conjur-cli 4.17.0 → 4.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 432110704aeb067fe4daed4e19defb8bcfce73ba
-  data.tar.gz: e515bff89602f42ec641655ff89724f8ce0402c8
+  metadata.gz: 72781b9c56ed02155378f270c0c36ca4041870e4
+  data.tar.gz: babddd4db4c6af48e79f68b5efefdaef2af9ae33
 SHA512:
-  metadata.gz: f79560aa69622e389202e12ce79d328e5d61d055dfea15660503c5684de9b9a031843d8a219f1b68e563db8fa53a7456e745cdcc5d29cf46dc23c747c767f7b3
-  data.tar.gz: 6d0045244faab16cd1bd009ac9b1252a6d1ef950aec5bfa266531189d7109513250da60014a4037e89fbf63477ffdc02994e68f42c80888f759493e9b383dd70
+  metadata.gz: 02429a61b261a87cbb604fea379de4b096431dd6b385df0c3924e637a30ee4e08560867b6e28cc8de1deff349f9c1f156f4a2382ccd4de0bcf45634e1619e6e2
+  data.tar.gz: 26ee97af5b20b8568cac44be5f293d9fb157b80d7ffe3d87d71dd3589df43152f557d89ca71777c0cda57a99256f76e1ae7bc08af8856f17c0ac67d50e5e272c

data/CHANGELOG.md

@@ -1,6 +1,13 @@
+# 4.18.0
+
+* New `conjurize` command 
+* Deprecate the `host enroll` command
+* `variable create` command now takes an optional value for the variable after the variable id
+* Configure "permissive" netrc to allow the `conjur` Unix group to read the `.netrc` or `conjur.identity` file.
+
 # 4.17.0
 
-* Support --policy parameter in 'conjur env'
+* Support --policy parameter in `conjur env`
 * Bugfix: failures on 'variable retire'
 * Raise a better error in case of missing config
 

data/bin/conjurize

@@ -0,0 +1,26 @@
+#!/usr/bin/env ruby
+#
+# Copyright (C) 2013 Conjur Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+require 'active_support'
+require 'conjur/conjurize'
+
+Conjur::Conjurize.go!

data/conjur.gemspec

@@ -2,8 +2,8 @@
 require File.expand_path('../lib/conjur/version', __FILE__)
 
 Gem::Specification.new do |gem|
-  gem.authors       = ["Rafa\305\202 Rzepecki", "Kevin Gilpin"]
-  gem.email         = ["divided.mind@gmail.com", "kgilpin@conjur.net",]
+  gem.authors       = ["Rafal Rzepecki", "Kevin Gilpin"]
+  gem.email         = ["rafal@conjur.net", "kgilpin@conjur.net",]
   gem.summary       = %q{Conjur command line interface}
   gem.homepage      = "https://github.com/conjurinc/cli-ruby"
   gem.license       = 'MIT'
@@ -17,7 +17,7 @@ Gem::Specification.new do |gem|
 
 
   gem.add_dependency 'activesupport'
-  gem.add_dependency 'conjur-api', '>=4.10.0'
+  gem.add_dependency 'conjur-api', '>=4.11.0'
   gem.add_dependency 'gli', '>=2.8.0'
   gem.add_dependency 'highline'
   gem.add_dependency 'netrc'

