conjur-cli 4.4.0 → 4.5.0

data/features/support/hooks.rb

@@ -18,11 +18,11 @@ class MockAPI
     else
       id = SecureRandom.uuid
     end
-    host ||= create_thing(:host, id, options, role: true)
+    host ||= create_thing(:host, id, options, role: true, api_key: true)
   end
   
   def create_user(id, options = {})
-    thing(:user, id) || create_thing(:user, id, options, role: true)
+    thing(:user, id) || create_thing(:user, id, options, role: true, api_key: true)
   end
   
   def create_variable(mime_type, kind)
@@ -70,6 +70,9 @@ class MockAPI
       end
     end
     
+    if kind_options[:api_key]
+      thing.api_key = SecureRandom.uuid
+    end
     if kind_options[:role]
       thing.roleid = id
       class << thing

data/lib/conjur/audit/follower.rb

@@ -0,0 +1,52 @@
+module Conjur
+  module Audit
+    class Follower
+      # Initialize a follower that will fetch more records by 
+      # calling :block: with options to merge into the options passed
+      # to the audit method (eg, limit, offset)
+      def initialize &block
+        @fetch = block
+      end
+      
+      # Follow audit events, yielding non-empty 
+      # arrays of new events to :block: as they 
+      # are fetched.
+      def follow &block
+        @last_event_id = nil
+        
+        loop do
+          new_events = fetch_new_events
+          block.call new_events unless new_events.empty?
+          sleep 1 if new_events.empty?
+        end
+      end
+      
+      protected
+      
+      # Fetch all events after @last_event_id, updating it 
+      # to point to the last event returned by this method. 
+      # May return an empty array if no new events are available.
+      def fetch_new_events
+        # If @last_event_id is nil just fetch and return the 
+        # most recent events, updating @last_event_id
+        if @last_event_id.nil?
+          events = @fetch.call(offset: 0)
+          @last_event_id = events.last['event_id'] unless events.empty?
+          return events
+        end
+        
+        # We have a @last_event_id, fetch batches of events until we 
+        # find it.
+        events = []
+        while (index = events.find_index{|e| e['event_id'] == @last_event_id}).nil?
+          events = @fetch.call(offset: events.length - 1, limit: 10).reverse.concat events
+        end
+        
+        # Update @last_event_id and return the sliced events, reversing it one
+        # last time (because the block given to follow expects events to be reversed)
+        @last_event_id = events.last['event_id'] unless events.empty?
+        events[index + 1..-1].reverse
+      end
+    end
+  end
+end

data/lib/conjur/authn.rb

@@ -43,7 +43,11 @@ module Conjur::Authn
     end
     
     def netrc
-      @netrc ||= Netrc.read
+      args = []
+      if path = Conjur::Config[:netrc_path]
+        args.unshift(path)
+      end
+      @netrc ||= Netrc.read(*args)
     end
     
     def get_credentials(options = {})

data/lib/conjur/command/audit.rb

@@ -1,5 +1,6 @@
 require 'conjur/command'
 require 'active_support/ordered_hash'
+require 'conjur/audit/follower'
 
 class Conjur::Command
   class Audit < self
@@ -7,6 +8,40 @@ class Conjur::Command
     
