conjur-api 5.3.3 → 5.3.7.pre.167
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/CODEOWNERS +1 -1
- data/.gitleaks.toml +1 -1
- data/CHANGELOG.md +48 -3
- data/CONTRIBUTING.md +1 -1
- data/Dockerfile +3 -2
- data/Gemfile +1 -5
- data/Jenkinsfile +115 -18
- data/LICENSE +1 -1
- data/README.md +26 -4
- data/VERSION +1 -0
- data/ci/submit-coverage +36 -0
- data/conjur-api.gemspec +6 -5
- data/docker-compose.yml +15 -3
- data/features/host.feature +39 -9
- data/features/permitted.feature +27 -0
- data/features/step_definitions/api_steps.rb +14 -3
- data/features/step_definitions/policy_steps.rb +40 -0
- data/features/support/env.rb +3 -3
- data/features/user.feature +47 -6
- data/features_v4/support/env.rb +0 -2
- data/lib/conjur/acts_as_user.rb +5 -1
- data/lib/conjur/api/authn.rb +3 -3
- data/lib/conjur/api/resources.rb +2 -2
- data/lib/conjur/api/router/v4.rb +80 -23
- data/lib/conjur/api/router/v5.rb +87 -21
- data/lib/conjur/api.rb +0 -18
- data/lib/conjur/base.rb +19 -5
- data/lib/conjur/base_object.rb +14 -7
- data/lib/conjur/configuration.rb +45 -17
- data/lib/conjur/escape.rb +2 -3
- data/lib/conjur-api/version.rb +2 -2
- data/spec/api_spec.rb +59 -13
- data/spec/base_object_spec.rb +0 -1
- data/spec/configuration_spec.rb +25 -3
- data/spec/spec_helper.rb +4 -4
- data/spec/ssl_spec.rb +50 -26
- data/test.sh +10 -17
- metadata +35 -21
- data/.github/ISSUE_TEMPLATE/bug.md +0 -42
- data/.github/ISSUE_TEMPLATE/feature_request.md +0 -27
- data/.github/PULL_REQUEST_TEMPLATE.md +0 -21
- data/ci/codeclimate.dockerfile +0 -6
- data/spec/vendor/rest_client_spec.rb +0 -41
data/lib/conjur/configuration.rb
CHANGED
@@ -24,7 +24,6 @@ require 'set'
|
|
24
24
|
require 'conjur/cert_utils'
|
25
25
|
|
26
26
|
module Conjur
|
27
|
-
|
28
27
|
class << self
|
29
28
|
# Saves the current thread local {Conjur::Configuration},
|
30
29
|
# sets the thread local {Conjur::Configuration} to `config`, yields to the block, and ensures that
|
@@ -68,7 +67,7 @@ module Conjur
|
|
68
67
|
ensure
|
69
68
|
Thread.current[:conjur_configuration] = oldvalue
|
70
69
|
end
|
71
|
-
|
70
|
+
|
72
71
|
# Gets the current thread-local or global configuration.
|
73
72
|
#
|
74
73
|
# The thread-local Conjur configuration can only be set using the {Conjur.with_configuration}
|
@@ -79,7 +78,7 @@ module Conjur
|
|
79
78
|
def configuration
|
80
79
|
Thread.current[:conjur_configuration] || (@config ||= Configuration.new)