data/features/conjurize.feature

@@ -0,0 +1,131 @@
+Feature: conjurize program generates install scripts
+
+  Scenario: App just runs
+    When I get help for "conjurize"
+    Then the exit status should be 0
+    And the banner should be present
+    And the banner should document that this app takes options
+    And the following options should be documented:
+      |--version|
+    And the banner should document that this app takes no arguments
+
+  Scenario: Minimal conjurize script
+    When I conjurize ""
+    Then the stdout should contain exactly:
+"""
+#!/bin/sh
+set -e
+
+# Implementation note: 'tee' is used as a sudo-friendly 'cat' to populate a file with the contents provided below.
+
+tee /etc/conjur.conf > /dev/null << CONJUR_CONF
+account: test
+appliance_url: https://conjur/api
+cert_file: /etc/conjur-test.pem
+netrc_path: /etc/conjur.identity
+plugins: []
+CONJUR_CONF
+
+tee /etc/conjur-test.pem > /dev/null << CONJUR_CERT
+-----BEGIN CERTIFICATE-----
+MIIDZTCCAk2gAwIBAgIJAMzfPBZBq82XMA0GCSqGSIb3DQEBBQUAMDMxMTAvBgNV
+BAMTKGVjMi01NC04My05OS0xMzUuY29tcHV0ZS0xLmFtYXpvbmF3cy5jb20wHhcN
+MTQxMTIxMTUxNDE0WhcNMjQxMTE4MTUxNDE0WjAzMTEwLwYDVQQDEyhlYzItNTQt
+ODMtOTktMTM1LmNvbXB1dGUtMS5hbWF6b25hd3MuY29tMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAlkhRt1pvOkw1JTtvmfa3lHpT00g0lbBnShN5cKI3
+cT1Na3aGdosPDfn0z+A6GNT2sUcdsc5RLkrZKG2+57B5hyUtdwRoJoTTBqypxJTc
+vkeMpCrcaeY8Ye0zsoBNaeauXLPobtEV4I6IadJGuT2AKILTJLDYdyV4dg2/zN2z
+XmW+9FsDs+aJKtWnpBIkvXcCqbaIgRZSxFNeZUF+xDrZdCRm+qkBXZaMFQzLU0BT
+B239Lmpwp54zsBoTBY9JBS4Atmrwt3YE3JqcIH77GpkgXSx203bYVp0jF3vPxHLU
+bSqhV9Zw7m6V8uF+jvOdrDiZ33OJN9yx6nS+c7NfOyRgGQIDAQABo3wwejB4BgNV
+HREEcTBvgglsb2NhbGhvc3SCBmNvbmp1coIVY29uanVyLWRldi5jb25qdXIubmV0
+ghljb25qdXItZGV2Lml0ZC5jb25qdXIubmV0gihlYzItNTQtODMtOTktMTM1LmNv
+bXB1dGUtMS5hbWF6b25hd3MuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQB+alzAA3ek
+o8QrnoDuWOxTqD0XIwzqux6BM/nM4dZX6drr+D0y8QtMKLZNODazvFCJWNHAWWmD
+FkRudwl3G1Qs56AB+LnQ2jhL5Qf78Rl2vYvdmo8iowEpOBajvzEMLsEaRNmwmSGc
+yvml0YdVSiMdTdIk58qG84pkmteSX9VYE1IF7xfWb3ji8292fm5q6cgqFLNYx2MI
+5UyfyroGMJ2ikzTGS64TpCmi/n1sjl2iM+/QmkHVc3KUIdwAY2NttyZ2pZo2J4i6
+MVs0y+HobWbOKKhyfxpMT59dJxGu21QPbWfQLkHCCOlo2P4z9oku23sbvQQ7CbvS
+VoykXurdaZo9
+-----END CERTIFICATE-----
+CONJUR_CERT
+
+tee /etc/conjur.identity > /dev/null << CONJUR_IDENTITY
+machine https://conjur/api/authn
+  login host/ec2/i-eaa5f700
+  password 3a4rb19rpjejr89h6r29kd2fb3808cpy
+CONJUR_IDENTITY
+chmod 0600 /etc/conjur.identity
+
+"""
+    
+  Scenario: conjurize with SSH installation
+    When I conjurize "--ssh"
+    Then the stdout should contain exactly:
+"""
+#!/bin/sh
+set -e
+
+# Implementation note: 'tee' is used as a sudo-friendly 'cat' to populate a file with the contents provided below.
+
+tee /etc/conjur.conf > /dev/null << CONJUR_CONF
+account: test
+appliance_url: https://conjur/api
+cert_file: /etc/conjur-test.pem
+netrc_path: /etc/conjur.identity
