conjur-cli 4.20.1 → 4.21.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +5 -7
- data/conjur.gemspec +2 -1
- data/lib/conjur/cli.rb +5 -2
- data/lib/conjur/command/init.rb +3 -2
- data/lib/conjur/command/rspec/describe_command.rb +13 -0
- data/lib/conjur/version.rb +1 -1
- data/spec/command/groups_spec.rb +8 -8
- data/spec/command/hosts_spec.rb +4 -4
- data/spec/command/init_spec.rb +1 -1
- data/spec/command/users_spec.rb +2 -2
- data/spec/command/variables_spec.rb +8 -8
- metadata +18 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3c37f9ccccef777e9cc90ab9dd9d83c167f59e8f
|
|
4
|
+
data.tar.gz: 00970eef162d3ff5f69b09bff7196234e61dfe97
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 538be1cde61f32cfe2db688d7bb399a9f44e85ca6e75ea1327e2a15cb1a1eade78a0265512b89a53fa2b9ef333828bc471c48ca18a23228fbe817d23abd8c4d9
|
|
7
|
+
data.tar.gz: bd3c351d0493ff5a2bbccbd5b510a76c4f28b3c3225da8c62de87f34b287ec332f7c43622be241fbdc6cf71e942e6d8408b64afacefd644f2785a465efb1781f
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -1,12 +1,14 @@
|
|
|
1
1
|
# Conjur
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
Command-line interface to Conjur.
|
|
4
|
+
|
|
5
|
+
A complete reference guide is available at [developer.conjur.net](http://developer.conjur.net/reference).
|
|
4
6
|
|
|
5
7
|
## Installation
|
|
6
8
|
|
|
7
9
|
Add this line to your application's Gemfile:
|
|
8
10
|
|
|
9
|
-
gem 'conjur'
|
|
11
|
+
gem 'conjur-cli', require: 'conjur/cli'
|
|
10
12
|
|
|
11
13
|
And then execute:
|
|
12
14
|
|
|
@@ -14,11 +16,7 @@ And then execute:
|
|
|
14
16
|
|
|
15
17
|
Or install it yourself as:
|
|
16
18
|
|
|
17
|
-
$ gem install conjur
|
|
18
|
-
|
|
19
|
-
## Usage
|
|
20
|
-
|
|
21
|
-
TODO: Write usage instructions here
|
|
19
|
+
$ gem install conjur-cli
|
|
22
20
|
|
|
23
21
|
## Contributing
|
|
24
22
|
|
data/conjur.gemspec
CHANGED
|
@@ -17,12 +17,13 @@ Gem::Specification.new do |gem|
|
|
|
17
17
|
|
|
18
18
|
|
|
19
19
|
gem.add_dependency 'activesupport'
|
|
20
|
-
gem.add_dependency 'conjur-api', '~> 4.
|
|
20
|
+
gem.add_dependency 'conjur-api', '~> 4.14'
|
|
21
21
|
gem.add_dependency 'gli', '>=2.8.0'
|
|
22
22
|
gem.add_dependency 'highline'
|
|
23
23
|
gem.add_dependency 'netrc', '~> 0.10.2'
|
|
24
24
|
gem.add_dependency 'methadone'
|
|
25
25
|
gem.add_dependency 'deep_merge'
|
|
26
|
+
gem.add_dependency 'xdg'
|
|
26
27
|
|
|
27
28
|
gem.add_runtime_dependency 'cas_rest_client'
|
|
28
29
|
|
data/lib/conjur/cli.rb
CHANGED
|
@@ -22,12 +22,15 @@ require 'gli'
|
|
|
22
22
|
# need this to prevent an active support bug in some versions
|
|
23
23
|
require 'active_support'
|
|
24
24
|
require 'active_support/deprecation'
|
|
25
|
-
require '
|
|
25
|
+
require 'xdg'
|
|
26
|
+
require 'fileutils'
|
|
26
27
|
|
|
27
28
|
# this makes mime/types gem load much faster by lazy loading
|
|
28
29
|
# mime types and caching them in binary form
|
|
29
30
|
ENV['RUBY_MIME_TYPES_LAZY_LOAD'] ||= 'true'
|
|
30
|
-
ENV['RUBY_MIME_TYPES_CACHE'] ||=
|
|
31
|
+
ENV['RUBY_MIME_TYPES_CACHE'] ||= (
|
|
32
|
+
XDG['CACHE'].to_path.tap(&FileUtils.method(:mkdir_p)) + 'ruby-mime-types.cache'
|
|
33
|
+
).to_s
|
|
31
34
|
|
|
32
35
|
module Conjur
|
|
33
36
|
autoload :Config, 'conjur/config'
|
data/lib/conjur/command/init.rb
CHANGED
|
@@ -129,13 +129,14 @@ class Conjur::Command::Init < Conjur::Command
|
|
|
129
129
|
sock = TCPSocket.new host, port.to_i
|
|
130
130
|
ssock = SSLSocket.new sock
|
|
131
131
|
ssock.connect
|
|
132
|
-
|
|
132
|
+
chain = ssock.peer_cert_chain
|
|
133
|
+
cert = chain.first
|
|
133
134
|
fp = Digest::SHA1.digest cert.to_der
|
|
134
135
|
|
|
135
136
|
# convert to hex, then split into bytes with :
|
|
136
137
|
hexfp = (fp.unpack 'H*').first.upcase.scan(/../).join(':')
|
|
137
138
|
|
|
138
|
-
["SHA1 Fingerprint=#{hexfp}",
|
|
139
|
+
["SHA1 Fingerprint=#{hexfp}", chain.map(&:to_pem).join]
|
|
139
140
|
rescue
|
|
140
141
|
exit_now! "Unable to retrieve certificate from #{connect_hostname}"
|
|
141
142
|
ensure
|
|
@@ -1,6 +1,19 @@
|
|
|
1
1
|
RSpec::Core::DSL.change_global_dsl do
|
|
2
2
|
def describe_command *argv, &block
|
|
3
3
|
describe *argv do
|
|
4
|
+
let(:cert_store) { double(:cert_store) }
|
|
5
|
+
|
|
6
|
+
before do
|
|
7
|
+
allow(cert_store).to receive(:add_file)
|
|
8
|
+
stub_const 'OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE', cert_store
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
let(:cert_store_options) do
|
|
12
|
+
{
|
|
13
|
+
ssl_cert_store: cert_store
|
|
14
|
+
}
|
|
15
|
+
end
|
|
16
|
+
|
|
4
17
|
let(:invoke) do
|
|
5
18
|
Conjur::CLI.error_device = $stderr
|
|
6
19
|
# TODO: allow proper handling of description like "audit:send 'hello world'"
|
data/lib/conjur/version.rb
CHANGED
data/spec/command/groups_spec.rb
CHANGED
|
@@ -30,47 +30,47 @@ describe Conjur::Command::Groups, logged_in: true do
|
|
|
30
30
|
|
|
31
31
|
describe_command "group:members:add group user:alice" do
|
|
32
32
|
it "adds the role to the group" do
|
|
33
|
-
|
|
33
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
34
34
|
method: :put,
|
|
35
35
|
url: "https://authz.example.com/the-account/roles/group/group/?members&member=user:alice",
|
|
36
36
|
headers: {},
|
|
37
37
|
payload: nil
|
|
38
|
-
)
|
|
38
|
+
}.merge(cert_store_options))
|
|
39
39
|
invoke
|
|
40
40
|
end
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
describe_command "group:members:add -a group user:alice" do
|
|
44
44
|
it "adds the role to the group with admin option" do
|
|
45
|
-
|
|
45
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
46
46
|
method: :put,
|
|
47
47
|
url: "https://authz.example.com/the-account/roles/group/group/?members&member=user:alice",
|
|
48
48
|
headers: {},
|
|
49
49
|
payload: { admin_option: true }
|
|
50
|
-
)
|
|
50
|
+
}.merge(cert_store_options))
|
|
51
51
|
invoke
|
|
52
52
|
end
|
|
53
53
|
end
|
|
54
54
|
describe_command "group:members:add -a group alice" do
|
|
55
55
|
it "assumes that a nake member name is a user" do
|
|
56
|
-
|
|
56
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
57
57
|
method: :put,
|
|
58
58
|
url: "https://authz.example.com/the-account/roles/group/group/?members&member=user:alice",
|
|
59
59
|
headers: {},
|
|
60
60
|
payload: { admin_option: true }
|
|
61
|
-
)
|
|
61
|
+
}.merge(cert_store_options))
|
|
62
62
|
invoke
|
|
63
63
|
end
|
|
64
64
|
end
|
|
65
65
|
|
|
66
66
|
describe_command "group:members:add -r group alice" do
|
|
67
67
|
it "revokes the admin rights" do
|
|
68
|
-
expect(RestClient::Request).to receive(:execute).with(
|
|
68
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
69
69
|
method: :put,
|
|
70
70
|
url: "https://authz.example.com/the-account/roles/group/group/?members&member=user:alice",
|
|
71
71
|
headers: {},
|
|
72
72
|
payload: { admin_option: false }
