
150
164
  end
151
165
  end
152
166
  end
data/lib/conjur/command/bootstrap.rb ADDED
@@ -0,0 +1,64 @@
1
+ #
2
+ # Copyright (C) 2014 Conjur Inc
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining a copy of
5
+ # this software and associated documentation files (the "Software"), to deal in
6
+ # the Software without restriction, including without limitation the rights to
7
+ # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8
+ # the Software, and to permit persons to whom the Software is furnished to do so,
9
+ # subject to the following conditions:
10
+ #
11
+ # The above copyright notice and this permission notice shall be included in all
12
+ # copies or substantial portions of the Software.
13
+ #
14
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16
+ # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17
+ # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18
+ # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19
+ # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
+ #
21
+
22
+ class Conjur::Command::Bootstrap < Conjur::Command
23
+ desc "Create initial users, groups, and permissions"
24
+
25
+ Conjur::CLI.command :bootstrap do |c|
26
+ c.action do |global_options,options,args|
27
+ require 'highline/import'
28
+
29
+ exit_now! "You must be logged in as 'admin' to bootstrap Conjur" unless api.username == "admin"
30
+
31
+ if (security_admin = api.group("security_admin")).exists?
32
+ puts "Group 'security_admin' exists"
33
+ else
34
+ puts "Creating group 'security_admin'"
35
+ security_admin = api.create_group("security_admin")
36
+ end
37
+
38
+ puts "Permitting group 'security_admin' to manage public keys"
39
+ api.group("pubkeys-1.0/key-managers").add_member security_admin, admin_option: true
40
+
41
+ security_administrators = security_admin.role.members.select{|m| m.member.roleid.split(':')[1..-1] != [ 'user', 'admin'] }
42
+ puts "Current 'security_admin' members are : #{security_administrators.map{|m| m.member.roleid.split(':')[-1]}.join(', ')}" unless security_administrators.blank?
43
+ if security_administrators.empty? || agree("Create a new security_admin? (answer 'y' or 'yes'):")
44
+ username = ask("Enter #{security_administrators.empty? ? 'your' : 'the'} username:")
45
+ password = prompt_for_password
46
+ puts "Creating user '#{username}'"
47
+ user = api.create_user(username, password: password)
48
+ Conjur::API.new_from_key(user.login, password).user(user.login).resource.give_to security_admin
49
+ puts "User created"
50
+ puts "Making '#{username}' a member and admin of group 'security_admin'"
51
+ security_admin.add_member user, admin_option: true
52
+ security_admin.resource.permit "read", user
53
+ puts "Adminship granted"
54
+ end
55
+
56
+ if (attic = api.user("attic")).exists?
57
+ puts "User 'attic' exists"
58
+ else
59
+ puts "Creating user 'attic'"
60
+ attic = api.create_user("attic")
61
+ end
62
+ end
63
+ end
64
+ end
data/lib/conjur/command/users.rb CHANGED
@@ -21,19 +21,6 @@
21
21
 
22
22
  class Conjur::Command::Users < Conjur::Command
23
23
 
24
- def self.prompt_for_password
25
- # use stderr to allow output redirection, e.g.
26
- # conjur user:create -p username > user.json
27
- hl = HighLine.new($stdin, $stderr)
28
-
29
- password = hl.ask("Enter the password (it will not be echoed): "){ |q| q.echo = false }
30
- confirmation = hl.ask("Confirm the password: "){ |q| q.echo = false }
31
-
32
- raise "Password does not match confirmation" unless password == confirmation
33
-
34
- password
35
- end
36
-
37
24
  desc "Manage users"
38
25
  command :user do |user|
39
26
 
@@ -51,10 +38,10 @@ class Conjur::Command::Users < Conjur::Command
51
38
  c.action do |global_options,options,args|
52
39
  login = require_arg(args, 'login')
53
40
 
54
- opts = options.slice(:ownerid,:uidnumber)
41
+ opts = options.slice(:ownerid, :uidnumber)
55
42
  if opts[:uidnumber]
56
- raise "Uidnumber should be integer" unless /\d+/ =~ opts[:uidnumber]
57
- opts[:uidnumber]=opts[:uidnumber].to_i
43
+ raise "uidnumber should be integer" unless /\d+/ =~ opts[:uidnumber]
44
+ opts[:uidnumber] = opts[:uidnumber].to_i
58
45
  end
59
46
 
60
47
  if options[:p]
data/lib/conjur/conjurenv.rb CHANGED
@@ -39,6 +39,7 @@ module Conjur
39
39
 
40
40
  class ConjurVariable < CustomTag
41
41
  def evaluate value
42
+ raise "variable #{id} exists but doesn't have a value" if value.nil?
42
43
  value.chomp
43
44
  end
44
45
  end
data/lib/conjur/version.rb CHANGED
@@ -19,6 +19,6 @@
19
19
  # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20
20
  #
21
21
  module Conjur
22
- VERSION = "4.15.0"
22
+ VERSION = "4.16.0"
23
23
  ::Version=VERSION
24
24
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: conjur-cli
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.15.0
4
+ version: 4.16.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rafał Rzepecki
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2014-09-22 00:00:00.000000000 Z
12
+ date: 2014-10-14 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: activesupport
@@ -266,6 +266,7 @@ files:
266
266
  - lib/conjur/command/assets.rb
267
267
  - lib/conjur/command/audit.rb
268
268
  - lib/conjur/command/authn.rb
269
+ - lib/conjur/command/bootstrap.rb
269
270
  - lib/conjur/command/dsl_command.rb
270
271
  - lib/conjur/command/env.rb
271
272
  - lib/conjur/command/field.rb
@@ -335,7 +336,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
335
336
  version: '0'
336
337
  requirements: []
337
338
  rubyforge_project:
338
- rubygems_version: 2.2.1
339
+ rubygems_version: 2.2.2
339
340
  signing_key:
340
341
  specification_version: 4
341
342
  summary: Conjur command line interface
@@ -373,3 +374,4 @@ test_files:
373
374
  - spec/dsl/runner_spec.rb
374
375
  - spec/env_spec.rb
375
376
  - spec/spec_helper.rb
377
+ has_rdoc: