resources.rb in conjur-cli-4.1.0

- old
+ new

@@ -1,21 +1,40 @@
+#
+# Copyright (C) 2013 Conjur Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
 require 'conjur/authn'
 require 'conjur/resource'
 require 'conjur/command'
 
 class Conjur::Command::Resources < Conjur::Command
   self.prefix = :resource
-  
+
   desc "Create a new resource"
-  arg_name "kind resource-id"
+  arg_name "resource-id"
   command :create do |c|
     acting_as_option(c)
     
     c.action do |global_options,options,args|
-      kind = require_arg(args, "kind")
-      id = require_arg(args, "resource-id")
-      resource = api.resource([ conjur_account, kind, id ].join(':'))
+      id = full_resource_id( require_arg(args, "resource-id") )
+      resource = api.resource(id)
 
       if ownerid = options.delete(:ownerid)
         options[:acting_as] = ownerid
       end
 
@@ -23,52 +42,47 @@
       display resource.attributes
     end
   end
   
   desc "Show a resource"
-  arg_name "kind resource-id"
+  arg_name "resource-id"
   command :show do |c|
     c.action do |global_options,options,args|
-      kind = require_arg(args, "kind")
-      id = require_arg(args, "resource-id")
-      display api.resource([ conjur_account, kind, id ].join(':')).attributes
+      id = full_resource_id( require_arg(args, "resource-id") )
+      display api.resource(id).attributes
     end
   end
   
   desc "Determines whether a resource exists"
-  arg_name "kind resource-id"
+  arg_name "resource-id"
   command :exists do |c|
     c.action do |global_options,options,args|
-      kind = require_arg(args, "kind")
-      id = require_arg(args, "resource-id")
-      resource = api.resource([ conjur_account, kind, id ].join(':'))
-      puts resource.exists?
+      id = full_resource_id( require_arg(args, "resource-id") )
+      puts api.resource(id).exists?
     end
   end
 
-  desc "Grant a privilege on a resource"
-  arg_name "kind resource-id role privilege"
+  desc "Give a privilege on a resource"
+  arg_name "resource-id role privilege"
   command :permit do |c|
     c.action do |global_options,options,args|
-      kind = require_arg(args, "kind")
-      id = require_arg(args, "resource-id")
+      id = full_resource_id( require_arg(args, "resource-id") )
       role = require_arg(args, "role")
       privilege = require_arg(args, "privilege")
-      api.resource([ conjur_account, kind, id ].join(':')).permit privilege, role
+      api.resource(id).permit privilege, role
       puts "Permission granted"
     end
   end
 
-  desc "Revoke a privilege on a resource"
-  arg_name "kind resource-id role privilege"
+  desc "Deny a privilege on a resource"
+  arg_name "resource-id role privilege"
   command :deny do |c|
     c.action do |global_options,options,args|
-      kind = require_arg(args, "kind")
-      id = require_arg(args, "resource-id")
+      id = full_resource_id( require_arg(args, "resource-id") )
       role = require_arg(args, "role")
       privilege = require_arg(args, "privilege")
-      api.resource([ conjur_account, kind, id ].join(':')).deny privilege, role
+      api.resource(id).deny privilege, role
       puts "Permission revoked"
     end
   end
 
   desc "Check for a privilege on a resource"
@@ -76,46 +90,43 @@
   By default, the privilege is checked for the logged-in user.
   Permission checks may be performed for other roles using the optional role argument.
   When the role argument is used, either the logged-in user must either own the specified
   resource or be an admin of the specified role (i.e. be granted the specified role with grant option).
   """
-  arg_name "kind resource-id privilege"
+  arg_name "resource-id privilege"
   command :check do |c|
     c.desc "Role to check. By default, the current logged-in role is used"
     c.flag [:r,:role]
 
     c.action do |global_options,options,args|
-      kind = args.shift or raise "Missing parameter: resource-kind"
-      resource_id = args.shift or raise "Missing parameter: resource-id"
+      id = full_resource_id( require_arg(args, "resource-id") )
       privilege = args.shift or raise "Missing parameter: privilege"
       if role = options[:role]
         role = api.role(role)
-        puts role.permitted? kind, resource_id, privilege
+        puts role.permitted? id, privilege
       else
-        puts api.resource([ conjur_account, kind, resource_id ].join(':')).permitted? privilege
+        puts api.resource(id).permitted? privilege
       end
     end
   end
 
   desc "Grant ownership on a resource to a new owner"
-  arg_name "kind resource-id owner"
+  arg_name "resource-id owner"
   command :give do |c|
     c.action do |global_options,options,args|
-      kind = require_arg(args, "kind")
-      id = require_arg(args, "resource-id")
+      id = full_resource_id( require_arg(args, "resource-id") )
       owner = require_arg(args, "owner")
-      api.resource([ conjur_account, kind, id ].join(':')).give_to owner
+      api.resource(id).give_to owner
       puts "Ownership granted"
     end
   end
 
-  desc "List roles with a specified permission on a resource"
-  arg_name "kind resource-id permission"
+  desc "List roles with a specified permission on the resource"
+  arg_name "resource-id permission"
   command :permitted_roles do |c|
     c.action do |global_options,options,args|
-      kind = require_arg(args, "kind")
-      id = require_arg(args, "resource-id")
+      id = full_resource_id( require_arg(args, "resource-id") )
       permission = require_arg(args, "permission")
-      display api.resource([ conjur_account, kind, id ].join(':')).permitted_roles(permission)
+      display api.resource(id).permitted_roles(permission)
     end
   end
-end
+end
\ No newline at end of file