search

cyberark / cyberark-conjur-cli-docker-based

CyberArk Conjur command line interface (Ruby)
https://rubygems.org/gems/conjur-cli
Apache License 2.0
14 stars 12 forks source link

User flag is optional for rotating a user's API key #216

Open ryanprior opened 6 years ago

ryanprior commented 6 years ago

Currently, this attempt to rotate a user's API key produces an error:

conjur user rotate_api_key myuser

However, all the information we need is there. It's a user, we want to rotate its API key, 🔐 What the CLI wants is a --user flag like so:

conjur user rotate_api_key --user myuser

We don't need to break the --user flag, but is there anything standing in the way of us making the simplified flagless syntax working as well?

hughsaunders commented 4 years ago

conjur user rotate_api_key myuser produces an error but conjur user rotate_api_key other_user does not. However it doesn't rotate other_user's key it rotates the logged in user's key, which is unexpected.

I think there are three situations:

  1. conjur user rotate_api_key: rotate logged in users password - works as expected
  2. conjur user rotate_api_key other_user: currently rotates logged in user's key, this should either be an error, or changed to rotate other_user's key
  3. conjur user rotate_api_key --user other_user: rotates other user's key, works as expected.