def _add_hostfactory_revoke_token(menu: ArgparseWrapper):
hostfactory_revoke_token_name = 'token - Revoke a Host Factory token ' \
'and disable it immediately'
hostfactory_revoke_token_usage = 'conjur [global options] hostfactory ' \
'revoke token [options] [args]'
subcommand = menu \
.add_parser(name="token",
help='Revoke a Host Factory token and disable it immediately',
description=command_description(
hostfactory_revoke_token_name, hostfactory_revoke_token_usage),
epilog=command_epilog(
'conjur hostfactory revoke token '
'--token "1bcarsc2bqvsxt6cnd74xem8yf15gtma71vp23y315n0z201"'
'\t\t'
'Revoke a Host Factory token and disable it immediately\t\t',
command='token'
),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
# Options
options = subcommand.add_argument_group(
title=title_formatter("Options"))
options.add_argument('-action_type', default='revoke_token', help=argparse.SUPPRESS)
options.add_argument('-t', '--token', metavar='VALUE', required=True,
help='(Mandatory) Host Factory token to revoke')
options.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
def _create_login_parser(self):
login_name = 'login - Log in to Conjur server'
login_usage = 'conjur [global options] login [options] [args]'
login_subparser = self.resource_subparsers \
.add_parser('login',
help='Log in to Conjur server',
description=command_description(login_name,
login_usage),
epilog=command_epilog('conjur login \t\t\t\t\t'
'Prompts for the login name and '
'password to log in to Conjur server\n'
' conjur login -i admin \t\t\t\t'
'Prompts for password of the admin user '
'to log in to Conjur server\n'
' conjur login -i admin -p Myp@SSw0rds!\t\t'
"Logs the admin user in to Conjur server and "
"saves the login name and password in either "
"the system's credential store or netrc\n"
" conjur login -i cucumber/host/myapp"
" -p <API_Key>\t"
"Logs the myapp host in to Conjur server"),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
return login_subparser
def _create_list_parser(self):
list_name = 'list - List resources or information about resources within an' \
' organization\'s account'
list_usage = 'conjur [global options] list [options] [args]'
list_subparser = self.resource_subparsers \
.add_parser('list',
help='List all available resources belonging to this account',
description=command_description(list_name,
list_usage),
epilog=command_epilog(
'conjur list --kind=variable\t\t\t\t\t\t'
'Filters list by variable\n'
' conjur list --limit=20\t\t\t\t\t\t'
'Lists first 20 resources\n'
' conjur list --offset=4\t\t\t\t\t\t'
'Skips the first 4 resources in the list and displays all the rest\n'
' conjur list --role=myorg:user:superuser\t\t\t\t'
'Shows resources that superuser is entitled to see\n'
' conjur list --search=superuser\t\t\t\t\t'
'Searches for resources with superuser\n'
' conjur list --members-of group:\'aws-apps\'\t\t\t\t'
'Returns all direct members of the \'aws-apps\' group\n'
' conjur list'
' --permitted-roles \'azure-secret\' --privileges execute\t'
'Returns the roles that have the \'execute\' privilege on the '
'\'azure-secret\' resource. Note: If more than one resource in Conjur '
'uses the same ID, you must specify full resource identifier\n'
),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
return list_subparser
def _add_hostfactory_revoke(hostfactory_subparser: ArgparseWrapper):
hostfactory_revoke_name = 'revoke - Revoke a Host Factory token and disable it immediately'
hostfactory_revoke_usage = 'conjur [global options] hostfactory ' \
'revoke <subcommand> [options] [args]'
create_cmd = hostfactory_subparser \
.add_parser(name="revoke",
help='Revoke a Host Factory token and disable it immediately',
description=command_description(
hostfactory_revoke_name, hostfactory_revoke_usage),
epilog=command_epilog(
'conjur hostfactory revoke token '
'--token "1bcarsc2bqvsxt6cnd74xem8yf15gtma71vp23y315n0z201"'
'\t\t\t '
'Revoke a Host Factory token and disable it immediately.',
command='revoke',
subcommands=['token']
