-
Notifications
You must be signed in to change notification settings - Fork 16
Host and user Commands #101
Comments
@InbalZilberman @eladkug just a note that the secrets need to meet the following Conjur criteria
|
@sharonr78 for
@InbalZilberman Currently in the Ruby CLI, the
I imagine we ignore the |
I totally agree. We should aim to provide such feedback messages whenever possible. |
@InbalZilberman Following the password change feedback message, we should also have it for key rotation, as it's not enough to show the new key. I suggest to show the output message, like so:
|
If we are really going for a consistent experience in the CLI, we need to stick to the same pattern for all commands:
I would also discourage use of optional arguments when the parameter is not optional (e.g. If we do these two things, the more appropriate forms of these commands would look a bit different: conjur rotate-api-key # Rotates own key
conjur rotate-api-key host <host_id> # Rotates a host's key
conjur rotate-api-key user <host_id> # Rotates a user's key
conjur update-password # Updates own password
conjur update-password user <username> <password> # Update user's password |
@sgnn7 I really like this approach and would like to omit the options whenever possible, but there are commands which require options, like Here are a few possible use-cases: Actually, we can say that whenever we have a subcommand we can omit the use of options. |
I like this approach. In my mind options (--) are for consolidating information and screening out the information you don't need. I think the best example of this would be with In short, I think options should be reserved for screening out info and not providing info (like secret for example) |
@sgnn7 I do like Yet for update-password this option makes a lot of sense |
@InbalZilberman The problem with |
@InbalZilberman Some links on this:
|
I like this idea but we need to understand the
@InbalZilberman where do you see the ability to update-password for other users? In our REST API for changing passwords I don't see the option of updating another user's password but the current logged-in one. See here From my understanding you can only rotate_api_key on yourself and on someone else but changing the password can only be yours and not someone else's |
Changed |
@InbalZilberman please see my comments below:
An example of success messages:
|
@InbalZilberman please update the link to the |
Feature Overview & Customer Need
As a Conjur user
I would like to use the conjur cli
In order to update my password
As a Conjur user or host
I would like to use the conjur cli
In order to rotate API Key of a user or a host (it can also be me :))
COMMANDS
rotate-api-key
Rotate a user's or host's API key. If no user/host ID is provided the logged in resource's API Key is rotated.change-password
Update the password of the logged-in user the command is both interactive meaning password is requested from the user and non-interactive using a flag -pHelp
For each command and subcommand a help is needed see here:
Help for host: https://ljfz3b.axshare.com/#id=paicg6&p=conjur_help__user&g=1
Help for user: https://ljfz3b.axshare.com/#id=paicg6&p=conjur_help__user&g=1
User messages
please use the following user messages for success scenarios
conjur user rotate-api-key
Success! API key was rotated. New key: 198qmk51cgsa061ghh80x2s56ct99grch1j066xcgnke5431rj3v
conjur host rotate-api-key -i <host_id>
Success! API key was rotated. New key: 3k7k0vb2sf2emjjcphtx14jfvrbbfn8vm3t79mnz19tk2252dsz9wf
conjur user change-password
--request for password--
Success! password was changed.
conjur user change-password -p New-password
Success! password was changed.
All user messages regarding host and user should be reviewed again. Especially error messages.
If an argument is missing we need to return the help of the command
Quality
Make sure we have test coverage of the host commands. Create test plan and execute accordingly.
Process logic and Demo
Conjur use with a machine that the Python CLI already been installed and conjur init & login ran
Now the user run the following commands:
conjur user rotate-api-key -i <user_id>
show the result of rotate-api-key (3v087323qv....ryq38201w9wvx)
conjur user change-password
The user is expected to fill in the new password
show response
conjur host rotate-api-key -i <host_id>
show the result of rotate-api-key
UX Guidelines
Follow guidelines here: https://github.com/cyberark/conjur-api-python3/blob/master/guidelines/python-cli-ux-guidelines.md
Documentation
Please provide enhance documentation in online help and readme
Helpful resources:
user/host epic - https://app.zenhub.com/workspaces/palmtree-5d99d900491c060001c85cba/issues/cyberark/conjur-api-python3/101
DOD
User (2 commands)
Host (1 command)
The text was updated successfully, but these errors were encountered: