conjur-cli 4.5.1 → 4.6.1
Sign up to get free protection for your applications and to get access to all the features.
- data/conjur.gemspec +2 -2
- data/lib/conjur/cli.rb +4 -0
- data/lib/conjur/command/init.rb +101 -0
- data/lib/conjur/config.rb +21 -5
- data/lib/conjur/dsl/runner.rb +1 -1
- data/lib/conjur/version.rb +1 -1
- data/spec/command/init_spec.rb +56 -0
- data/spec/config_spec.rb +23 -0
- data/spec/conjurrc +1 -0
- data/spec/dsl/runner_spec.rb +25 -0
- metadata +14 -11
data/conjur.gemspec
CHANGED
@@ -5,7 +5,7 @@ Gem::Specification.new do |gem|
|
|
5
5
|
gem.authors = ["Rafa\305\202 Rzepecki", "Kevin Gilpin"]
|
6
6
|
gem.email = ["divided.mind@gmail.com", "kgilpin@conjur.net",]
|
7
7
|
gem.summary = %q{Conjur command line interface}
|
8
|
-
gem.homepage = "https://github.com/
|
8
|
+
gem.homepage = "https://github.com/conjurinc/cli-ruby"
|
9
9
|
gem.license = 'MIT'
|
10
10
|
|
11
11
|
gem.files = `git ls-files`.split($\) + Dir['build_number']
|
@@ -16,7 +16,7 @@ Gem::Specification.new do |gem|
|
|
16
16
|
gem.version = Conjur::VERSION
|
17
17
|
|
18
18
|
gem.add_dependency 'conjur-api', '>=4.0'
|
19
|
-
gem.add_dependency 'gli'
|
19
|
+
gem.add_dependency 'gli', '>=2.8.0'
|
20
20
|
gem.add_dependency 'highline'
|
21
21
|
gem.add_dependency 'netrc'
|
22
22
|
gem.add_dependency 'methadone'
|
data/lib/conjur/cli.rb
CHANGED
@@ -51,6 +51,10 @@ module Conjur
|
|
51
51
|
commands_from 'conjur/command'
|
52
52
|
|
53
53
|
pre do |global,command,options,args|
|
54
|
+
|
55
|
+
if command.name_for_help.first == "init" and options.has_key?("account")
|
56
|
+
ENV["CONJUR_ACCOUNT"]=options["account"]
|
57
|
+
end
|
54
58
|
apply_config
|
55
59
|
|
56
60
|
require 'active_support/core_ext'
|
@@ -0,0 +1,101 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (C) 2014 Conjur Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
5
|
+
# this software and associated documentation files (the "Software"), to deal in
|
6
|
+
# the Software without restriction, including without limitation the rights to
|
7
|
+
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
8
|
+
# the Software, and to permit persons to whom the Software is furnished to do so,
|
9
|
+
# subject to the following conditions:
|
10
|
+
#
|
11
|
+
# The above copyright notice and this permission notice shall be included in all
|
12
|
+
# copies or substantial portions of the Software.
|
13
|
+
#
|
14
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
15
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
16
|
+
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
17
|
+
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
+
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
19
|
+
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
20
|
+
#
|
21
|
+
require 'conjur/command'
|
22
|
+
|
23
|
+
class Conjur::Command::Init < Conjur::Command
|
24
|
+
desc "Initialize the Conjur configuration"
|
25
|
+
|
26
|
+
def self.write_file(filename, force, &block)
|
27
|
+
if File.exists?(filename)
|
28
|
+
unless force
|
29
|
+
hl = HighLine.new $stdin, $stderr
|
30
|
+
force = true if hl.ask("File #{filename} exists. Overwrite (yes/no): ").strip == "yes"
|
31
|
+
end
|
32
|
+
exit_now! "Not overwriting #{filename}" unless force
|
33
|
+
end
|
34
|
+
File.open(filename, 'w') do |f|
|
35
|
+
yield f
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
Conjur::CLI.command :init do |c|
|
40
|
+
c.desc "Conjur account name (required)"
|
41
|
+
c.flag ["a", "account"]
|
42
|
+
|
43
|
+
c.desc "Hostname of the Conjur endpoint (required for virtual appliance)"
|
44
|
+
c.flag ["h", "hostname"]
|
45
|
+
|
46
|
+
c.desc "Conjur SSL certificate (will be obtained from host unless provided in parameter)"
|
47
|
+
c.flag ["c", "certificate"]
|
48
|
+
|
49
|
+
c.desc "File to write the configuration to"
|
50
|
+
c.default_value File.join(ENV['HOME'], '.conjurrc')
|
51
|
+
c.flag ["f","file"]
|
52
|
+
|
53
|
+
c.desc "Force overwrite of existing files"
|
54
|
+
c.flag "force"
|
55
|
+
|
56
|
+
c.action do |global_options,options,args|
|
57
|
+
hl = HighLine.new $stdin, $stderr
|
58
|
+
|
59
|
+
account = options[:account] || hl.ask("Enter your account name: ")
|
60
|
+
hostname = options[:hostname] || hl.ask("Enter the hostname of your Conjur endpoint: ")
|
61
|
+
|
62
|
+
if (certificate = options[:certificate]).blank?
|
63
|
+
unless hostname.blank?
|
64
|
+
certificate = `echo | openssl s_client -connect #{hostname}:443 2>/dev/null | openssl x509 -fingerprint`
|
65
|
+
exit_now! "Unable to retrieve certificate from #{hostname}" if certificate.blank?
|
66
|
+
|
67
|
+
lines = certificate.split("\n")
|
68
|
+
fingerprint = lines[0]
|
69
|
+
certificate = lines[1..-1].join("\n")
|
70
|
+
|
71
|
+
puts fingerprint
|
72
|
+
|
73
|
+
exit_now! unless hl.ask("Trust this certificate (yes/no): ").strip == "yes"
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
exit_now! "account is required" if account.blank?
|
78
|
+
|
79
|
+
config = {
|
80
|
+
account: account,
|
81
|
+
plugins: %w(environment layer key-pair pubkeys)
|
82
|
+
}
|
83
|
+
|
84
|
+
config[:appliance_url] = "https://#{hostname}/api" unless hostname.blank?
|
85
|
+
|
86
|
+
unless certificate.blank?
|
87
|
+
cert_file = File.join(File.dirname(options[:file]), "conjur-#{account}.pem")
|
88
|
+
config[:cert_file] = cert_file
|
89
|
+
write_file(cert_file, options[:force]) do |f|
|
90
|
+
f.puts certificate
|
91
|
+
end
|
92
|
+
puts "Wrote certificate to #{cert_file}"
|
93
|
+
end
|
94
|
+
|
95
|
+
write_file(options[:file], options[:force]) do |f|
|
96
|
+
f.puts YAML.dump(config.stringify_keys)
|
97
|
+
end
|
98
|
+
puts "Wrote configuration to #{options[:file]}"
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
data/lib/conjur/config.rb
CHANGED
@@ -25,14 +25,26 @@ module Conjur
|
|
25
25
|
@@attributes = {}
|
26
26
|
|
27
27
|
class << self
|
28
|
-
def
|
28
|
+
def clear
|
29
|
+
@@attributes = {}
|
30
|
+
end
|
31
|
+
|
32
|
+
def default_config_files
|
33
|
+
[ File.join("/etc", "conjur.conf"), ( ENV['CONJURRC'] || File.join(ENV['HOME'], ".conjurrc") ), '.conjurrc' ]
|
34
|
+
end
|
35
|
+
|
36
|
+
def load(config_files = default_config_files)
|
29
37
|
require 'yaml'
|
30
|
-
|
31
|
-
if File.