+plugins: []
+CONJUR_CONF
+
+tee /etc/conjur-test.pem > /dev/null << CONJUR_CERT
+-----BEGIN CERTIFICATE-----
+MIIDZTCCAk2gAwIBAgIJAMzfPBZBq82XMA0GCSqGSIb3DQEBBQUAMDMxMTAvBgNV
+BAMTKGVjMi01NC04My05OS0xMzUuY29tcHV0ZS0xLmFtYXpvbmF3cy5jb20wHhcN
+MTQxMTIxMTUxNDE0WhcNMjQxMTE4MTUxNDE0WjAzMTEwLwYDVQQDEyhlYzItNTQt
+ODMtOTktMTM1LmNvbXB1dGUtMS5hbWF6b25hd3MuY29tMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAlkhRt1pvOkw1JTtvmfa3lHpT00g0lbBnShN5cKI3
+cT1Na3aGdosPDfn0z+A6GNT2sUcdsc5RLkrZKG2+57B5hyUtdwRoJoTTBqypxJTc
+vkeMpCrcaeY8Ye0zsoBNaeauXLPobtEV4I6IadJGuT2AKILTJLDYdyV4dg2/zN2z
+XmW+9FsDs+aJKtWnpBIkvXcCqbaIgRZSxFNeZUF+xDrZdCRm+qkBXZaMFQzLU0BT
+B239Lmpwp54zsBoTBY9JBS4Atmrwt3YE3JqcIH77GpkgXSx203bYVp0jF3vPxHLU
+bSqhV9Zw7m6V8uF+jvOdrDiZ33OJN9yx6nS+c7NfOyRgGQIDAQABo3wwejB4BgNV
+HREEcTBvgglsb2NhbGhvc3SCBmNvbmp1coIVY29uanVyLWRldi5jb25qdXIubmV0
+ghljb25qdXItZGV2Lml0ZC5jb25qdXIubmV0gihlYzItNTQtODMtOTktMTM1LmNv
+bXB1dGUtMS5hbWF6b25hd3MuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQB+alzAA3ek
+o8QrnoDuWOxTqD0XIwzqux6BM/nM4dZX6drr+D0y8QtMKLZNODazvFCJWNHAWWmD
+FkRudwl3G1Qs56AB+LnQ2jhL5Qf78Rl2vYvdmo8iowEpOBajvzEMLsEaRNmwmSGc
+yvml0YdVSiMdTdIk58qG84pkmteSX9VYE1IF7xfWb3ji8292fm5q6cgqFLNYx2MI
+5UyfyroGMJ2ikzTGS64TpCmi/n1sjl2iM+/QmkHVc3KUIdwAY2NttyZ2pZo2J4i6
+MVs0y+HobWbOKKhyfxpMT59dJxGu21QPbWfQLkHCCOlo2P4z9oku23sbvQQ7CbvS
+VoykXurdaZo9
+-----END CERTIFICATE-----
+CONJUR_CERT
+
+tee /etc/conjur.identity > /dev/null << CONJUR_IDENTITY
+machine https://conjur/api/authn
+  login host/ec2/i-eaa5f700
+  password 3a4rb19rpjejr89h6r29kd2fb3808cpy
+CONJUR_IDENTITY
+chmod 0600 /etc/conjur.identity
+
+curl -L https://www.opscode.com/chef/install.sh | bash
+chef-solo -r https://github.com/conjur-cookbooks/conjur-ssh/releases/download/v1.2.0/conjur-ssh-v1.2.0.tar.gz -o conjur-ssh
+
+"""
+
+  Scenario: conjurize with arbitrary cookbook
+    When I conjurize "--conjur-cookbook-url https://example.com --conjur-run-list fry"
+    Then the stdout should contain "chef-solo -r https://example.com -o fry"
+    
+  Scenario: conjurize with path to chef-solo
+    When I conjurize "--chef-executable /path/to/chef-solo --conjur-cookbook-url https://example.com --conjur-run-list fry"
+    Then the stdout should contain "/path/to/chef-solo -r https://example.com -o fry"
+    And the stdout should not contain "curl -L https://www.opscode.com/chef/install.sh"
+
+  Scenario: conjurize with sudo-ized commands
+    When I conjurize "--sudo --ssh"
+    Then the stdout should contain "sudo -n tee /etc/conjur.conf > /dev/null << CONJUR_CONF"
+    And the stdout should contain "sudo -n tee /etc/conjur-test.pem > /dev/null << CONJUR_CERT"
+    And the stdout should contain "sudo -n tee /etc/conjur.identity > /dev/null << CONJUR_IDENTITY"
+    And the stdout should contain "sudo -n chmod 0600 /etc/conjur.identity"
+    And the stdout should contain "curl -L https://www.opscode.com/chef/install.sh | sudo -n bash"
+    

data/features/step_definitions/conjurize_steps.rb

@@ -0,0 +1,5 @@
+When(/^I conjurize "(.*?)"$/) do |args|
+  cmd = "conjurize -f ../../features/support/host.json -c ../../features/support/conjur.conf"
+  step %Q(I run `#{[ cmd, args ].compact.join(' ')}`)
+end
+

data/features/support/conjur.conf

@@ -0,0 +1,6 @@
+---
+account: test
+plugins:
+- ui
+appliance_url: https://conjur/api
+cert_file: ../../features/support/conjur-test.pem

data/features/support/env.rb

@@ -1,5 +1,6 @@
 require 'simplecov'
 require 'aruba/cucumber'
+require 'methadone/cucumber'
 require 'cucumber/rspec/doubles'
 
 SimpleCov.start

data/lib/conjur/authn.rb

@@ -23,6 +23,10 @@ require 'active_support/dependencies/autoload'
 require 'conjur/api'
 require 'netrc'
 
+Netrc.configure do |config|
+  config[:allow_permissive_netrc_file] = true
+end
+
 module Conjur::Authn
   autoload :API,      'conjur/authn-api'
   class << self

data/lib/conjur/cli.rb

@@ -32,6 +32,7 @@ module Conjur
   autoload :Command,                'conjur/command'
   autoload :DSL,                    'conjur/dsl/runner'
   autoload :DSLCommand,             'conjur/command/dsl_command'
+  autoload :VERSION,                'conjur/version'
 
   module Audit
     autoload :Follower,             'conjur/audit/follower'
@@ -67,7 +68,7 @@ module Conjur
             filename = "conjur-asset-#{plugin}"
             require filename
           rescue LoadError
-            warn "Could not load plugin '#{plugin}' specified in your config file.\nMake sure you have the #{filename}-api gem installed."
+            warn "Could not load plugin '#{plugin}' specified in your config file.\nMake sure you have the #{filename} gem installed."
           end
         end
       end
@@ -85,6 +86,8 @@ module Conjur
 
     init!
 
+    version Conjur::VERSION
+
     pre do |global,command,options,args|
       require 'conjur/api'
 

data/lib/conjur/command/hosts.rb

@@ -86,9 +86,10 @@ class Conjur::Command::Hosts < Conjur::Command
       end
     end
 
-    hosts.desc "Enroll a new host into conjur"
+    hosts.desc "[Deprecated] Enroll a new host into conjur"
     hosts.arg_name "host"
     hosts.command :enroll do |c|
+      hide_docs(c)
       c.action do |global_options, options, args|
         id = require_arg(args, 'host')
         enrollment_url = api.host(id).enrollment_url
@@ -108,4 +109,4 @@ class Conjur::Command::Hosts < Conjur::Command
       end
     end
   end
-end
+end

data/lib/conjur/command/policy.rb

@@ -26,7 +26,8 @@ require 'socket'
 class Conjur::Command::Policy < Conjur::DSLCommand
   class << self
     def default_collection_user
-      Etc.getlogin
+      # More accurate than Etc.getlogin
+      Etc.getpwuid(Process.uid).name
     end
     
     def default_collection_hostname

data/lib/conjur/command/variables.rb

@@ -23,7 +23,7 @@ class Conjur::Command::Variables < Conjur::Command
   desc "Manage variables"
   command :variable do |var|
     var.desc "Create and store a variable"
-    var.arg_name "id"
+    var.arg_name "id [value]"
     var.command :create do |c|
       c.arg_name "mime_type"
       c.flag [:m, :"mime-type"], default_value: "text/plain"
@@ -32,18 +32,23 @@ class Conjur::Command::Variables < Conjur::Command
       c.flag [:k, :"kind"], default_value: "secret"
 
       c.arg_name "value"
-      c.desc "Initial value"
+      c.desc "Initial value, which may also be specified as the second command argument after the variable id"
       c.flag [:v, :"value"]
 
       acting_as_option(c)
 
       c.action do |global_options,options,args|
         id = args.shift
-        options[:id] = id if id
-
         unless id
           ActiveSupport::Deprecation.warn "id argument will be required in future releases"
         end
+        value = args.shift unless args.empty?
+        
+        raise "Received extra arguments '#{args.join(' ')}'" unless args.empty?
+        raise "Received conflicting value arguments" if value && options[:value]
+        
+        options[:id] = id if id
+        options[:value] ||= value if value
 
         mime_type = options.delete(:m)
         kind = options.delete(:k)

data/lib/conjur/conjurenv.rb

@@ -42,7 +42,7 @@ module Conjur
 
     class ConjurVariable < CustomTag
       def evaluate value
-        raise "variable #{id} exists but doesn't have a value" if value.nil?
+        raise "variable #{conjur_id} exists but doesn't have a value" if value.nil?
         value.chomp
       end
     end

data/lib/conjur/conjurize.rb

@@ -0,0 +1,106 @@
+require 'methadone'
+require 'json'
+require 'conjur/version.rb'
+
+module Conjur
+  class Conjurize
+    include Methadone::Main
+    include Methadone::CLILogging
+  
+    description <<-DESC
+Generate a script to install Conjur onto a machine. "conjurize" is designed to be used
+in a piped execution, along with "conjur host create" and "ssh". For example:
+
+conjur host create myhost.example.com | tee host.json | conjurize --ssh | ssh myhost.example.com
+DESC
+
+    version Conjur::VERSION
+    
+    main do
+      input = if input_file = options[:f]
+        File.read(input_file)
+      else
+        STDIN.read
+      end
+      host = JSON.parse input
+      
+      login = host['id'] or raise "No 'id' field in host JSON"
+      api_key = host['api_key'] or raise "No 'api_key' field in host JSON"
+        
+      require 'conjur/cli'
+      if conjur_config = options[:c]
+        Conjur::Config.load [ conjur_config ]
+      else
+        Conjur::Config.load
+      end
+      Conjur::Config.apply
+        
+      conjur_cookbook_url = conjur_run_list = nil
+        
+      conjur_run_list = options[:"conjur-run-list"]
+      conjur_cookbook_url = options[:"conjur-cookbook-url"]
+      chef_executable = options[:"chef-executable"]
+      
+      if options[:ssh]
+        conjur_run_list ||= "conjur-ssh"
+        conjur_cookbook_url ||= "https://github.com/conjur-cookbooks/conjur-ssh/releases/download/v1.2.0/conjur-ssh-v1.2.0.tar.gz"
+      end
+      
+      sudo = lambda{|str| 
+        [ options[:sudo] ? "sudo -n" : nil, str ].compact.join(" ")
+      }
+      
+      header = <<-HEADER
+#!/bin/sh
+set -e
+
+# Implementation note: 'tee' is used as a sudo-friendly 'cat' to populate a file with the contents provided below.
+      HEADER
+      
+      configure_conjur = <<-CONFIGURE
+#{sudo.call 'tee'} /etc/conjur.conf > /dev/null << CONJUR_CONF
+account: #{Conjur.configuration.account}
+appliance_url: #{Conjur.configuration.appliance_url}
+cert_file: /etc/conjur-#{Conjur.configuration.account}.pem
+netrc_path: /etc/conjur.identity
+plugins: []
+CONJUR_CONF
+
+#{sudo.call 'tee'} /etc/conjur-#{Conjur.configuration.account}.pem > /dev/null << CONJUR_CERT
+#{File.read(Conjur.configuration.cert_file).strip}
+CONJUR_CERT
+
+#{sudo.call 'tee'} /etc/conjur.identity > /dev/null << CONJUR_IDENTITY
+machine #{Conjur.configuration.appliance_url}/authn
+  login host/#{login}
+  password #{api_key}
+CONJUR_IDENTITY
+#{sudo.call 'chmod'} 0600 /etc/conjur.identity
+      CONFIGURE
+      
+      install_chef = if conjur_cookbook_url && !chef_executable
+        %Q(curl -L https://www.opscode.com/chef/install.sh | #{sudo.call 'bash'})
+      else
+        nil
+      end
+      
+      chef_executable ||= "chef-solo"
+
+      run_chef = if conjur_cookbook_url
+        %Q(#{sudo.call "#{chef_executable} -r #{conjur_cookbook_url} -o #{conjur_run_list}"})
+      else
+        nil
+      end
+      
+      puts [ header, configure_conjur, install_chef, run_chef ].compact.join("\n")
+    end
+    
+    on("-c CONJUR_CONFIG_FILE", "Overrides defaults (CONJURRC env var, ~/.conjurrc, /etc/conjur.conf).")
+    on("-f HOST_JSON_FILE", "Host login and API key can be read from the output emitted from 'conjur host create'. This data can be obtained from stdin, or from a file.")
+    on("--chef-executable PATH", "If specified, the designated chef-solo executable is used, otherwise Chef is installed on the target machine.")
+    on("--ssh", "Indicates that Conjur SSH should be installed.")
+    on("--sudo", "Indicates that all commands should be run via 'sudo'.")
+    on("--conjur-cookbook-url NAME", "Overrides the default Chef cookbook URL for Conjur SSH.")
+    on("--conjur-run-list RUNLIST", "Overrides the default Chef run list for Conjur SSH.")
+  end
+end

