Class: Conjur::Command
Direct Known Subclasses
Assets, Audit, Authn, Env, Field, Groups, Hosts, Id, Init, Layers, Pubkeys, Resources, Roles, Secrets, Users, Variables, DSLCommand
Defined Under Namespace
Classes: Assets, Audit, Authn, Env, Field, Groups, Hosts, Id, Init, Layers, Policy, Pubkeys, Resources, Roles, Script, Secrets, Users, Variables
Constant Summary
collapse
- @@api =
nil
Class Attribute Summary collapse
Class Method Summary
collapse
conjur_account, full_resource_id, get_kind_and_id_from_args
Class Attribute Details
.prefix ⇒ Object
Returns the value of attribute prefix.
28
29
30
|
# File 'lib/conjur/command.rb', line 28
def prefix
@prefix
end
|
Class Method Details
.acting_as_option(command) ⇒ Object
51
52
53
54
55
56
57
58
|
# File 'lib/conjur/command.rb', line 51
def acting_as_option(command)
return if command.flags.member?(:"as-group") command.arg_name 'Perform all actions as the specified Group'
command.flag [:"as-group"]
command.arg_name 'Perform all actions as the specified Role'
command.flag [:"as-role"]
end
|
.api ⇒ Object
42
43
44
|
# File 'lib/conjur/command.rb', line 42
def api
@@api ||= Conjur::Authn.connect
end
|
.command(name, *a, &block) ⇒ Object
33
34
35
36
|
# File 'lib/conjur/command.rb', line 33
def command name, *a, &block
name = "#{prefix}:#{name}" if prefix
Conjur::CLI.command(name, *a, &block)
end
|
.command_impl_for_list(global_options, options, args) ⇒ Object
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
# File 'lib/conjur/command.rb', line 81
def command_impl_for_list(global_options, options, args)
opts = options.slice(:search, :limit, :options, :kind)
opts[:acting_as] = options[:role] if options[:role]
opts[:search]=opts[:search].gsub('-',' ') if opts[:search]
resources = api.resources(opts)
if options[:ids]
puts JSON.pretty_generate(resources.map(&:resourceid))
else
resources = resources.map &:attributes
unless options[:'raw-annotations']
resources = resources.map do |r|
r['annotations'] = (r['annotations'] || []).inject({}) do |hash, annot|
hash[annot['name']] = annot['value']
hash
end
r
end
end
puts JSON.pretty_generate resources
end
end
|
.command_options_for_list(c) ⇒ Object
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
# File 'lib/conjur/command.rb', line 60
def command_options_for_list(c)
return if c.flags.member?(:role) c.desc "Role to act as. By default, the current logged-in role is used."
c.flag [:role]
c.desc "Full-text search on resource id and annotation values"
c.flag [:s, :search]
c.desc "Maximum number of records to return"
c.flag [:l, :limit]
c.desc "Offset to start from"
c.flag [:o, :offset]
c.desc "Show only ids"
c.switch [:i, :ids]
c.desc "Show annotations in 'raw' format"
c.switch [:r, :"raw-annotations"]
end
|
.display(obj, options = {}) ⇒ Object
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
# File 'lib/conjur/command.rb', line 136
def display(obj, options = {})
str = if obj.respond_to?(:attributes)
JSON.pretty_generate obj.attributes
elsif obj.respond_to?(:id)
obj.id
else
begin
JSON.pretty_generate(obj)
rescue JSON::GeneratorError
obj.to_json
end
end
puts str
end
|
.display_members(members, options) ⇒ Object
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
# File 'lib/conjur/command.rb', line 121
def display_members(members, options)
result = if options[:V]
members.collect {|member|
{
member: member.member.roleid,
grantor: member.grantor.roleid,
admin_option: member.admin_option
}
}
else
members.map(&:member).map(&:roleid)
end
display result
end
|
.hide_docs(command) ⇒ Object
Prevent a deprecated command from being displayed in the help output
47
48
49
|
# File 'lib/conjur/command.rb', line 47
def hide_docs(command)
def command.nodoc; true end
end
|
.method_missing(*a, &b) ⇒ Object
29
30
31
|
# File 'lib/conjur/command.rb', line 29
def method_missing *a, &b
Conjur::CLI.send *a, &b
end
|
.require_arg(args, name) ⇒ Object
38
39
40
|
# File 'lib/conjur/command.rb', line 38
def require_arg(args, name)
args.shift or raise "Missing parameter: #{name}"
end
|
.retire_resource(obj) ⇒ Object
103
104
105
106
107
108
109
110
111
|
# File 'lib/conjur/command.rb', line 103
def retire_resource obj
obj.resource.attributes['permissions'].each do |p|
role = api.role(p['role'])
privilege = p['privilege']
next if role.roleid == obj.roleid && privilege == 'read'
puts "Denying #{privilege} privilege to #{role.roleid}"
obj.resource.deny(privilege, role)
end
end
|
.retire_role(obj) ⇒ Object
113
114
115
116
117
118
119
|
# File 'lib/conjur/command.rb', line 113
def retire_role obj
obj.role.members.each do |r|
member = api.role(r.member)
puts "Revoking from role #{member.roleid}"
obj.role.revoke_from member
end
end
|