|
38
|
+
config_files.each do |f|
|
39
|
+
if File.file?(f)
|
32
40
|
if Conjur.log
|
33
41
|
Conjur.log << "Loading #{f}\n"
|
34
42
|
end
|
35
|
-
|
43
|
+
config = YAML.load(IO.read(f)).stringify_keys rescue {}
|
44
|
+
if config['cert_file']
|
45
|
+
config['cert_file'] = File.expand_path(config['cert_file'], File.dirname(f))
|
46
|
+
end
|
47
|
+
Conjur::Config.merge config
|
36
48
|
end
|
37
49
|
end
|
38
50
|
end
|
@@ -48,6 +60,10 @@ module Conjur
|
|
48
60
|
if Conjur.log
|
49
61
|
Conjur.log << "Using authn host #{Conjur::Authn::API.host}\n"
|
50
62
|
end
|
63
|
+
if Config[:cert_file]
|
64
|
+
OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.add_file Config[:cert_file]
|
65
|
+
#OpenSSL::X509::Store.add_file Config[:cert_file]
|
66
|
+
end
|
51
67
|
end
|
52
68
|
|
53
69
|
def inspect
|
@@ -77,4 +93,4 @@ module Conjur
|
|
77
93
|
end
|
78
94
|
end
|
79
95
|
end
|
80
|
-
end
|
96
|
+
end
|
data/lib/conjur/dsl/runner.rb
CHANGED
data/lib/conjur/version.rb
CHANGED
@@ -0,0 +1,56 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
tmpdir = Dir.mktmpdir
|
4
|
+
|
5
|
+
describe Conjur::Command::Init do
|
6
|
+
context logged_in: false do
|
7
|
+
before {
|
8
|
+
File.stub(:exists?).and_return false
|
9
|
+
}
|
10
|
+
describe_command 'init -a the-account' do
|
11
|
+
it "writes config file" do
|
12
|
+
# Stub hostname
|
13
|
+
HighLine.any_instance.stub(:ask).and_return ""
|
14
|
+
File.should_receive(:open)
|
15
|
+
invoke
|
16
|
+
end
|
17
|
+
end
|
18
|
+
describe_command 'init -a the-account -h foobar' do
|
19
|
+
it "can't get the cert" do
|
20
|
+
expect { invoke }.to raise_error(GLI::CustomExit, /unable to retrieve certificate/i)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
describe_command 'init -a the-account -h google.com' do
|
24
|
+
it "writes the config and cert" do
|
25
|
+
HighLine.any_instance.stub(:ask).and_return "yes"
|
26
|
+
File.should_receive(:open).twice
|
27
|
+
invoke
|
28
|
+
end
|
29
|
+
end
|
30
|
+
describe_command 'init -a the-account -h localhost -c the-cert' do
|
31
|
+
it "writes config and cert files" do
|
32
|
+
File.should_receive(:open).twice
|
33
|
+
invoke
|
34
|
+
end
|
35
|
+
end
|
36
|
+
context "in a temp dir" do
|
37
|
+
describe_command "init -f #{tmpdir}/.conjurrc -a the-account -h localhost -c the-cert" do
|
38
|
+
it "writes config and cert files" do
|
39
|
+
invoke
|
40
|
+
|
41
|
+
File.read(File.join(tmpdir, ".conjurrc")).should == """---
|
42
|
+
account: the-account
|
43
|
+
plugins:
|
44
|
+
- environment
|
45
|
+
- layer
|
46
|
+
- key-pair
|
47
|
+
- pubkeys
|
48
|
+
appliance_url: https://localhost/api
|
49
|
+
cert_file: #{tmpdir}/conjur-the-account.pem
|
50
|
+
"""
|
51
|
+
File.read(File.join(tmpdir, "conjur-the-account.pem")).should == "the-cert\n"
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
data/spec/config_spec.rb
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
require 'conjur/authn'
|
2
|
+
require 'conjur/config'
|
3
|
+
|
4
|
+
describe Conjur::Config do
|
5
|
+
after {
|
6
|
+
Conjur::Config.clear
|
7
|
+
}
|
8
|
+
describe "#load" do
|
9
|
+
it "resolves the cert_file" do
|
10
|
+
Conjur::Config.load([ File.expand_path('conjurrc', File.dirname(__FILE__)) ])
|
11
|
+
|
12
|
+
Conjur::Config[:cert_file].should == File.expand_path('conjur-ci.pem', File.dirname(__FILE__))
|
13
|
+
end
|
14
|
+
end
|
15
|
+
describe "#apply" do
|
16
|
+
let(:cert_file) { "/path/to/cert.pem" }
|
17
|
+
it "trusts the cert_file" do
|
18
|
+
Conjur::Config.class_variable_set("@@attributes", { 'cert_file' => cert_file })
|
19
|
+
OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.should_receive(:add_file).with cert_file
|
20
|
+
Conjur::Config.apply
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
data/spec/conjurrc
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
cert_file: ./conjur-ci.pem
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'conjur/dsl/runner'
|
3
|
+
|
4
|
+
describe Conjur::DSL::Runner, logged_in: true do
|
5
|
+
let(:filename) { nil }
|
6
|
+
let(:runner) { Conjur::DSL::Runner.new script, filename }
|
7
|
+
let(:script) { "user 'alice'" }
|
8
|
+
before {
|
9
|
+
Conjur.stub(:account).and_return "the-account"
|
10
|
+
runner.stub(:api).and_return api
|
11
|
+
}
|
12
|
+
it "should store the api_key in the context keyed by roleid" do
|
13
|
+
user = Conjur::User.new("alice")
|
14
|
+
user.attributes = { "api_key" => "the-api-key" }
|
15
|
+
|
16
|
+
api.should_receive(:user).with("alice").and_return double("alice-exists", exists?: false)
|
17
|
+
api.should_receive(:create_user).with(id: "alice").and_return user
|
18
|
+
|
19
|
+
runner.execute
|
20
|
+
|
21
|
+
runner.context['api_keys'].should == {
|
22
|
+
"the-account:user:alice" => "the-api-key"
|
23
|
+
}
|
24
|
+
end
|
25
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-cli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.6.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2014-
|
13
|
+
date: 2014-03-03 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: conjur-api
|
@@ -35,7 +35,7 @@ dependencies:
|
|
35
35
|
requirements:
|
36
36
|
- - ! '>='
|
37
37
|
- !ruby/object:Gem::Version
|
38
|
-
version:
|
38
|
+
version: 2.8.0
|
39
39
|
type: :runtime
|
40
40
|
prerelease: false
|
41
41
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -43,7 +43,7 @@ dependencies:
|
|
43
43
|
requirements:
|
44
44
|
- - ! '>='
|
45
45
|
- !ruby/object:Gem::Version
|
46
|
-
version:
|
46
|
+
version: 2.8.0
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
48
|
name: highline
|
49
49
|
requirement: !ruby/object:Gem::Requirement
|
@@ -248,6 +248,7 @@ files:
|
|
248
248
|
- lib/conjur/command/groups.rb
|
249
249
|
- lib/conjur/command/hosts.rb
|
250
250
|
- lib/conjur/command/ids.rb
|
251
|
+
- lib/conjur/command/init.rb
|
251
252
|
- lib/conjur/command/resources.rb
|
252
253
|
- lib/conjur/command/roles.rb
|
253
254
|
- lib/conjur/command/rspec/describe_command.rb
|
@@ -269,14 +270,18 @@ files:
|
|
269
270
|
- spec/command/authn_spec.rb
|
270
271
|
- spec/command/groups_spec.rb
|
271
272
|
- spec/command/hosts_spec.rb
|
273
|
+
- spec/command/init_spec.rb
|
272
274
|
- spec/command/resources_spec.rb
|
273
275
|
- spec/command/roles_spec.rb
|
274
276
|
- spec/command/users_spec.rb
|
275
277
|
- spec/command/variables_spec.rb
|
276
278
|
- spec/command_spec.rb
|
279
|
+
- spec/config_spec.rb
|
280
|
+
- spec/conjurrc
|
281
|
+
- spec/dsl/runner_spec.rb
|
277
282
|
- spec/spec_helper.rb
|
278
283
|
- update_ci.sh
|
279
|
-
homepage: https://github.com/
|
284
|
+
homepage: https://github.com/conjurinc/cli-ruby
|
280
285
|
licenses:
|
281
286
|
- MIT
|
282
287
|
post_install_message:
|
@@ -289,18 +294,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
289
294
|
- - ! '>='
|
290
295
|
- !ruby/object:Gem::Version
|
291
296
|
version: '0'
|
292
|
-
segments:
|
293
|
-
- 0
|
294
|
-
hash: 2904609356239992395
|
295
297
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
296
298
|
none: false
|
297
299
|
requirements:
|
298
300
|
- - ! '>='
|
299
301
|
- !ruby/object:Gem::Version
|
300
302
|
version: '0'
|
301
|
-
segments:
|
302
|
-
- 0
|
303
|
-
hash: 2904609356239992395
|
304
303
|
requirements: []
|
305
304
|
rubyforge_project:
|
306
305
|
rubygems_version: 1.8.25
|
@@ -326,9 +325,13 @@ test_files:
|
|
326
325
|
- spec/command/authn_spec.rb
|
327
326
|
- spec/command/groups_spec.rb
|
328
327
|
- spec/command/hosts_spec.rb
|
328
|
+
- spec/command/init_spec.rb
|
329
329
|
- spec/command/resources_spec.rb
|
330
330
|
- spec/command/roles_spec.rb
|
331
331
|
- spec/command/users_spec.rb
|
332
332
|
- spec/command/variables_spec.rb
|
333
333
|
- spec/command_spec.rb
|
334
|
+
- spec/config_spec.rb
|
335
|
+
- spec/conjurrc
|
336
|
+
- spec/dsl/runner_spec.rb
|
334
337
|
- spec/spec_helper.rb
|