lib/conjur/command/users.rb in conjur-cli-4.24.0 vs lib/conjur/command/users.rb in conjur-cli-4.25.0

@@ -33,24 +33,58 @@
       c.desc "UID number to be associated with user (optional)"
       c.flag [:uidnumber]
 
       acting_as_option(c)
 
+      interactive_option c
+
       c.action do |global_options,options,args|
-        login = require_arg(args, 'login')
+        login = args.shift
 
-        opts = options.slice(:ownerid, :uidnumber)
-        if opts[:uidnumber] 
-          raise "uidnumber should be integer" unless /\d+/ =~ opts[:uidnumber]
-          opts[:uidnumber] = opts[:uidnumber].to_i
-        end
+        interactive = options[:interactive] || login.blank?
 
-        if options[:p]
-          opts[:password] = prompt_for_password
+        groupid = options[:ownerid]
+        uidnumber = options[:uidnumber]
+        password = nil
+        exit_now! "uidnumber should be integer" unless uidnumber.blank? || /\d+/ =~ uidnumber
+          
+        if interactive
+          login ||= prompt_for_id :user, "login name"
+          
+          groupid ||= prompt_for_group hint: "press enter to have the user own their own record"
+          uidnumber ||= prompt_for_uidnumber
+          password = prompt_for_password unless options[:"no-password"]
+          
+          attributes = {
+            "Login"    => login,
+            "Owner" => groupid,
+            "UID Number"  => uidnumber
+          }
+          attributes["Password"] = "********" unless password.blank?
+          prompt_to_confirm :user, attributes
         end
         
-        display api.create_user(login, opts)
+        if options[:p] && password.blank?
+          password = prompt_for_password
+        end
+        
+        user_options = { }
+        user_options[:ownerid] = groupid if groupid
+        user_options[:uidnumber] = uidnumber.to_i if uidnumber
+        user_options[:password] = password if password
+        user = api.create_user(login, user_options)
+
+        puts "User created"
+        display user
+        
+        if interactive
+          public_key = prompt_for_public_key
+          if public_key
+            api.add_public_key user.login, public_key
+            puts "Public key added"
+          end
+        end
       end
     end
 
     user.desc "Show a user"
     user.arg_name "id"
@@ -62,21 +96,23 @@
     end
 
     user.desc "Decommission a user"
     user.arg_name "id"
     user.command :retire do |c|
+      retire_options c
+
       c.action do |global_options,options,args|
         id = require_arg(args, 'id')
         
         user = api.user(id)
         
+        validate_retire_privileges user, options
+
         retire_resource user
         retire_role user
+        give_away_resource user, options
         
-        puts "Giving ownership to 'attic'"
-        user.resource.give_to api.user('attic')
-        
         puts "User retired"
       end
     end
 
     user.desc "List users"
@@ -123,9 +159,11 @@
         raise "Uidnumber should be integer" unless /\d+/ =~ uidnumber
         uidnumber=uidnumber.to_i
         display api.find_users(uidnumber: uidnumber)
       end
     end
-
   end
-
+    
+  def self.prompt_for_uidnumber
+    prompt_for_idnumber "uid number"
+  end
 end