conjur-cli 4.5.1 → 4.6.1

data/conjur.gemspec

@@ -5,7 +5,7 @@ Gem::Specification.new do |gem|
   gem.authors       = ["Rafa\305\202 Rzepecki", "Kevin Gilpin"]
   gem.email         = ["divided.mind@gmail.com", "kgilpin@conjur.net",]
   gem.summary       = %q{Conjur command line interface}
-  gem.homepage      = "https://github.com/inscitiv/cli-ruby"
+  gem.homepage      = "https://github.com/conjurinc/cli-ruby"
   gem.license       = 'MIT'
 
   gem.files         = `git ls-files`.split($\) + Dir['build_number']
@@ -16,7 +16,7 @@ Gem::Specification.new do |gem|
   gem.version       = Conjur::VERSION
   
   gem.add_dependency 'conjur-api', '>=4.0'
-  gem.add_dependency 'gli'
+  gem.add_dependency 'gli', '>=2.8.0'
   gem.add_dependency 'highline'
   gem.add_dependency 'netrc'
   gem.add_dependency 'methadone'

data/lib/conjur/cli.rb

@@ -51,6 +51,10 @@ module Conjur
     commands_from 'conjur/command'
 
     pre do |global,command,options,args|
+
+      if command.name_for_help.first == "init" and options.has_key?("account") 
+        ENV["CONJUR_ACCOUNT"]=options["account"]
+      end
       apply_config
 
       require 'active_support/core_ext'

data/lib/conjur/command/init.rb

@@ -0,0 +1,101 @@
+#
+# Copyright (C) 2014 Conjur Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+require 'conjur/command'
+
+class Conjur::Command::Init < Conjur::Command
+  desc "Initialize the Conjur configuration"
+
+  def self.write_file(filename, force, &block)
+    if File.exists?(filename)
+      unless force
+        hl = HighLine.new $stdin, $stderr
+        force = true if hl.ask("File #{filename} exists. Overwrite (yes/no): ").strip == "yes"
+      end
+      exit_now! "Not overwriting #{filename}" unless force
+    end
+    File.open(filename, 'w') do |f|
+      yield f
+    end
+  end
+
+  Conjur::CLI.command :init do |c|
+    c.desc "Conjur account name (required)"
+    c.flag ["a", "account"]
+    
+    c.desc "Hostname of the Conjur endpoint (required for virtual appliance)"
+    c.flag ["h", "hostname"]
+
+    c.desc "Conjur SSL certificate (will be obtained from host unless provided in parameter)"
+    c.flag ["c", "certificate"]
+
+    c.desc "File to write the configuration to"
+    c.default_value File.join(ENV['HOME'], '.conjurrc')
+    c.flag ["f","file"]
+    
+    c.desc "Force overwrite of existing files"
+    c.flag "force"
+    
+    c.action do |global_options,options,args|
+      hl = HighLine.new $stdin, $stderr
+
+      account = options[:account] || hl.ask("Enter your account name: ")
+      hostname = options[:hostname] || hl.ask("Enter the hostname of your Conjur endpoint: ")
+      
+      if (certificate = options[:certificate]).blank?
+        unless hostname.blank?
+          certificate = `echo | openssl s_client -connect #{hostname}:443  2>/dev/null | openssl x509 -fingerprint`
+          exit_now! "Unable to retrieve certificate from #{hostname}" if certificate.blank?
+          
+          lines = certificate.split("\n")
+          fingerprint = lines[0]
+          certificate = lines[1..-1].join("\n")
+          
+          puts fingerprint
+
+          exit_now! unless hl.ask("Trust this certificate (yes/no): ").strip == "yes"
+        end
+      end
+      
+      exit_now! "account is required" if account.blank?
+      
+      config = {
+        account: account,
+        plugins: %w(environment layer key-pair pubkeys)
+      }
+      
+      config[:appliance_url] = "https://#{hostname}/api" unless hostname.blank?
+      
+      unless certificate.blank?
+        cert_file = File.join(File.dirname(options[:file]), "conjur-#{account}.pem")
+        config[:cert_file] = cert_file
+        write_file(cert_file, options[:force]) do |f|
+          f.puts certificate
+        end
+        puts "Wrote certificate to #{cert_file}"
+      end
+      
+      write_file(options[:file], options[:force]) do |f|
+        f.puts YAML.dump(config.stringify_keys)
+      end
+      puts "Wrote configuration to #{options[:file]}"
+    end
+  end
+end

data/lib/conjur/config.rb

@@ -25,14 +25,26 @@ module Conjur
     @@attributes = {}
     
     class << self
-      def load
+      def clear
+        @@attributes = {}
+      end
+      
+      def default_config_files
+        [ File.join("/etc", "conjur.conf"), ( ENV['CONJURRC'] || File.join(ENV['HOME'], ".conjurrc") ), '.conjurrc' ]
+      end
+      
+      def load(config_files = default_config_files)
         require 'yaml'
-        [ File.join("/etc", "conjur.conf"), ( ENV['CONJURRC'] || File.join(ENV['HOME'], ".conjurrc") ), '.conjurrc' ].each do |f|
-          if File.exists?(f)
+        config_files.each do |f|
+          if File.file?(f)
             if Conjur.log
               Conjur.log << "Loading #{f}\n"
             end
-            Conjur::Config.merge YAML.load(IO.read(f))
+            config = YAML.load(IO.read(f)).stringify_keys rescue {}
+            if config['cert_file']
+              config['cert_file'] = File.expand_path(config['cert_file'], File.dirname(f))
+            end
+            Conjur::Config.merge config
           end
         end
       end
@@ -48,6 +60,10 @@ module Conjur
         if Conjur.log
           Conjur.log << "Using authn host #{Conjur::Authn::API.host}\n"
         end
+        if Config[:cert_file]
+          OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.add_file Config[:cert_file]
+          #OpenSSL::X509::Store.add_file Config[:cert_file]
+        end
       end
       
       def inspect
@@ -77,4 +93,4 @@ module Conjur
       end
     end
   end
-end
+end

data/lib/conjur/dsl/runner.rb

@@ -158,7 +158,7 @@ module Conjur
       
       def do_object obj, &block
         begin
-          api_keys[obj.resourceid] = obj.api_key if obj.api_key 
+          api_keys[obj.roleid] = obj.api_key if obj.api_key 
         rescue
         end
         

data/lib/conjur/version.rb

@@ -19,5 +19,5 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 module Conjur
-  VERSION = "4.5.1"
+  VERSION = "4.6.1"
 end

data/spec/command/init_spec.rb

@@ -0,0 +1,56 @@
+require 'spec_helper'
+
+tmpdir = Dir.mktmpdir
+
+describe Conjur::Command::Init do
+  context logged_in: false do
+    before {
+      File.stub(:exists?).and_return false
+    }
+    describe_command 'init -a the-account' do
+      it "writes config file" do
+        # Stub hostname
+        HighLine.any_instance.stub(:ask).and_return ""
+        File.should_receive(:open)
+        invoke
+      end
+    end
+    describe_command 'init -a the-account -h foobar' do
+      it "can't get the cert" do
+        expect { invoke }.to raise_error(GLI::CustomExit, /unable to retrieve certificate/i)
+      end
+    end
+    describe_command 'init -a the-account -h google.com' do
+      it "writes the config and cert" do
+        HighLine.any_instance.stub(:ask).and_return "yes"
+        File.should_receive(:open).twice
+        invoke
+      end
+    end
+    describe_command 'init -a the-account -h localhost -c the-cert' do
+      it "writes config and cert files" do
+        File.should_receive(:open).twice
+        invoke
+      end
+    end
+    context "in a temp dir" do
+      describe_command "init -f #{tmpdir}/.conjurrc -a the-account -h localhost -c the-cert" do
+        it "writes config and cert files" do
+          invoke
+          
+          File.read(File.join(tmpdir, ".conjurrc")).should == """---
+account: the-account
+plugins:
+- environment
+- layer
+- key-pair
+- pubkeys
+appliance_url: https://localhost/api
+cert_file: #{tmpdir}/conjur-the-account.pem
+"""
+          File.read(File.join(tmpdir, "conjur-the-account.pem")).should == "the-cert\n"
+        end
+      end
+    end
+  end
+end

