conjur-cli 4.25.0 → 4.25.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9327368d238b90717af3151f2fc1a2091ff4f051
-  data.tar.gz: a90f6d8e898919557b9b20f54435a5b07d508f61
+  metadata.gz: d792f7bd1ecbf6604d3d39ee0706bbceae4ec01e
+  data.tar.gz: 5ba5e9e5f22043a61ef9e7e1b66749d8a5545c99
 SHA512:
-  metadata.gz: d3b6e29c9c849478d5a67e50d0d59b6e5973dced0d58010d00fbdd1c2dc5287911a9f308c5b9ba9bc6320ea6fedfcb9e098b53582227b1231e95b3693d2a6bb1
-  data.tar.gz: a7a9a8fb315d6fd1dd089e6e0e3cd2330ea98f8ccb37f555eea056d09a5d258660b9b6f793f475951390d2de0c597e01ec04f339dd2e4a670d14c78e93b526be
+  metadata.gz: 8a39979f919c51295778131ebc6f7d7433be5ab1e03f1f116238c6b85f353a571bfeb0c89943431ac5d542c9519a15aab3f616a526c4c12605b8c86a5dd690cc
+  data.tar.gz: 503120adb8c7c37b4cc6ee2b9b61ce60f75efba31259910710b8c3599f40d34665efa4dfa537ce9ef9192b57277361104d01a768e87a8ce6f5d3ee579e236e98

data/CHANGELOG.md

@@ -1,52 +1,57 @@
+# 4.25.1
+
+* Remove spurious line written to stdout during user creation.
+* Fix up-front permission checking in `conjur bootstrap` so that it will run on a fresh server.
+
 # 4.25.0
 
 * A record can be retired to a specific role, in addition to the default behavior of retiring to the `attic` user.
-* Variable can be created with the id only, without becoming interactive
-* Run `conjur variable create -i -a` to create interactively with annotations
+* Variable can be created with the id only, without becoming interactive.
+* Run `conjur variable create -i -a` to create interactively with annotations.
 * Interactive annotation can be performed on bare resources with `conjur resource annotate -i`.
-* Don't require 'admin' user to bootstrap, prompt to create a new security admin during bootstrap
-* Check if user privileges are sufficient before running `retire`
+* Don't require 'admin' user to bootstrap, prompt to create a new security admin during bootstrap.
+* Check if user privileges are sufficient before running `retire`.
 * Don't revoke a user's access to a record in the middle of retire, because doing so leads to 403 errors later on.
-* Interactive mode of user, group and pubkey creation
+* Interactive mode of user, group and pubkey creation.
 
 # 4.24.0
 
-* Interactive mode for variable creation
+* Interactive mode for variable creation.
 
 # 4.23.0
 
-* Don't check if netrc is world-readable on Windows, since the answer is not reliable
-* Use new [conjur](https://supermarket.chef.io/cookbooks/conjur) cookbook for conjurize
-* Fix faulty initialization of plugins list, if it's nil, in the .conjurrc
-* Log DSL commands to stderr, even if CONJURAPI_LOG is not explicitly configured
+* Don't check if netrc is world-readable on Windows, since the answer is not reliable.
+* Use new [conjur](https://supermarket.chef.io/cookbooks/conjur) cookbook for conjurize.
+* Fix faulty initialization of plugins list, if it's nil, in the .conjurrc.
+* Log DSL commands to stderr, even if CONJURAPI_LOG is not explicitly configured.
 * In policy DSL, allow creation of records without an explicit `id`. In this case, the current scope is used as the `id`.
 
 # 4.22.0
 
-* New 'plugin' subcommand to manage CLI plugins
-* Configure SSL certificate from Conjur.configuration
-* Print the error message if there's a problem loading a plugin
+* New 'plugin' subcommand to manage CLI plugins.
+* Configure SSL certificate from Conjur.configuration.
+* Print the error message if there's a problem loading a plugin.
 
 # 4.21.1
 
-* Configure trust to the new certificate in `conjur init`, before attempting to contact the Conjur server
+* Configure trust to the new certificate in `conjur init`, before attempting to contact the Conjur server.
 
 # 4.21.0
 
-* Use user cache dir for mimetype cache
-* Retrieve the whole certificate chain on conjur init
+* Use user cache dir for mimetype cache.
+* Retrieve the whole certificate chain on conjur init.
 
 # 4.20.1
 
-* Improve the error reporting
+* Improve the error reporting.
 
 # 4.20.0
 
-* GID manipulation commands
+* GID manipulation commands.
 
 # 4.19.0
 
-* Add command `conjur role graph` for batch retrieval of role relationships
+* Add command `conjur role graph` for batch retrieval of role relationships.
 
 # 4.18.5
 

data/lib/conjur/command/bootstrap.rb

@@ -57,25 +57,37 @@ class Conjur::Command::Bootstrap < Conjur::Command
     end
     security_admin = api.group("security_admin")
     memberships = user.role.memberships.map(&:roleid) if user
-    begin
-      # The user exists
-      # The security_admin group exists
-      # The user has a role which is admin of the security_admin role
-      # The user has the role which owns the security_admin resource
-      user && 
-        security_admin.exists? && 
-        security_admin.role.members.find{|m| memberships.member?(m.member.roleid) && m.admin_option} &&
-        memberships.member?(security_admin.resource.ownerid)
-    rescue RestClient::Forbidden
+    
+    if user
+      if security_admin.exists?
+        begin
+          # The user has a role which is admin of the security_admin role
+          # The user has the role which owns the security_admin resource
+          security_admin.role.members.find{|m| memberships.member?(m.member.roleid) && m.admin_option} &&
+            memberships.member?(security_admin.resource.ownerid)
+        rescue RestClient::Forbidden
+          false
+        end
+      else
+        user.login == "admin"
+      end
+    else
       false
     end
   end
 
   Conjur::CLI.command :bootstrap do |c|
+    c.desc "Don't perform up-front checks to see if you are sufficiently privileged to run this command."
+    c.switch [:f, :force]
+        
     c.action do |global_options,options,args|
       require 'highline/import'
+      
+      # Ensure there's a logged in user
+      Conjur::Authn.connect
 
-      exit_now! "You must be an administrator to bootstrap Conjur" unless security_admin_manager?(api)
+      force = options[:force]
+      exit_now! "You must be an administrator to bootstrap Conjur" unless force || security_admin_manager?(api)
         
       if (security_admin = api.group("security_admin")).exists?
         puts "Group 'security_admin' exists"

data/lib/conjur/command/users.rb

@@ -73,7 +73,6 @@ class Conjur::Command::Users < Conjur::Command
         user_options[:password] = password if password
         user = api.create_user(login, user_options)
 
-        puts "User created"
         display user
         
         if interactive

data/lib/conjur/version.rb

@@ -19,6 +19,6 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 module Conjur
-  VERSION = "4.25.0"
+  VERSION = "4.25.1"
   ::Version=VERSION
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 4.25.0
+  version: 4.25.1
 platform: ruby
 authors:
 - Rafal Rzepecki
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-30 00:00:00.000000000 Z
+date: 2015-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport