conjur-cli 5.6.5 → 5.6.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: d830fcde4d635f03a1d61e9e5b704a823bf22d6c
-  data.tar.gz: 40a9d5682c992ced7a4a6e1e1d6759079bffd8a5
+SHA256:
+  metadata.gz: 8cc3ac80bea03dc862fae9891a7ddc2397ada7c1a1c1fda95e5f87bcdb310b3e
+  data.tar.gz: 7c60ea0c636462b00c0bcc8e0eb6a5f8feeba86caecb022599603d72f39fcbf4
 SHA512:
-  metadata.gz: deada212f945a318918bad614874f4ac5b851abde130626177541b4415318a4ab7fe0caaf73406bec1723d2283e49caf07322344311161194089a37866df2fa9
-  data.tar.gz: dbc670b14e09246918d64fc7481328e8ac47bc1cbbddb05acc634b16bb3d0969b684d806465b87486c6c396c4047b15757bccae508f184cb49dc18c6625d7101
+  metadata.gz: 879008991469f78a22f2814f3f8d9eb2627a746ff46d89a992422d69bc8e14338d29d12415c0f4665af5311407139c9882a55f4efb220eb0ae7e92caa19a099f
+  data.tar.gz: e7d5716bb41eab4b46ce11d07baf1d73714a0e14382584472c9073ac0b5e6a39cf452d70a7f3f9207f9ea55c6cf4e33b35e5cbc78c329f132f0f1f8db43ead5a

data/.gitignore

@@ -1,4 +1,3 @@
-Dockerfile.*
 .DS_Store
 *.swp
 *.deb

data/CHANGELOG.md

@@ -1,6 +1,10 @@
+# [5.6.6](https://github.com/cyberark/conjur-cli/releases/tag/v5.6.6)
+
+* Adds standalone Docker image (`cyberark/conjur-cli:4`)
+
 # 5.6.5
 
-* Fix init cert check when Conjur behind a SNI
+* Fix init cert check when Conjur behind a SNI - [#209](https://github.com/cyberark/conjur-cli/pull/209)
 
 # 5.6.4
 

data/Dockerfile.fpm

@@ -0,0 +1,18 @@
+FROM ubuntu:14.04
+
+RUN apt-get update -y && apt-get install -y software-properties-common git build-essential
+
+RUN apt-add-repository ppa:brightbox/ruby-ng
+
+RUN apt-get update -y && apt-get install -y ruby2.2 ruby2.2-dev
+
+RUN gem install --no-rdoc --no-ri bundler:1.11.2 fpm
+
+RUN mkdir /conjur-cli
+
+WORKDIR /conjur-cli
+
+COPY . .
+
+ENTRYPOINT [ "./ci/package.sh" ]
+

data/Dockerfile.publish

@@ -0,0 +1,12 @@
+FROM ubuntu:14.04
+
+RUN apt-get update -y && apt-get install -y curl
+
+RUN curl -kL \
+  -o /usr/bin/art \
+  https://bintray.com/artifact/download/jfrog/artifactory-cli-go/1.2.1/artifactory-cli-linux-amd64/art && \
+  chmod +x /usr/bin/art
+
+WORKDIR /src
+
+ENTRYPOINT [ "art" ]

data/Dockerfile.standalone

@@ -0,0 +1,33 @@
+FROM ruby:2.2.9
+
+#---install useful tools and dependencies---#
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+      jq curl vim nano sudo openssh-client
+# as per https://hub.docker.com/r/conjurinc/cli5/~/dockerfile/
+
+#---install summon and summon-conjur---#
+ENV CONJUR_MAJOR_VERSION=4
+ENV CONJUR_VERSION=4
+RUN curl -sSL https://raw.githubusercontent.com/cyberark/summon/master/install.sh \
+      | env TMPDIR=$(mktemp -d) bash && \
+    curl -sSL https://raw.githubusercontent.com/cyberark/summon-conjur/master/install.sh \
+      | env TMPDIR=$(mktemp -d) bash
+# as per https://github.com/cyberark/summon#linux
+# and    https://github.com/cyberark/summon-conjur#install
+
+# Note: these install scripts^^ conflict with one another if they are not given
+# different TMPDIRs.
+
+#---install Conjur 4 CLI---#
+WORKDIR /src
+COPY . .
+RUN gem build conjur-cli.gemspec && \
+    gem install conjur-cli && \
+    cd /root && \
+    rm -rf /src
+
+#---set defaults---#
+WORKDIR /root
+COPY standalone.entrypoint /bin/entry
+ENTRYPOINT ["/bin/entry"]

