conjur-cli 4.7.0 → 4.7.1
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +1 -1
- data/conjur.gemspec +1 -1
- data/features/dsl_user_create.feature +3 -3
- data/lib/conjur/command/audit.rb +15 -23
- data/lib/conjur/command/init.rb +14 -4
- data/lib/conjur/version.rb +1 -1
- data/spec/command/audit_spec.rb +5 -22
- metadata +6 -7
- data/.tamr.rb.swp +0 -0
data/Gemfile
CHANGED
@@ -12,5 +12,5 @@ group :development do
|
|
12
12
|
gem 'conjur-asset-environment-api'
|
13
13
|
gem 'conjur-asset-key-pair-api'
|
14
14
|
gem 'conjur-asset-layer-api'
|
15
|
-
|
15
|
+
gem 'conjur-asset-ui-api', git: 'git@github.com:conjurinc/conjur-asset-ui', branch: 'new-audit'
|
16
16
|
end
|
data/conjur.gemspec
CHANGED
@@ -15,7 +15,7 @@ Gem::Specification.new do |gem|
|
|
15
15
|
gem.require_paths = ["lib"]
|
16
16
|
gem.version = Conjur::VERSION
|
17
17
|
|
18
|
-
gem.add_dependency 'conjur-api', '>=4.
|
18
|
+
gem.add_dependency 'conjur-api', '>=4.7.2'
|
19
19
|
gem.add_dependency 'gli', '>=2.8.0'
|
20
20
|
gem.add_dependency 'highline'
|
21
21
|
gem.add_dependency 'netrc'
|
@@ -10,14 +10,14 @@ namespace do
|
|
10
10
|
user "bob"
|
11
11
|
end
|
12
12
|
"""
|
13
|
-
Then the model should contain "user"
|
13
|
+
Then the model should contain "user" /^bob@/
|
14
14
|
|
15
15
|
Scenario: Namespace can be used as a no-arg method
|
16
16
|
When I run script:
|
17
17
|
"""
|
18
18
|
namespace "foobar" do
|
19
|
-
user "
|
19
|
+
user "bob"
|
20
20
|
end
|
21
21
|
"""
|
22
|
-
Then the model should contain "user" "foobar
|
22
|
+
Then the model should contain "user" "bob@foobar"
|
23
23
|
|
data/lib/conjur/command/audit.rb
CHANGED
@@ -29,10 +29,10 @@ class Conjur::Command
|
|
29
29
|
if e[:resource] && e[:resource].kind_of?(Hash)
|
30
30
|
e[:resource] = e[:resource]['id']
|
31
31
|
end
|
32
|
-
s = "[#{Time.
|
32
|
+
s = "[#{Time.parse(e[:timestamp])}] "
|
33
33
|
s << " #{e[:conjur_user]}"
|
34
34
|
s << " (as #{e[:conjur_role]})" if e[:conjur_role] != e[:conjur_user]
|
35
|
-
formatter = SHORT_FORMATS["#{e[:
|
35
|
+
formatter = SHORT_FORMATS["#{e[:kind]}:#{e[:action]}"]
|
36
36
|
if formatter
|
37
37
|
s << " " << formatter.call(e)
|
38
38
|
else
|
@@ -62,11 +62,11 @@ class Conjur::Command
|
|
62
62
|
end
|
63
63
|
|
64
64
|
def show_audit_events events, options
|
65
|
-
events.
