conjur-api 5.3.1 → 5.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.codeclimate.yml +3 -1
- data/.github/ISSUE_TEMPLATE/bug.md +27 -0
- data/.github/ISSUE_TEMPLATE/feature_request.md +27 -0
- data/.gitignore +1 -0
- data/.gitleaks.toml +219 -0
- data/.rubocop_settings.yml +3 -2
- data/.rubocop_todo.yml +2 -2
- data/CHANGELOG.md +333 -179
- data/CONTRIBUTING.md +149 -0
- data/Gemfile +1 -1
- data/Jenkinsfile +24 -3
- data/LICENSE +202 -0
- data/README.md +6 -140
- data/bin/parse-changelog.sh +12 -0
- data/bin/release +43 -0
- data/ci/codeclimate.dockerfile +6 -0
- data/conjur-api.gemspec +4 -1
- data/docker-compose.yml +2 -0
- data/features/authenticators.feature +33 -0
- data/features/support/env.rb +2 -0
- data/features/update_password.feature +2 -2
- data/features_v4/support/env.rb +2 -0
- data/lib/conjur-api/version.rb +1 -1
- data/lib/conjur/api.rb +1 -0
- data/lib/conjur/api/authenticators.rb +35 -0
- data/lib/conjur/api/router/v5.rb +13 -0
- data/lib/conjur/base_object.rb +5 -0
- data/lib/conjur/cert_utils.rb +14 -0
- data/lib/conjur/configuration.rb +1 -7
- data/spec/base_object_spec.rb +14 -0
- data/spec/cert_utils_spec.rb +92 -0
- data/spec/spec_helper.rb +3 -0
- data/test.sh +13 -0
- metadata +22 -10
- data/LICENSE.md +0 -195
data/bin/release
ADDED
@@ -0,0 +1,43 @@
|
|
1
|
+
#!/bin/bash -e
|
2
|
+
|
3
|
+
git fetch --tags
|
4
|
+
|
5
|
+
if [ "$(git rev-parse --abbrev-ref HEAD)" != "master" ]; then
|
6
|
+
echo "Must be on the master branch to releases. Please switch with 'git checkout master'."
|
7
|
+
exit 1
|
8
|
+
fi
|
9
|
+
|
10
|
+
version_file="$(cat lib/conjur-api/version.rb)"
|
11
|
+
re='VERSION = "([0-9]{1,}\.[0-9]{1,}\.[0-9]{1,})"'
|
12
|
+
if [[ "$version_file" =~ $re ]]; then
|
13
|
+
version="v${BASH_REMATCH[1]}"
|
14
|
+
else
|
15
|
+
echo "Failed to find a version in 'lib/conjur-api/version.rb'"
|
16
|
+
exit 1
|
17
|
+
fi
|
18
|
+
|
19
|
+
last_release=$(git describe --abbrev=0 --tags)
|
20
|
+
|
21
|
+
echo "The last release was: $last_release"
|
22
|
+
echo "The next release will be: $version"
|
23
|
+
|
24
|
+
if [ "$version" = "$last_release" ]; then
|
25
|
+
echo 'To release, the VERSION file must be incremented to the latest release number.'
|
26
|
+
exit 1
|
27
|
+
fi
|
28
|
+
|
29
|
+
if [[ ! $(git status --porcelain) ]]; then
|
30
|
+
echo 'Your Git is clean. Please update the lib/conjur-api/version.rb, and CHANGELOG.md before releasing. The script will handle commits and pushing.'
|
31
|
+
exit 1
|
32
|
+
fi
|
33
|
+
|
34
|
+
# Make sure we have the most recent changes, without destroying local changes.
|
35
|
+
git stash
|
36
|
+
git pull --rebase origin master
|
37
|
+
git stash pop
|
38
|
+
|
39
|
+
# Perform a commit, tag, and push. The tag needs to be present before the commit
|
40
|
+
# to insure Jenkins has what it needs to make a decision about a release.
|
41
|
+
git commit -am "$version"
|
42
|
+
git tag -a "$version" -m "$version release"
|
43
|
+
git push --follow-tags
|
data/conjur-api.gemspec
CHANGED
@@ -18,10 +18,13 @@ Gem::Specification.new do |gem|
|
|
18
18
|
|
19
19
|
gem.required_ruby_version = '>= 1.9'
|
20
20
|
|
21
|
+
# Filter out development only executables
|
22
|
+
gem.executables -= %w{parse-changelog.sh}
|
23
|
+
|
21
24
|
gem.add_dependency 'rest-client'
|
22
25
|
gem.add_dependency 'activesupport'
|
23
26
|
|
24
|
-
gem.add_development_dependency 'rake', '
|
27
|
+
gem.add_development_dependency 'rake', '>= 12.3.3'
|
25
28
|
gem.add_development_dependency 'rspec', '~> 3'
|
26
29
|
gem.add_development_dependency 'rspec-expectations', '~> 3.4'
|
27
30
|
gem.add_development_dependency 'json_spec'
|
data/docker-compose.yml
CHANGED
@@ -27,6 +27,7 @@ services:
|
|
27
27
|
volumes:
|
28
28
|
- ./spec/reports:/src/conjur-api/spec/reports
|
29
29
|
- ./features/reports:/src/conjur-api/features/reports
|
30
|
+
- ./coverage:/src/conjur-api/coverage
|
30
31
|
- authn_local_5:/run/authn-local-5
|
31
32
|
environment:
|
32
33
|
CONJUR_APPLIANCE_URL: http://conjur_5
|
@@ -38,6 +39,7 @@ services:
|
|
38
39
|
volumes:
|
39
40
|
- ./features_v4/reports:/src/conjur-api/features_v4/reports
|
40
41
|
- ./tmp/conjur.pem:/src/conjur-api/tmp/conjur.pem
|
42
|
+
- ./coverage_v4:/src/conjur-api/coverage
|
41
43
|
- authn_local_4:/run/authn-local-4
|
42
44
|
environment:
|
43
45
|
CONJUR_APPLIANCE_URL: https://conjur_4/api
|
@@ -0,0 +1,33 @@
|
|
1
|
+
Feature: List and manage authenticators
|
2
|
+
|
3
|
+
Background:
|
4
|
+
Given I run the code:
|
5
|
+
"""
|
6
|
+
$conjur.load_policy 'root', <<-POLICY
|
7
|
+
- !webservice conjur/authn-k8s/my-auth
|
8
|
+
POLICY
|
9
|
+
"""
|
10
|
+
|
11
|
+
Scenario: Authenticator list includes the authenticator status
|
12
|
+
When I run the code:
|
13
|
+
"""
|
14
|
+
$conjur.authenticator_list
|
15
|
+
"""
|
16
|
+
Then the JSON should have "installed"
|
17
|
+
And the JSON should have "configured"
|
18
|
+
And the JSON should have "enabled"
|
19
|
+
And the JSON at "enabled" should be ["authn"]
|
20
|
+
|
21
|
+
Scenario: Enable and disable authenticator
|
22
|
+
When I run the code:
|
23
|
+
"""
|
24
|
+
$conjur.authenticator_enable("authn-k8s", "my-auth")
|
25
|
+
$conjur.authenticator_list
|
26
|
+
"""
|
27
|
+
Then the JSON at "enabled" should be ["authn", "authn-k8s/my-auth"]
|
28
|
+
When I run the code:
|
29
|
+
"""
|
30
|
+
$conjur.authenticator_disable("authn-k8s", "my-auth")
|
31
|
+
$conjur.authenticator_list
|
32
|
+
"""
|
33
|
+
Then the JSON at "enabled" should be ["authn"]
|
data/features/support/env.rb
CHANGED
@@ -5,8 +5,8 @@ Feature: Change a user's password.
|
|
5
5
|
Scenario: A user can set/change her password using the current API key.
|
6
6
|
When I run the code:
|
7
7
|
"""
|
8
|
-
Conjur::API.update_password @user_id, @user_api_key, '
|
9
|
-
@new_api_key = Conjur::API.login @user_id, '
|
8
|
+
Conjur::API.update_password @user_id, @user_api_key, 'SEcret12!!!!'
|
9
|
+
@new_api_key = Conjur::API.login @user_id, 'SEcret12!!!!'
|
10
10
|
"""
|
11
11
|
Then I can run the code:
|
12
12
|
"""
|
data/features_v4/support/env.rb
CHANGED
data/lib/conjur-api/version.rb
CHANGED
data/lib/conjur/api.rb
CHANGED
@@ -34,6 +34,7 @@ require 'conjur/acts_as_rolsource'
|
|
34
34
|
require 'conjur/acts_as_user'
|
35
35
|
require 'conjur/log_source'
|
36
36
|
require 'conjur/has_attributes'
|
37
|
+
require 'conjur/api/authenticators'
|
37
38
|
require 'conjur/api/authn'
|
38
39
|
require 'conjur/api/roles'
|
39
40
|
require 'conjur/api/resources'
|
@@ -0,0 +1,35 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'conjur/webservice'
|
4
|
+
|
5
|
+
module Conjur
|
6
|
+
# API contains each of the methods for access the Conjur API endpoints
|
7
|
+
#-- :reek:DataClump for authenticator identifier fields (name, id, account)
|
8
|
+
class API
|
9
|
+
# @!group Authenticators
|
10
|
+
|
11
|
+
# List all configured authenticators
|
12
|
+
def authenticator_list
|
13
|
+
JSON.parse(url_for(:authenticators).get)
|
14
|
+
end
|
15
|
+
|
16
|
+
# Enables an authenticator in Conjur. The authenticator must be defined and
|
17
|
+
# loaded in Conjur policy prior to enabling it.
|
18
|
+
#
|
19
|
+
# @param [String] authenticator the authenticator type to enable (e.g. authn-k8s)
|
20
|
+
# @param [String] id the service ID of the authenticator to enable
|
21
|
+
def authenticator_enable authenticator, id, account: Conjur.configuration.account
|
22
|
+
url_for(:authenticator, account, authenticator, id, credentials).patch(enabled: true)
|
23
|
+
end
|
24
|
+
|
25
|
+
# Disables an authenticator in Conjur.
|
26
|
+
#
|
27
|
+
# @param [String] authenticator the authenticator type to disable (e.g. authn-k8s)
|
28
|
+
# @param [String] id the service ID of the authenticator to disable
|
29
|
+
def authenticator_disable authenticator, id, account: Conjur.configuration.account
|
30
|
+
url_for(:authenticator, account, authenticator, id, credentials).patch(enabled: false)
