def _add_hostfactory_revoke_token(menu: ArgparseWrapper):
hostfactory_revoke_token_name = 'token - Revoke a Host Factory token ' \
'and disable it immediately'
hostfactory_revoke_token_usage = 'conjur [global options] hostfactory ' \
'revoke token [options] [args]'
subcommand = menu \
.add_parser(name="token",
help='Revoke a Host Factory token and disable it immediately',
description=command_description(
hostfactory_revoke_token_name, hostfactory_revoke_token_usage),
epilog=command_epilog(
'conjur hostfactory revoke token '
'--token "1bcarsc2bqvsxt6cnd74xem8yf15gtma71vp23y315n0z201"'
'\t\t'
'Revoke a Host Factory token and disable it immediately\t\t',
command='token'
),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
# Options
options = subcommand.add_argument_group(
title=title_formatter("Options"))
options.add_argument('-action_type', default='revoke_token', help=argparse.SUPPRESS)
options.add_argument('-t', '--token', metavar='VALUE', required=True,
help='(Mandatory) Host Factory token to revoke')
options.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
def _add_change_password(sub_parser: ArgparseWrapper):
user_change_password_name = 'change-password - Change the password for the logged-in user'
user_change_password_usage = 'conjur [global options] user change-password [options] [args]'
user_change_password = sub_parser \
.add_parser('change-password',
help='Change the password for the logged-in user',
description=command_description(
user_change_password_name, user_change_password_usage),
epilog=command_epilog('conjur user change-password\t\t\t'
'Prompts for a new password for the logged-in user\n'
' conjur user change-password -p Myp@SSw0rds!\t'
'Changes the password for the '
'logged-in user to Myp@SSw0rds!'),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
user_change_password_options = user_change_password.add_argument_group(
title=title_formatter("Options"))
user_change_password_options.add_argument(
'-p',
'--password',
metavar='VALUE',
help='Provide the new password '
'for the logged-in user')
user_change_password_options.add_argument(
'-h', '--help', action='help', help='Display help screen and exit')
def _add_hostfactory_create(hostfactory_subparser: ArgparseWrapper):
hostfactory_create_name = 'create - Generate Host Factory token for creating hosts ' \
'with restrictions or create a host using the Host Factory'
hostfactory_create_usage = 'conjur [global options] hostfactory ' \
'create <subcommand> [options] [args]'
create_cmd = hostfactory_subparser \
.add_parser(name="create",
help='Generate a Host Factory token for creating hosts,' \
'or create a host using a Host Factory token',
description=command_description(
hostfactory_create_name, hostfactory_create_usage),
epilog=command_epilog(
'conjur hostfactory create token --hostfactoryid my_factory '
'--cidr 10.10.1.2/31 '
'--duration-days 2\t\t\t '
'Generate a Host Factory token '
'for creating hosts with restrictions\t\t'
'\nconjur hostfactory create host --id brand-new-token '
'--token 82cv6kk040axyffzvmscpf129k81yq1bzkey3gcgfvjc00pfy41h\t\t\t '
'Create creates a Host using the HostFactory\t\t',
command='create',
subcommands=['token', 'host']
),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
hostfactory_create_subcommand = create_cmd.add_subparsers(title="Subcommand", dest='action')
hostfactory_create_options = create_cmd.add_argument_group(
title=title_formatter("Options"))
hostfactory_create_options.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
return hostfactory_create_subcommand
def _add_hostfactory_revoke(hostfactory_subparser: ArgparseWrapper):
hostfactory_revoke_name = 'revoke - Revoke a Host Factory token and disable it immediately'
hostfactory_revoke_usage = 'conjur [global options] hostfactory ' \
'revoke <subcommand> [options] [args]'
create_cmd = hostfactory_subparser \
.add_parser(name="revoke",
help='Revoke a Host Factory token and disable it immediately',
description=command_description(
hostfactory_revoke_name, hostfactory_revoke_usage),
epilog=command_epilog(
'conjur hostfactory revoke token '
'--token "1bcarsc2bqvsxt6cnd74xem8yf15gtma71vp23y315n0z201"'
'\t\t\t '
'Revoke a Host Factory token and disable it immediately.',
command='revoke',
subcommands=['token']
),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
hostfactory_revoke_subcommand = create_cmd.add_subparsers(title="Subcommand", dest='action')
hostfactory_revoke_options = create_cmd.add_argument_group(
title=title_formatter("Options"))
hostfactory_revoke_options.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
return hostfactory_revoke_subcommand
def _add_rotate_api_parser(sub_parser: ArgparseWrapper):
user_rotate_api_key_name = 'rotate-api-key - Rotate a user’s API key'
user_rotate_api_key_usage = 'conjur [global options] user rotate-api-key [options] [args]'
user_rotate_api_key_parser = sub_parser \
.add_parser('rotate-api-key',
help='Rotate a resource\'s API key',
description=command_description(
user_rotate_api_key_name,
user_rotate_api_key_usage),
epilog=command_epilog(
'conjur user rotate-api-key\t\t\t'
'Rotates logged-in user\'s API key\n'
' conjur user rotate-api-key -i joe\t\t'
'Rotates the API key for user joe\n'),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
user_rotate_api_key_options = user_rotate_api_key_parser.add_argument_group(
title=title_formatter("Options"))
user_rotate_api_key_options.add_argument(
'-i',
'--id',
help='Provide the identifier of the user for whom '
'you want to rotate the API key '
'(Default: logged-in user)')
user_rotate_api_key_options.add_argument(
'-h', '--help', action='help', help='Display help screen and exit')
def _add_user_options(sub_parser: ArgparseWrapper):
user_options = sub_parser.add_argument_group(
title=title_formatter("Options"))
user_options.add_argument('-h',
'--help',
action='help',
help='Display help screen and exit')
def _add_logout_options(logout_subparser: ArgparseWrapper):
logout_options = logout_subparser.add_argument_group(
title=title_formatter("Options"))
logout_options.add_argument('-h',
'--help',
action='help',
help='Display help screen and exit')
def _add_hostfactory_create_host(menu: ArgparseWrapper):
name = 'host - Create host using Host Factory'
usage = 'conjur [global options] hostfactory ' \
'create host [options] [args]'
hostfactory_create_subcommand_parser = menu \
.add_parser(name="host",
help='Create host using Host Factory',
description=command_description(
name, usage),
epilog=command_epilog(
'conjur hostfactory create host --id brand-new-host '
'--token 82cv6kk040axyffzvmscpf129k81yq1bzkey3gcgfvjc00pfy41h\t\t '
'Create host using Host Factory\t\t',
command='host',
),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
# Options
create_host = hostfactory_create_subcommand_parser.add_argument_group(
title=title_formatter("Options"))
# hidden argument to be used to distinguish this action
create_host.add_argument('-action_type', default='create_host', help=argparse.SUPPRESS)
create_host.add_argument('-i', '--id', metavar='VALUE', required=True,
help='(Mandatory) Identifier of host to be created '
'It will be created within '
'the account of the Host Factory.')
create_host.add_argument('-t', '--token', metavar='VALUE', required=True,
help='(Mandatory) A Host Factory token must be provided.')
create_host.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
def add_user_parser(self):
"""
Method adds user parser functionality to parser
"""
user_subparser = self._create_user_parser()
user_subparsers = user_subparser.add_subparsers(
dest='action', title=title_formatter("Subcommands"))
self._add_rotate_api_parser(user_subparsers)
self._add_change_password(user_subparsers)
self._add_user_options(user_subparser)
return self
def __init__(self):
"""
Method that init the Builder resources
"""
self.parser = ArgparseWrapper(description=header(
'conjur [global options] <command> <subcommand> [options] [args]'),
epilog=main_epilog(),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
self.resource_subparsers = self.parser.add_subparsers(
dest='resource', title=title_formatter("Commands"))
def add_policy_parser(self):
"""
Method adds policy parser functionality to parser
"""
policy_subparser = self._create_policy_parser()
policy_subparsers = policy_subparser.add_subparsers(dest='action',
title=title_formatter("Subcommands"))
self._add_policy_load(policy_subparsers)
self._add_policy_replace(policy_subparsers)
self._add_policy_update(policy_subparsers)
self._add_policy_options(policy_subparser)
return self
def _add_hostfactory_create_token(menu: ArgparseWrapper):
hostfactory_create_token_name = 'token - Generate a Host Factory token ' \
'for creating hosts with restrictions'
hostfactory_create_token_usage = 'conjur [global options] hostfactory ' \
'create token [options] [args]'
hostfactory_create_subcommand_parser = menu \
.add_parser(name="token",
help='Generate a Host Factory token for creating hosts with restrictions',
description=command_description(
hostfactory_create_token_name, hostfactory_create_token_usage),
epilog=command_epilog(
'conjur hostfactory create token --hostfactoryid my_factory '
'--cidr 10.10.1.2/31 '
'--duration-days 2\t\t '
'Generate a Host Factory token for creating hosts '
'with restrictions\t\t',
command='token',
),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
# Options
create_token = hostfactory_create_subcommand_parser.add_argument_group(
title=title_formatter("Options"))
create_token.add_argument('-action_type', default='create_token', help=argparse.SUPPRESS)
create_token.add_argument('-i', '--hostfactoryid', metavar='VALUE', required=True,
help='(Mandatory) Host Factory ID to work with')
create_token.add_argument('--cidr', metavar='VALUE',
help='(Optional) CIDR containing all' \
'IP addresses that can use Host Factory '
' token for creating hosts (for example ' \
'--cidr "10.0.10.0/24,'
'10.0.11.1/32,10.0.20.0/24")')
create_token.add_argument('-d', '--duration-days', metavar='VALUE', type=int,
help='(Optional) Validity (in days) '
'of Host Factory token.')
create_token.add_argument('-dh', '--duration-hours', metavar='VALUE', type=int,
help='(Optional) Validity (in hours) '
'of Host Factory token.')
create_token.add_argument('-m', '--duration-minutes', metavar='VALUE', type=int,
help='(Optional) Validity (in minutes) '
'of Host Factory token.')
create_token.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
def _add_init_options(sub_parser: ArgparseWrapper):
init_options = sub_parser.add_argument_group(
title=title_formatter("Options"))
init_options.add_argument('-u',
'--url',
metavar='VALUE',
action='store',
dest='url',
help='Provide URL of Conjur server')
init_options.add_argument('-a',
'--account',
metavar='VALUE',
action='store',
dest='name',
help='Provide Conjur account name. '
'Optional for Conjur Enterprise - overrides '
'the value on the Conjur Enterprise server')
init_options.add_argument(
'-c',
'--ca-cert',
metavar='VALUE',
action='store',
dest='certificate',
help='Optional- use this option to provide Conjur server RootCA '
'to the cli in case it is not already trusted by this machine')
init_options.add_argument(
'-s',
'--self-signed',
action='store_true',
dest='is_self_signed',
help=
'Optional- state if you want to work with self-signed certificate')
init_options.add_argument(
'--force',
action='store_true',
dest='force',
help='Optional- force overwrite of existing files')
init_options.add_argument('-h',
'--help',
action='help',
help='Display help screen and exit')
def _add_login_options(login_subparser: ArgparseWrapper):
login_options = login_subparser.add_argument_group(
title=title_formatter("Options"))
login_options.add_argument(
'-i',
'--id',
metavar='VALUE',
action='store',
dest='identifier',
help='Provide a login name to log into Conjur server')
login_options.add_argument('-p',
'--password',
metavar='VALUE',
action='store',
dest='password',
help='Provide a password or API key for '
'the specified login name')
login_options.add_argument('-h',
'--help',
action='help',
help='Display help screen and exit')
def _add_policy_load(policy_subparsers: ArgparseWrapper):
policy_load_name = 'load - Load a policy and create resources'
policy_load_usage = 'conjur [global options] policy load [options] [args]'
load_policy_parser = policy_subparsers \
.add_parser('load',
help='Load a policy and create resources',
description=command_description(policy_load_name,
policy_load_usage),
epilog=command_epilog(
'conjur policy load -f /tmp/myPolicy.yml -b backend/dev\t'
'Creates and loads the policy myPolicy.yml under branch backend/dev\n'),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
load_options = load_policy_parser.add_argument_group(title=title_formatter("Options"))
load_options.add_argument('-f', '--file', required=True, metavar='VALUE',
help='Provide policy file name')
load_options.add_argument('-b', '--branch', required=True, metavar='VALUE',
help='Provide the policy branch name')
load_options.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
def _add_policy_update(policy_subparsers: ArgparseWrapper):
policy_update_name = 'update - Update existing resources in policy or create new resources'
policy_update_usage = 'conjur [global options] policy update [options] [args]'
update_policy_parser = policy_subparsers \
.add_parser('update',
help='Update existing resources in policy or create new resources',