|
81
80
|
end
|
82
|
-
|
81
|
+
|
83
82
|
# Sets the global configuration.
|
84
83
|
#
|
85
84
|
# This method *has no effect* on the thread local configuration. Use {Conjur.with_configuration} instead if
|
@@ -191,25 +190,25 @@ module Conjur
|
|
191
190
|
@supplied = options.dup
|
192
191
|
@computed = Hash.new
|
193
192
|
end
|
194
|
-
|
193
|
+
|
195
194
|
class << self
|
196
195
|
# @api private
|
197
196
|
def accepted_options
|
198
197
|
require 'set'
|
199
198
|
@options ||= Set.new
|
200
199
|
end
|
201
|
-
|
200
|
+
|
202
201
|
# @param [Symbol] name
|
203
202
|
# @param [Hash] options
|
204
|
-
# @option options [Boolean] :boolean (false) whether this option should have a '?' accessor
|
203
|
+
# @option options [Boolean] :boolean (false) whether this option should have a '?' accessor
|
205
204
|
# @option options [Boolean, String] :env Environment variable for this option. Set to false
|
206
205
|
# to disallow environment based configuration. Default is CONJUR_<OPTION_NAME>.
|
207
206
|
# @option options [Proc, *] :default Default value or proc to provide it
|
208
207
|
# @option options [Boolean] :required (false) when true, raise an exception if the option is
|
209
208
|
# not set
|
210
|
-
# @option options [Proc, #to_proc] :convert proc-ish to convert environment
|
209
|
+
# @option options [Proc, #to_proc] :convert proc-ish to convert environment
|
211
210
|
# values to appropriate types
|
212
|
-
# @param [Proc] def_proc block to provide default values
|
211
|
+
# @param [Proc] def_proc block to provide default values
|
213
212
|
# @api private
|
214
213
|
def add_option name, options = {}, &def_proc
|
215
214
|
accepted_options << name
|
@@ -217,7 +216,7 @@ module Conjur
|
|
217
216
|
env_var = options[:env] || "CONJUR_#{name.to_s.upcase}"
|
218
217
|
def_val = options[:default]
|
219
218
|
opt_name = name
|
220
|
-
|
219
|
+
|
221
220
|
def_proc ||= if def_val.respond_to?(:call)
|
222
221
|
def_val
|
223
222
|
elsif options[:required]
|
@@ -225,10 +224,10 @@ module Conjur
|
|
225
224
|
else
|
226
225
|
proc { def_val }
|
227
226
|
end
|
228
|
-
|
227
|
+
|
229
228
|
convert = options[:convert] || ->(x){ x }
|
230
229
|
# Allow a Symbol, for example
|
231
|
-
convert = convert.to_proc if convert.respond_to?(:to_proc)
|
230
|
+
convert = convert.to_proc if convert.respond_to?(:to_proc)
|
232
231
|
|
233
232
|
define_method("#{name}=") do |value|
|
234
233
|
set name, value
|
@@ -237,7 +236,7 @@ module Conjur
|
|
237
236
|
define_method("#{name}_env_var") do
|
238
237
|
allow_env ? env_var : nil
|
239
238
|
end
|
240
|
-
|
239
|
+
|
241
240
|
define_method(name) do
|
242
241
|
value = computed[name]
|
243
242
|
return value unless value.nil?
|
@@ -246,7 +245,7 @@ module Conjur
|
|
246
245
|
supplied[name]
|
247
246
|
elsif allow_env && ENV.member?(env_var)
|
248
247
|
instance_exec(ENV[env_var], &convert)
|
249
|
-
else
|
248
|
+
else
|
250
249
|
instance_eval(&def_proc)
|
251
250
|
end.tap do |value|
|
252
251
|
computed[name] = value
|
@@ -256,7 +255,7 @@ module Conjur
|
|
256
255
|
alias_method("#{name}?", name) if options[:boolean]