),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
hostfactory_revoke_subcommand = create_cmd.add_subparsers(title="Subcommand", dest='action')
hostfactory_revoke_options = create_cmd.add_argument_group(
title=title_formatter("Options"))
hostfactory_revoke_options.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
return hostfactory_revoke_subcommand
def _add_change_password(sub_parser: ArgparseWrapper):
user_change_password_name = 'change-password - Change the password for the logged-in user'
user_change_password_usage = 'conjur [global options] user change-password [options] [args]'
user_change_password = sub_parser \
.add_parser('change-password',
help='Change the password for the logged-in user',
description=command_description(
user_change_password_name, user_change_password_usage),
epilog=command_epilog('conjur user change-password\t\t\t'
'Prompts for a new password for the logged-in user\n'
' conjur user change-password -p Myp@SSw0rds!\t'
'Changes the password for the '
'logged-in user to Myp@SSw0rds!'),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
user_change_password_options = user_change_password.add_argument_group(
title=title_formatter("Options"))
user_change_password_options.add_argument(
'-p',
'--password',
metavar='VALUE',
help='Provide the new password '
'for the logged-in user')
user_change_password_options.add_argument(
'-h', '--help', action='help', help='Display help screen and exit')
def _add_hostfactory_create(hostfactory_subparser: ArgparseWrapper):
hostfactory_create_name = 'create - Generate Host Factory token for creating hosts ' \
'with restrictions or create a host using the Host Factory'
hostfactory_create_usage = 'conjur [global options] hostfactory ' \
'create <subcommand> [options] [args]'
create_cmd = hostfactory_subparser \
.add_parser(name="create",
help='Generate a Host Factory token for creating hosts,' \
'or create a host using a Host Factory token',
description=command_description(
hostfactory_create_name, hostfactory_create_usage),
epilog=command_epilog(
'conjur hostfactory create token --hostfactoryid my_factory '
'--cidr 10.10.1.2/31 '
'--duration-days 2\t\t\t '
'Generate a Host Factory token '
'for creating hosts with restrictions\t\t'
'\nconjur hostfactory create host --id brand-new-token '
'--token 82cv6kk040axyffzvmscpf129k81yq1bzkey3gcgfvjc00pfy41h\t\t\t '
'Create creates a Host using the HostFactory\t\t',
command='create',
subcommands=['token', 'host']
),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
hostfactory_create_subcommand = create_cmd.add_subparsers(title="Subcommand", dest='action')
hostfactory_create_options = create_cmd.add_argument_group(
title=title_formatter("Options"))
hostfactory_create_options.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
return hostfactory_create_subcommand
def _add_hostfactory_create_host(menu: ArgparseWrapper):
name = 'host - Create host using Host Factory'
usage = 'conjur [global options] hostfactory ' \
'create host [options] [args]'
hostfactory_create_subcommand_parser = menu \
.add_parser(name="host",
help='Create host using Host Factory',
description=command_description(
name, usage),
epilog=command_epilog(
'conjur hostfactory create host --id brand-new-host '
'--token 82cv6kk040axyffzvmscpf129k81yq1bzkey3gcgfvjc00pfy41h\t\t '
'Create host using Host Factory\t\t',
command='host',
),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
# Options
create_host = hostfactory_create_subcommand_parser.add_argument_group(
title=title_formatter("Options"))
# hidden argument to be used to distinguish this action
create_host.add_argument('-action_type', default='create_host', help=argparse.SUPPRESS)
create_host.add_argument('-i', '--id', metavar='VALUE', required=True,
help='(Mandatory) Identifier of host to be created '
'It will be created within '
'the account of the Host Factory.')
create_host.add_argument('-t', '--token', metavar='VALUE', required=True,
help='(Mandatory) A Host Factory token must be provided.')
create_host.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
def _add_rotate_api_parser(sub_parser: ArgparseWrapper):
user_rotate_api_key_name = 'rotate-api-key - Rotate a user’s API key'
user_rotate_api_key_usage = 'conjur [global options] user rotate-api-key [options] [args]'
user_rotate_api_key_parser = sub_parser \
.add_parser('rotate-api-key',
help='Rotate a resource\'s API key',
description=command_description(
user_rotate_api_key_name,
user_rotate_api_key_usage),
epilog=command_epilog(
'conjur user rotate-api-key\t\t\t'
'Rotates logged-in user\'s API key\n'
' conjur user rotate-api-key -i joe\t\t'
'Rotates the API key for user joe\n'),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
user_rotate_api_key_options = user_rotate_api_key_parser.add_argument_group(
title=title_formatter("Options"))
user_rotate_api_key_options.add_argument(
'-i',
'--id',
help='Provide the identifier of the user for whom '
'you want to rotate the API key '
'(Default: logged-in user)')
user_rotate_api_key_options.add_argument(
'-h', '--help', action='help', help='Display help screen and exit')
def _create_user_parser(self):
user_name = 'user - Manage users'
user_usage = 'conjur [global options] user <subcommand> [options] [args]'
user_subparser = self.resource_subparsers \
.add_parser('user',
help='Manage users',
description=command_description(user_name,
user_usage),
epilog=command_epilog(
'conjur user rotate-api-key\t\t\t'
'Rotates logged-in user\'s API key\n'
' conjur user rotate-api-key -i joe\t\t'
'Rotates the API key for user joe\n'
' conjur user change-password\t\t\t'
'Prompts for password change for the logged-in user\n'
' conjur user change-password -p Myp@SSw0rds!\t'
'Changes the password for the logged-in user to Myp@SSw0rds!',
command='user',
subcommands=['rotate-api-key',
'change-password']),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
return user_subparser
def _create_logout_parser(self):
logout_name = 'logout - Log out and delete local cache'
logout_usage = 'conjur [global options] logout [options]'
logout_subparser = self.resource_subparsers \
.add_parser('logout',
help='Log out from Conjur server and clear local cache',
description=command_description(logout_name,
logout_usage),
epilog=command_epilog('conjur logout\t'
'Logs out the user from the Conjur'
' server and deletes the local '
'cache (netrc file)'),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
return logout_subparser
def _add_hostfactory_create_token(menu: ArgparseWrapper):
hostfactory_create_token_name = 'token - Generate a Host Factory token ' \
'for creating hosts with restrictions'
hostfactory_create_token_usage = 'conjur [global options] hostfactory ' \
'create token [options] [args]'
hostfactory_create_subcommand_parser = menu \
.add_parser(name="token",
help='Generate a Host Factory token for creating hosts with restrictions',
description=command_description(
hostfactory_create_token_name, hostfactory_create_token_usage),
epilog=command_epilog(
'conjur hostfactory create token --hostfactoryid my_factory '
'--cidr 10.10.1.2/31 '
'--duration-days 2\t\t '
'Generate a Host Factory token for creating hosts '
'with restrictions\t\t',
command='token',
),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
# Options
create_token = hostfactory_create_subcommand_parser.add_argument_group(
title=title_formatter("Options"))
create_token.add_argument('-action_type', default='create_token', help=argparse.SUPPRESS)
create_token.add_argument('-i', '--hostfactoryid', metavar='VALUE', required=True,
help='(Mandatory) Host Factory ID to work with')
create_token.add_argument('--cidr', metavar='VALUE',
help='(Optional) CIDR containing all' \
'IP addresses that can use Host Factory '
' token for creating hosts (for example ' \
'--cidr "10.0.10.0/24,'
'10.0.11.1/32,10.0.20.0/24")')
create_token.add_argument('-d', '--duration-days', metavar='VALUE', type=int,
help='(Optional) Validity (in days) '
'of Host Factory token.')
create_token.add_argument('-dh', '--duration-hours', metavar='VALUE', type=int,
help='(Optional) Validity (in hours) '
'of Host Factory token.')
create_token.add_argument('-m', '--duration-minutes', metavar='VALUE', type=int,
help='(Optional) Validity (in minutes) '
'of Host Factory token.')