|
31
|
+
end
|
32
|
+
|
33
|
+
# @!endgroup
|
34
|
+
end
|
35
|
+
end
|
data/lib/conjur/api/router/v5.rb
CHANGED
@@ -14,9 +14,13 @@
|
|
14
14
|
# See the License for the specific language governing permissions and
|
15
15
|
# limitations under the License.
|
16
16
|
|
17
|
+
# rubocop:disable Metrics/ModuleLength
|
17
18
|
module Conjur
|
18
19
|
class API
|
19
20
|
module Router
|
21
|
+
# V5 translates method arguments to rest-ful API request parameters.
|
22
|
+
# because of this, most of the methods suffer from :reek:LongParameterList:
|
23
|
+
# and :reek:UtilityFunction:
|
20
24
|
module V5
|
21
25
|
extend Conjur::Escape::ClassMethods
|
22
26
|
extend Conjur::QueryString
|
@@ -30,6 +34,14 @@ module Conjur
|
|
30
34
|
RestClient::Resource.new(Conjur.configuration.authn_url)[fully_escape account][fully_escape username]['authenticate']
|
31
35
|
end
|
32
36
|
|
37
|
+
def authenticator account, authenticator, service_id, credentials
|
38
|
+
RestClient::Resource.new(Conjur.configuration.core_url, credentials)[fully_escape authenticator][fully_escape service_id][fully_escape account]
|
39
|
+
end
|
40
|
+
|
41
|
+
def authenticators
|
42
|
+
RestClient::Resource.new(Conjur.configuration.core_url)['authenticators']
|
43
|
+
end
|
44
|
+
|
33
45
|
# For v5, the authn-local message is a JSON string with account, sub, and optional fields.
|
34
46
|
def authn_authenticate_local username, account, expiration, cidr, &block
|
35
47
|
{ account: account, sub: username }.tap do |params|
|
@@ -167,3 +179,4 @@ module Conjur
|
|
167
179
|
end
|
168
180
|
end
|
169
181
|
end
|
182
|
+
# rubocop:enable Metrics/ModuleLength
|
data/lib/conjur/base_object.rb
CHANGED
data/lib/conjur/cert_utils.rb
CHANGED
@@ -44,6 +44,20 @@ module Conjur
|
|
44
44
|
end
|
45
45
|
end
|
46
46
|
end
|
47
|
+
|
48
|
+
# Add a certificate to a given store. If the certificate has more than
|
49
|
+
# one certificate in its chain, it will be parsed and added to the store
|
50
|
+
# one by one. This is done because `OpenSSL::X509::Store.new.add_cert`
|
51
|
+
# adds only the intermediate certificate to the store.
|
52
|
+
def add_chained_cert store, chained_cert
|
53
|
+
parse_certs(chained_cert).each do |cert|
|
54
|
+
begin
|
55
|
+
store.add_cert cert
|
56
|
+
rescue OpenSSL::X509::StoreError => ex
|
57
|
+
raise unless ex.message == 'cert already in hash table'
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
47
61
|
end
|
48
62
|
end
|
49
63
|
end
|
