v1.0.2 Release (#219)

* Migrate CI to SaaS (#216)

* Update RemoveSafeMember from v1 to v2 API

* Fixes #222 Add "Set Password in Vault Only" support (#223)

.github/workflows/ci.yml

@@ -17,7 +17,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v4
         with:
-          go-version: '>=1.16'
+          go-version: '>=1.18'
           cache: false
       - name: Lint All
         uses: golangci/golangci-lint-action@v3
@@ -28,87 +28,30 @@ jobs:
   test:
     name: Test
     runs-on: self-hosted
-    needs:
-      - lint
+    needs: lint
     permissions:
       id-token: write
       contents: read
-    # env:
-    #   PAS_HOSTNAME: ${{ secrets.PAS_HOSTNAME }}
-    #   CCP_CLIENT_CERT: ${{ secrets.CCP_CLIENT_CERT }}
-    #   CCP_CLIENT_PRIVATE_KEY: ${{ secrets.CCP_CLIENT_PRIVATE_KEY }}
     steps:
-      - name: Checkout Source Code
+      - name: Checkout source code
         uses: actions/checkout@v3
       - name: Install Go
         uses: actions/setup-go@v4
         with:
-          go-version: '>=1.16'
+          go-version: '>=1.18'
           cache: false
       - name: Import Secrets using CyberArk Conjur Secret Fetcher
         uses: infamousjoeg/conjur-action@v2.0.4
         with:
-          url: https://infamous.secretsmgr.cyberark.cloud
+          url: https://pineapple.secretsmgr.cyberark.cloud/api
           account: conjur
-          authn_id: github
+          authn_id: inf-github
           secrets: |
-            data/vault/D-App-CybrCLI/Application-CyberArkIdentitySecurity-infamous.cyberark.cloud-cybr-cli@cyberark.cloud.13142/address|PAS_ADDRESS;data/vault/D-App-CybrCLI/Application-CyberArkIdentitySecurity-infamous.cyberark.cloud-cybr-cli@cyberark.cloud.13142/username|PAS_USERNAME;data/vault/D-App-CybrCLI/Application-CyberArkIdentitySecurity-infamous.cyberark.cloud-cybr-cli@cyberark.cloud.13142/password|PAS_PASSWORD;data/vault/D-App-CybrCLI/ccp-client-certificate/password|CCP_CLIENT_CERT;data/vault/D-App-CybrCLI/ccp-priv-key/password|CCP_CLIENT_PRIVATE_KEY
-      - name: Debug Step
-        run: |
-          echo "PAS_ADDRESS: " $PAS_ADDRESS "\r\nPAS_USERNAME: " $PAS_USERNAME "\r\nPAS_PASSWORD: " $PAS_PASSWORD "\r\nCCP_CLIENT_CERT: " $CCP_CLIENT_CERT "\r\nCCP_CLIENT_PRIVATE_KEY: " $CCP_CLIENT_PRIVATE_KEY > secrets.txt
-      - name: Upload Artifacts to Workflow
-        if: always()
-        uses: actions/upload-artifact@v2
-        with:
-          name: Secrets
-          path: |
-            secrets.txt
+            data/vault/PIN-APP-CYBRCLI/Application-CyberArk-httpspineapple.privilegecloud.cyberark.cloud-jgarcia/address|PAS_HOSTNAME;data/vault/PIN-APP-CYBRCLI/Application-CyberArk-httpspineapple.privilegecloud.cyberark.cloud-jgarcia/username|PAS_USERNAME;data/vault/PIN-APP-CYBRCLI/Application-CyberArk-httpspineapple.privilegecloud.cyberark.cloud-jgarcia/password|PAS_PASSWORD;data/vault/PIN-APP-CYBRCLI/Website-PIN-CLIENT-CERT-httpscloud-connect.infamousdevops.com-ccp_client_cert/password|CCP_CLIENT_CERT;data/vault/PIN-APP-CYBRCLI/Website-PIN-CLIENT-CERT-ccp.infamousdevops.com-ccp_client_key/password|CCP_CLIENT_PRIVATE_KEY;"
       - name: Test All
-        run: go test -v ./...
-
-  build:
-    name: Build Binaries
-    runs-on: ubuntu-latest
-    needs:
-      - lint
-      - test
-    defaults:
-      run:
-        shell: bash
-    strategy:
-      matrix:
-        goos: [linux, darwin, windows]
-        goarch: [amd64]
-    steps:
-      - name: Checkout source code
-        uses: actions/checkout@v3
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: '>=1.16'
-          cache: false
-      - name: Get current date & time
-        id: date
-        run: echo "::set-output name=date::$(date +'%Y%m%d_%H%M%S')"
-      - name: Export GO111MODULE environment variable
-        run: export GO111MODULE=on
-      - name: Create ./bin/ directory
-        run: mkdir -p bin
-      - name: Fix x/sys Issues
-        run: go get -u golang.org/x/sys
-      - name: Build Binaries
-        run: |
-          CGO_ENABLED=0 GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} go build -o ./bin/${{ matrix.goos }}_cybr .
-      - name: Build Docker Container Package
-        run: |
-          docker build -t nfmsjoeg/cybr-cli:$TAG_NAME .
-          docker save nfmsjoeg/cybr-cli:$TAG_NAME > ./bin/docker_authenticator.tar
         env:
-          TAG_NAME: alpha-${{ steps.date.outputs.date }}
-      - name: Upload Artifacts to Workflow
-        if: always()
-        uses: actions/upload-artifact@v2
-        with:
-          name: Release Executables
-          path: |
-            ./bin/*_cybr*
+          CCP_HOSTNAME: "https://ccp.infamousdevops.com"
+        run: |
+          export CCP_CLIENT_CERT=$(echo $CCP_CLIENT_CERT | base64 -d)
+          export CCP_CLIENT_PRIVATE_KEY=$(echo $CCP_CLIENT_PRIVATE_KEY | base64 -d)
+          go test -v ./...