|
257
256
|
end
|
258
257
|
end
|
259
|
-
|
258
|
+
|
260
259
|
# Return a copy of this {Conjur::Configuration} instance, optionally
|
261
260
|
# updating the copy with options from the `override_options` hash.
|
262
261
|
#
|
@@ -290,8 +289,8 @@ module Conjur
|
|
290
289
|
#
|
291
290
|
# The url for the {http://developer.conjur.net/reference/services/authentication Conjur authentication service}.
|
292
291
|
#
|
293
|
-
# By default, this will be built from the +appliance_url+. To use a custom authenticator,
|
294
|
-
# set this option in code or set `CONJUR_AUTHN_URL`.
|
292
|
+
# By default, this will be built from the +appliance_url+. To use a custom authenticator,
|
293
|
+
# set this option in code or set `CONJUR_AUTHN_URL`.
|
295
294
|
#
|
296
295
|
#
|
297
296
|
# @return [String] the authentication service url
|
@@ -369,10 +368,30 @@ module Conjur
|
|
369
368
|
# @see cert_file
|
370
369
|
add_option :ssl_certificate
|
371
370
|
|
371
|
+
# @!attribute rest_client_options
|
372
|
+
#
|
373
|
+
# Custom options for the underlying RestClient Requests. This defaults to:
|
374
|
+
# ```
|
375
|
+
# {
|
376
|
+
# ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
|
377
|
+
# }
|
378
|
+
# ``
|
379
|
+
#
|
380
|
+
# The `ssl_cert_store` value aligns with the default certificate store used by
|
381
|
+
# {#apply_cert_config!}.
|
382
|
+
#
|
383
|
+
# NOTE: When setting the value of rest_client_options the defaults are not retained,
|
384
|
+
# you must manually set them on the value you provide.
|
385
|
+
add_option :rest_client_options do
|
386
|
+
{
|
387
|
+
ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
|
388
|
+
}
|
389
|
+
end
|
390
|
+
|
372
391
|
# @!attribute version
|
373
392
|
#
|
374
393
|
# Selects the major API version of the Conjur server. With this setting, the API
|
375
|
-
# will use the routing scheme for API version `4` or `5`.
|
394
|
+
# will use the routing scheme for API version `4` or `5`.
|
376
395
|
#
|
377
396
|
# Methods which are not available in the selected version will raise NoMethodError.
|
378
397
|
add_option :version, default: 5
|
@@ -383,6 +402,12 @@ module Conjur
|
|
383
402
|
# This is only available when the API client is running on the Conjur server.
|
384
403
|
add_option :authn_local_socket, default: "/run/authn-local/.socket"
|
385
404
|
|
405
|
+
# Create rest_client_options by merging the input with the
|
406
|
+
# rest_client_options present on the configuration object.
|
407
|
+
def create_rest_client_options options
|
408
|
+
rest_client_options.merge(options || {})
|
409
|
+
end
|
410
|
+
|
386
411
|
# Calls a major-version-specific function.
|
387
412
|
def version_logic v4_logic, v5_logic
|
388
413
|
case version.to_s
|
@@ -398,6 +423,9 @@ module Conjur
|
|
398
423
|
# Add the certificate configured by the {#ssl_certificate} and {#cert_file} options to the certificate
|
399
424
|
# store used by Conjur clients.
|
400
425
|
#
|
426
|
+
# NOTE: If you specify a non-default `store` value, you must manually set the
|
427
|
+
# `ssl_cert_store` value on {#rest_client_options} to the same value.
|
428
|
+
#
|
401
429
|
# @param [OpenSSL::X509::Store] store the certificate store that the certificate will be installed in.
|
402
430
|
# @return [Boolean] whether a certificate was added to the store.
|
403
431
|
def apply_cert_config! store=OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
|
data/lib/conjur/escape.rb
CHANGED
@@ -80,9 +80,8 @@ module Conjur
|
|
80
80
|
return "false" unless str
|
81
81
|
str = str.id if str.respond_to?(:id)
|
82
82
|
# Leave colons and forward slashes alone
|
83
|
-
require 'uri'
|
84
|
-
|
85
|
-
URI.escape(str.to_s, Regexp.new("[^#{pattern}]"))
|
83
|
+
require 'addressable/uri'
|
84
|
+
Addressable::URI.encode(str.to_s)
|
86
85
|
end
|
87
86
|
end
|
88
87
|
|
data/lib/conjur-api/version.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright 2013-
