cyberark-conjur-cli icon indicating copy to clipboard operation
cyberark-conjur-cli copied to clipboard

Published 20 hours ago verified publisher icon cyberark

Role command

Open InbalZilberman opened this issue 4 years ago • 13 comments

Feature Overview & Customer Need

As a Conjur user I would like to use the Conjur cli In order to understand which roles are members of a specific role

A new command will be called role We will use 1 sub command

  • list-members - Lists all direct members of the role. The membership list is not recursively expanded.

For example

conjur role list-members -i demo:policy:server <- returns array of roles [ ...]

Out of scope

  • memberships - Lists role memberships. The role membership list is recursively expanded.

The commands will be used as follow:

TBD

Args description:

-i --id - provide the role identifier

Expected behavior should not change from the corresponding command in Ruby CLI @sharonr78 should provide the right help screen Help is according to https://ljfz3b.axshare.com/#id=s9nycf&p=conjur_help__policy&g=1

Quality

Make sure we have test coverage of the role command. Create test plan and execute accordingly.

Process logic and Demo

Conjur user with a machine that the Python CLI already been installed and conjur init & login run against a Conjur/ Conjur Enterprise machine with the following: Given the following roles when performing 'conjur list' [ "MyAccount:policy:root", "MyAccount:user:alice", "MyAccount:user:bob", "MyAccount:group:conjur-root-admins", "MyAccount:group:ops-admin", "MyAccount:host:www-01", "MyAccount:layer:app-layer", "MyAccount:host:bob_machine" ] If the user performs

conjur role list-members -i MyAccount:group:conjur-root-admins [ "MyAccount:user:admin", "MyAccount:user:alice" ]

Demo each option that was implemented Show that the role has members

Delete a role by using !delete in a policy Show that the option of running members is failing.

User messages

All user messages regarding resource actions should be reviewed

Especially error messages

if an argument is missing we need to return the help of the command

Documentation

Please provide enhance documentation in online help and readme

DOD

  • [ ] Implement the role's commands Conjur Python CLI in all 3 platforms
  • [ ] Demo the flow described above
  • [ ] Automatic integration tests written according to a test plan and passed successfully
  • [ ] Fill in the user messages - link to a page with all user messages for CLI saved and reviewed.
  • [ ] Fill in the logs and place here a link to the logs files - link to a page with all logs for CLI saved and reviewed.
  • [ ] Logs were reviewed by TW and PO
  • [ ] Are there new Audits to this feature? If so please document them and provide here a link (N/A)

InbalZilberman avatar Feb 27 '21 19:02 InbalZilberman