cmd

Documentation

Index

• Variables
• func Execute()
• func GetCMD() *cobra.Command
• type RetrieveAccountQuery

Variables

var (
	// AccountID is a specific account ID used for updating, getting and deleting
	AccountID string

	// PlatformID of the account object being added
	PlatformID string

	// Name name of the account object
	Name string

	// Address of the account
	Address string

	// SecretType of the account
	SecretType string

	// Secret of the account
	Secret string

	// AutomaticManagementEnabled if account will be managed
	AutomaticManagementEnabled bool

	// ManualManagementReason reason account is not being managed
	ManualManagementReason string

	// PlatformProperties for account
	PlatformProperties string

	// Search List of keywords to search for in accounts, separated by a space.
	Search string

	// SearchType Get accounts that either contain or start with the value specified in the Search parameter. Valid values: contains (default) or startswith
	SearchType string

	// Sort Property or properties by which to sort returned accounts, followed by asc (default) or desc to control sort direction. Separate multiple properties with commas, up to a maximum of three properties.
	Sort string

	// Offset of the first account that is returned in the collection of results.
	Offset int

	// Limit Maximum number of returned accounts. If not specified, the default value is 50. The maximum number that can be specified is 1000.
	Limit int

	// Filter Search for accounts filtered by safeName or modificationTime
	Filter string

	// Reason to access account
	Reason string

	// TicketingSystemName name of the ticketing system
	TicketingSystemName string

	// TicketID the ticket ID
	TicketID string

	// Version of the secret/password being retrieved
	Version int

	// ChangeEntireGroup change account group
	ChangeEntireGroup bool

	// Scope of password change on account
	Scope string

	// NewPassword to set on account
	NewPassword string
)

var (
	// AppID is the application identity to filter on
	AppID string
	// Location is the folder location the Application is located in
	Location string
	// AuthType authentication method type
	AuthType string
	// AuthValue authentication method value
	AuthValue string
	// IsFolder used in path/hash authentication
	IsFolder bool
	// AllowInternalScripts allow internal script
	AllowInternalScripts bool
	// Desc app description
	Desc string
	// AccessPermittedFrom application access starting from
	AccessPermittedFrom int
	// AccessPermittedTo application access end at
	AccessPermittedTo int
	// ExpirationDate application expirey date
	ExpirationDate string
	// BusinessOwnerFName first name
	BusinessOwnerFName string
	// BusinessOwnerLName last name
	BusinessOwnerLName string
	// BusinessOwnerEmail email
	BusinessOwnerEmail string
	// BusinessOwnerPhone phone
	BusinessOwnerPhone string
	// Disabled application is disabled
	Disabled string
	// AppAuthnMethodID application authentication method ID
	AppAuthnMethodID string
)

var (
	// IgnoreSSLVerify Ignore SSL Verification
	IgnoreSSLVerify bool
	// ClientCert path to the client cert file
	ClientCert string
	// ClientKey path to the client private key file
	ClientKey string
	// Folder in which account resides
	Folder string
	// ObjectName in which account resides
	ObjectName string
	// Database in which account resides
	Database string
	// ConnectionTimeout to wait for CCP
	ConnectionTimeout string
	// Query for the account
	Query string
	// QueryFormat query format being used
	QueryFormat string
	// FailRequestOnPasswordChange if password is currently in a change process
	FailRequestOnPasswordChange bool
	// Field that will be parsed and returned from the account
	Field string
)

var (
	// CemOrganization Organization tenant name
	CemOrganization string

	// CemNonInteractive NonInteractive logon
	CemNonInteractive bool

	// CemPlatform Platform Name
	CemPlatform string
	// CemAccountID Account ID
	CemAccountID string
	// CemEntityID Entity ID
	CemEntityID string

	// CemNonFullAdmin non-full Admin only
	CemNonFullAdmin bool
	// CemNonShadowAdmin non-sadow Admin only
	CemNonShadowAdmin bool
	// CemFullAdmin Full Admin only
	CemFullAdmin bool
	// CemShadowAdmin Shadow Admin
	CemShadowAdmin bool

	// CemNextToken Next Token
	CemNextToken string

	// CemSessionTokenPath path to session token file
	CemSessionTokenPath string = "/.cybr/cem.config"

	// CemEnvAPIKey environment variable of CEM API Key for non-interfactive logon
	CemEnvAPIKey string = "CEM_APIKEY"
)

var (
	// Account conjur account
	Account string

	// AuthnLDAP Authenticator Service ID
	AuthnLDAP string

	// PolicyBranch branch policy is being loaded into
	PolicyBranch string

	// PolicyFilePath path to policy file
	PolicyFilePath string

	// VariableID variable ID of a secret
	VariableID string

	// NoNewLine no new line when printing secret
	NoNewLine bool

	// SecretValue variable secret value
	SecretValue string

	// ServiceID used for enabling authenticator
	ServiceID string

	// Kind resource kind variable, policy, user, host, group, etc
	Kind string

	// InspectResources inspect the resources and provide more info per resource
	InspectResources bool
)

var (
	Username           string                                 // Username to logon PAS REST API
	AuthenticationType string                                 // Authentication type for PAS REST API
	TenantID           string                                 // Tenant ID for Identity authentication
	InsecureTLS        bool                                   // Boolean to decide whether to verify TLS or not
	BaseURL            string                                 // Base URL to send PAS REST API logon request
	NonInteractive     bool                                   // Flag for non-interactive logon
	Password           string                                 // Password for PAS REST API
	ConcurrentSession  bool                                   // Flag to allow concurrent sessions
	SelectedChallenges []int                                  // Slice of selected challenges for Identity authentication
	AnswerChallenge    identityrequests.AdvanceAuthentication // Answer challenge struct
	StartOobChallenge  identityrequests.AdvanceAuthentication // Start Oob challenge struct
	PollOOBChallenge   identityrequests.AdvanceAuthentication // Poll Oob challenge struct
	AnswerOOBChallenge identityrequests.AdvanceAuthentication // Answer Oob challenge struct

)

Global variables for logon command

var (
	// Active is a flag to search for platforms that are active or not
	Active bool

	// PlatformType specifies the type of platform to list
	PlatformType string

	// PlatformName specifies the name of the platform to list
	PlatformName string
)

var (
	// SafeName is the name of the safe to create
	SafeName string
	// Description is the description for the safe to create
	Description string
	// OLACEnabled is the boolean value of whether object-level access is enabled
	OLACEnabled bool
	// ManagingCPM is the name of the CPM User that manages accounts in the safe
	ManagingCPM string
	// NumberOfVersionsRetention is the number of password versions to retain for accounts within
	NumberOfVersionsRetention int
	// NumberOfDaysRetention is the number of days to retain older password versions for
	NumberOfDaysRetention int
	// AutoPurgeEnabled is a boolean value as to whether to remove non-compliant accounts automatically
	AutoPurgeEnabled bool
	// SafeLocation is the location the safe will be created in the Secure Digital Vault (default: \\)
	SafeLocation string
	// TargetSafeName is used by the Update Safe endpoint to refer to
	TargetSafeName string
	// UseAccounts use account inside of safe
	UseAccounts bool
	// RetrieveAccounts retrieve accounts inside of safe
	RetrieveAccounts bool
	// ListAccounts list accounts inside of safe
	ListAccounts bool
	// AddAccounts add account inside of safe
	AddAccounts bool
	// UpdateAccountContent update account content inside of safe
	UpdateAccountContent bool
	// UpdateAccountProperties update account properties inside of safe
	UpdateAccountProperties bool
	// InitiateCPMAccountManagementOperations init a cpm account action in safe
	InitiateCPMAccountManagementOperations bool
	// SpecifyNextAccountContent specify next account content in safe
	SpecifyNextAccountContent bool
	// RenameAccounts rename accounts inside of safe
	RenameAccounts bool
	// DeleteAccounts delete accounts inside of safe
	DeleteAccounts bool
	// UnlockAccounts unlock accounts inside of safe
	UnlockAccounts bool
	// ManageSafe manage this safe
	ManageSafe bool
	// ManageSafeMembers manage members of this safe
	ManageSafeMembers bool
	// BackupSafe backup the safe
	BackupSafe bool
	// ViewAuditLog view audit logs of this safe
	ViewAuditLog bool
	// ViewSafeMembers view member so this safe
	ViewSafeMembers bool
	// AccessWithoutConfirmation access safe without confirmation
	AccessWithoutConfirmation bool
	// CreateFolders create folders in safe
	CreateFolders bool
	// DeleteFolders delete folders in safe
	DeleteFolders bool
	// MoveAccountsAndFolders move accounts and folders
	MoveAccountsAndFolders bool
	// RequestsAuthorizationLevel1 sets as approver of level 1 requests for access
	RequestsAuthorizationLevel1 bool
	// RequestsAuthorizationLevel2 sets as approver of level 2 requests for access
	RequestsAuthorizationLevel2 bool
	// MemberName name of the member being added to a safe
	MemberName string
	//SearchIn search in Vault or Domain
	SearchIn string
	// MembershipExpirationDate when membership will expire
	MembershipExpirationDate string
	// Role of safe member to determine pre-defined safe permissions
	Role string
	// RolePermissions contain the pre-defined safe permissions of defined role
	RolePermissions map[string]string
	// User is the user to search for as a safe member
	User string
	// Group is the group to search for as a safe member
	Group string
	// MemberType is the type of member being added to the safe
	MemberType string
)

var (
	// UserID is the id of a user
	UserID int

	// UserType is the usertype of the user
	UserType string

	// InitialPassword user password
	InitialPassword string

	// AuthenticationMethod user authentication method
	AuthenticationMethod []string

	// UnauthorizedInterfaces  unauthorized interfaces
	UnauthorizedInterfaces []string

	// ExpiryDate when user will expire in EPOCH
	ExpiryDate int

	// VaultAuthorization vault authorization
	VaultAuthorization []string

	// EnableUser if user is enabled
	EnableUser bool

	// ChangePasswordOnLogon if user is prompted to change password on logon
	ChangePasswordOnLogon bool

	// PasswordNeverExpires if user's password will never expire
	PasswordNeverExpires bool

	// DistinguishedName disguished name of user
	DistinguishedName string

	// BusinessAddress of user
	BusinessAddress string

	// Internet info of user
	Internet string

	// Phones of user
	Phones string

	// PersonalDetails of user
	PersonalDetails string
)

var Safe string

Safe is the safe name to filter on

var (
	// Verbose logging
	Verbose bool
)

Functions

func Execute

func Execute()

Execute adds all child commands to the root command and sets flags appropriately. This is called by main.main(). It only needs to happen once to the rootCmd.

func GetCMD

func GetCMD() *cobra.Command

GetCMD returns the root cmd

Types

type RetrieveAccountQuery

type RetrieveAccountQuery struct {
	AppID                       string `query_key:"AppID"`
	Safe                        string `query_key:"Safe"`
	Folder                      string `query_key:"Folder"`
	Object                      string `query_key:"Object"`
	UserName                    string `query_key:"UserName"`
	Address                     string `query_key:"Address"`
	Database                    string `query_key:"Database"`
	PolicyID                    string `query_key:"PolicyID"`
	ConnectionTimeout           string `query_key:"ConnectionTimeout"`
	Query                       string `query_key:"Query"`
	QueryFormat                 string `query_key:"QueryFormat"`
	FailRequestOnPasswordChange bool   `query_key:"FailRequestOnPasswordChange"`
}

RetrieveAccountQuery represents valid query parameters when listing accounts