data/spec/config_spec.rb

@@ -0,0 +1,23 @@
+require 'conjur/authn'
+require 'conjur/config'
+
+describe Conjur::Config do
+  after {
+    Conjur::Config.clear
+  }
+  describe "#load" do
+    it "resolves the cert_file" do
+      Conjur::Config.load([ File.expand_path('conjurrc', File.dirname(__FILE__)) ])
+      
+      Conjur::Config[:cert_file].should == File.expand_path('conjur-ci.pem', File.dirname(__FILE__))
+    end
+  end
+  describe "#apply" do
+    let(:cert_file) { "/path/to/cert.pem" }
+    it "trusts the cert_file" do
+      Conjur::Config.class_variable_set("@@attributes", { 'cert_file' => cert_file })
+      OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.should_receive(:add_file).with cert_file  
+      Conjur::Config.apply
+    end
+  end
+end

data/spec/conjurrc

@@ -0,0 +1 @@
+cert_file: ./conjur-ci.pem

data/spec/dsl/runner_spec.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+require 'conjur/dsl/runner'
+
+describe Conjur::DSL::Runner, logged_in: true do
+  let(:filename) { nil }
+  let(:runner) { Conjur::DSL::Runner.new script, filename }
+  let(:script) { "user 'alice'" }
+  before {
+    Conjur.stub(:account).and_return "the-account"
+    runner.stub(:api).and_return api
+  }
+  it "should store the api_key in the context keyed by roleid" do
+    user = Conjur::User.new("alice")
+    user.attributes = { "api_key" => "the-api-key" }
+    
+    api.should_receive(:user).with("alice").and_return double("alice-exists", exists?: false)
+    api.should_receive(:create_user).with(id: "alice").and_return user
+    
+    runner.execute
+    
+    runner.context['api_keys'].should == {
+      "the-account:user:alice" => "the-api-key"
+    }
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 4.5.1
+  version: 4.6.1
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-01-15 00:00:00.000000000 Z
+date: 2014-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: conjur-api
@@ -35,7 +35,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.8.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -43,7 +43,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.8.0
 - !ruby/object:Gem::Dependency
   name: highline
   requirement: !ruby/object:Gem::Requirement
@@ -248,6 +248,7 @@ files:
 - lib/conjur/command/groups.rb
 - lib/conjur/command/hosts.rb
 - lib/conjur/command/ids.rb
+- lib/conjur/command/init.rb
 - lib/conjur/command/resources.rb
 - lib/conjur/command/roles.rb
 - lib/conjur/command/rspec/describe_command.rb
@@ -269,14 +270,18 @@ files:
 - spec/command/authn_spec.rb
 - spec/command/groups_spec.rb
 - spec/command/hosts_spec.rb
+- spec/command/init_spec.rb
 - spec/command/resources_spec.rb
 - spec/command/roles_spec.rb
 - spec/command/users_spec.rb
 - spec/command/variables_spec.rb
 - spec/command_spec.rb
+- spec/config_spec.rb
+- spec/conjurrc
+- spec/dsl/runner_spec.rb
 - spec/spec_helper.rb
 - update_ci.sh
-homepage: https://github.com/inscitiv/cli-ruby
+homepage: https://github.com/conjurinc/cli-ruby
 licenses:
 - MIT
 post_install_message: 
@@ -289,18 +294,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 2904609356239992395
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 2904609356239992395
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.25
@@ -326,9 +325,13 @@ test_files:
 - spec/command/authn_spec.rb
 - spec/command/groups_spec.rb
 - spec/command/hosts_spec.rb
+- spec/command/init_spec.rb
 - spec/command/resources_spec.rb
 - spec/command/roles_spec.rb
 - spec/command/users_spec.rb
 - spec/command/variables_spec.rb
 - spec/command_spec.rb
+- spec/config_spec.rb
+- spec/conjurrc
+- spec/dsl/runner_spec.rb
 - spec/spec_helper.rb