RubyGems - conjur-cli - Versions diffs - 4.25.0 → 4.25.1 - Mend

conjur-cli 4.25.0 → 4.25.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +24 -19
data/lib/conjur/command/bootstrap.rb +23 -11
data/lib/conjur/command/users.rb +0 -1
data/lib/conjur/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9327368d238b90717af3151f2fc1a2091ff4f051
-  data.tar.gz: a90f6d8e898919557b9b20f54435a5b07d508f61
+  metadata.gz: d792f7bd1ecbf6604d3d39ee0706bbceae4ec01e
+  data.tar.gz: 5ba5e9e5f22043a61ef9e7e1b66749d8a5545c99
 SHA512:
-  metadata.gz: d3b6e29c9c849478d5a67e50d0d59b6e5973dced0d58010d00fbdd1c2dc5287911a9f308c5b9ba9bc6320ea6fedfcb9e098b53582227b1231e95b3693d2a6bb1
-  data.tar.gz: a7a9a8fb315d6fd1dd089e6e0e3cd2330ea98f8ccb37f555eea056d09a5d258660b9b6f793f475951390d2de0c597e01ec04f339dd2e4a670d14c78e93b526be
+  metadata.gz: 8a39979f919c51295778131ebc6f7d7433be5ab1e03f1f116238c6b85f353a571bfeb0c89943431ac5d542c9519a15aab3f616a526c4c12605b8c86a5dd690cc
+  data.tar.gz: 503120adb8c7c37b4cc6ee2b9b61ce60f75efba31259910710b8c3599f40d34665efa4dfa537ce9ef9192b57277361104d01a768e87a8ce6f5d3ee579e236e98

data/CHANGELOG.md CHANGED Viewed

@@ -1,52 +1,57 @@
+# 4.25.1
+* Remove spurious line written to stdout during user creation.
+* Fix up-front permission checking in `conjur bootstrap` so that it will run on a fresh server.
 # 4.25.0
 * A record can be retired to a specific role, in addition to the default behavior of retiring to the `attic` user.
-* Variable can be created with the id only, without becoming interactive
-* Run `conjur variable create -i -a` to create interactively with annotations
+* Variable can be created with the id only, without becoming interactive.
+* Run `conjur variable create -i -a` to create interactively with annotations.
 * Interactive annotation can be performed on bare resources with `conjur resource annotate -i`.
-* Don't require 'admin' user to bootstrap, prompt to create a new security admin during bootstrap
-* Check if user privileges are sufficient before running `retire`
+* Don't require 'admin' user to bootstrap, prompt to create a new security admin during bootstrap.
+* Check if user privileges are sufficient before running `retire`.
 * Don't revoke a user's access to a record in the middle of retire, because doing so leads to 403 errors later on.
-* Interactive mode of user, group and pubkey creation
+* Interactive mode of user, group and pubkey creation.
 # 4.24.0
-* Interactive mode for variable creation
+* Interactive mode for variable creation.
 # 4.23.0
-* Don't check if netrc is world-readable on Windows, since the answer is not reliable
-* Use new [conjur](https://supermarket.chef.io/cookbooks/conjur) cookbook for conjurize
-* Fix faulty initialization of plugins list, if it's nil, in the .conjurrc
-* Log DSL commands to stderr, even if CONJURAPI_LOG is not explicitly configured
+* Don't check if netrc is world-readable on Windows, since the answer is not reliable.
+* Use new [conjur](https://supermarket.chef.io/cookbooks/conjur) cookbook for conjurize.
+* Fix faulty initialization of plugins list, if it's nil, in the .conjurrc.
+* Log DSL commands to stderr, even if CONJURAPI_LOG is not explicitly configured.
 * In policy DSL, allow creation of records without an explicit `id`. In this case, the current scope is used as the `id`.
 # 4.22.0
-* New 'plugin' subcommand to manage CLI plugins
-* Configure SSL certificate from Conjur.configuration
-* Print the error message if there's a problem loading a plugin
+* New 'plugin' subcommand to manage CLI plugins.
+* Configure SSL certificate from Conjur.configuration.
+* Print the error message if there's a problem loading a plugin.
 # 4.21.1
-* Configure trust to the new certificate in `conjur init`, before attempting to contact the Conjur server
+* Configure trust to the new certificate in `conjur init`, before attempting to contact the Conjur server.
 # 4.21.0
-* Use user cache dir for mimetype cache
-* Retrieve the whole certificate chain on conjur init
+* Use user cache dir for mimetype cache.
+* Retrieve the whole certificate chain on conjur init.
 # 4.20.1
-* Improve the error reporting
+* Improve the error reporting.
 # 4.20.0
-* GID manipulation commands
+* GID manipulation commands.
 # 4.19.0
-* Add command `conjur role graph` for batch retrieval of role relationships
+* Add command `conjur role graph` for batch retrieval of role relationships.
 # 4.18.5

data/lib/conjur/command/bootstrap.rb CHANGED Viewed

@@ -57,25 +57,37 @@ class Conjur::Command::Bootstrap < Conjur::Command
     end
     security_admin = api.group("security_admin")
     memberships = user.role.memberships.map(&:roleid) if user
-    begin
-      # The user exists
-      # The security_admin group exists
-      # The user has a role which is admin of the security_admin role
-      # The user has the role which owns the security_admin resource
-      user &&
-        security_admin.exists? &&
-        security_admin.role.members.find{|m| memberships.member?(m.member.roleid) && m.admin_option} &&
-        memberships.member?(security_admin.resource.ownerid)
-    rescue RestClient::Forbidden
+    if user
+      if security_admin.exists?
+        begin
+          # The user has a role which is admin of the security_admin role
+          # The user has the role which owns the security_admin resource
+          security_admin.role.members.find{|m| memberships.member?(m.member.roleid) && m.admin_option} &&
+            memberships.member?(security_admin.resource.ownerid)
+        rescue RestClient::Forbidden
+          false
+        end
+      else
+        user.login == "admin"
+      end
+    else
       false
     end
   end
   Conjur::CLI.command :bootstrap do |c|
+    c.desc "Don't perform up-front checks to see if you are sufficiently privileged to run this command."
+    c.switch [:f, :force]
     c.action do |global_options,options,args|
       require 'highline/import'
+      # Ensure there's a logged in user
+      Conjur::Authn.connect
-      exit_now! "You must be an administrator to bootstrap Conjur" unless security_admin_manager?(api)
+      force = options[:force]
+      exit_now! "You must be an administrator to bootstrap Conjur" unless force || security_admin_manager?(api)
       if (security_admin = api.group("security_admin")).exists?
         puts "Group 'security_admin' exists"

data/lib/conjur/command/users.rb CHANGED Viewed

@@ -73,7 +73,6 @@ class Conjur::Command::Users < Conjur::Command
         user_options[:password] = password if password
         user = api.create_user(login, user_options)
-        puts "User created"
         display user
         if interactive

data/lib/conjur/version.rb CHANGED Viewed

@@ -19,6 +19,6 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 module Conjur
-  VERSION = "4.25.0"
+  VERSION = "4.25.1"
   ::Version=VERSION
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 4.25.0
+  version: 4.25.1
 platform: ruby
 authors:
 - Rafal Rzepecki
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-05-30 00:00:00.000000000 Z
+date: 2015-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport