Comments (14)
@sgnn7 I really like this approach and would like to omit the options whenever possible, but there are commands which require options, like list
or init
, so the pattern is not always consistent.
Can we use the following general usage? conjur [global options] command [subcommand] [options...] [arguments...]
Here are a few possible use-cases:
conjur whoami
- single command only
conjur --version
- single global option only
conjur user rotate-api-key joe
- command + subcommand + arg
conjur list --kind user --limit 4
- command + 2 options + 2 args (no subcommand for 'list')
conjur variable get secrets/mysecret
- command + subcommand + arg
Actually, we can say that whenever we have a subcommand we can omit the use of options.
WDYT?
from cyberark-conjur-cli.
@InbalZilberman Some links on this:
- https://git-scm.com/docs/git-remote - You can see how git here uses the mandatory params as positional args
- A stack overflow question I found on this has a good conversation about it: https://softwareengineering.stackexchange.com/questions/366218/positional-arguments-vs-options-in-a-command-line-interface
from cyberark-conjur-cli.
Changed conjur user change-password
to not include -p
and be only on logged in user.
Also, added user messages
from cyberark-conjur-cli.
@InbalZilberman @eladkug just a note that the secrets need to meet the following Conjur criteria
Choose a password that includes: 12-128 characters, 2 uppercase letters, 2 lowercase letters, 1 digit and 1 special character"
from cyberark-conjur-cli.
@sharonr78 for conjur user change-password -p new_pass
I imagine we will need some sort of Success! Password has been changed
response b/c currently in Ruby CLI, there is no such message. Just the following experience:
conjur user update_password sigal@usrsig
Enter the password (it will not be echoed):
Confirm the password:
@InbalZilberman Currently in the Ruby CLI, the -p / --password
doesn't work (even though we offer that option in our --help. In the Ruby CLI, regardless if we do or don't the following message is displayed:
Enter the password (it will not be echoed):
Confirm the password:
I imagine we ignore the -p / --password
because maybe we require that the user confirm their password twice so maybe it was purposeful?
from cyberark-conjur-cli.
@sharonr78 for
conjur user change-password -p new_pass
I imagine we will need some sort ofSuccess! Password has been changed
response b/c currently in Ruby CLI, there is no such message. Just the following experience:conjur user update_password sigal@usrsig Enter the password (it will not be echoed): Confirm the password:
I totally agree. We should aim to provide such feedback messages whenever possible.
Let's use this message (according to our microcopy's voice and tone): Success! Password was changed
from cyberark-conjur-cli.
@InbalZilberman Following the password change feedback message, we should also have it for key rotation, as it's not enough to show the new key. I suggest to show the output message, like so:
conjur user rotate-api-key
Success! API key was rotated. New key: 198qmk51cgsa061ghh80x2s56ct99grch1j066xcgnke5431rj3v
conjur host rotate-api-key <host_id>
Success! API key was rotated. New key: 3k7k0vb2sf2emjjcphtx14jfvrbbfn8vm3t79mnz19tk2252dsz9wf
from cyberark-conjur-cli.
If we are really going for a consistent experience in the CLI, we need to stick to the same pattern for all commands:
conjur <action> <option1> <option2> ...
I would also discourage use of optional arguments when the parameter is not optional (e.g. conjur user change-password -p new_pass
). Password here is not optional and as such doesn't need a flag and should be a positional arg.
If we do these two things, the more appropriate forms of these commands would look a bit different:
conjur rotate-api-key # Rotates own key
conjur rotate-api-key host <host_id> # Rotates a host's key
conjur rotate-api-key user <host_id> # Rotates a user's key
conjur update-password # Updates own password
conjur update-password user <username> <password> # Update user's password
from cyberark-conjur-cli.
I like this approach. In my mind options (--) are for consolidating information and screening out the information you don't need. I think the best example of this would be with list
where we have the option to add restrict or throw out the information we don't need.
For example with list --limit 4
, we are screening out all the noise and just want 4 entries to be returned
In short, I think options should be reserved for screening out info and not providing info (like secret for example)
from cyberark-conjur-cli.
@sgnn7 I do like
conjur rotate-api-key # Rotates own key
But i think we can change
conjur rotate-api-key host <host_id>
into one simple
conjur rotate-api-key <resource_id>
WDYT?
Yet for update-password this option makes a lot of sense
conjur update-password # Updates own password
but this one
conjur update-password user <username> <password> # Update user's password
not so much :(
The sentence is broken I do think
conjur update-password -u <user> -p <password> # Update user's password
is clearer. WDYT?
from cyberark-conjur-cli.
@InbalZilberman The problem with conjur update-password -u <user> -p <password>
is that it implies that both values are optional and unconnected to each other to where something like this might be allowed: conjur update-password -u <user>
. By using positional arguments (conjur update-password alice "alicepassword"
), you ensure that when a user is specified, you must also have a password associated with it.
from cyberark-conjur-cli.
into one simple
conjur rotate-api-key <resource_id>
WDYT?
I like this idea but we need to understand the kind
somehow since our REST looks like: /authn/{account}/api_key?role={kind}:{identifier}
conjur update-password user <username> <password>
@InbalZilberman where do you see the ability to update-password for other users? In our REST API for changing passwords I don't see the option of updating another user's password but the current logged-in one. See here
From my understanding you can only rotate_api_key on yourself and on someone else but changing the password can only be yours and not someone else's
from cyberark-conjur-cli.
@InbalZilberman please see my comments below:
- Link to
host
command help: https://ljfz3b.axshare.com/#id=wsk7ud&p=conjur_help__host&g=1 - Link to
user
command help: https://ljfz3b.axshare.com/#id=mzfbsw&p=conjur_help__user&g=1 - Examples of both commands:
conjur user rotate-api-key
(rotates the API key for the logged-in user)
conjur user rotate-api-key admin
(rotates the API key for the admin user)
conjur user change-password Myp@ssw0rd!
(changes the password for the logged-in user to Myp@ssw0rd!)
conjur host rotate-api-key <host_id>
(rotates the API key for <host_id>)
An example of success messages:
conjur user rotate-api-key
Success! API key was rotated. New key: 198qmk51cgsa061ghh80x2s56ct99grch1j066xcgnke5431rj3v
conjur user change-password Myp@ssw0rd!
Success! password was changed.
from cyberark-conjur-cli.
@InbalZilberman please update the link to the host
help command to this: https://ljfz3b.axshare.com/#id=wsk7ud&p=conjur_help__host&g=1
from cyberark-conjur-cli.
Related Issues (20)
- Redesign client initialization and requests flow for CA-signed certificates HOT 1
- Log error messages to stderr
- Wrong help screen returned when subcommand is featured
- Evaluate and add safety package to pipeline
- Add macOS test flow to automation
- CLI produces self signed cert error on NG
- Split Python SDK from CLI
- Host name mismatch if wildcard certificate is used
- Conjur CLI on RHEL 7 - init command failing HOT 3
- CLI show no error on timeout
- CLI show no error on timeout HOT 1
- We can't install offline cli on MacOs Catalina
- We can't install offline cli on MacOs Catalina
- CLI fails to get password from CTRL-V for login to Conjur Cloud in Windows
- CLI fails to get password from CTRL-V for login to Conjur Cloud in Windows
- tar.gz files are not actually tar.gz files HOT 1
- Reference before assignment in login HOT 2
- Having the CLI storing Credentials for the session of the user instead of forever
- Release version 7.1.1 of this project
- Use CLI without pinning HTTPS certificate HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cyberark-conjur-cli.