data/lib/conjur/configuration.rb
CHANGED
@@ -402,13 +402,7 @@ module Conjur
|
|
402
402
|
# @return [Boolean] whether a certificate was added to the store.
|
403
403
|
def apply_cert_config! store=OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
|
404
404
|
if ssl_certificate
|
405
|
-
CertUtils.
|
406
|
-
begin
|
407
|
-
store.add_cert cert
|
408
|
-
rescue OpenSSL::X509::StoreError => ex
|
409
|
-
raise unless ex.message == 'cert already in hash table'
|
410
|
-
end
|
411
|
-
end
|
405
|
+
CertUtils.add_chained_cert(store, ssl_certificate)
|
412
406
|
elsif cert_file
|
413
407
|
ensure_cert_readable!(cert_file)
|
414
408
|
store.add_file cert_file
|
@@ -0,0 +1,14 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe Conjur::BaseObject do
|
6
|
+
|
7
|
+
it "returns custom string for #inspect" do
|
8
|
+
id_str = 'foo:bar:baz'
|
9
|
+
base_obj = Conjur::BaseObject.new(Conjur::Id.new(id_str), { username: 'foo' })
|
10
|
+
expect(base_obj.inspect).to include("id='#{id_str}'")
|
11
|
+
expect(base_obj.inspect).to include(Conjur::BaseObject.name)
|
12
|
+
end
|
13
|
+
|
14
|
+
end
|
data/spec/cert_utils_spec.rb
CHANGED
@@ -78,4 +78,96 @@ RjvSxre4Xg2qlI9Laybb4oZ4g6DI8hRbL0VdFAsveg6SXg2RxgJcXeJUFw==
|
|
78
78
|
end
|
79
79
|
end
|
80
80
|
end
|
81
|
+
|
82
|
+
describe '.add_chained_cert' do
|
83
|
+
let(:one_certificate_chain) do
|
84
|
+
"""-----BEGIN CERTIFICATE-----
|
85
|
+
MIIDPjCCAiagAwIBAgIVAKW1gdmOFrXt6xB0iQmYQ4z8Pf+kMA0GCSqGSIb3DQEB
|
86
|
+
CwUAMD0xETAPBgNVBAoTCGN1Y3VtYmVyMRIwEAYDVQQLEwlDb25qdXIgQ0ExFDAS
|
87
|
+
BgNVBAMTC2N1a2UtbWFzdGVyMB4XDTE1MTAwNzE2MzAwNloXDTI1MTAwNDE2MzAw
|
88
|
+
NlowFjEUMBIGA1UEAwwLY3VrZS1tYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
89
|
+
DwAwggEKAoIBAQC9e8bGIHOLOypKA4lsLcAOcDLAq+ICuVxn9Vg0No0m32Ok/K7G
|
90
|
+
uEGtlC8RidObntblUwqdX2uP7mqAQm19j78UTl1KT97vMmmFrpVZ7oQvEm1FUq3t
|
91
|
+
FBmJglthJrSbpdZjLf7a7eL1NnunkfBdI1DK9QL9ndMjNwZNFbXhld4fC5zuSr/L
|
92
|
+
PxawSzTEsoTaB0Nw0DdRowaZgrPxc0hQsrj9OF20gTIJIYO7ctZzE/JJchmBzgI4
|
93
|
+
CdfAYg7zNS+0oc0ylV0CWMerQtLICI6BtiQ482bCuGYJ00NlDcdjd3w+A2cj7PrH
|
94
|
+
wH5UhtORL5Q6i9EfGGUCDbmfpiVD9Bd3ukbXAgMBAAGjXDBaMA4GA1UdDwEB/wQE
|
95
|
+
AwIFoDAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwKQYDVR0RBCIwIIIL
|
96
|
+
Y3VrZS1tYXN0ZXKCCWxvY2FsaG9zdIIGY29uanVyMA0GCSqGSIb3DQEBCwUAA4IB
|
97
|
+
AQBCepy6If67+sjuVnT9NGBmjnVaLa11kgGNEB1BZQnvCy0IN7gpLpshoZevxYDR
|
98
|
+
3DnPAetQiZ70CSmCwjL4x6AVxQy59rRj0Awl9E1dgFTYI3JxxgLsI9ePdIRVEPnH
|
99