|
1
|
+
# Copyright 2013-2021 Conjur Inc.
|
2
2
|
#
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy of
|
4
4
|
# this software and associated documentation files (the "Software"), to deal in
|
@@ -19,6 +19,6 @@
|
|
19
19
|
|
20
20
|
module Conjur
|
21
21
|
class API
|
22
|
-
VERSION =
|
22
|
+
VERSION = File.read(File.expand_path('../../VERSION', __dir__))
|
23
23
|
end
|
24
24
|
end
|
data/spec/api_spec.rb
CHANGED
@@ -4,29 +4,26 @@ require 'fakefs/spec_helpers'
|
|
4
4
|
describe Conjur::API do
|
5
5
|
|
6
6
|
let(:account) { 'api-spec-acount' }
|
7
|
+
let(:remote_ip) { nil }
|
7
8
|
before { allow(Conjur.configuration).to receive_messages account: account }
|
8
9
|
|
9
10
|
shared_context "logged in", logged_in: true do
|
10
11
|
let(:login) { "bob" }
|
11
12
|
let(:token) { { 'data' => login, 'timestamp' => Time.now.to_s } }
|
12
|
-
|
13
|
-
let(:api_args) { [ token, { remote_ip: remote_ip } ] }
|
14
|
-
subject(:api) { Conjur::API.new_from_token(*api_args) }
|
13
|
+
subject(:api) { Conjur::API.new_from_token(token, remote_ip: remote_ip) }
|
15
14
|
end
|
16
15
|
|
17
16
|
shared_context "logged in with an API key", logged_in: :api_key do
|
18
17
|
include_context "logged in"
|
19
18
|
let(:api_key) { "theapikey" }
|
20
|
-
|
21
|
-
subject(:api) { Conjur::API.new_from_key(*api_args) }
|
19
|
+
subject(:api) { Conjur::API.new_from_key(login, api_key, account: account ,remote_ip: remote_ip) }
|
22
20
|
end
|
23
21
|
|
24
22
|
shared_context "logged in with a token file", logged_in: :token_file do
|
25
23
|
include FakeFS::SpecHelpers
|
26
24
|
include_context "logged in"
|
27
25
|
let(:token_file) { "token_file" }
|
28
|
-
|
29
|
-
subject(:api) { Conjur::API.new_from_token_file(*api_args) }
|
26
|
+
subject(:api) { Conjur::API.new_from_token_file(token_file, remote_ip: remote_ip) }
|
30
27
|
end
|
31
28
|
|
32
29
|
def time_travel delta
|
@@ -60,11 +57,11 @@ describe Conjur::API do
|
|
60
57
|
context "after expiration" do
|
61
58
|
it 'it reads a new token' do
|
62
59
|
expect(Time.parse(api.token['timestamp'])).to be_within(5.seconds).of(Time.now)
|
63
|
-
|
60
|
+
|
64
61
|
time_travel 6.minutes
|
65
62
|
new_token = token.merge "timestamp" => Time.now.to_s
|
66
63
|
write_token new_token
|
67
|
-
|
64
|
+
|
68
65
|
expect(api.token).to eq(new_token)
|
69
66
|
end
|
70
67
|
end
|
@@ -85,10 +82,10 @@ describe Conjur::API do
|
|
85
82
|
it 'by refreshing' do
|
86
83
|
allow(Conjur::API).to receive(:authenticate).with(login, api_key, account: account).and_return token
|
87
84
|
expect(Time.parse(api.token['timestamp'])).to be_within(5.seconds).of(Time.now)
|
88
|
-
|
85
|
+
|
89
86
|
time_travel 6.minutes
|
90
87
|
new_token = token.merge "timestamp" => Time.now.to_s
|
91
|
-
|
88
|
+
|
92
89
|