     class << self
       private
+      SHORT_FORMATS = {
+        'resource:check' => lambda{|e| "checked that they can #{e[:privilege]} #{e[:resource]} (#{e[:allowed]})" },
+        'resource:create' => lambda{|e| "created resource #{e[:resource_id]} owned by #{e[:owner]}" },
+        'resource:update' => lambda{|e| "gave #{e[:resource]} to #{e[:owner]}" },
+        'resource:destroy' => lambda{|e| "destroyed resource #{e[:resource]}" },
+        'resource:permit' => lambda{|e| "permitted #{e[:grantee]} to #{e[:privilege]} #{e[:resource]} (grant option: #{!!e[:grant_option]})" },
+        'resource:deny' => lambda{|e| "denied #{e[:privilege]} from #{e[:grantee]} on #{e[:resource]}" },
+        'resource:permitted_roles' => lambda{|e| "listed roles permitted to #{e[:permission]} on #{e[:resource]}" },
+        'role:check' => lambda{|e| "checked that #{e[:role] == e[:conjur_user] ? 'they' : e[:role]} can #{e[:privilege]} #{e[:resource]} (#{e[:allowed]})" },
+        'role:grant' => lambda{|e| "granted role #{e[:role]} to #{e[:member]} #{e[:admin_option] ? ' with ' : ' without '}admin" },
+        'role:revoke' => lambda{|e| "revoked role #{e[:role]} from #{e[:member]}" },
+        'role:create' => lambda{|e| "created role #{e[:role_id]}" }
+      }
+      
+      
+      def short_event_format e
+        e.symbolize_keys!
+        # hack: sometimes resource is a hash.  We don't want that!
+        if e[:resource] && e[:resource].kind_of?(Hash)
+          e[:resource] = e[:resource]['id']
+        end
+        s = "[#{Time.at(e[:timestamp])}] "
+        s << " #{e[:conjur_user]}"
+        s << " (as #{e[:conjur_role]})" if e[:conjur_role] != e[:conjur_user]
+        formatter = SHORT_FORMATS["#{e[:asset]}:#{e[:action]}"]
+        if formatter
+          s << " " << formatter.call(e)
+        else
+          s << " unknown event: #{e[:asset]}:#{e[:action]}!"
+        end
+        s << " (failed with #{e[:error]})" if e[:error]
+        s
+      end
+      
       def extract_int_option(source, name, dest=nil)
         if val = source[name]
           raise "Expected an integer for #{name}, but got #{val}" unless /\d+/ =~ val
@@ -15,15 +50,24 @@ class Conjur::Command
       end
       
       def extract_audit_options options
-        {}.tap do |opts|
-          [:limit, :offset].each do |name|
-            extract_int_option(options, name, opts)
-          end
+        # Do a little song and dance to simplify testing
+        extracted = options.slice :follow, :short
+        [:limit, :offset].each do |name|
+            extract_int_option(options, name, extracted)
         end
+        if extracted[:follow] && extracted[:offset]
+            exit_now! "--offset option not allowed for --follow", 1
+        end
+        extracted
       end
       
-      def show_audit_events events
-        puts JSON.pretty_generate(events)
+      def show_audit_events events, options
+        events.reverse!
+        if options[:short]
+          events.each{|e| puts short_event_format(e)}
+        else
+          puts JSON.pretty_generate(events)
+        end
       end
 
       def audit_feed_command kind, &block
@@ -34,9 +78,23 @@ class Conjur::Command
           c.desc "Offset of the first event to return"
           c.flag [:o, :offset]
 
+          c.desc "Short output format"
+          c.switch [:s, :short]
+          
+          c.desc "Follow events as they are generated"
+          c.switch [:f, :follow]
+          
           c.action do |global_options, options, args|
-            opts = extract_audit_options options
-            show_audit_events instance_exec(args, opts, &block)
+            options = extract_audit_options options
+            if options[:follow]
+              Conjur::Audit::Follower.new do |merge_options|
+                instance_exec(args, options.merge(merge_options), &block)
+              end.follow do |events|
+                show_audit_events events, options
+              end
+            else
+              show_audit_events instance_exec(args, options, &block), options
+            end
           end
         end
       end

data/lib/conjur/dsl/runner.rb

@@ -93,8 +93,10 @@ module Conjur
 
       def create_variable id = nil, options = {}, &block
         options[:id] = id if id
-        mime_type = options.delete(:mime_type)
-        kind = options.delete(:kind)
+        mime_type = options.delete(:mime_type) || 'text/plain'
+        kind = options.delete(:kind) || 'secret'
+        var = api.create_variable(mime_type, kind, options)
+        do_object var, &block
       end
       
       def owns

data/lib/conjur/version.rb

@@ -19,5 +19,5 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 module Conjur
-  VERSION = "4.4.0"
+  VERSION = "4.5.0"
 end

data/spec/audit/follower_spec.rb

@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe Conjur::Audit::Follower do
+  
+end

data/spec/authn_spec.rb

@@ -0,0 +1,28 @@
+require 'conjur/authn'
+require 'conjur/config'
+
+describe Conjur::Authn do
+  describe "netrc" do
+    before {
+      Conjur::Authn.instance_variable_set("@netrc", nil)
+      Conjur::Config.should_receive(:[]).with(:netrc_path).and_return path
+    }
+    after {
+      Conjur::Authn.instance_variable_set("@netrc", nil)
+    }
+    context "with specified netrc_path" do
+      let(:path) { double("path") }
+      it "consults Conjur::Config for netrc_path" do
+        Netrc.should_receive(:read).with(path).and_return netrc = double("netrc")
+        Conjur::Authn.netrc.should == netrc
+      end
+    end
+    context "without specified netrc_path" do
+      let(:path) { nil }
+      it "uses default netrc path" do
+        Netrc.should_receive(:read).with().and_return netrc = double("netrc")
+        Conjur::Authn.netrc.should == netrc
+      end
+    end
+  end
+end

data/spec/command/audit_spec.rb

@@ -5,7 +5,7 @@ describe Conjur::Command::Audit, logged_in: true do
 
   def expect_api_call method, *args
     api.should_receive(method.to_sym).with(*args).and_return events
-    described_class.should_receive(:show_audit_events).with(events)
+    described_class.should_receive(:show_audit_events).with(events, an_instance_of(Hash))
   end
 
   def invoke_expecting_api_call method, *args

metadata

@@ -1,7 +1,8 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 4.4.0
+  version: 4.5.0
+  prerelease: 
 platform: ruby
 authors:
 - Rafał Rzepecki
@@ -9,151 +10,172 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-12-24 00:00:00.000000000 Z
+date: 2014-01-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: conjur-api
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '4.0'
 - !ruby/object:Gem::Dependency
   name: gli
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: highline
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: netrc
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: methadone
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: deep_merge
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: cas_rest_client
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: aruba
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: ci_reporter
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -161,6 +183,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -168,6 +191,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -175,6 +199,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -212,6 +237,7 @@ files:
 - features/support/env.rb
 - features/support/hooks.rb
 - lib/conjur.rb
+- lib/conjur/audit/follower.rb
 - lib/conjur/authn.rb
 - lib/conjur/cli.rb
 - lib/conjur/command.rb
@@ -236,6 +262,8 @@ files:
 - lib/conjur/dsl/runner.rb
 - lib/conjur/identifier_manipulation.rb
 - lib/conjur/version.rb
+- spec/audit/follower_spec.rb
+- spec/authn_spec.rb
 - spec/command/assets_spec.rb
 - spec/command/audit_spec.rb
 - spec/command/authn_spec.rb
@@ -251,26 +279,33 @@ files:
 homepage: https://github.com/inscitiv/cli-ruby
 licenses:
 - MIT
-metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: 1871278325472077316
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: 1871278325472077316
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 1.8.25
 signing_key: 
-specification_version: 4
+specification_version: 3
 summary: Conjur command line interface
 test_files:
 - features/dsl_context.feature
@@ -284,6 +319,8 @@ test_files:
 - features/step_definitions/dsl_steps.rb
 - features/support/env.rb
 - features/support/hooks.rb
+- spec/audit/follower_spec.rb
+- spec/authn_spec.rb
 - spec/command/assets_spec.rb
 - spec/command/audit_spec.rb
 - spec/command/authn_spec.rb

checksums.yaml

@@ -1,7 +0,0 @@
----
-SHA1:
-  metadata.gz: 873f90a23b9e22be41441f80c9086f5c005137fe
-  data.tar.gz: 7c6d8a46e66a871415dc3085bc28ef6551c30289
-SHA512:
-  metadata.gz: efe1fdb784cd353cbf45d0b60ab4744bc5bdd83c9ee333257e4ca0515b4e486426edd03645a125b349443729c241a18e42966adb773fd11b9ab533a9eab56a01
-  data.tar.gz: 5bec66f78fdccf45d679b2f58a8f4c7cec8e2a65d2bafe116b8e266832b9590fc6c50200278b806b22847664a41a53a03bdd601107bb9fc6a47f74630ac87664