|
+
dhXqPY5ZIZhvdHlLStjsXX7laaclEtMeWfSzxe4AmP/Sm/er4ks0gvLQU6/XJNIu
|
100
|
+
RnRH59ZB1mZMsIv9Ii790nnioYFR54JmQu1JsIib77ZdSXIJmxAtraJSTLcZbU1E
|
101
|
+
+SM3XCE423Xols7onyluMYDy3MCUTFwoVMRBcRWCAk5gcv6XvZDfLi6Zwdne6x3Y
|
102
|
+
bGenr4vsPuSFsycM03/EcQDT
|
103
|
+
-----END CERTIFICATE-----
|
104
|
+
"""
|
105
|
+
end
|
106
|
+
|
107
|
+
let(:two_certificates_chain) do
|
108
|
+
"""-----BEGIN CERTIFICATE-----
|
109
|
+
MIIDPjCCAiagAwIBAgIVAKW1gdmOFrXt6xB0iQmYQ4z8Pf+kMA0GCSqGSIb3DQEB
|
110
|
+
CwUAMD0xETAPBgNVBAoTCGN1Y3VtYmVyMRIwEAYDVQQLEwlDb25qdXIgQ0ExFDAS
|
111
|
+
BgNVBAMTC2N1a2UtbWFzdGVyMB4XDTE1MTAwNzE2MzAwNloXDTI1MTAwNDE2MzAw
|
112
|
+
NlowFjEUMBIGA1UEAwwLY3VrZS1tYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
113
|
+
DwAwggEKAoIBAQC9e8bGIHOLOypKA4lsLcAOcDLAq+ICuVxn9Vg0No0m32Ok/K7G
|
114
|
+
uEGtlC8RidObntblUwqdX2uP7mqAQm19j78UTl1KT97vMmmFrpVZ7oQvEm1FUq3t
|
115
|
+
FBmJglthJrSbpdZjLf7a7eL1NnunkfBdI1DK9QL9ndMjNwZNFbXhld4fC5zuSr/L
|
116
|
+
PxawSzTEsoTaB0Nw0DdRowaZgrPxc0hQsrj9OF20gTIJIYO7ctZzE/JJchmBzgI4
|
117
|
+
CdfAYg7zNS+0oc0ylV0CWMerQtLICI6BtiQ482bCuGYJ00NlDcdjd3w+A2cj7PrH
|
118
|
+
wH5UhtORL5Q6i9EfGGUCDbmfpiVD9Bd3ukbXAgMBAAGjXDBaMA4GA1UdDwEB/wQE
|
119
|
+
AwIFoDAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwKQYDVR0RBCIwIIIL
|
120
|
+
Y3VrZS1tYXN0ZXKCCWxvY2FsaG9zdIIGY29uanVyMA0GCSqGSIb3DQEBCwUAA4IB
|
121
|
+
AQBCepy6If67+sjuVnT9NGBmjnVaLa11kgGNEB1BZQnvCy0IN7gpLpshoZevxYDR
|
122
|
+
3DnPAetQiZ70CSmCwjL4x6AVxQy59rRj0Awl9E1dgFTYI3JxxgLsI9ePdIRVEPnH
|
123
|
+
dhXqPY5ZIZhvdHlLStjsXX7laaclEtMeWfSzxe4AmP/Sm/er4ks0gvLQU6/XJNIu
|
124
|
+
RnRH59ZB1mZMsIv9Ii790nnioYFR54JmQu1JsIib77ZdSXIJmxAtraJSTLcZbU1E
|
125
|
+
+SM3XCE423Xols7onyluMYDy3MCUTFwoVMRBcRWCAk5gcv6XvZDfLi6Zwdne6x3Y
|
126
|
+
bGenr4vsPuSFsycM03/EcQDT
|
127
|
+
-----END CERTIFICATE-----
|
128
|
+
-----BEGIN CERTIFICATE-----
|
129
|
+
MIIDhzCCAm+gAwIBAgIJAJnsrJ1+j9MhMA0GCSqGSIb3DQEBCwUAMD0xETAPBgNV
|
130
|
+
BAoTCGN1Y3VtYmVyMRIwEAYDVQQLEwlDb25qdXIgQ0ExFDASBgNVBAMTC2N1a2Ut
|
131
|
+
bWFzdGVyMB4XDTE1MTAwNzE2MzAwM1oXDTI1MTAwNDE2MzAwM1owPTERMA8GA1UE
|
132
|
+
ChMIY3VjdW1iZXIxEjAQBgNVBAsTCUNvbmp1ciBDQTEUMBIGA1UEAxMLY3VrZS1t
|
133
|
+
YXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsuZ06Ld4JDhxZ
|
134
|
+
FcxKVxu7MTjXVv6W8pI7qFKmgr39aNqmDpKYJ1H9aM+r9zaTAeithpM4wJpVswkJ
|
135
|
+
d0RSuKdm1LOx11yHLyZ1OvlPHFhsVWdZIQZ6R9srhPYBUCMem4sHR5IAcBBX+HkR
|
136
|
+
35gaPYUl1uFV/9zCniekt92Kdta+it1WL7XinXTBURlhDawiD/kv1C9x6dICEJVe
|
137
|
+
