Class: Conjur::Command

Inherits:

Object

• Object
• Conjur::Command

Extended by:

IdentifierManipulation

Defined in:

lib/conjur/command.rb

Direct Known Subclasses

Authn, Env, HostFactories, Hosts, Init, LDAPSync, Plugin, Policies, Pubkeys, Resources, Roles, ShellInit, Users, Variables

Defined Under Namespace

Classes: Authn, Env, HostFactories, Hosts, Init, LDAPSync, Plugin, Policies, Pubkeys, Resources, Roles, ShellInit, Users, Variables

Constant Summary

@@api =

nil

Class Attribute Summary

• .prefix ⇒ Object

  Returns the value of attribute prefix.

Class Method Summary

• .api ⇒ Object
• .api=(api) ⇒ Object
• .assert_empty(args) ⇒ Object
• .command(name, *a, &block) ⇒ Object
• .command_impl_for_list(global_options, options, args) ⇒ Object
• .command_options_for_list(c) ⇒ Object
• .context_option(command) ⇒ Object
• .current_user ⇒ Object
• .display(obj, options = {}) ⇒ Object
• .display_members(members, options) ⇒ Object
• .has_admin?(role, other_role) ⇒ Boolean
• .hide_docs(command) ⇒ Object

  Prevent a deprecated command from being displayed in the help output.

• .highline ⇒ Object
• .integer?(v) ⇒ Boolean
• .method_missing(*a, &b) ⇒ Object
• .prompt_for_password ⇒ Object
• .read_till_eof(prompt = nil) ⇒ Object
• .require_arg(args, name) ⇒ Object
• .validate_privileges(message, &block) ⇒ Object

Methods included from IdentifierManipulation

full_resource_id, get_kind_and_id_from_args

Class Attribute Details

.prefix ⇒ Object

Returns the value of attribute prefix.

# File 'lib/conjur/command.rb', line 30

def prefix
  @prefix
end

Class Method Details

.api ⇒ Object

# File 'lib/conjur/command.rb', line 53

def api
  @@api ||= Conjur::Authn.connect
end

.api=(api) ⇒ Object

# File 'lib/conjur/command.rb', line 49

def api= api
  @@api = api
end

.assert_empty(args) ⇒ Object

# File 'lib/conjur/command.rb', line 45

def assert_empty(args)
  exit_now! "Received extra command arguments" unless args.empty?
end

.command(name, *a, &block) ⇒ Object

# File 'lib/conjur/command.rb', line 36

def command name, *a, &block
  name = "#{prefix}:#{name}" if prefix
  Conjur::CLI.command(name, *a, &block)
end

.command_impl_for_list(global_options, options, args) ⇒ Object

# File 'lib/conjur/command.rb', line 118

def command_impl_for_list(global_options, options, args)
  opts = options.slice(:search, :limit, :options, :kind) 
  opts[:acting_as] = options[:role] if options[:role]
  opts[:search]=opts[:search].gsub('-',' ') if opts[:search]
  resources = api.resources(opts)
  if options[:inspect]
    resources = resources.map &:attributes
    unless options[:'raw-annotations']
      resources = resources.map do |r|
        r['annotations'] = (r['annotations'] || []).inject({}) do |hash, annot|
          hash[annot['name']] = annot['value']
          hash
        end
        r
      end
    end
    puts JSON.pretty_generate resources
  else
    puts JSON.pretty_generate(resources.map(&:id))
  end
end

.command_options_for_list(c) ⇒ Object

# File 'lib/conjur/command.rb', line 96

def command_options_for_list(c)
  return if c.flags.member?(:role) # avoid duplicate flags
  c.desc "Role to act as. By default, the current logged-in role is used."
  c.arg_name 'ROLE'
  c.flag [:role]
    
  c.desc "Full-text search on resource id and annotation values" 
  c.flag [:s, :search]
  
  c.desc "Maximum number of records to return"
  c.flag [:l, :limit]
  
  c.desc "Offset to start from"
  c.flag [:o, :offset]
  
  c.desc "Show full object information"
  c.switch [:inspect]
  
  c.desc "Show annotations in 'raw' format"
  c.switch [:r, :"raw-annotations"]
end

