conjur-cli 6.0.0 → 6.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 02f6f7538e4d921cd4c0477b591d15fee6474e29
-  data.tar.gz: ea96467d2cbc4dc9e18e9c81099dafe925677ab8
+SHA256:
+  metadata.gz: c8e1fcb9f16178d7df4bb379b2040f8823399db19540754d87d61b81c8190e24
+  data.tar.gz: 3a36b197de69c0c3e0882eec341e407e0062df0e381e89e5579437344df0e3f6
 SHA512:
-  metadata.gz: 4c84536e8f8870ae3db41d89d2c22b28593f04ccac215ad22ddf74b72c8fb7282466bd4b0c06df0e681b2244551004e5ddfd54177a56b2e59e6a1ae841e09eb4
-  data.tar.gz: '0187873558cf62b6c55056f25214ac58fc230cd716f5fc2fb95bd64fcc41d52e464dacf0ca8937198d0f8cf5579b67c76c782e4c8f58fbeddc35c5610793d478'
+  metadata.gz: 23a42edf43a99b23b34389ec85333c6198b28790c31d24a8ef9edd83b627af3c3e0a83d5351797e89e4b3b1a0e2d4f5b678491b865533c33a7377c59f17f585f
+  data.tar.gz: 60c0c4ca64efae0bac433aaabe8f19a55245557d847e0d0172bd240acea07e2bb8ae7a5be8f7633fe37fad06bb2c26163ce6cb0f6c5d3992e1f5ca06e1013e1e

data/.rubocop.yml

@@ -5,7 +5,7 @@ Style/MethodDefParentheses:
   EnforcedStyle: require_no_parentheses
 
 Style/StringLiterals:
-  EnforcedStyle: double_quotes
+  Enabled: false # more trouble than it's worth
 
 Lint/EndAlignment:
   EnforcedStyleAlignWith: start_of_line

data/CHANGELOG.md

@@ -1,7 +1,19 @@
+# 6.0.1
+
+* Pushes to `cyberark/conjur-cli:5` on DockerHub when tests pass
+* Use SNI when fetching certificate with `conjur init`.
+* Correctly specify dependency versions in gemspec.
+* Allow ActiveSupport v5 as a dependency.
+
 # 6.0.0
 
 * Provides compatibility with [cyberark/conjur](https://github.com/cyberark/conjur), Conjur 5 CE.
 * License changed to Apache 2.0.
+* **Codebase forked: for changes to the 5.x (API [v4][v4-branch]) series, see
+  [CHANGELOG in `v4` branch][v4-changelog]**
+
+[v4-branch]: https://github.com/cyberark/conjur-cli/tree/v4
+[v4-changelog]: https://github.com/cyberark/conjur-cli/blob/v4/CHANGELOG.md
 
 # 5.3.0
 

data/Gemfile

@@ -5,7 +5,3 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in conjur.gemspec
 gemspec
-
-gem 'activesupport', '~> 4.2'
-
-gem 'conjur-api', '~> 5'

data/Jenkinsfile

@@ -37,32 +37,47 @@ pipeline {
       }
     }
 
-    // Only publish to RubyGems if branch is 'master'
-    // AND someone confirms this stage within 5 minutes
-    stage('Publish to RubyGems?') {
+    stage('Build standalone image & push to DockerHub') {
+      when {
+        branch 'master'
+      }
+      steps {
+        sh './build-standalone'
+        sh './push-image'
+      }
+    }
+
+    // Only publish to RubyGems if the HEAD is
+    // tagged with the same version as in version.rb
+    stage('Publish to RubyGems') {
       agent { label 'releaser-v2' }
 
       when {
-        allOf {
-          branch 'master'
-          expression {
-            boolean publish = false
+        expression { currentBuild.resultIsBetterOrEqualTo('SUCCESS') }
+        expression {
+          def exitCode = sh returnStatus: true, script: ''' set +x
+            echo "Determining if publishing is requested..."
+
+            VERSION=`cat lib/conjur/version.rb | grep \'VERSION\\s*=\' | sed -e "s/.*\'\\(.*\\)\'.*/\\1/"`
+            echo Declared version: $VERSION
+
+            # Jenkins git plugin is broken and always fetches with `--no-tags`
+            # (or `--tags`, neither of which is what you want), so tags end up
+            # not being fetched. Try to fix that.
+            # (Unfortunately this fetches all remote heads, so we may have to find
+            # another solution for bigger repos.)
+            git fetch -q
 
-            if(env.PUBLISH_GEM == "true") {
-              return true
-            }
+            # note when tag not found git rev-parse will just print its name
+            TAG=`git rev-parse tags/v$VERSION 2>/dev/null || :`
+            echo Tag v$VERSION: $TAG
 