|
|
73
|
-
|
|
73
|
+
}.merge(cert_store_options))
|
|
74
74
|
invoke
|
|
75
75
|
end
|
|
76
76
|
end
|
data/spec/command/hosts_spec.rb
CHANGED
|
@@ -5,24 +5,24 @@ describe Conjur::Command::Hosts, logged_in: true do
|
|
|
5
5
|
|
|
6
6
|
describe_command "host:create" do
|
|
7
7
|
it "lets the server assign the id" do
|
|
8
|
-
expect(RestClient::Request).to receive(:execute).with(
|
|
8
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
9
9
|
method: :post,
|
|
10
10
|
url: collection_url,
|
|
11
11
|
headers: {},
|
|
12
12
|
payload: {}
|
|
13
|
-
|
|
13
|
+
}.merge(cert_store_options)).and_return(post_response('assigned-id'))
|
|
14
14
|
|
|
15
15
|
expect { invoke }.to write({ id: 'assigned-id' }).to(:stdout)
|
|
16
16
|
end
|
|
17
17
|
end
|
|
18
18
|
describe_command "host:create the-id" do
|
|
19
19
|
it "propagates the user-assigned id" do
|
|
20
|
-
expect(RestClient::Request).to receive(:execute).with(
|
|
20
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
21
21
|
method: :post,
|
|
22
22
|
url: collection_url,
|
|
23
23
|
headers: {},
|
|
24
24
|
payload: { id: 'the-id' }
|
|
25
|
-
).and_return(post_response('the-id'))
|
|
25
|
+
}.merge(cert_store_options)).and_return(post_response('the-id'))
|
|
26
26
|
|
|
27
27
|
expect { invoke }.to write({ id: 'the-id' }).to(:stdout)
|
|
28
28
|
end
|
data/spec/command/init_spec.rb
CHANGED
|
@@ -44,7 +44,7 @@ describe Conjur::Command::Init do
|
|
|
44
44
|
it "returns the right certificate from github" do
|
|
45
45
|
fingerprint, certificate = Conjur::Command::Init.get_certificate('github.com:443')
|
|
46
46
|
expect(fingerprint).to eq(GITHUB_FP)
|
|
47
|
-
expect(certificate.strip).to
|
|
47
|
+
expect(certificate.strip).to include(GITHUB_CERT.strip)
|
|
48
48
|
end
|
|
49
49
|
end
|
|
50
50
|
|
data/spec/command/users_spec.rb
CHANGED
|
@@ -57,14 +57,14 @@ describe Conjur::Command::Users, logged_in: true do
|
|
|
57
57
|
|
|
58
58
|
context "updating password" do
|
|
59
59
|
before do
|
|
60
|
-
expect(RestClient::Request).to receive(:execute).with(
|
|
60
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
61
61
|
method: :put,
|
|
62
62
|
url: update_password_url,
|
|
63
63
|
user: username,
|
|
64
64
|
password: api_key,
|
|
65
65
|
headers: { },
|
|
66
66
|
payload: "new-password"
|
|
67
|
-
|
|
67
|
+
}.merge(cert_store_options))
|
|
68
68
|
end
|
|
69
69
|
|
|
70
70
|
describe_command "user:update_password -p new-password" do
|
|
@@ -9,12 +9,12 @@ describe Conjur::Command::Variables, logged_in: true do
|
|
|
9
9
|
describe_command "variable:create -m text/json -k password" do
|
|
10
10
|
let(:id) { 'assigned-id' }
|
|
11
11
|
it "lets the server assign the id" do
|
|
12
|
-
expect(RestClient::Request).to receive(:execute).with(
|
|
12
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
13
13
|
method: :post,
|
|
14
14
|
url: collection_url,
|
|
15
15
|
headers: {},
|
|
16
16
|
payload: base_payload
|
|
17
|
-
).and_return(variable)
|
|
17
|
+
}.merge(cert_store_options)).and_return(variable)
|
|
18
18
|
|
|
19
19
|
expect { invoke }.to write({ id: 'assigned-id' }).to(:stdout)
|
|
20
20
|
end
|
|
@@ -22,12 +22,12 @@ describe Conjur::Command::Variables, logged_in: true do
|
|
|
22
22
|
|
|
23
23
|
describe_command "variable:create -m text/json -k password the-id" do
|
|
24
24
|
it "propagates the user-assigned id" do
|
|
25
|
-
expect(RestClient::Request).to receive(:execute).with(