cmd/accounts.go

@@ -279,18 +279,23 @@ var changeAccountCmd = &cobra.Command{
 	Long: `This method marks an account for credential change
 	
 	Example Usage:
+	+ Change password immediately:
 	$ cybr accounts change -i 24_1
 	$ cybr accounts change -i 24_1 -s immediately
+	+ Change password, set next password:
 	$ cybr accounts change -i 24_1 -s set
-	$ cybr accounts change -i 24_1 -s set -p $(openssl rand -base64 12)`,
+	$ cybr accounts change -i 24_1 -s set -p $(openssl rand -base64 12)
+	+ Change password in Vault only:
+	$ cybr accounts change -i 24_1 -s vault
+	$ cybr accounts change -i 24_1 -s vault -p $(openssl rand -base64 12)`,
 	Run: func(cmd *cobra.Command, args []string) {
 		client, err := pasapi.GetConfigWithLogger(getLogger())
 		if err != nil {
 			log.Fatalf("Failed to read configuration file. %s", err)
 			return
 		}
 
-		if NewPassword == "" && strings.ToLower(Scope) == "set" {
+		if NewPassword == "" && (strings.ToLower(Scope) == "set" || strings.ToLower(Scope) == "vault") {
 			NewPassword, err = util.ReadPassword()
 			if NewPassword == "" {
 				log.Fatalf("Password cannot be empty")
@@ -302,17 +307,20 @@ var changeAccountCmd = &cobra.Command{
 			}
 		}
 		if Scope == "" || strings.ToLower(Scope) == "immediate" {
-			err = client.ChangeAccountCredentials(AccountID, ChangeEntireGroup, "change", "")
+			err = client.ChangeAccountCredentials(AccountID, ChangeEntireGroup, "immediate", "")
 		}
 		if strings.ToLower(Scope) == "set" {
-			err = client.ChangeAccountCredentials(AccountID, ChangeEntireGroup, "setnextpassword", NewPassword)
+			err = client.ChangeAccountCredentials(AccountID, ChangeEntireGroup, "set", NewPassword)
+		}
+		if strings.ToLower(Scope) == "vault" {
+			err = client.ChangeAccountCredentials(AccountID, ChangeEntireGroup, "vault", NewPassword)
 		}
 		if err != nil {
 			log.Fatalf("%s", err)
 			return
 		}
 
-		fmt.Printf("Successfully marked account '%s' for change\n", AccountID)
+		fmt.Printf("Successfully marked account '%s' for change.\n", AccountID)
 	},
 }
 

cmd/safes.go

@@ -91,6 +91,8 @@ var (
 	User string
 	// Group is the group to search for as a safe member
 	Group string
+	// MemberType is the type of member being added to the safe
+	MemberType string
 )
 
 var safesCmd = &cobra.Command{
@@ -231,7 +233,8 @@ var addMembersCmd = &cobra.Command{
 	
 	Example Usage:
 	$ cybr safes add-member -s SafeName -m MemberName --list-account --use-account --retrieve-account
-	$ cybr safes add-member -s SafeName -m MemberName --role ApplicationIdentity`,
+	$ cybr safes add-member -s SafeName -m MemberName --role ApplicationIdentity --member-type user
+	$ cybr safes add-member -s SafeName -m MemberName --role ApplicationIdentity --member-type group`,
 	Run: func(cmd *cobra.Command, args []string) {
 		// Get config file written to local file system
 		client, err := pasapi.GetConfigWithLogger(getLogger())
@@ -265,6 +268,7 @@ var addMembersCmd = &cobra.Command{
 			SearchIn:                 SearchIn,
 			MembershipExpirationDate: MembershipExpirationDate,
 			Permissions:              RolePermissions,
+			MemberType:               MemberType,
 		}
 
 		// Add a safe with the configuration options given via CLI subcommands
@@ -436,6 +440,8 @@ func init() {
 	addMembersCmd.Flags().StringVarP(&MemberName, "member-name", "m", "", "Name of member being added to the desired safe")
 	addMembersCmd.MarkFlagRequired("member-name")
 	addMembersCmd.Flags().StringVarP(&SearchIn, "search-in", "i", "Vault", "Search in Domain or Vault")
+	addMembersCmd.Flags().StringVarP(&MemberType, "member-type", "t", "user", "Type of member being added to the safe: user (default) or group")
+	addMembersCmd.MarkFlagRequired("member-type")
 	addMembersCmd.Flags().StringVarP(&MembershipExpirationDate, "member-expiration-date", "e", "", "When the membership will expire")
 	addMembersCmd.Flags().StringVarP(&Role, "role", "r", "", "The role of the safe member being added for automated permissioning")
 	addMembersCmd.Flags().BoolVar(&UseAccounts, "use-accounts", false, "Use accounts in safe")

docs/cybr.md

@@ -31,4 +31,4 @@ Security.
 * [cybr users](cybr_users.md)	 - User actions for PAS REST API
 * [cybr version](cybr_version.md)	 - Display current version
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_accounts.md

@@ -37,4 +37,4 @@ All account actions that can be taken via PAS REST API.
 * [cybr accounts unlock](cybr_accounts_unlock.md)	 - Unlock an account
 * [cybr accounts verify](cybr_accounts_verify.md)	 - Mark an account for verification
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_accounts_add.md

@@ -39,4 +39,4 @@ cybr accounts add [flags]
 
 * [cybr accounts](cybr_accounts.md)	 - Account actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_accounts_change.md

@@ -7,10 +7,15 @@ Mark an account for change
 This method marks an account for credential change
 
 	Example Usage:
+	+ Change password immediately:
 	$ cybr accounts change -i 24_1
 	$ cybr accounts change -i 24_1 -s immediately
+	+ Change password, set next password:
 	$ cybr accounts change -i 24_1 -s set
 	$ cybr accounts change -i 24_1 -s set -p $(openssl rand -base64 12)
+	+ Change password in Vault only:
+	$ cybr accounts change -i 24_1 -s vault
+	$ cybr accounts change -i 24_1 -s vault -p $(openssl rand -base64 12)
 
 ```
 cybr accounts change [flags]
@@ -36,4 +41,4 @@ cybr accounts change [flags]
 
 * [cybr accounts](cybr_accounts.md)	 - Account actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_accounts_checkin.md

@@ -30,4 +30,4 @@ cybr accounts checkin [flags]
 
 * [cybr accounts](cybr_accounts.md)	 - Account actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_accounts_delete.md

@@ -30,4 +30,4 @@ cybr accounts delete [flags]
 
 * [cybr accounts](cybr_accounts.md)	 - Account actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_accounts_get-password.md

@@ -34,4 +34,4 @@ cybr accounts get-password [flags]
 
 * [cybr accounts](cybr_accounts.md)	 - Account actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_accounts_get.md

@@ -30,4 +30,4 @@ cybr accounts get [flags]
 
 * [cybr accounts](cybr_accounts.md)	 - Account actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_accounts_list.md

@@ -35,4 +35,4 @@ cybr accounts list [flags]
 
 * [cybr accounts](cybr_accounts.md)	 - Account actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_accounts_move.md

@@ -31,4 +31,4 @@ cybr accounts move [flags]
 
 * [cybr accounts](cybr_accounts.md)	 - Account actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_accounts_reconcile.md

@@ -30,4 +30,4 @@ cybr accounts reconcile [flags]
 
 * [cybr accounts](cybr_accounts.md)	 - Account actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_accounts_unlock.md

@@ -30,4 +30,4 @@ cybr accounts unlock [flags]
 
 * [cybr accounts](cybr_accounts.md)	 - Account actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_accounts_verify.md

@@ -30,4 +30,4 @@ cybr accounts verify [flags]
 
 * [cybr accounts](cybr_accounts.md)	 - Account actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_applications.md

@@ -33,4 +33,4 @@ All applications actions that can be taken via PAS REST API.
 * [cybr applications list](cybr_applications_list.md)	 - List all applications
 * [cybr applications list-authn](cybr_applications_list-authn.md)	 - List all authn methods on a specific application
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_applications_add-authn.md

@@ -34,4 +34,4 @@ cybr applications add-authn [flags]
 
 * [cybr applications](cybr_applications.md)	 - Applications actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_applications_add.md

@@ -40,4 +40,4 @@ cybr applications add [flags]
 
 * [cybr applications](cybr_applications.md)	 - Applications actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_applications_delete-authn.md

@@ -31,4 +31,4 @@ cybr applications delete-authn [flags]
 
 * [cybr applications](cybr_applications.md)	 - Applications actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_applications_delete.md

@@ -30,4 +30,4 @@ cybr applications delete [flags]
 
 * [cybr applications](cybr_applications.md)	 - Applications actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_applications_list-authn.md

@@ -31,4 +31,4 @@ cybr applications list-authn [flags]
 
 * [cybr applications](cybr_applications.md)	 - Applications actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_applications_list.md

@@ -30,4 +30,4 @@ cybr applications list [flags]
 
 * [cybr applications](cybr_applications.md)	 - Applications actions for PAS REST API
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_ccp.md

@@ -26,4 +26,4 @@ All actions that can be performed with the Central Credential Provider.
 * [cybr](cybr.md)	 - cybr is CyberArk's PAS command-line interface utility
 * [cybr ccp get-account](cybr_ccp_get-account.md)	 - Get account from CCP
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_ccp_get-account.md

@@ -47,4 +47,4 @@ cybr ccp get-account [flags]
 
 * [cybr ccp](cybr_ccp.md)	 - CCP actions
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_cem.md

@@ -32,4 +32,4 @@ All actions that can be performed with the Cloud Entitlements Manager.
 * [cybr cem recommendations](cybr_cem_recommendations.md)	 - Get Entity Recommendations
 * [cybr cem remediations](cybr_cem_remediations.md)	 - Get Entity Remediations
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_cem_accounts.md

@@ -29,4 +29,4 @@ cybr cem accounts [flags]
 
 * [cybr cem](cybr_cem.md)	 - CEM actions
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_cem_entities.md

@@ -36,4 +36,4 @@ cybr cem entities [flags]
 
 * [cybr cem](cybr_cem.md)	 - CEM actions
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_cem_entity-details.md

@@ -32,4 +32,4 @@ cybr cem entity-details [flags]
 
 * [cybr cem](cybr_cem.md)	 - CEM actions
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_cem_logon.md

@@ -35,4 +35,4 @@ cybr cem logon [flags]
 
 * [cybr cem](cybr_cem.md)	 - CEM actions
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_cem_recommendations.md

@@ -32,4 +32,4 @@ cybr cem recommendations [flags]
 
 * [cybr cem](cybr_cem.md)	 - CEM actions
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_cem_remediations.md

@@ -32,4 +32,4 @@ cybr cem remediations [flags]
 
 * [cybr cem](cybr_cem.md)	 - CEM actions
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_completion.md

@@ -64,4 +64,4 @@ cybr completion [bash|zsh|fish|powershell]
 
 * [cybr](cybr.md)	 - cybr is CyberArk's PAS command-line interface utility
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024

docs/cybr_conjur.md

@@ -35,4 +35,4 @@ Perform actions on conjur
 * [cybr conjur update-policy](cybr_conjur_update-policy.md)	 - Update policy to conjur
 * [cybr conjur whoami](cybr_conjur_whoami.md)	 - Get current user info logged into Conjur
 
-###### Auto generated by spf13/cobra on 23-Aug-2023
+###### Auto generated by spf13/cobra on 24-Jan-2024