-            try {
-              timeout(time: 5, unit: 'MINUTES') {
-                input(message: 'Publish to RubyGems?')
-                publish = true
-              }
-            } catch (final ignore) {
-              publish = false
-            }
+            HEAD=`git rev-parse HEAD`
+            echo HEAD: $HEAD
 
-            return publish
-          }
+            test "$HEAD" = "$TAG"
+          '''
+          return exitCode == 0
         }
       }
       steps {
@@ -80,14 +95,7 @@ pipeline {
 
   post {
     always {
-      sh 'docker run -i --rm -v $PWD:/src -w /src alpine/git clean -fxd'
-      deleteDir()
-    }
-    failure {
-      slackSend(color: 'danger', message: "${env.JOB_NAME} #${env.BUILD_NUMBER} FAILURE (<${env.BUILD_URL}|Open>)")
-    }
-    unstable {
-      slackSend(color: 'warning', message: "${env.JOB_NAME} #${env.BUILD_NUMBER} UNSTABLE (<${env.BUILD_URL}|Open>)")
+      cleanupAndNotify(currentBuild.currentResult)
     }
   }
 }

data/README.md

@@ -1,30 +1,63 @@
-# Conjur
+# conjur-cli
 
-*NOTE*: This is work-in-progress, for a future (as yet unreleased) version of Conjur.
-_It will not work with Conjur 4._
+Command-line interface for Conjur.
 
-Command-line interface to Conjur 5.
+*NOTE*: Conjur v4 users should use the `v5.x.x` release path. Conjur CLI `v6.0.0` only supports Conjur v5 and newer.
 
-A complete reference guide is available at [developer.conjur.net](http://developer.conjur.net/reference).
+A complete reference guide is available at [conjur.org](https://www.conjur.org).
 
