conjur-cli 4.20.1 → 4.21.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +5 -7
- data/conjur.gemspec +2 -1
- data/lib/conjur/cli.rb +5 -2
- data/lib/conjur/command/init.rb +3 -2
- data/lib/conjur/command/rspec/describe_command.rb +13 -0
- data/lib/conjur/version.rb +1 -1
- data/spec/command/groups_spec.rb +8 -8
- data/spec/command/hosts_spec.rb +4 -4
- data/spec/command/init_spec.rb +1 -1
- data/spec/command/users_spec.rb +2 -2
- data/spec/command/variables_spec.rb +8 -8
- metadata +18 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3c37f9ccccef777e9cc90ab9dd9d83c167f59e8f
|
|
4
|
+
data.tar.gz: 00970eef162d3ff5f69b09bff7196234e61dfe97
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 538be1cde61f32cfe2db688d7bb399a9f44e85ca6e75ea1327e2a15cb1a1eade78a0265512b89a53fa2b9ef333828bc471c48ca18a23228fbe817d23abd8c4d9
|
|
7
|
+
data.tar.gz: bd3c351d0493ff5a2bbccbd5b510a76c4f28b3c3225da8c62de87f34b287ec332f7c43622be241fbdc6cf71e942e6d8408b64afacefd644f2785a465efb1781f
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -1,12 +1,14 @@
|
|
|
1
1
|
# Conjur
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
Command-line interface to Conjur.
|
|
4
|
+
|
|
5
|
+
A complete reference guide is available at [developer.conjur.net](http://developer.conjur.net/reference).
|
|
4
6
|
|
|
5
7
|
## Installation
|
|
6
8
|
|
|
7
9
|
Add this line to your application's Gemfile:
|
|
8
10
|
|
|
9
|
-
gem 'conjur'
|
|
11
|
+
gem 'conjur-cli', require: 'conjur/cli'
|
|
10
12
|
|
|
11
13
|
And then execute:
|
|
12
14
|
|
|
@@ -14,11 +16,7 @@ And then execute:
|
|
|
14
16
|
|
|
15
17
|
Or install it yourself as:
|
|
16
18
|
|
|
17
|
-
$ gem install conjur
|
|
18
|
-
|
|
19
|
-
## Usage
|
|
20
|
-
|
|
21
|
-
TODO: Write usage instructions here
|
|
19
|
+
$ gem install conjur-cli
|
|
22
20
|
|
|
23
21
|
## Contributing
|
|
24
22
|
|
data/conjur.gemspec
CHANGED
|
@@ -17,12 +17,13 @@ Gem::Specification.new do |gem|
|
|
|
17
17
|
|
|
18
18
|
|
|
19
19
|
gem.add_dependency 'activesupport'
|
|
20
|
-
gem.add_dependency 'conjur-api', '~> 4.
|
|
20
|
+
gem.add_dependency 'conjur-api', '~> 4.14'
|
|
21
21
|
gem.add_dependency 'gli', '>=2.8.0'
|
|
22
22
|
gem.add_dependency 'highline'
|
|
23
23
|
gem.add_dependency 'netrc', '~> 0.10.2'
|
|
24
24
|
gem.add_dependency 'methadone'
|
|
25
25
|
gem.add_dependency 'deep_merge'
|
|
26
|
+
gem.add_dependency 'xdg'
|
|
26
27
|
|
|
27
28
|
gem.add_runtime_dependency 'cas_rest_client'
|
|
28
29
|
|
data/lib/conjur/cli.rb
CHANGED
|
@@ -22,12 +22,15 @@ require 'gli'
|
|
|
22
22
|
# need this to prevent an active support bug in some versions
|
|
23
23
|
require 'active_support'
|
|
24
24
|
require 'active_support/deprecation'
|
|
25
|
-
require '
|
|
25
|
+
require 'xdg'
|
|
26
|
+
require 'fileutils'
|
|
26
27
|
|
|
27
28
|
# this makes mime/types gem load much faster by lazy loading
|
|
28
29
|
# mime types and caching them in binary form
|
|
29
30
|
ENV['RUBY_MIME_TYPES_LAZY_LOAD'] ||= 'true'
|
|
30
|
-
ENV['RUBY_MIME_TYPES_CACHE'] ||=
|
|
31
|
+
ENV['RUBY_MIME_TYPES_CACHE'] ||= (
|
|
32
|
+
XDG['CACHE'].to_path.tap(&FileUtils.method(:mkdir_p)) + 'ruby-mime-types.cache'
|
|
33
|
+
).to_s
|
|
31
34
|
|
|
32
35
|
module Conjur
|
|
33
36
|
autoload :Config, 'conjur/config'
|
data/lib/conjur/command/init.rb
CHANGED
|
@@ -129,13 +129,14 @@ class Conjur::Command::Init < Conjur::Command
|
|
|
129
129
|
sock = TCPSocket.new host, port.to_i