.context_option(command) ⇒ Object

# File 'lib/conjur/command.rb', line 72

def context_option command
  command.desc "Load context from this config file, and save it when finished. The file permissions will be 0600 by default."
  command.arg_name "FILE"
  command.flag [:c, :context]
end

.current_user ⇒ Object

# File 'lib/conjur/command.rb', line 57

def current_user
  username = api.username
  kind, id = username.split('/')
  unless kind && id
    id = kind
    kind = 'user'
  end
  api.send(kind, username)
end

.display(obj, options = {}) ⇒ Object

# File 'lib/conjur/command.rb', line 164

def display(obj, options = {})
  str = if obj.respond_to?(:attributes)
    JSON.pretty_generate obj.attributes
  elsif obj.respond_to?(:id)
    obj.id
  else
    begin
      JSON.pretty_generate(obj)
    rescue JSON::GeneratorError
      obj.to_json
    end
  end
  puts str
end

.display_members(members, options) ⇒ Object

# File 'lib/conjur/command.rb', line 149

def display_members(members, options)
  result = if options[:V]
    members.collect {|member|
      {
        role: member.role.id,
        member: member.member.id,
        admin_option: member.admin_option
      }
    }
  else
    members.map(&:member).map(&:id)
  end
  display result
end

.has_admin?(role, other_role) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/conjur/command.rb', line 205

def has_admin?(role, other_role)
  return true if role.id == other_role.id
  memberships = role.memberships.map(&:id)
  other_role.members.any? { |m| memberships.member?(m.member.id) && m.admin_option }
rescue RestClient::Forbidden
  false
end

.hide_docs(command) ⇒ Object

Prevent a deprecated command from being displayed in the help output

# File 'lib/conjur/command.rb', line 68

def hide_docs(command)
  def command.nodoc; true end
end

.highline ⇒ Object

# File 'lib/conjur/command.rb', line 78

def highline
  require 'highline'
  @highline ||= HighLine.new($stdin,$stderr)
end

.integer?(v) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/conjur/command.rb', line 179

def integer? v
  Integer(v, 10) rescue false
end

.method_missing(*a, &b) ⇒ Object

# File 'lib/conjur/command.rb', line 32

def method_missing *a, &b
  Conjur::CLI.send *a, &b
end

.prompt_for_password ⇒ Object

# File 'lib/conjur/command.rb', line 183

def prompt_for_password
  require 'highline'
  # use stderr to allow output redirection, e.g.
  # conjur user:create -p username > user.json
  hl = HighLine.new($stdin, $stderr)
    
  password = hl.ask("Enter the password (it will not be echoed): "){ |q| q.echo = false }
  if password.blank?
    if hl.agree "No password (y/n)?"
      return nil
    else
      return prompt_for_password
    end
  end

  confirmation = hl.ask("Confirm the password: "){ |q| q.echo = false }
  
  raise "Password does not match confirmation" unless password == confirmation
  
  password
end

.read_till_eof(prompt = nil) ⇒ Object

# File 'lib/conjur/command.rb', line 83

def read_till_eof(prompt = nil)
  highline.say(prompt) if prompt
  [].tap do |lines|
    loop do
      begin
        lines << highline.ask('')
      rescue EOFError
        break
      end
    end
  end.join("\n")
end

.require_arg(args, name) ⇒ Object

# File 'lib/conjur/command.rb', line 41

def require_arg(args, name)
  args.shift or raise "Missing parameter: #{name}"
end

.validate_privileges(message, &block) ⇒ Object

# File 'lib/conjur/command.rb', line 140

def validate_privileges message, &block
  valid = begin
    yield
  rescue RestClient::Forbidden
    false
  end
  exit_now! message unless valid
end