 ## Quick start
 
 ```sh-session
-$ docker run -it -v $PWD:/work conjurinc/cli5
-root@2b5f618dfdcb:/# conjur -v
-conjur version 6.0.0.pre.beta.2
-```
+$ gem install conjur-cli
 
-## Docker images
+$ conjur -v
+conjur version 6.0.0
+```
 
+## Using Docker
 [![Docker Build Status](https://img.shields.io/docker/build/conjurinc/cli5.svg)](https://hub.docker.com/r/conjurinc/cli5/)
+This software is included in the standalone cyberark/conjur-cli:5 Docker image. Docker containers are designed to be ephemeral, which means they don't store state after the container exits.
 
-Images for development/experimental use are automatically built [on docker hub](https://hub.docker.com/r/conjurinc/cli5/).
-These are based off [Dockerfile.standalone](Dockerfile.standalone) and can be rebuilt with:
+You can start an ephemeral session with the Conjur CLI software like so:
+```sh-session 
+$ docker run --rm -it cyberark/conjur-cli:5
+root@b27a95721e7d:~# 
+```
 
-    docker build . -f Dockerfile.standalone -t conjurinc/cli5
+Any initialization you do or files you create in that session will be discarded (permanently lost) when you exit the shell. Changes that you make to the Conjur server will remain.
 
-Note these images are not subject to any QA at the moment and so should never be used in production, especially without specific image id pin.
+You can also use a folder on your filesystem to persist the data that the Conjur CLI uses to connect. For example:
+```sh-session
+$ mkdir mydata
+$ chmod 700 mydata
+$ docker run --rm -it -v $(PWD)/mydata:/root cyberark/conjur-cli:5 init -u https://eval.conjur.org
+
+SHA1 Fingerprint=E6:F7:AC:E3:3A:54:83:4F:D0:06:9B:49:45:C3:85:58:ED:34:4C:4C
+
+Please verify this certificate on the appliance using command:
+              openssl x509 -fingerprint -noout -in ~conjur/etc/ssl/conjur.pem
+
+Trust this certificate (yes/no): yes
+Enter your organization account name: your.email@yourorg.net
+Wrote certificate to /root/conjur-your.email@yourorg.net.pem
+Wrote configuration to /root/.conjurrc
+$ ls -lA mydata
+total 16
+drwxr-xr-x  2 you  staff    68 Mar 29 14:16 .cache
+-rw-r--r--  1 you  staff   136 Mar 29 14:16 .conjurrc
+-rw-r--r--  1 you  staff  3444 Mar 29 14:16 conjur-your.email@yourorg.net.pem
+$ docker run --rm -it -v $(PWD)/mydata:/root cyberark/conjur-cli:5 authn login -u admin 
+Please enter admin's password (it will not be echoed): 
+Logged in
+$ ls -lA mydata
+total 24
+drwxr-xr-x  2 you  staff    68 Mar 29 14:16 .cache
+-rw-r--r--  1 you  staff   136 Mar 29 14:16 .conjurrc
+-rw-------  1 you  staff   119 Mar 29 14:19 .netrc
+-rw-r--r--  1 you  staff  3444 Mar 29 14:16 conjur-your.email@yourorg.net.pem
+```
+*Security notice:* the file `.netrc`, created or updated by `conjur authn login`, contains a user identity credential that can be used to access the Conjur API. You should remove it after use or otherwise secure it like you would another netrc file.
 
 ## Development
 

data/VERSION

@@ -0,0 +1 @@
+6.0.1

data/build-standalone

@@ -0,0 +1,6 @@
+#!/bin/bash -e
+
+# build the cli standalone container image
+docker build . \
+       -f Dockerfile.standalone \
+       -t cyberark/conjur-cli

data/conjur-cli.gemspec

@@ -18,8 +18,8 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
   gem.version       = Conjur::VERSION
 
-  gem.add_dependency 'activesupport'
-  gem.add_dependency 'conjur-api', '~> 5.0.0.beta'
+  gem.add_dependency 'activesupport', '>= 4.2', '< 6'
+  gem.add_dependency 'conjur-api', '~> 5.0'
   gem.add_dependency 'gli', '>=2.8.0'
   gem.add_dependency 'highline', '~> 1.7'
   gem.add_dependency 'netrc', '~> 0.10'

data/features/authentication/authenticate.feature

@@ -2,7 +2,8 @@ Feature: Authenticate a role
 
   Scenario: Get a JSON token
     When I successfully run `conjur authn authenticate`
-    Then the JSON should have "data"
+    Then the JSON should have "protected"
+    And the JSON should have "payload"
     And the JSON should have "signature"
  
   Scenario: Get an auth token as HTTP Authorize header
@@ -16,7 +17,7 @@ Feature: Authenticate a role
     """
     And I login as "alice"
     When I successfully run `conjur authn authenticate`
-    Then the JSON at "data" should be "alice"
+    Then the JSON should be a hash
 
   @announce-command
   @announce-output

data/lib/conjur/command/init.rb

@@ -126,6 +126,7 @@ class Conjur::Command::Init < Conjur::Command
 
     sock = TCPSocket.new host, port.to_i
     ssock = SSLSocket.new sock
+    ssock.hostname = host
     ssock.connect
     chain = ssock.peer_cert_chain
     cert = chain.first

data/lib/conjur/version.rb

@@ -19,6 +19,6 @@
 # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 module Conjur
-  VERSION = '6.0.0'
+  VERSION = '6.0.1'
   ::Version=VERSION
 end

data/push-image

@@ -0,0 +1,28 @@
+#!/bin/bash -eu
+
+# Push the 'cli:5' image to Dockerhub when on the 'master' branch
+
+cd "$(git rev-parse --show-toplevel)"
+
+IMAGE='cyberark/conjur-cli'
+
+function tag_and_push() {
+    local image="$1"
+    local tag="$2"
+    local description="$3"
+
+    echo "TAG = $tag, $description"
+
+    docker tag "$image" "$image:$tag"
+    docker push "$image:$tag"
+}
+
+version_tag="5-$(cat VERSION)"
+
+tag_and_push $IMAGE '5'        'latest image'
+tag_and_push $IMAGE '5-latest'   'same as "5"'
+tag_and_push $IMAGE $version_tag 'version-specific image'
+
+# push to legacy `conjurinc/cli5` tag
+docker tag "$IMAGE" conjurinc/cli5:latest
+docker push conjurinc/cli5:latest

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjur-cli
 version: !ruby/object:Gem::Version
-  version: 6.0.0
+  version: 6.0.1
 platform: ruby
 authors:
 - Rafal Rzepecki
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-10-13 00:00:00.000000000 Z
+date: 2018-04-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -17,28 +17,34 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '4.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '4.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6'
 - !ruby/object:Gem::Dependency
   name: conjur-api
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.0.0.beta
+        version: '5.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.0.0.beta
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: gli
   requirement: !ruby/object:Gem::Requirement
@@ -302,9 +308,11 @@ files:
 - PUBLISH.md
 - README.md
 - Rakefile
+- VERSION
 - bin/_conjur
 - bin/conjur
 - build-deb.sh
+- build-standalone
 - ci/cli-test.sh
 - ci/install.sh
 - ci/package.sh
@@ -385,6 +393,7 @@ files:
 - lib/patches/gli.rb
 - profile.rb
 - publish.sh
+- push-image
 - spec/authn_spec.rb
 - spec/command/authn_spec.rb
 - spec/command/hosts_spec.rb
@@ -420,7 +429,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.14
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Conjur command line interface