|
|
130
130
|
ssock = SSLSocket.new sock
|
|
131
131
|
ssock.connect
|
|
132
|
-
|
|
132
|
+
chain = ssock.peer_cert_chain
|
|
133
|
+
cert = chain.first
|
|
133
134
|
fp = Digest::SHA1.digest cert.to_der
|
|
134
135
|
|
|
135
136
|
# convert to hex, then split into bytes with :
|
|
136
137
|
hexfp = (fp.unpack 'H*').first.upcase.scan(/../).join(':')
|
|
137
138
|
|
|
138
|
-
["SHA1 Fingerprint=#{hexfp}",
|
|
139
|
+
["SHA1 Fingerprint=#{hexfp}", chain.map(&:to_pem).join]
|
|
139
140
|
rescue
|
|
140
141
|
exit_now! "Unable to retrieve certificate from #{connect_hostname}"
|
|
141
142
|
ensure
|
|
@@ -1,6 +1,19 @@
|
|
|
1
1
|
RSpec::Core::DSL.change_global_dsl do
|
|
2
2
|
def describe_command *argv, &block
|
|
3
3
|
describe *argv do
|
|
4
|
+
let(:cert_store) { double(:cert_store) }
|
|
5
|
+
|
|
6
|
+
before do
|
|
7
|
+
allow(cert_store).to receive(:add_file)
|
|
8
|
+
stub_const 'OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE', cert_store
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
let(:cert_store_options) do
|
|
12
|
+
{
|
|
13
|
+
ssl_cert_store: cert_store
|
|
14
|
+
}
|
|
15
|
+
end
|
|
16
|
+
|
|
4
17
|
let(:invoke) do
|
|
5
18
|
Conjur::CLI.error_device = $stderr
|
|
6
19
|
# TODO: allow proper handling of description like "audit:send 'hello world'"
|
data/lib/conjur/version.rb
CHANGED
data/spec/command/groups_spec.rb
CHANGED
|
@@ -30,47 +30,47 @@ describe Conjur::Command::Groups, logged_in: true do
|
|
|
30
30
|
|
|
31
31
|
describe_command "group:members:add group user:alice" do
|
|
32
32
|
it "adds the role to the group" do
|
|
33
|
-
|
|
33
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
34
34
|
method: :put,
|
|
35
35
|
url: "https://authz.example.com/the-account/roles/group/group/?members&member=user:alice",
|
|
36
36
|
headers: {},
|
|
37
37
|
payload: nil
|
|
38
|
-
)
|
|
38
|
+
}.merge(cert_store_options))
|
|
39
39
|
invoke
|
|
40
40
|
end
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
describe_command "group:members:add -a group user:alice" do
|
|
44
44
|
it "adds the role to the group with admin option" do
|
|
45
|
-
|
|
45
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
46
46
|
method: :put,
|
|
47
47
|
url: "https://authz.example.com/the-account/roles/group/group/?members&member=user:alice",
|
|
48
48
|
headers: {},
|
|
49
49
|
payload: { admin_option: true }
|
|
50
|
-
)
|
|
50
|
+
}.merge(cert_store_options))
|
|
51
51
|
invoke
|
|
52
52
|
end
|
|
53
53
|
end
|
|
54
54
|
describe_command "group:members:add -a group alice" do
|
|
55
55
|
it "assumes that a nake member name is a user" do
|
|
56
|
-
|
|
56
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
57
57
|
method: :put,
|
|
58
58
|
url: "https://authz.example.com/the-account/roles/group/group/?members&member=user:alice",
|
|
59
59
|
headers: {},
|
|
60
60
|
payload: { admin_option: true }
|
|
61
|
-
)
|
|
61
|
+
}.merge(cert_store_options))
|
|
62
62
|
invoke
|
|
63
63
|
end
|
|
64
64
|
end
|
|
65
65
|
|
|
66
66
|
describe_command "group:members:add -r group alice" do
|
|
67
67
|
it "revokes the admin rights" do
|
|
68
|
-
expect(RestClient::Request).to receive(:execute).with(
|
|
68
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
69
69
|
method: :put,
|
|
70
70
|
url: "https://authz.example.com/the-account/roles/group/group/?members&member=user:alice",
|
|
71
71
|
headers: {},
|
|
72
72
|
payload: { admin_option: false }