data/lib/conjur/dsl/runner.rb

@@ -20,7 +20,7 @@ module Conjur
         @context['env']   = Conjur.env unless Conjur.env == 'production'
         @context['stack'] = Conjur.stack unless Conjur.stack == 'v4'
         @context['appliance_url']   = Conjur.configuration.appliance_url unless Conjur.configuration.appliance_url.nil?
-        @context['ssl_certificate'] = File.read(Conjur::Config[:cert_file]) unless Conjur::Config[:cert_file].nil?
+        @context['ssl_certificate'] = File.read(Conjur.configuration.cert_file) unless Conjur.configuration.cert_file.nil?
 
         @script = script
         @filename = filename

data/lib/conjur/version.rb

@@ -19,6 +19,6 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 module Conjur
-  VERSION = "4.17.0"
+  VERSION = "4.18.0"
   ::Version=VERSION
 end

data/spec/command/policy_spec.rb

@@ -22,6 +22,8 @@ describe Conjur::Command::Policy do
       double("resource", exists?: true).as_null_object
     end
     before {
+      allow(File).to receive(:read).and_call_original
+      allow(File).to receive(:exists?).and_call_original
       allow(File).to receive(:exists?).with("policy.rb").and_return true
       allow(File).to receive(:read).with("policy.rb").and_return "{}"
       allow_any_instance_of(Conjur::DSL::Runner).to receive(:api).and_return api

data/spec/command/variables_spec.rb

@@ -2,21 +2,24 @@ require 'spec_helper'
 
 describe Conjur::Command::Variables, logged_in: true do
   let(:collection_url) { "https://core.example.com/variables" }
-
   let(:base_payload) { { mime_type: 'text/json', kind: 'password' } }
+  let(:id) { 'the-id' }
+  let(:variable) { post_response(id) }
 
   describe_command "variable:create -m text/json -k password" do
+    let(:id) { 'assigned-id' }
     it "lets the server assign the id" do
      expect(RestClient::Request).to receive(:execute).with(
         method: :post,
         url: collection_url,
         headers: {},
         payload: base_payload
-      ).and_return(post_response('assigned-id'))
+      ).and_return(variable)
 