IT/jRohmqHAoM/JSOQTthaDli3Qvu5K8XAx8UXvWVmv3eStZFVDbC4ZEueRd9KAe
|
138
|
+
4IZ5FxdpFYkPBgt2lBYeydYKRShyYrDKye1uJBDkeplNaYW4cS4mOhYuRkdKn7MH
|
139
|
+
uY/xb1lFAgMBAAGjgYkwgYYwKQYDVR0RBCIwIIILY3VrZS1tYXN0ZXKCCWxvY2Fs
|
140
|
+
aG9zdIIGY29uanVyMB0GA1UdDgQWBBRHpGF7aQbHdORYgQKDC2hV6NzEKzAfBgNV
|
141
|
+
HSMEGDAWgBRHpGF7aQbHdORYgQKDC2hV6NzEKzAMBgNVHRMEBTADAQH/MAsGA1Ud
|
142
|
+
DwQEAwIB5jANBgkqhkiG9w0BAQsFAAOCAQEAGZT9Wek1hYluIVaxu03wSKCKIJ4p
|
143
|
+
KxTHw+mLDapg1y9t3Fa/5IQQK0Bx0xGU2qWiQKjda3vdFPJWO6l6XJvsUY5Nwtm5
|
144
|
+
Gcsk8l3L/zWCrjrFTH3TdVad5E+DTwVhThelmEjw68AyM+WuOL61j0MItd9mLW74
|
145
|
+
Lv2zouj9nQBdnUBHWQ0EL/9d5cfaCVu/bFlDfYt7Yj0IzXCuaWZfJeHodU1hmqVX
|
146
|
+
BvYRjnTB2LSxfmSnkrCeFPmhE11bWVtsLIdrGIgtEMX0/s9xg58QuNnva1U3pJsW
|
147
|
+
RjvSxre4Xg2qlI9Laybb4oZ4g6DI8hRbL0VdFAsveg6SXg2RxgJcXeJUFw==
|
148
|
+
-----END CERTIFICATE-----
|
149
|
+
"""
|
150
|
+
end
|
151
|
+
|
152
|
+
let(:store){ double('default store') }
|
153
|
+
|
154
|
+
context 'with one certificate in the chain' do
|
155
|
+
subject{ Conjur::CertUtils.add_chained_cert(store, one_certificate_chain) }
|
156
|
+
|
157
|
+
it 'adds one certificate to the store' do
|
158
|
+
expect(store).to receive(:add_cert).once
|
159
|
+
expect(subject).to be_truthy
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
context 'with two certificate in the chain' do
|
164
|
+
subject{ Conjur::CertUtils.add_chained_cert(store, two_certificates_chain) }
|
165
|
+
|
166
|
+
it 'adds both certificate to the store' do
|
167
|
+
expect(store).to receive(:add_cert).twice
|
168
|
+
expect(subject).to be_truthy
|
169
|
+
end
|
170
|
+
end
|
171
|
+
|
172
|
+
end
|
81
173
|
end
|
data/spec/spec_helper.rb
CHANGED
data/test.sh
CHANGED
@@ -8,6 +8,18 @@ function finish {
|
|
8
8
|
|
9
9
|
trap finish EXIT
|
10
10
|
|
11
|
+
function publishToCodeClimate() {
|
12
|
+
docker build -f ci/codeclimate.dockerfile -t cyberark/code-climate:latest .
|
13
|
+
docker run \
|
14
|
+
--rm \
|
15
|
+
--volume "$PWD:/src/conjur-api" \
|
16
|
+
-w "/src/conjur-api" \
|
17
|
+
cyberark/code-climate:latest \
|
18
|
+
after-build \
|
19
|
+
-r "$(<TRID)" \
|
20
|
+
-t "simplecov"
|
21
|
+
}
|
22
|
+
|
11
23
|
function main() {
|
12
24
|
# Generate reports folders locally
|
13
25
|
mkdir -p spec/reports features/reports features_v4/reports
|
@@ -15,6 +27,7 @@ function main() {
|
|
15
27
|
startConjur
|
16
28
|
runTests_5
|
17
29
|
runTests_4
|
30
|
+
publishToCodeClimate
|
18
31
|
}
|
19
32
|
|
20
33
|
function startConjur() {
|