cyberark-conjur-cli-docker-based
cyberark-conjur-cli-docker-based copied to clipboard
cyberark
Allow supplying a policy name in `conjur env`
When working on the docker image I came across the problem of using the correct policy. The policy name is passed as $CONJUR_POLICY to the container, but to apply it I have to sed the env file.
How about adding a --prefix argument to conjur env? I imagine this would add the given prefix to variable names; perhaps just some, ie.
foo: !var /foo # -> policy/foo
bar: !var bar # -> bar -- prefix not applied
Ok; how about prefix is applied unless the path is "absolute" (starts with slash). That's how policy files work. All names are prepended unless they start with slash
On Aug 10, 2014, at 2:27 PM, Rafał Rzepecki [email protected] wrote:
When working on the docker image I came across the problem of using the correct policy. The policy name is passed as $CONJUR_POLICY to the container, but to apply it I have to sed the env file.
How about adding a --prefix argument to conjur env? I imagine this would add the given prefix to variable names; perhaps just some, ie.
foo: !var /foo # -> policy/foo bar: !var bar # -> bar -- prefix not applied — Reply to this email directly or view it on GitHub.
Yes, that makes sense.
On Sun, Aug 10, 2014 at 11:31 PM, Kevin Gilpin [email protected] wrote:
Ok; how about prefix is applied unless the path is "absolute" (starts with slash). That's how policy files work. All names are prepended unless they start with slash
On Aug 10, 2014, at 2:27 PM, Rafał Rzepecki [email protected] wrote:
When working on the docker image I came across the problem of using the correct policy. The policy name is passed as $CONJUR_POLICY to the container, but to apply it I have to sed the env file.
How about adding a --prefix argument to conjur env? I imagine this would add the given prefix to variable names; perhaps just some, ie.
foo: !var /foo # -> policy/foo bar: !var bar # -> bar -- prefix not applied — Reply to this email directly or view it on GitHub.
— Reply to this email directly or view it on GitHub https://github.com/conjurinc/cli-ruby/issues/70#issuecomment-51726261.
The problem is that this will break compatibility with existing env files. If we want to do it this way we'd need some graceful deprecation route.
My vote would be to maintain existing behaviour but add an option to enable the new behaviour.
Jon Mason, founding team at Conjur, Inc. http://www.conjur.net/
Conjur provides permissions and secrets management for securing modern infrastructure.
Conjur will be at AWS Re:Invent! Visit us at booth K6, or register to join http://www.conjur.net/conjur-aws-reinvent-hackathon/ our Conjur Hackathon. Space is limited, so sign up today!
On Tue, Nov 25, 2014 at 12:21 PM, Rafał Rzepecki [email protected] wrote:
The problem is that this will break compatibility with existing env files. If we want to do it this way we'd need some graceful deprecation route.
— Reply to this email directly or view it on GitHub https://github.com/conjurinc/cli-ruby/issues/70#issuecomment-64446184.
Well, we already shipped it :-)
https://github.com/conjurinc/cli-ruby/commit/2ecd7e1dfaccd4e5525c97f12da92d047e9a9575
On Tue, Nov 25, 2014 at 11:06 AM, Jon Mason [email protected] wrote:
My vote would be to maintain existing behaviour but add an option to enable the new behaviour.
Jon Mason, founding team at Conjur, Inc. http://www.conjur.net/
Conjur provides permissions and secrets management for securing modern infrastructure.
Conjur will be at AWS Re:Invent! Visit us at booth K6, or register to join http://www.conjur.net/conjur-aws-reinvent-hackathon/ our Conjur Hackathon. Space is limited, so sign up today!
On Tue, Nov 25, 2014 at 12:21 PM, Rafał Rzepecki [email protected]
wrote:
The problem is that this will break compatibility with existing env files. If we want to do it this way we'd need some graceful deprecation route.
— Reply to this email directly or view it on GitHub https://github.com/conjurinc/cli-ruby/issues/70#issuecomment-64446184.
— Reply to this email directly or view it on GitHub https://github.com/conjurinc/cli-ruby/issues/70#issuecomment-64453175.