|
|
73
|
-
|
|
73
|
+
}.merge(cert_store_options))
|
|
74
74
|
invoke
|
|
75
75
|
end
|
|
76
76
|
end
|
data/spec/command/hosts_spec.rb
CHANGED
|
@@ -5,24 +5,24 @@ describe Conjur::Command::Hosts, logged_in: true do
|
|
|
5
5
|
|
|
6
6
|
describe_command "host:create" do
|
|
7
7
|
it "lets the server assign the id" do
|
|
8
|
-
expect(RestClient::Request).to receive(:execute).with(
|
|
8
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
9
9
|
method: :post,
|
|
10
10
|
url: collection_url,
|
|
11
11
|
headers: {},
|
|
12
12
|
payload: {}
|
|
13
|
-
|
|
13
|
+
}.merge(cert_store_options)).and_return(post_response('assigned-id'))
|
|
14
14
|
|
|
15
15
|
expect { invoke }.to write({ id: 'assigned-id' }).to(:stdout)
|
|
16
16
|
end
|
|
17
17
|
end
|
|
18
18
|
describe_command "host:create the-id" do
|
|
19
19
|
it "propagates the user-assigned id" do
|
|
20
|
-
expect(RestClient::Request).to receive(:execute).with(
|
|
20
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
21
21
|
method: :post,
|
|
22
22
|
url: collection_url,
|
|
23
23
|
headers: {},
|
|
24
24
|
payload: { id: 'the-id' }
|
|
25
|
-
).and_return(post_response('the-id'))
|
|
25
|
+
}.merge(cert_store_options)).and_return(post_response('the-id'))
|
|
26
26
|
|
|
27
27
|
expect { invoke }.to write({ id: 'the-id' }).to(:stdout)
|
|
28
28
|
end
|
data/spec/command/init_spec.rb
CHANGED
|
@@ -44,7 +44,7 @@ describe Conjur::Command::Init do
|
|
|
44
44
|
it "returns the right certificate from github" do
|
|
45
45
|
fingerprint, certificate = Conjur::Command::Init.get_certificate('github.com:443')
|
|
46
46
|
expect(fingerprint).to eq(GITHUB_FP)
|
|
47
|
-
expect(certificate.strip).to
|
|
47
|
+
expect(certificate.strip).to include(GITHUB_CERT.strip)
|
|
48
48
|
end
|
|
49
49
|
end
|
|
50
50
|
|
data/spec/command/users_spec.rb
CHANGED
|
@@ -57,14 +57,14 @@ describe Conjur::Command::Users, logged_in: true do
|
|
|
57
57
|
|
|
58
58
|
context "updating password" do
|
|
59
59
|
before do
|
|
60
|
-
expect(RestClient::Request).to receive(:execute).with(
|
|
60
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
61
61
|
method: :put,
|
|
62
62
|
url: update_password_url,
|
|
63
63
|
user: username,
|
|
64
64
|
password: api_key,
|
|
65
65
|
headers: { },
|
|
66
66
|
payload: "new-password"
|
|
67
|
-
|
|
67
|
+
}.merge(cert_store_options))
|
|
68
68
|
end
|
|
69
69
|
|
|
70
70
|
describe_command "user:update_password -p new-password" do
|
|
@@ -9,12 +9,12 @@ describe Conjur::Command::Variables, logged_in: true do
|
|
|
9
9
|
describe_command "variable:create -m text/json -k password" do
|
|
10
10
|
let(:id) { 'assigned-id' }
|
|
11
11
|
it "lets the server assign the id" do
|
|
12
|
-
expect(RestClient::Request).to receive(:execute).with(
|
|
12
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
13
13
|
method: :post,
|
|
14
14
|
url: collection_url,
|
|
15
15
|
headers: {},
|
|
16
16
|
payload: base_payload
|
|
17
|
-
).and_return(variable)
|
|
17
|
+
}.merge(cert_store_options)).and_return(variable)
|
|
18
18
|
|
|
19
19
|
expect { invoke }.to write({ id: 'assigned-id' }).to(:stdout)
|
|
20
20
|
end
|
|
@@ -22,12 +22,12 @@ describe Conjur::Command::Variables, logged_in: true do
|
|
|
22
22
|
|
|
23
23
|
describe_command "variable:create -m text/json -k password the-id" do
|
|
24
24
|
it "propagates the user-assigned id" do
|
|
25
|
-
expect(RestClient::Request).to receive(:execute).with(
|
|
25
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
26
26
|
method: :post,
|
|
27
27
|
url: collection_url,
|
|
28
28
|
headers: {},
|
|
29
29
|
payload: base_payload.merge({ id: 'the-id' })
|
|
30
|
-
).and_return(variable)
|
|
30
|
+
}.merge(cert_store_options)).and_return(variable)
|
|
31
31
|
|
|
32
32
|
expect { invoke }.to write({ id: 'the-id' }).to(:stdout)
|
|
33
33
|
end
|
|
@@ -35,12 +35,12 @@ describe Conjur::Command::Variables, logged_in: true do
|
|
|
35
35
|
|
|
36
36
|
describe_command "variable:create -m text/json -k password the-id the-value" do
|
|
37
37
|
it "propagates the user-assigned id and value" do
|
|
38
|
-
expect(RestClient::Request).to receive(:execute).with(
|
|
38
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
39
39
|
method: :post,
|
|
40
40
|
url: collection_url,
|
|
41
41
|
headers: {},
|
|
42
42
|
payload: base_payload.merge({ id: 'the-id', value: 'the-value' })
|
|
43
|
-
).and_return(variable)
|
|
43
|
+
}.merge(cert_store_options)).and_return(variable)
|
|
44
44
|
|
|
45
45
|
expect { invoke }.to write({ id: 'the-id' }).to(:stdout)
|
|
46
46
|
end
|
|
@@ -60,12 +60,12 @@ describe Conjur::Command::Variables, logged_in: true do
|
|
|
60
60
|
|
|
61
61
|
describe_command "variable:create" do
|
|
62
62
|
it "provides default values for optional parameters mime_type and kind" do
|
|
63
|
-
expect(RestClient::Request).to receive(:execute).with(
|
|
63
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
64
64
|
method: :post,
|
|
65
65
|
url: collection_url,
|
|
66
66
|
headers: {},
|
|
67
67
|
payload: { mime_type: 'text/plain', kind: 'secret'}
|
|
68
|
-
|
|
68
|
+
}.merge(cert_store_options)).and_return(variable)
|
|
69
69
|
expect { invoke }.to write # invoke_silently
|
|
70
70
|
end
|
|
71
71
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: conjur-cli
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.21.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rafal Rzepecki
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2015-
|
|
12
|
+
date: 2015-04-07 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: activesupport
|
|
@@ -31,14 +31,14 @@ dependencies:
|
|
|
31
31
|
requirements:
|
|
32
32
|
- - ~>
|
|
33
33
|
- !ruby/object:Gem::Version
|
|
34
|
-
version: 4.
|
|
34
|
+
version: '4.14'
|
|
35
35
|
type: :runtime
|
|
36
36
|
prerelease: false
|
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
|
38
38
|
requirements:
|
|
39
39
|
- - ~>
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
|
-
version: 4.
|
|
41
|
+
version: '4.14'
|
|
42
42
|
- !ruby/object:Gem::Dependency
|
|
43
43
|
name: gli
|
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -109,6 +109,20 @@ dependencies:
|
|
|
109
109
|
- - '>='
|
|
110
110
|
- !ruby/object:Gem::Version
|
|
111
111
|
version: '0'
|
|
112
|
+
- !ruby/object:Gem::Dependency
|
|
113
|
+
name: xdg
|
|
114
|
+
requirement: !ruby/object:Gem::Requirement
|
|
115
|
+
requirements:
|
|
116
|
+
- - '>='
|
|
117
|
+
- !ruby/object:Gem::Version
|
|
118
|
+
version: '0'
|
|
119
|
+
type: :runtime
|
|
120
|
+
prerelease: false
|
|
121
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
122
|
+
requirements:
|
|
123
|
+
- - '>='
|
|
124
|
+
- !ruby/object:Gem::Version
|
|
125
|
+
version: '0'
|
|
112
126
|
- !ruby/object:Gem::Dependency
|
|
113
127
|
name: cas_rest_client
|
|
114
128
|
requirement: !ruby/object:Gem::Requirement
|