|
65
|
+
events = [events] unless events.kind_of?(Array)
|
66
66
|
if options[:short]
|
67
|
-
events.each{|e| puts short_event_format(e)}
|
67
|
+
events.map(&:to_h).each{|e| puts short_event_format(e)}
|
68
68
|
else
|
69
|
-
puts JSON.pretty_generate(
|
69
|
+
events.map(&:to_h).each{|e| puts JSON.pretty_generate(e) }
|
70
70
|
end
|
71
71
|
end
|
72
72
|
|
@@ -85,38 +85,30 @@ class Conjur::Command
|
|
85
85
|
c.switch [:f, :follow]
|
86
86
|
|
87
87
|
c.action do |global_options, options, args|
|
88
|
-
options = extract_audit_options options
|
89
|
-
|
90
|
-
Conjur::Audit::Follower.new do |merge_options|
|
91
|
-
instance_exec(args, options.merge(merge_options), &block)
|
92
|
-
end.follow do |events|
|
93
|
-
show_audit_events events, options
|
94
|
-
end
|
95
|
-
else
|
96
|
-
show_audit_events instance_exec(args, options, &block), options
|
97
|
-
end
|
88
|
+
options = extract_audit_options options
|
89
|
+
instance_exec(args, options, &block)
|
98
90
|
end
|
99
91
|
end
|
100
92
|
end
|
101
93
|
end
|
102
94
|
|
95
|
+
desc "Show all audit events visible to the current user"
|
96
|
+
audit_feed_command :all do |args, options|
|
97
|
+
api.audit(options){ |es| show_audit_events es, options }
|
98
|
+
end
|
103
99
|
|
104
100
|
desc "Show audit events related to a role"
|
105
|
-
arg_name 'role
|
101
|
+
arg_name 'role'
|
106
102
|
audit_feed_command :role do |args, options|
|
107
|
-
|
108
|
-
|
109
|
-
else
|
110
|
-
method_name, method_args = :audit_current_role, [options]
|
111
|
-
end
|
112
|
-
api.send method_name, *method_args
|
103
|
+
id = full_resource_id(require_arg(args, "role"))
|
104
|
+
api.audit_role(id, options){ |es| show_audit_events es, options }
|
113
105
|
end
|
114
106
|
|
115
107
|
desc "Show audit events related to a resource"
|
116
108
|
arg_name 'resource'
|
117
109
|
audit_feed_command :resource do |args, options|
|
118
110
|
id = full_resource_id(require_arg args, "resource")
|
119
|
-
api.audit_resource
|
111
|
+
api.audit_resource(id, options){|es| show_audit_events es, options}
|
120
112
|
end
|
121
113
|
end
|
122
114
|
end
|
data/lib/conjur/command/init.rb
CHANGED
@@ -56,20 +56,30 @@ class Conjur::Command::Init < Conjur::Command
|
|
56
56
|
c.action do |global_options,options,args|
|
57
57
|
hl = HighLine.new $stdin, $stderr
|
58
58
|
|
59
|
-
|
60
|
-
|
59
|
+
# using .to_s to overcome https://github.com/JEG2/highline/issues/69
|
60
|
+
account = options[:account] || hl.ask("Enter your account name: ").to_s
|
61
|
+
hostname = options[:hostname] || hl.ask("Enter the hostname (and optional port) of your Conjur endpoint: ").to_s
|
61
62
|
|
62
63
|
if (certificate = options[:certificate]).blank?
|
63
64
|
unless hostname.blank?
|
64
|
-
|
65
|
+
connect_hostname = if hostname.include?(':')
|
66
|
+
hostname
|
67
|
+
else
|
68
|
+
hostname + ':443'
|
69
|
+
end
|
70
|
+
certificate = \
|
71
|
+
`echo | openssl s_client -connect #{connect_hostname} 2>/dev/null | openssl x509 -fingerprint`
|
65
72
|
exit_now! "Unable to retrieve certificate from #{hostname}" if certificate.blank?
