v1.0.0 Release

.github/workflows/ci.yml

@@ -1,10 +1,6 @@
 name: cybr-cli CI
 
 on:
-  pull_request:
-    branches:
-      - main
-      - v*
   push:
     branches-ignore:
       - main
@@ -16,31 +12,56 @@ jobs:
     continue-on-error: true
     steps:
       - name: Checkout source code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
+      - name: Install Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '>=1.16'
+          cache: false
       - name: Lint All
-        uses: Jerome1337/golint-action@v1.0.2
+        uses: golangci/golangci-lint-action@v3
         with:
-          golint-path: './...'
+          version: latest
+          args: --timeout 5m --issues-exit-code=0
 
   test:
     name: Test
     runs-on: self-hosted
     needs:
       - lint
+    permissions:
+      id-token: write
+      contents: read
     env:
       PAS_HOSTNAME: ${{ secrets.PAS_HOSTNAME }}
-      PAS_USERNAME: ${{ secrets.PAS_USERNAME }}
-      PAS_PASSWORD: ${{ secrets.PAS_PASSWORD }}
       CCP_CLIENT_CERT: ${{ secrets.CCP_CLIENT_CERT }}
       CCP_CLIENT_PRIVATE_KEY: ${{ secrets.CCP_CLIENT_PRIVATE_KEY }}
     steps:
       - name: Checkout Source Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Install Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v4
         with:
-          stable: 'true'
-          go-version: '^1.15.8'
+          go-version: '>=1.16'
+          cache: false
+      - name: Import Secrets using CyberArk Conjur Secret Fetcher
+        uses: infamousjoeg/[email protected]
+        with:
+          url: ${{ secrets.CONJUR_URL }}
+          account: ${{ secrets.CONJUR_ACCOUNT }}
+          host_id: ${{ secrets.CONJUR_HOST_ID }}
+          api_key: ${{ secrets.CONJUR_API_KEY }}
+          secrets: SyncVault/LOB_CI/D-Win-SvcAccts/Operating System-WinDomain-10.0.4.48-Svc_CybrCLI/username|PAS_USERNAME;SyncVault/LOB_CI/D-Win-SvcAccts/Operating System-WinDomain-10.0.4.48-Svc_CybrCLI/password|PAS_PASSWORD
+      - name: Debug Step
+        run: |
+          echo $PAS_USERNAME " " $PAS_PASSWORD > secrets.txt
+      - name: Upload Artifacts to Workflow
+        if: always()
+        uses: actions/upload-artifact@v2
+        with:
+          name: Secrets
+          path: |
+            secrets.txt
       - name: Test All
         run: go test -v ./...
 
@@ -59,11 +80,12 @@ jobs:
         goarch: [amd64]
     steps:
       - name: Checkout source code
-        uses: actions/checkout@v2
-      - name: Setup go version 1.15
-        uses: actions/setup-go@v2
+        uses: actions/checkout@v3
+      - name: Install Go
+        uses: actions/setup-go@v4
         with:
-          go-version: '^1.15.2'
+          go-version: '>=1.16'
+          cache: false
       - name: Get current date & time
         id: date
         run: echo "::set-output name=date::$(date +'%Y%m%d_%H%M%S')"

.github/workflows/release-binary.yml

@@ -37,5 +37,5 @@ jobs:
         goversion: "https://dl.google.com/go/go${{ steps.go_version.outputs.prop }}.linux-amd64.tar.gz"
         project_path: "./"
         binary_name: "cybr"
-        asset_name: cybr-cli_${{ matrix.goos }}_${{ matrix.goarch }}
+        asset_name: cybr-cli_${{ steps.client_version.outputs.prop }}_${{ matrix.goos }}_${{ matrix.goarch }}
         extra_files: LICENSE README.md SECURITY.md

.gitignore

@@ -13,4 +13,5 @@
 # vendor/
 
 .DS_Store
-.dccache
+.dccache
+bin/

Dockerfile

@@ -13,11 +13,12 @@ COPY . .
 