data/Dockerfile.validate-packaging

@@ -0,0 +1,9 @@
+FROM ubuntu:14.04
+
+RUN apt-get update && apt-get install -y software-properties-common
+RUN apt-add-repository ppa:brightbox/ruby-ng
+RUN apt-get update -y && apt-get install -y ruby2.2 dpkg-dev
+
+ADD ci/install.sh /
+
+CMD [ "/install.sh" ]

data/Jenkinsfile

@@ -55,6 +55,18 @@ pipeline {
       }
     }
 
+    stage('Build standalone Docker image') {
+      steps {
+        sh './build-standalone'
+      }
+    }
+
+    stage('Publish standalone Docker image to DockerHub') {
+      steps {
+        sh './push-image'
+      }
+    }
+
     // Only publish to RubyGems if the HEAD is
     // tagged with the same version as in version.rb
     stage('Publish to RubyGems') {

data/README.md

@@ -20,6 +20,60 @@ Or install it yourself as:
 
     $ gem install conjur-cli
 
+### Using Docker
+
+This software is included in the standalone `cyberark/conjur-cli:4` Docker
+image. Docker containers are designed to be ephemeral, which means they don't
+store state after the container exits.
+
+You can start an ephemeral session with the Conjur CLI software like so:
+
+```sh-session
+$ docker run --rm -it cyberark/conjur-cli:4
+root@b27a95721e7d:~# 
+```
+
+Any initialization you do or files you create in that session will be discarded
+(permanently lost) when you exit the shell. Changes that you make to the Conjur
+server will remain.
+
+You can also use a folder on your filesystem to persist the data that the Conjur
+CLI uses to connect. For example:
+
+```sh-session
+$ mkdir mydata
+$ chmod 700 mydata
+$ docker run --rm -it -v $(PWD)/mydata:/root cyberark/conjur-cli:4 init -h https://conjur.myorg.com
+SHA1 Fingerprint=16:C8:F8:AC:7B:57:BD:5B:58:B4:13:27:22:8E:3F:A2:12:01:DB:68
+
+Please verify this certificate on the appliance using command:
+                openssl x509 -fingerprint -noout -in ~conjur/etc/ssl/conjur.pem
+
+Trust this certificate (yes/no): yes
+Wrote certificate to /root/conjur-conjur.pem
+Wrote configuration to /root/.conjurrc
+$ ls -lA mydata
+total 8
+drwxr-xr-x 2 you staff   64 Mar 28 19:30 .cache
+-rw-r--r-- 1 you staff  128 Mar 28 19:30 .conjurrc
+-rw-r--r-- 1 you staff 2665 Mar 28 19:30 conjur-conjur.pem
+$ docker run --rm -it -v $(PWD)/mydata:/root cyberark/conjur-cli:4 authn login -u your-user-name
+Please enter your password (it will not be echoed): 
+Logged in
+$ ls -lA mydata
+total 12
+drwxr-xr-x 2 you staff   64 Mar 28 19:26 .cache
+-rw-r--r-- 1 you staff  128 Mar 28 19:20 .conjurrc
+-rw------- 1 you staff  143 Mar 28 19:27 .netrc
+-rw-r--r-- 1 you staff 2665 Mar 28 19:20 conjur-conjur.pem
+$ 
+```
+
+*Security notice:* the file `.netrc`, created or updated by `conjur authn
+login`, contains a user identity credential that can be used to access the
+Conjur API. You should remove it after use or otherwise secure it like you would
+another netrc file.
+
 ### Bash completion
 
 To enable bash completions, run this command:

data/VERSION

@@ -0,0 +1 @@
+5.6.6

data/build-standalone

@@ -0,0 +1,6 @@
+#!/bin/bash -e
+
+# build the cli standalone container image
+docker build . \
+       -f Dockerfile.standalone \
+       -t cyberark/conjur-cli

data/lib/conjur/version.rb

@@ -19,6 +19,6 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 module Conjur
-  VERSION = '5.6.5'.freeze
+  VERSION = '5.6.6'.freeze
   ::Version=VERSION
 end

data/push-image

@@ -0,0 +1,29 @@
+#!/bin/bash -e
+
+# Push the 'cli:4' image to Dockerhub when on the 'v4' branch
+
+cd "$(git rev-parse --show-toplevel)"
+
+TAG="4-${1:-$(cat VERSION)-$(git rev-parse --short HEAD)}"
+IMAGE='cyberark/conjur-cli'
+
+function tag_and_push() {
+    local image="$1"
+    local tag="$2"
+    local description="$3"
+
+    echo "TAG = $tag, $description"
+
+    docker tag "$image" "$image:$tag"
+    docker push "$image:$tag"
+}
+
+if [[ "$BRANCH_NAME" == 'v4' ]]; then
+    bare_tag='4'
+    latest_tag='4-latest'
+    stable_tag="4-$(cat VERSION)"
+
+    tag_and_push $IMAGE $bare_tag   'latest image (bare)'
+    tag_and_push $IMAGE $latest_tag 'latest image'
+    tag_and_push $IMAGE $stable_tag 'stable image'
+fi

data/standalone.entrypoint

@@ -0,0 +1,17 @@
+#!/bin/sh -e
+
+# A tool container entrypoint that tries to do the right thing whether you want
+# an interactive shell environment or run a command directly.
+#
+# It starts bash if
+#   - there is a tty (ie. docker was run with -t),
+#   - there are no arguments.
+#
+# Otherwise it runs the tool.
+
+TOOL=conjur
+
+[ -t 1 -a $# -eq 0 ] && exec bash
+
+# else
+exec $TOOL "$@"

data/test.sh

@@ -12,6 +12,9 @@ RUBY_VERSION=${1-${RUBY_VERSION_DEFAULT}}
 function dockerfile_path {
     echo "Setting Ruby version as ${RUBY_VERSION}" >&2
     cp "Dockerfile" "Dockerfile.${RUBY_VERSION}"
+    if ! grep "Dockerfile.${RUBY_VERSION}" .git/info/exclude >/dev/null; then
+        echo "Dockerfile.${RUBY_VERSION}*" >>.git/info/exclude
+    fi
     sed -i -e "s/${RUBY_VERSION_DEFAULT}/${RUBY_VERSION}/g" Dockerfile.${RUBY_VERSION}
 
     echo "Dockerfile.${RUBY_VERSION}"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 5.6.5
+  version: 5.6.6
 platform: ruby
 authors:
 - Rafal Rzepecki
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-08 00:00:00.000000000 Z
+date: 2018-04-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -335,6 +335,7 @@ files:
 - Dockerfile
 - Dockerfile.fpm
 - Dockerfile.publish
+- Dockerfile.standalone
 - Dockerfile.validate-packaging
 - Gemfile
 - Jenkinsfile
@@ -342,6 +343,7 @@ files:
 - PUBLISH.md
 - README.md
 - Rakefile
+- VERSION
 - acceptance-features/audit/audit_event_send.feature
 - acceptance-features/audit/fetch.feature
 - acceptance-features/audit/send.feature
@@ -408,6 +410,7 @@ files:
 - bin/conjurize
 - bin/jsonfield
 - build-deb.sh
+- build-standalone
 - ci/install.sh
 - ci/package.sh
 - ci/publish.sh
@@ -485,6 +488,7 @@ files:
 - profile.rb
 - publish-deb.sh
 - publish-rubygem.sh
+- push-image
 - spec/authn_spec.rb
 - spec/command/assets_spec.rb
 - spec/command/audit_spec.rb
@@ -513,6 +517,7 @@ files:
 - spec/dsl/runner_spec.rb
 - spec/env_spec.rb
 - spec/spec_helper.rb
+- standalone.entrypoint
 - test.sh
 homepage: https://github.com/conjurinc/cli-ruby
 licenses:
@@ -534,7 +539,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2.1
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Conjur command line interface