|
66
73
|
|
67
74
|
lines = certificate.split("\n")
|
68
75
|
fingerprint = lines[0]
|
69
76
|
certificate = lines[1..-1].join("\n")
|
70
|
-
|
77
|
+
|
78
|
+
puts
|
71
79
|
puts fingerprint
|
72
80
|
|
81
|
+
puts "\nPlease verify this certificate on the appliance using command:
|
82
|
+
openssl x509 -fingerprint -noout -in ~conjur/etc/ssl/conjur.pem\n\n"
|
73
83
|
exit_now! unless hl.ask("Trust this certificate (yes/no): ").strip == "yes"
|
74
84
|
end
|
75
85
|
end
|
data/lib/conjur/version.rb
CHANGED
data/spec/command/audit_spec.rb
CHANGED
@@ -5,7 +5,7 @@ describe Conjur::Command::Audit, logged_in: true do
|
|
5
5
|
|
6
6
|
def expect_api_call method, *args
|
7
7
|
api.should_receive(method.to_sym).with(*args).and_return events
|
8
|
-
described_class.should_receive(:show_audit_events).with(events, an_instance_of(Hash))
|
8
|
+
#described_class.should_receive(:show_audit_events).with(events, an_instance_of(Hash))
|
9
9
|
end
|
10
10
|
|
11
11
|
def invoke_expecting_api_call method, *args
|
@@ -28,7 +28,6 @@ describe Conjur::Command::Audit, logged_in: true do
|
|
28
28
|
|
29
29
|
def self.it_calls_the_api command, api_method, *api_args, &block
|
30
30
|
describe_command_success command, api_method, *api_args, &block
|
31
|
-
accepts_pagination_params command, api_method, *api_args, &block
|
32
31
|
end
|
33
32
|
|
34
33
|
|
@@ -43,27 +42,7 @@ describe Conjur::Command::Audit, logged_in: true do
|
|
43
42
|
end
|
44
43
|
end
|
45
44
|
|
46
|
-
def self.accepts_pagination_params cmd, api_method, *api_method_args, &block
|
47
|
-
context "with valid pagination options" do
|
48
|
-
expected_opts = {limit: 12, offset: 2}
|
49
|
-
api_method_args = case api_method_args.last
|
50
|
-
when Hash
|
51
|
-
api_method_args[0..-2] << api_method_args.last.merge(expected_opts)
|
52
|
-
else
|
53
|
-
api_method_args.dup << expected_opts
|
54
|
-
end
|
55
|
-
describe_command_success cmd + " --limit 12 --offset 2", api_method, *api_method_args, &block
|
56
|
-
end
|
57
|
-
context "with garbage pagination options" do
|
58
|
-
it_fails cmd + " --limit hiythere", RuntimeError, /expected an integer for limit/i
|
59
|
-
it_fails cmd + " --offset hiythere", RuntimeError, /expected an integer for offset/i
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
45
|
describe "audit:role" do
|
64
|
-
context "without an argument" do
|
65
|
-
it_calls_the_api "audit:role", :audit_current_role, {}
|
66
|
-
end
|
67
46
|
context "with an argument" do
|
68
47
|
context "of a full id" do
|
69
48
|
it_calls_the_api "audit:role foo:bar:baz", :audit_role, 'foo:bar:baz', {}
|
@@ -97,4 +76,8 @@ describe Conjur::Command::Audit, logged_in: true do
|
|
97
76
|
end
|
98
77
|
end
|
99
78
|
end
|
79
|
+
|
80
|
+
describe "audit:all" do
|
81
|
+
it_calls_the_api "audit:all", :audit, {}
|
82
|
+
end
|
100
83
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-cli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.7.
|
4
|
+
version: 4.7.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2014-03-
|
13
|
+
date: 2014-03-19 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: conjur-api
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
requirements:
|
20
20
|
- - ! '>='
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version:
|
22
|
+
version: 4.7.2
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -27,7 +27,7 @@ dependencies:
|
|
27
27
|
requirements:
|
28
28
|
- - ! '>='
|
29
29
|
- !ruby/object:Gem::Version
|
30
|
-
version:
|
30
|
+
version: 4.7.2
|
31
31
|
- !ruby/object:Gem::Dependency
|
32
32
|
name: gli
|
33
33
|
requirement: !ruby/object:Gem::Requirement
|
@@ -218,7 +218,6 @@ files:
|
|
218
218
|
- .gitignore
|
219
219
|
- .kateproject
|
220
220
|
- .project
|
221
|
-
- .tamr.rb.swp
|
222
221
|
- Gemfile
|
223
222
|
- LICENSE
|
224
223
|
- README.md
|
@@ -301,7 +300,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
301
300
|
version: '0'
|
302
301
|
segments:
|
303
302
|
- 0
|
304
|
-
hash:
|
303
|
+
hash: 2027099206837494229
|
305
304
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
306
305
|
none: false
|
307
306
|
requirements:
|
@@ -310,7 +309,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
310
309
|
version: '0'
|
311
310
|
segments:
|
312
311
|
- 0
|
313
|
-
hash:
|
312
|
+
hash: 2027099206837494229
|
314
313
|
requirements: []
|
315
314
|
rubyforge_project:
|
316
315
|
rubygems_version: 1.8.25
|
data/.tamr.rb.swp
DELETED
Binary file
|