conjur-cli 4.28.1 → 4.28.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1fa1d02d354078c3b74ddc346be49d07e84681c6
-  data.tar.gz: 1e65f0dddc2fb55dcae4afcf0cce470a89671dda
+  metadata.gz: 840c544d5183fcf90aa59bf7a42e6cf690607c0d
+  data.tar.gz: 20a2f241ec1acc83f84623faa9ea97c60803960a
 SHA512:
-  metadata.gz: 9a30df7c0d8e0a9bd82002f9e00a43c96cb9adf054a417b4b2b1c190bede3e50799930f645cb0f34e75ac34bb1111ec4d02afdd8b0ab4088b77fcbe8bd7740dc
-  data.tar.gz: d9bea26c97e7d92700e0082df19f04e43a2e9d1353537c5d9bf3e9172ff0b1d4877b7512f033cc0b92d3772d0fde3e86fdd521d343aa92bf4db43f3452be5ab4
+  metadata.gz: de5e19dcd506890c7e27276a58a5f89f00af5f8e1bb9b40cd865ba9087b41fc866995b0348d068bd3532603992323b89ee78cdd23ea0e810897540544f2a07df
+  data.tar.gz: 065b00d3f9ec129e5cbd2906a213ab44735456b19d0936e7417afa597c75e33034063dd20fd32cc7c3b8bb86aba635a20036ebf77c414745c1fe858d5fd7bd87

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+# 4.28.2
+* `--collection` is now optional (with no default) for both `conjur script execute` and `conjur policy load`.
+
 # 4.28.1
 * Add `--collection` option for `conjur script execute`. Scripts are now portable across environments, like policies.
 

data/jenkins.sh

@@ -0,0 +1,5 @@
+#!/bin/bash -e
+
+bundle update
+bundle exec rake jenkins
+bundle exec rake build

data/lib/conjur/command.rb

@@ -79,6 +79,18 @@ module Conjur
         command.arg_name 'ROLE'
         command.flag [:'as-role']
       end
+
+      def collection_option command
+        command.desc 'An optional prefix for created roles and resources'
+        command.arg_name 'collection'
+        command.flag [:collection]
+      end
+
+      def context_option command
+        command.desc "Load context from this config file, and save it when finished. The file permissions will be 0600 by default."
+        command.arg_name "FILE"
+        command.flag [:c, :context]
+      end
       
       def interactive_option command
         command.arg_name 'interactive'

data/lib/conjur/command/policy.rb

@@ -20,39 +20,17 @@
 #
 require 'conjur/command/dsl_command'
 
-require 'etc'
-require 'socket'
-
 class Conjur::Command::Policy < Conjur::DSLCommand
-  class << self
-    def default_collection_user
-      # More accurate than Etc.getlogin
-      Etc.getpwuid(Process.uid).name
-    end
-    
-    def default_collection_hostname
-      Socket.gethostname
-    end
-  
-    def default_collection_name
-      [ default_collection_user, default_collection_hostname ].join('@')
-    end
-  end
-
   desc "Manage policies"
   command :policy do |policy|
     policy.desc "Load a policy from Conjur DSL"
     policy.long_desc <<-DESC
-This method is EXPERIMENTAL and subject to change
-
 Loads a Conjur policy from DSL, applying particular conventions to the role and resource
 ids.
 
-The first path element of each id is the collection. Policies are separated into collections
-according to software development lifecycle. The default collection for a policy is $USER@$HOSTNAME,
-in other words, the username and hostname on which the policy is created. This is appropriate for
-policy development and local testing. Once tested, policies can be created in more official
-environments such as ci, stage, and production.
+The first path element of each id is the collection. Policies can be separated into collections
+according to software development lifecycle. This allows you to migrate the same policy across environments.
+Often-used collection names: ci, stage, and production.
 
