Class: Conjur::Command

Inherits:

Object

• Object
• Conjur::Command

Extended by:

IdentifierManipulation

Defined in:

lib/conjur/command.rb,
lib/conjur/command/audit.rb

Direct Known Subclasses

Assets, Audit, Authn, Env, Field, Groups, Hosts, Id, Init, Layers, Pubkeys, Resources, Roles, Secrets, Users, Variables, DSLCommand

Defined Under Namespace

Classes: Assets, Audit, Authn, Env, Field, Groups, Hosts, Id, Init, Layers, Policy, Pubkeys, Resources, Roles, Script, Secrets, Users, Variables

Constant Summary

@@api =

nil

Class Attribute Summary

• .prefix ⇒ Object

  Returns the value of attribute prefix.

Class Method Summary

• .acting_as_option(command) ⇒ Object
• .api ⇒ Object
• .command(name, *a, &block) ⇒ Object
• .command_impl_for_list(global_options, options, args) ⇒ Object
• .command_options_for_list(c) ⇒ Object
• .display(obj, options = {}) ⇒ Object
• .display_members(members, options) ⇒ Object
• .hide_docs(command) ⇒ Object

  Prevent a deprecated command from being displayed in the help output.

• .method_missing(*a, &b) ⇒ Object
• .require_arg(args, name) ⇒ Object
• .retire_resource(obj) ⇒ Object
• .retire_role(obj) ⇒ Object

Methods included from IdentifierManipulation

conjur_account, full_resource_id, get_kind_and_id_from_args

Class Attribute Details

.prefix ⇒ Object

Returns the value of attribute prefix.

# File 'lib/conjur/command.rb', line 28

def prefix
  @prefix
end

Class Method Details

.acting_as_option(command) ⇒ Object

# File 'lib/conjur/command.rb', line 51

def acting_as_option(command)
  return if command.flags.member?(:"as-group") # avoid duplicate flags
  command.arg_name 'Perform all actions as the specified Group'
  command.flag [:"as-group"]

  command.arg_name 'Perform all actions as the specified Role'
  command.flag [:"as-role"]
end

.api ⇒ Object

# File 'lib/conjur/command.rb', line 42

def api
  @@api ||= Conjur::Authn.connect
end

.command(name, *a, &block) ⇒ Object

# File 'lib/conjur/command.rb', line 33

def command name, *a, &block
  name = "#{prefix}:#{name}" if prefix
  Conjur::CLI.command(name, *a, &block)
end

.command_impl_for_list(global_options, options, args) ⇒ Object

# File 'lib/conjur/command.rb', line 81

def command_impl_for_list(global_options, options, args)
  opts = options.slice(:search, :limit, :options, :kind) 
  opts[:acting_as] = options[:role] if options[:role]
  opts[:search]=opts[:search].gsub('-',' ') if opts[:search]
  resources = api.resources(opts)
  if options[:ids]
    puts JSON.pretty_generate(resources.map(&:resourceid))
  else
    resources = resources.map &:attributes
    unless options[:'raw-annotations']
      resources = resources.map do |r|
        r['annotations'] = (r['annotations'] || []).inject({}) do |hash, annot|
          hash[annot['name']] = annot['value']
          hash
        end
        r
      end
    end
    puts JSON.pretty_generate resources
  end
end

.command_options_for_list(c) ⇒ Object

# File 'lib/conjur/command.rb', line 60

def command_options_for_list(c)
  return if c.flags.member?(:role) # avoid duplicate flags
  c.desc "Role to act as. By default, the current logged-in role is used."
  c.flag [:role]
    
  c.desc "Full-text search on resource id and annotation values" 
  c.flag [:s, :search]
  
  c.desc "Maximum number of records to return"
  c.flag [:l, :limit]
  
  c.desc "Offset to start from"
  c.flag [:o, :offset]
  
  c.desc "Show only ids"
  c.switch [:i, :ids]
  
  c.desc "Show annotations in 'raw' format"
  c.switch [:r, :"raw-annotations"]
end

.display(obj, options = {}) ⇒ Object

# File 'lib/conjur/command.rb', line 136

def display(obj, options = {})
  str = if obj.respond_to?(:attributes)
    JSON.pretty_generate obj.attributes
  elsif obj.respond_to?(:id)
    obj.id
  else
    begin
      JSON.pretty_generate(obj)
    rescue JSON::GeneratorError
      obj.to_json
    end
  end
  puts str
end

.display_members(members, options) ⇒ Object

# File 'lib/conjur/command.rb', line 121

def display_members(members, options)
  result = if options[:V]
    members.collect {|member|
      {
        member: member.member.roleid,
        grantor: member.grantor.roleid,
        admin_option: member.admin_option
      }
    }
  else
    members.map(&:member).map(&:roleid)
  end
  display result
end

.hide_docs(command) ⇒ Object

Prevent a deprecated command from being displayed in the help output

# File 'lib/conjur/command.rb', line 47

def hide_docs(command)
  def command.nodoc; true end
end

.method_missing(*a, &b) ⇒ Object

# File 'lib/conjur/command.rb', line 29

def method_missing *a, &b
  Conjur::CLI.send *a, &b
end

.require_arg(args, name) ⇒ Object

# File 'lib/conjur/command.rb', line 38

def require_arg(args, name)
  args.shift or raise "Missing parameter: #{name}"
end

.retire_resource(obj) ⇒ Object

# File 'lib/conjur/command.rb', line 103

def retire_resource obj
  obj.resource.attributes['permissions'].each do |p|
    role = api.role(p['role'])
    privilege = p['privilege']
    next if role.roleid == obj.roleid && privilege == 'read'
    puts "Denying #{privilege} privilege to #{role.roleid}"
    obj.resource.deny(privilege, role)
  end
end

.retire_role(obj) ⇒ Object

# File 'lib/conjur/command.rb', line 113

def retire_role obj
  obj.role.members.each do |r|
    member = api.role(r.member)
    puts "Revoking from role #{member.roleid}"
    obj.role.revoke_from member
  end
end