|
|
25
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
26
26
|
method: :post,
|
|
27
27
|
url: collection_url,
|
|
28
28
|
headers: {},
|
|
29
29
|
payload: base_payload.merge({ id: 'the-id' })
|
|
30
|
-
).and_return(variable)
|
|
30
|
+
}.merge(cert_store_options)).and_return(variable)
|
|
31
31
|
|
|
32
32
|
expect { invoke }.to write({ id: 'the-id' }).to(:stdout)
|
|
33
33
|
end
|
|
@@ -35,12 +35,12 @@ describe Conjur::Command::Variables, logged_in: true do
|
|
|
35
35
|
|
|
36
36
|
describe_command "variable:create -m text/json -k password the-id the-value" do
|
|
37
37
|
it "propagates the user-assigned id and value" do
|
|
38
|
-
expect(RestClient::Request).to receive(:execute).with(
|
|
38
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
39
39
|
method: :post,
|
|
40
40
|
url: collection_url,
|
|
41
41
|
headers: {},
|
|
42
42
|
payload: base_payload.merge({ id: 'the-id', value: 'the-value' })
|
|
43
|
-
).and_return(variable)
|
|
43
|
+
}.merge(cert_store_options)).and_return(variable)
|
|
44
44
|
|
|
45
45
|
expect { invoke }.to write({ id: 'the-id' }).to(:stdout)
|
|
46
46
|
end
|
|
@@ -60,12 +60,12 @@ describe Conjur::Command::Variables, logged_in: true do
|
|
|
60
60
|
|
|
61
61
|
describe_command "variable:create" do
|
|
62
62
|
it "provides default values for optional parameters mime_type and kind" do
|
|
63
|
-
expect(RestClient::Request).to receive(:execute).with(
|
|
63
|
+
expect(RestClient::Request).to receive(:execute).with({
|
|
64
64
|
method: :post,
|
|
65
65
|
url: collection_url,
|
|
66
66
|
headers: {},
|
|
67
67
|
payload: { mime_type: 'text/plain', kind: 'secret'}
|
|
68
|
-
|
|
68
|
+
}.merge(cert_store_options)).and_return(variable)
|
|
69
69
|
expect { invoke }.to write # invoke_silently
|
|
70
70
|
end
|
|
71
71
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: conjur-cli
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.21.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rafal Rzepecki
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2015-
|
|
12
|
+
date: 2015-04-07 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: activesupport
|
|
@@ -31,14 +31,14 @@ dependencies:
|
|
|
31
31
|
requirements:
|
|
32
32
|
- - ~>
|
|
33
33
|
- !ruby/object:Gem::Version
|
|
34
|
-
version: 4.
|
|
34
|
+
version: '4.14'
|
|
35
35
|
type: :runtime
|
|
36
36
|
prerelease: false
|
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
|
38
38
|
requirements:
|
|
39
39
|
- - ~>
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
|
-
version: 4.
|
|
41
|
+
version: '4.14'
|
|
42
42
|
- !ruby/object:Gem::Dependency
|
|
43
43
|
name: gli
|
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -109,6 +109,20 @@ dependencies:
|
|
|
109
109
|
- - '>='
|
|
110
110
|
- !ruby/object:Gem::Version
|
|
111
111
|
version: '0'
|
|
112
|
+
- !ruby/object:Gem::Dependency
|
|
113
|
+
name: xdg
|
|
114
|
+
requirement: !ruby/object:Gem::Requirement
|
|
115
|
+
requirements:
|
|
116
|
+
- - '>='
|
|
117
|
+
- !ruby/object:Gem::Version
|
|
118
|
+
version: '0'
|
|
119
|
+
type: :runtime
|
|
120
|
+
prerelease: false
|
|
121
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
122
|
+
requirements:
|
|
123
|
+
- - '>='
|
|
124
|
+
- !ruby/object:Gem::Version
|
|
125
|
+
version: '0'
|
|
112
126
|
- !ruby/object:Gem::Dependency
|
|
113
127
|
name: cas_rest_client
|
|
114
128
|
requirement: !ruby/object:Gem::Requirement
|