description=command_description(policy_update_name,
policy_update_usage),
epilog=command_epilog(
'conjur policy update -f /tmp/myPolicy.yml -b root\t'
'Updates existing resources in the policy '
'/tmp/myPolicy.yml under branch root\n'),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
update_options = update_policy_parser.add_argument_group(title=title_formatter("Options"))
update_options.add_argument('-f', '--file', required=True, metavar='VALUE',
help='Provide policy file name')
update_options.add_argument('-b', '--branch', required=True, metavar='VALUE',
help='Provide the policy branch name')
update_options.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
def _add_policy_replace(policy_subparsers: ArgparseWrapper):
policy_replace_name = 'replace - Fully replace an existing policy'
policy_replace_usage = 'conjur [global options] policy replace [options] [args]'
replace_policy_parser = policy_subparsers \
.add_parser('replace',
help='Fully replace an existing policy',
description=command_description(policy_replace_name,
policy_replace_usage),
epilog=command_epilog(
'conjur policy replace -f /tmp/myPolicy.yml -b root\t\t'
'Replaces the existing policy myPolicy.yml under branch root\n'),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
replace_options = replace_policy_parser.add_argument_group(title=title_formatter("Options"))
replace_options.add_argument('-f', '--file', required=True, metavar='VALUE',
help='Provide policy file name')
replace_options.add_argument('-b', '--branch', required=True, metavar='VALUE',
help='Provide the policy branch name')
replace_options.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
def _add_list_options(list_subparser: ArgparseWrapper):
list_options = list_subparser.add_argument_group(
title=title_formatter("Options"))
list_options.add_argument(
'-i',
'--inspect',
action='store_true',
dest='inspect',
help='Optional- list the metadata for resources')
list_options.add_argument(
'-k',
'--kind',
action='store',
metavar='VALUE',
dest='kind',
help='Optional- filter resources by specified kind '
'(user | host | layer | group '
'| policy | variable | webservice)')
list_options.add_argument(
'-l',
'--limit',
action='store',
metavar='VALUE',
dest='limit',
help='Optional- limit list of resources to specified number')
list_options.add_argument(
'-o',
'--offset',
action='store',
metavar='VALUE',
dest='offset',
help='Optional- skip specified number of resources')
list_options.add_argument(
'-r',
'--role',
action='store',
metavar='VALUE',
dest='role',
help='Optional- retrieve list of resources that specified role '
'is entitled to see (VALUE must include resource\'s full '
'identifier. See example below)')
list_options.add_argument(
'-s',
'--search',
action='store',
metavar='VALUE',
dest='search',
help='Optional- search for resources based on specified query')
list_options.add_argument(
'-m',
'--members-of',
action='store',
metavar='VALUE',
dest='members_of',
help='Optional - retrieve list of direct members of a specified '
'group/layer. Note: If more than one resource in Conjur uses'
' the same ID, VALUE must specify full resource identifier')
list_options.add_argument(
'-pr',
'--permitted-roles',
action='store',
metavar='VALUE',
dest='permitted_roles_identifier',
help='Optional - retrieve roles that have the specified '
'privilege on the resource. Use \'--privilege\' option to '
'specify privilege. Note: If more than one resource in '
'Conjur uses the same ID, specify full resource identifier')
list_options.add_argument(
'-p',
'--privilege',
action='store',
metavar='VALUE',
dest='privilege',
help='Use together with \'--permitted-roles\' option - specify '
'the privilege you are querying')
list_options.add_argument('-h',
'--help',
action='help',
help='Display help screen and exit')
def _add_whoami_options(whoami_subparser: ArgparseWrapper):
whoami_options = whoami_subparser.add_argument_group(title=title_formatter("Options"))
whoami_options.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
def _add_policy_options(policy_subparser: ArgparseWrapper):
policy_options = policy_subparser.add_argument_group(title=title_formatter("Options"))
policy_options.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
def _add_hostfactory_options(parser: ArgparseWrapper):
options = parser.add_argument_group(title=title_formatter("Options"))
options.add_argument('-h', '--help', action='help',
help='Display help screen and exit')