create_token.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
def _create_init_parser(self):
init_name = 'init - Initialize Conjur configuration'
input_usage = 'conjur [global options] init [options] [args]'
init_subparser = self.resource_subparsers \
.add_parser('init',
help='Initialize Conjur configuration',
description=command_description(init_name,
input_usage),
epilog=command_epilog(
'conjur init -a my_org -u https://conjur\t'
'Initializes Conjur configuration and writes to file (.conjurrc)\n'
' conjur init -u https://conjur-server\t'
'Initializes Conjur configuration and writes to file (.conjurrc)\n'
),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
return init_subparser
def _create_hostfactory_parser(self):
hostfactory_name = 'hostfactory - Manage hosts and Host Factory tokens'
hostfactory_usage = 'conjur [global options] hostfactory <subcommand> [options] [args]'
hostfactory_parser = self.resource_subparsers \
.add_parser('hostfactory',
help='Allow creating hosts dynamically and managing Host Factory tokens',
description=command_description(hostfactory_name,
hostfactory_usage),
epilog=command_epilog(
'conjur hostfactory create token --hostfactoryid my_factory '
'--cidr 10.10.1.2/31 '
'--duration-days 2\t\t\t '
'Creates a token for creating hosts with restrictions\n',
command='hostfactory',
subcommands=['create']),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
return hostfactory_parser
def _add_policy_update(policy_subparsers: ArgparseWrapper):
policy_update_name = 'update - Update existing resources in policy or create new resources'
policy_update_usage = 'conjur [global options] policy update [options] [args]'
update_policy_parser = policy_subparsers \
.add_parser('update',
help='Update existing resources in policy or create new resources',
description=command_description(policy_update_name,
policy_update_usage),
epilog=command_epilog(
'conjur policy update -f /tmp/myPolicy.yml -b root\t'
'Updates existing resources in the policy '
'/tmp/myPolicy.yml under branch root\n'),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
update_options = update_policy_parser.add_argument_group(title=title_formatter("Options"))
update_options.add_argument('-f', '--file', required=True, metavar='VALUE',
help='Provide policy file name')
update_options.add_argument('-b', '--branch', required=True, metavar='VALUE',
help='Provide the policy branch name')
update_options.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
def _create_policy_parser(self):
policy_name = 'policy - Manage policies'
policy_usage = 'conjur [global options] policy <subcommand> [options] [args]'
policy_subparser = self.resource_subparsers \
.add_parser('policy',
help='Manage policies',
description=command_description(policy_name,
policy_usage),
epilog=command_epilog(
'conjur policy load -f /tmp/myPolicy.yml -b backend/dev\t'
'Creates and loads the policy myPolicy.yml under branch backend/dev\n'
' conjur policy replace -f /tmp/myPolicy.yml -b root\t\t'
'Replaces the existing policy myPolicy.yml under branch root\n'
' conjur policy update -f /tmp/myPolicy.yml -b root\t\t'
'Updates existing resources in the policy '
'/tmp/myPolicy.yml under branch root\n',
command='policy',
subcommands=['load', 'replace', 'update']),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
return policy_subparser
def _add_policy_replace(policy_subparsers: ArgparseWrapper):
policy_replace_name = 'replace - Fully replace an existing policy'
policy_replace_usage = 'conjur [global options] policy replace [options] [args]'
replace_policy_parser = policy_subparsers \
.add_parser('replace',
help='Fully replace an existing policy',
description=command_description(policy_replace_name,
policy_replace_usage),
epilog=command_epilog(
'conjur policy replace -f /tmp/myPolicy.yml -b root\t\t'
'Replaces the existing policy myPolicy.yml under branch root\n'),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
replace_options = replace_policy_parser.add_argument_group(title=title_formatter("Options"))
replace_options.add_argument('-f', '--file', required=True, metavar='VALUE',
help='Provide policy file name')
replace_options.add_argument('-b', '--branch', required=True, metavar='VALUE',
help='Provide the policy branch name')
replace_options.add_argument('-h', '--help', action='help',
help='Display help screen and exit')
def _add_policy_load(policy_subparsers: ArgparseWrapper):
policy_load_name = 'load - Load a policy and create resources'
policy_load_usage = 'conjur [global options] policy load [options] [args]'
load_policy_parser = policy_subparsers \
.add_parser('load',
help='Load a policy and create resources',
description=command_description(policy_load_name,
policy_load_usage),
epilog=command_epilog(
'conjur policy load -f /tmp/myPolicy.yml -b backend/dev\t'
'Creates and loads the policy myPolicy.yml under branch backend/dev\n'),
usage=argparse.SUPPRESS,
add_help=False,
formatter_class=formatter)
load_options = load_policy_parser.add_argument_group(title=title_formatter("Options"))
load_options.add_argument('-f', '--file', required=True, metavar='VALUE',
help='Provide policy file name')
load_options.add_argument('-b', '--branch', required=True, metavar='VALUE',
help='Provide the policy branch name')
load_options.add_argument('-h', '--help', action='help',
help='Display help screen and exit')