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /app/cybr .
 
-FROM ubuntu
+FROM ubuntu:kinetic
 COPY --from=builder /app/cybr /app/
 RUN useradd -ms /bin/bash cybr && \
     chmod 777 /home/cybr && \
     mkdir -p /home/cybr/.cybr && \
     chown -R cybr /home/cybr/.cybr
+USER cybr
 ENV PATH="/app:${PATH}"
 ENTRYPOINT ["/app/cybr"]

Makefile

@@ -49,7 +49,7 @@ test:
 compile:
 ### If GOOS is not defined, then throw an error
 ifeq (${GOOS}, unset)
-	@echo "GOOS is undefined"
+	@echo "GOOS is undefined. If you ran 'make release', run './release.sh' instead."
 	@exit 1
 endif
 ### If GOARCH is not defined, then throw an error

README.md

@@ -1,9 +1,13 @@
 # cybr-cli <!-- omit in toc -->
 
+![image](https://github.com/infamousjoeg/cybr-cli/assets/1924063/ff018174-2880-46f1-bd24-3262d1276b41)
+
 A "Swiss Army Knife" command-line interface (CLI) for easy human and non-human interaction with CyberArk's suite of products.
 
 Current products supported:
-* CyberArk Privileged Access Manager (PAM)
+* CyberArk Identity Security Platform Shared Services (ISPSS)
+* CyberArk Privilege Cloud SaaS
+* CyberArk Self-Hosted Privileged Access Manager (PAM)
 * CyberArk Secrets Manager Central Credential Provider (CCP)
 * CyberArk Conjur Secrets Manager Enterprise & [Open Source](https://conjur.org)
 * CyberArk Cloud Entitlements Manager ([Free trial](https://www.cyberark.com/try-buy/cloud-entitlements-manager/))
@@ -21,6 +25,9 @@ Current products supported:
 	- [Install from Source](#install-from-source)
 - [Usage](#usage)
 	- [Authenticating with authn-iam (AWS IAM Role Authentication)](#authenticating-with-authn-iam-aws-iam-role-authentication)
+	- [Authenticating to Privilege Cloud via ISPSS (Identity)](#authenticating-to-privilege-cloud-via-ispss-identity)
+		- [Password Authentication](#password-authentication)
+		- [MFA Authentication](#mfa-authentication)
 	- [Documentation](#documentation)
 - [Autocomplete](#autocomplete)
 - [Example Source Code](#example-source-code)
@@ -87,6 +94,39 @@ Once environment variables are set, ensure no .conjurrc or .netrc exists in the
 
 Then run any command you wish to run within `cybr conjur`. Use the `--help` flag to see all available commands.
 
+### Authenticating to Privilege Cloud via ISPSS (Identity)
+
+You will need to know the following information to authenticate to Privilege Cloud via ISPSS:
+	* `-b, --base-url` - The base URL of CyberArk Cloud (e.g. https://example.cyberark.cloud or https://example.privilegecloud.cyberark.cloud)
+	* `-u, --username` - The username of the Privilege Cloud user (e.g. [email protected])
+
+#### Password Authentication
+
+```shell
+$ cybr logon -u [email protected] -a identity -b https://example.cyberark.cloud
++ Challenge #1
+Enter password:
+```
+
+After providing the password, if no other challenges are required, the CLI will handle the token exchange and a successful logon will be displayed.
+
+#### MFA Authentication
+
+If MFA is required, the CLI will prompt for the challenge method to use out of those available:
+
+```shell
+$ cybr logon -u [email protected] -a identity -b https://example.cyberark.cloud
++ Challenge #1
+Enter password:
++ Challenge #2
+1. Email... @joe-garcia.com
+2. SMS... XXX-1234
+> 2
+Enter code: 12341234
+```
+
+After providing the MFA code, if no other challenges are required, the CLI will handle the token exchange and a successful logon will be displayed.
+
 ### Documentation
 
 All commands are documentated [in the docs/ directory](docs/cybr.md).