search

cyberark / cyberark-conjur-cli-docker-based

CyberArk Conjur command line interface (Ruby)
https://rubygems.org/gems/conjur-cli
Apache License 2.0
14 stars 12 forks source link

Allow supplying a policy name in `conjur env` #70

Open dividedmind opened 10 years ago

dividedmind commented 10 years ago

When working on the docker image I came across the problem of using the correct policy. The policy name is passed as $CONJUR_POLICY to the container, but to apply it I have to sed the env file.

How about adding a --prefix argument to conjur env? I imagine this would add the given prefix to variable names; perhaps just some, ie.

foo: !var /foo # -> policy/foo
bar: !var bar # -> bar -- prefix not applied
kgilpin commented 10 years ago

Ok; how about prefix is applied unless the path is "absolute" (starts with slash). That's how policy files work. All names are prepended unless they start with slash

On Aug 10, 2014, at 2:27 PM, Rafał Rzepecki notifications@github.com wrote:

When working on the docker image I came across the problem of using the correct policy. The policy name is passed as $CONJUR_POLICY to the container, but to apply it I have to sed the env file.

How about adding a --prefix argument to conjur env? I imagine this would add the given prefix to variable names; perhaps just some, ie.

foo: !var /foo # -> policy/foo bar: !var bar # -> bar -- prefix not applied — Reply to this email directly or view it on GitHub.

hleb-rubanau commented 10 years ago

Yes, that makes sense.

On Sun, Aug 10, 2014 at 11:31 PM, Kevin Gilpin notifications@github.com wrote:

Ok; how about prefix is applied unless the path is "absolute" (starts with slash). That's how policy files work. All names are prepended unless they start with slash

On Aug 10, 2014, at 2:27 PM, Rafał Rzepecki notifications@github.com wrote:

When working on the docker image I came across the problem of using the correct policy. The policy name is passed as $CONJUR_POLICY to the container, but to apply it I have to sed the env file.

How about adding a --prefix argument to conjur env? I imagine this would add the given prefix to variable names; perhaps just some, ie.

foo: !var /foo # -> policy/foo bar: !var bar # -> bar -- prefix not applied — Reply to this email directly or view it on GitHub.

— Reply to this email directly or view it on GitHub https://github.com/conjurinc/cli-ruby/issues/70#issuecomment-51726261.

dividedmind commented 9 years ago

The problem is that this will break compatibility with existing env files. If we want to do it this way we'd need some graceful deprecation route.

jjmason commented 9 years ago

My vote would be to maintain existing behaviour but add an option to enable the new behaviour.

Jon Mason, founding team at Conjur, Inc. http://www.conjur.net/

Conjur provides permissions and secrets management for securing modern infrastructure.

Conjur will be at AWS Re:Invent! Visit us at booth K6, or register to join http://www.conjur.net/conjur-aws-reinvent-hackathon/ our Conjur Hackathon. Space is limited, so sign up today!

On Tue, Nov 25, 2014 at 12:21 PM, Rafał Rzepecki notifications@github.com wrote:

The problem is that this will break compatibility with existing env files. If we want to do it this way we'd need some graceful deprecation route.

— Reply to this email directly or view it on GitHub https://github.com/conjurinc/cli-ruby/issues/70#issuecomment-64446184.

kgilpin commented 9 years ago

Well, we already shipped it :-)

https://github.com/conjurinc/cli-ruby/commit/2ecd7e1dfaccd4e5525c97f12da92d047e9a9575

On Tue, Nov 25, 2014 at 11:06 AM, Jon Mason notifications@github.com wrote:

My vote would be to maintain existing behaviour but add an option to enable the new behaviour.

Jon Mason, founding team at Conjur, Inc. http://www.conjur.net/

Conjur provides permissions and secrets management for securing modern infrastructure.

Conjur will be at AWS Re:Invent! Visit us at booth K6, or register to join http://www.conjur.net/conjur-aws-reinvent-hackathon/ our Conjur Hackathon. Space is limited, so sign up today!

On Tue, Nov 25, 2014 at 12:21 PM, Rafał Rzepecki notifications@github.com

wrote:

The problem is that this will break compatibility with existing env files. If we want to do it this way we'd need some graceful deprecation route.

— Reply to this email directly or view it on GitHub https://github.com/conjurinc/cli-ruby/issues/70#issuecomment-64446184.

— Reply to this email directly or view it on GitHub https://github.com/conjurinc/cli-ruby/issues/70#issuecomment-64453175.