       expect { invoke }.to write({ id: 'assigned-id' }).to(:stdout)
     end
   end
+
   describe_command "variable:create -m text/json -k password the-id" do
     it "propagates the user-assigned id" do
      expect(RestClient::Request).to receive(:execute).with(
@@ -24,13 +27,37 @@ describe Conjur::Command::Variables, logged_in: true do
         url: collection_url,
         headers: {},
         payload: base_payload.merge({ id: 'the-id' })
-      ).and_return(post_response('the-id'))
+      ).and_return(variable)
 
       expect { invoke }.to write({ id: 'the-id' }).to(:stdout)
     end
   end
 
+  describe_command "variable:create -m text/json -k password the-id the-value" do
+    it "propagates the user-assigned id and value" do
+     expect(RestClient::Request).to receive(:execute).with(
+        method: :post,
+        url: collection_url,
+        headers: {},
+        payload: base_payload.merge({ id: 'the-id', value: 'the-value' })
+      ).and_return(variable)
 
+      expect { invoke }.to write({ id: 'the-id' }).to(:stdout)
+    end
+  end
+  
+  describe_command "variable:create -v the-value-1 the-id the-value-2" do
+    it "complains about conflicting values" do
+      expect { invoke }.to raise_error("Received conflicting value arguments")
+    end
+  end
+  
+  describe_command "variable:create the-id -v the-value" do
+    it "complains about extra arguments" do
+      expect { invoke }.to raise_error("Received extra arguments 'the-value'")
+    end
+  end
+  
   describe_command "variable:create" do
     it "provides default values for optional parameters mime_type and kind" do
       expect(RestClient::Request).to receive(:execute).with(
@@ -38,10 +65,8 @@ describe Conjur::Command::Variables, logged_in: true do
         url: collection_url,
         headers: {},
         payload: { mime_type: 'text/plain', kind: 'secret'}
-        ).and_return(post_response('the-id'))
+        ).and_return(variable)
       expect { invoke }.to write # invoke_silently
     end
   end
-
-
 end

data/spec/config_spec.rb

@@ -1,3 +1,4 @@
+require 'spec_helper'
 require 'conjur/authn'
 require 'conjur/config'
 require 'conjur/command/rspec/output_matchers'
@@ -107,13 +108,23 @@ describe Conjur::Config do
     end
   end
   describe "#apply" do
-    before { allow(OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE).to receive(:add_file) }
-
-    let(:cert_file) { "/path/to/cert.pem" }
-    it "trusts the cert_file" do
-      Conjur::Config.class_variable_set("@@attributes", { 'cert_file' => cert_file })
-      expect(OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE).to receive(:add_file).with cert_file  
-      Conjur::Config.apply
+    before { 
+      allow(OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE).to receive(:add_file) 
+    }
+    context "cert_file" do
+      let(:cert_file) { "/path/to/cert.pem" }
+      before { 
+        Conjur::Config.class_variable_set("@@attributes", { 'cert_file' => cert_file })
+      }
+  
+      it "trusts the cert_file" do
+        expect(OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE).to receive(:add_file).with cert_file  
+        Conjur::Config.apply
+      end
+      it "propagates the cert_file to Configuration.cert_file" do
+        Conjur::Config.apply
+        expect(Conjur.configuration.cert_file).to eq(cert_file)
+      end
     end
 
     it "shadows rc with envars" do
@@ -121,7 +132,7 @@ describe Conjur::Config do
       ENV['CONJUR_APPLIANCE_URL'] = url
       load!
       Conjur::Config.apply
-      expect(Conjur.configuration.appliance_url).to eq url
+      expect(Conjur.configuration.appliance_url).to eq(url)
     end
   end
 end

data/spec/env_spec.rb

@@ -2,6 +2,12 @@ require 'spec_helper'
 require 'conjur/conjurenv'
 
 describe Conjur::Env do
+  describe Conjur::Env::ConjurVariable do
+    it "reports a missing value" do
+      var = Conjur::Env::ConjurVariable.new('the-id')
+      expect { var.evaluate nil }.to raise_error "variable the-id exists but doesn't have a value"
+    end
+  end
 