expect(Conjur::API).to receive(:authenticate).with(login, api_key, account: account).and_return new_token
|
93
90
|
expect(api.token).to eq(new_token)
|
94
91
|
end
|
@@ -118,7 +115,7 @@ describe Conjur::API do
|
|
118
115
|
subject { super().credentials }
|
119
116
|
it { is_expected.to eq({ headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login }) }
|
120
117
|
end
|
121
|
-
|
118
|
+
|
122
119
|
context "with remote_ip" do
|
123
120
|
let(:remote_ip) { "66.0.0.1" }
|
124
121
|
describe '#credentials' do
|
@@ -153,7 +150,7 @@ describe Conjur::API do
|
|
153
150
|
context 'basic functioning' do
|
154
151
|
it_behaves_like 'it can clone itself'
|
155
152
|
end
|
156
|
-
|
153
|
+
|
157
154
|
context "forwarded for" do
|
158
155
|
let(:forwarded_for_header) { "66.0.0.1" }
|
159
156
|
let(:headers) { base_headers.merge(x_forwarded_for: forwarded_for_header) }
|
@@ -172,6 +169,55 @@ describe Conjur::API do
|
|
172
169
|
end
|
173
170
|
end
|
174
171
|
|
172
|
+
describe "#username" do
|
173
|
+
let(:jwt_payload) do
|
174
|
+
'eyJzdWIiOiJ1c2VyLTlhYjBiYmZiOWJlNjA5Yzk2ZjUyN2Y1YiIsImlhdCI6MTYwMzQ5MDA4MH0='
|
175
|
+
end
|
176
|
+
|
177
|
+
let(:jwt_header) do
|
178
|
+
'eyJhbGciOiJjb25qdXIub3JnL3Nsb3NpbG8vdjIiLCJraWQiOiI2MWZjOGRiZDM4MjA4NDll' \
|
179
|
+
'ZDI4YTZhYTAwMzFjNjM5MjkxZjJmMDQzNDVjYTU0MWI5NzUxMGQ5NjkyM2I3NDlmIn0='
|
180
|
+
end
|
181
|
+
|
182
|
+
let(:conjur_token) do
|
183
|
+
{
|
184
|
+
'data' => 'conjur-user-1234',
|
185
|
+
'timestamp' => Time.now.to_s
|
186
|
+
}
|
187
|
+
end
|
188
|
+
|
189
|
+
let(:jwt_token) do
|
190
|
+
{
|
191
|
+
'protected' => jwt_header,
|
192
|
+
'payload' => jwt_payload,
|
193
|
+
}
|
194
|
+
end
|
195
|
+
|
196
|
+
it "can correctly extract the username from old Conjur token" do
|
197
|
+
expect(Conjur::API.new_from_token(conjur_token).username).to(
|
198
|
+
eq('conjur-user-1234')
|
199
|
+
)
|
200
|
+
end
|
201
|
+
|
202
|
+
context 'when using JWT token' do
|
203
|
+
it "can correctly extract username" do
|
204
|
+
expect(Conjur::API.new_from_token(jwt_token).username).to(
|
205
|
+
eq('user-9ab0bbfb9be609c96f527f5b')
|
206
|
+
)
|
207
|
+
end
|
208
|
+
|
209
|
+
it "returns nil when JWT token has no payload field" do
|
210
|
+
no_payload_jwt_token = { 'protected' => jwt_header }
|
211
|
+
expect(Conjur::API.new_from_token(no_payload_jwt_token).username).to be_nil
|
212
|
+
end
|
213
|
+
|
214
|
+
it "returns nil when JWT token has no 'sub' field in payload" do
|
215
|
+
no_sub_token = { 'payload' => 'eyJpYXQiOjE2MDM0OTAwODB9' }
|
216
|
+
expect(Conjur::API.new_from_token(no_sub_token).username).to be_nil
|
217
|
+
end
|
218
|
+
end
|
219
|
+
end
|
220
|
+
|
175
221
|
describe "#current_role", logged_in: true do
|
176
222
|
context "when logged in as user" do
|
177
223
|
let(:login) { 'joerandom' }
|