 The second path element of each id is the policy name and version, following the convention
 policy-x.y.z, where x, y, and z are the semantic version of the policy.
@@ -65,21 +43,19 @@ owner of the policy role is the logged-in user (you), as always.
     policy.arg_name "FILE"
     policy.command :load do |c|
       acting_as_option(c)
-
-      c.desc "Policy collection, defaulting to $USER@$HOSTNAME"
-      c.arg_name "collection"
-      c.flag [:collection]
-
-      c.desc "Load context from this config file, and save it when finished. The file permissions will be 0600 by default."
-      c.arg_name "FILE"
-      c.flag [:c, :context]
-
-      c.action do |global_options,options,args|
-        collection = options[:collection] || default_collection_name
-
-        run_script args, options do |runner, &block|
-          runner.scope collection do
-            block.call
+      collection_option(c)
+      context_option(c)
+
+      c.action do |_, options, args|
+        collection = options[:collection]
+
+        if collection.nil?
+          run_script args, options
+        else
+          run_script args, options do |runner, &block|
+            runner.scope collection do
+              block.call
+            end
           end
         end
       end

data/lib/conjur/command/script.rb

@@ -20,48 +20,26 @@
 #
 require 'conjur/command/dsl_command'
 
-require 'etc'
-require 'socket'
-
 class Conjur::Command::Script < Conjur::DSLCommand
-  class << self
-    def default_collection_user
-      # More accurate than Etc.getlogin
-      Etc.getpwuid(Process.uid).name
-    end
-
-    def default_collection_hostname
-      Socket.gethostname
-    end
-
-    def default_collection_name
-      [ default_collection_user, default_collection_hostname ].join('@')
-    end
-  end
-
   desc "Execute Conjur DSL scripts"
   command :script do |script|
     script.desc "Run a Conjur DSL script"
     script.arg_name "script"
     script.command :execute do |c|
       acting_as_option(c)
-
-      c.desc "Script collection (target environment)"
-      c.arg_name "collection"
-      c.default_value default_collection_name
-      c.flag [:collection]
-
-
-      c.desc "Load context from this config file, and save it when finished. The file permissions will be 0600 by default."
-      c.arg_name "FILE"
-      c.flag [:c, :context]
-
-      c.action do |global_options,options,args|
-        collection = options[:collection] || default_collection_name
-
-        run_script args, options do |runner, &block|
-          runner.scope collection do
-            block.call
+      collection_option(c)
+      context_option(c)
+
+      c.action do |_, options, args|
+        collection = options[:collection]
+
+        if collection.nil?
+          run_script args, options
+        else
+          run_script args, options do |runner, &block|
+            runner.scope collection do
+              block.call
+            end
           end
         end
       end

data/lib/conjur/version.rb

@@ -19,6 +19,6 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 module Conjur
-  VERSION = "4.28.1"
+  VERSION = "4.28.2"
   ::Version=VERSION
 end

data/spec/command/policy_spec.rb

@@ -2,18 +2,6 @@ require 'spec_helper'
 require 'conjur/dsl/runner'
 
 describe Conjur::Command::Policy do
-  describe ".default_collection_user" do
-    it "returns the current username" do
-      expect(Conjur::Command::Policy.default_collection_user).to eq(`whoami`.strip)
-    end
-  end
-
-  describe ".default_collection_hostname" do
-    it "returns the current hostname" do
-      expect(Conjur::Command::Policy.default_collection_hostname).to eq(`hostname`.strip)
-    end
-  end
-
   context "when logged in", logged_in: true do
     let(:role) do
       double("role", exists?: true, api_key: "the-api-key", roleid: "the-role")

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 4.28.1
+  version: 4.28.2
 platform: ruby
 authors:
 - Rafal Rzepecki
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-11-24 00:00:00.000000000 Z
+date: 2015-12-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -377,6 +377,7 @@ files:
 - features/support/hooks.rb
 - features/support/host.json
 - features/support/world.rb
+- jenkins.sh
 - lib/conjur.rb
 - lib/conjur/audit/follower.rb
 - lib/conjur/authn.rb