   describe "#initialize" do
 

data/spec/spec_helper.rb

@@ -43,4 +43,29 @@ shared_context "fresh config" do
     Conjur::Config.clear
     Conjur.configuration = @configuration
   }
-end
+end
+
+RSpec::Core::DSL.change_global_dsl do
+  def describe_conjurize *argv, &block
+    describe *argv do
+      let(:command) { Conjur::Conjurize }
+      let(:invoke) do
+        command.go!
+      end
+      before {
+        require 'methadone'
+        
+        option_parser = OptionParser.new
+        expect(option_parser).to receive(:parse!).with(no_args) do |*args|
+          option_parser.parse! argv
+        end
+        allow(option_parser).to receive(:parse!).and_call_original
+        option_parser_proxy = nil
+        expect(Conjur::Conjurize).to receive(:opts) do |*args|
+          option_parser_proxy ||= Methadone::OptionParserProxy.new(option_parser, command.options)
+        end
+      }
+      instance_eval &block
+    end
+  end
+end

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 4.17.0
+  version: 4.18.0
 platform: ruby
 authors:
-- Rafał Rzepecki
+- Rafal Rzepecki
 - Kevin Gilpin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-28 00:00:00.000000000 Z
+date: 2014-12-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -31,14 +31,14 @@ dependencies:
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
-        version: 4.10.0
+        version: 4.11.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
-        version: 4.10.0
+        version: 4.11.0
 - !ruby/object:Gem::Dependency
   name: gli
   requirement: !ruby/object:Gem::Requirement
@@ -223,12 +223,13 @@ dependencies:
         version: 0.0.1
 description: 
 email:
-- divided.mind@gmail.com
+- rafal@conjur.net
 - kgilpin@conjur.net
 executables:
 - _conjur_completions
 - _conjur_completions.yaml
 - conjur
+- conjurize
 - jsonfield
 extensions: []
 extra_rdoc_files: []
@@ -245,8 +246,10 @@ files:
 - bin/_conjur_completions
 - bin/_conjur_completions.yaml
 - bin/conjur
+- bin/conjurize
 - bin/jsonfield
 - conjur.gemspec
+- features/conjurize.feature
 - features/dsl_context.feature
 - features/dsl_host_create.feature
 - features/dsl_ownership.feature
@@ -255,9 +258,13 @@ files:
 - features/dsl_role_create.feature
 - features/dsl_user_create.feature
 - features/jsonfield.feature
+- features/step_definitions/conjurize_steps.rb
 - features/step_definitions/dsl_steps.rb
+- features/support/conjur-test.pem
+- features/support/conjur.conf
 - features/support/env.rb
 - features/support/hooks.rb
+- features/support/host.json
 - lib/conjur.rb
 - lib/conjur/audit/follower.rb
 - lib/conjur/authn.rb
@@ -290,6 +297,7 @@ files:
 - lib/conjur/command/variables.rb
 - lib/conjur/config.rb
 - lib/conjur/conjurenv.rb
+- lib/conjur/conjurize.rb
 - lib/conjur/dsl/runner.rb
 - lib/conjur/identifier_manipulation.rb
 - lib/conjur/version.rb
@@ -340,6 +348,7 @@ signing_key:
 specification_version: 4
 summary: Conjur command line interface
 test_files:
+- features/conjurize.feature
 - features/dsl_context.feature
 - features/dsl_host_create.feature
 - features/dsl_ownership.feature
@@ -348,9 +357,13 @@ test_files:
 - features/dsl_role_create.feature
 - features/dsl_user_create.feature
 - features/jsonfield.feature
+- features/step_definitions/conjurize_steps.rb
 - features/step_definitions/dsl_steps.rb
+- features/support/conjur-test.pem
+- features/support/conjur.conf
 - features/support/env.rb
 - features/support/hooks.rb
+- features/support/host.json
 - spec/authn_spec.rb
 - spec/command/assets_spec.rb
 - spec/command/audit_spec.rb