data/spec/base_object_spec.rb
CHANGED
data/spec/configuration_spec.rb
CHANGED
@@ -29,6 +29,28 @@ describe Conjur::Configuration do
|
|
29
29
|
configuration.account = "the-account"
|
30
30
|
configuration.appliance_url = "https://conjur/api"
|
31
31
|
}
|
32
|
+
|
33
|
+
it "rest_client_options defaults" do
|
34
|
+
expected = {
|
35
|
+
ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
|
36
|
+
}
|
37
|
+
expect(configuration.rest_client_options).to eq(expected)
|
38
|
+
end
|
39
|
+
|
40
|
+
it "rest_client_options propagate to RestClient::Resource" do
|
41
|
+
expected = {
|
42
|
+
ssl_ca_file: "ca_certificate.pem",
|
43
|
+
proxy: "http://proxy.example.com/"
|
44
|
+
}
|
45
|
+
configuration.rest_client_options = {
|
46
|
+
ssl_ca_file: "ca_certificate.pem",
|
47
|
+
proxy: "http://proxy.example.com/"
|
48
|
+
}
|
49
|
+
|
50
|
+
resource = Conjur::API.url_for(:authn_login, *["account", "username", "password"])
|
51
|
+
expect(resource.options).to include(expected)
|
52
|
+
end
|
53
|
+
|
32
54
|
it "can still be changed by changing the appliance_url" do
|
33
55
|
configuration.appliance_url = "https://other/api"
|
34
56
|
expect(configuration.core_url).to eq "https://other/api"
|
@@ -40,7 +62,7 @@ describe Conjur::Configuration do
|
|
40
62
|
expect(configuration.authn_url).to eq "http://authn-docker"
|
41
63
|
end
|
42
64
|
|
43
|
-
context "and duplicated" do
|
65
|
+
context "and duplicated" do
|
44
66
|
subject { configuration.clone override_options }
|
45
67
|
let(:override_options) { Hash.new }
|
46
68
|
|
@@ -72,7 +94,7 @@ describe Conjur::Configuration do
|
|
72
94
|
end
|
73
95
|
end
|
74
96
|
end
|
75
|
-
|
97
|
+
|
76
98
|
describe "url generation" do
|
77
99
|
describe 'authn_url' do
|
78
100
|
before {
|
@@ -281,7 +303,7 @@ RjvSxre4Xg2qlI9Laybb4oZ4g6DI8hRbL0VdFAsveg6SXg2RxgJcXeJUFw==
|
|
281
303
|
expect(subject).to be_truthy
|
282
304
|
end
|
283
305
|
end
|
284
|
-
|
306
|
+
|
285
307
|
end
|
286
308
|
|
287
309
|
context 'when cert file is not readable' do
|
data/spec/spec_helper.rb
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
require 'simplecov'
|
2
|
-
require 'simplecov-cobertura'
|
3
2
|
|
4
|
-
SimpleCov.
|
5
|
-
|
3
|
+
SimpleCov.start do
|
4
|
+
command_name "#{ENV['RUBY_VERSION']}"
|
5
|
+
end
|
6
6
|
|
7
7
|
require 'rubygems'
|
8
8
|
$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
|
@@ -84,7 +84,7 @@ end
|
|
84
84
|
require 'conjur/api'
|
85
85
|
|
86
86
|
KIND="asset_kind"
|
87
|
-
ID="unique_id"
|
87
|
+
ID="unique_id"
|
88
88
|
ROLE='<role>'
|
89
89
|
MEMBER='<member>'
|
90
90
|
PRIVILEGE='<privilege>'
|
data/spec/ssl_spec.rb
CHANGED
@@ -16,16 +16,14 @@ describe 'SSL connection' do
|
|
16
16
|
|
17
17
|
context 'with certificate added to the default OpenSSL cert store' do
|
18
18
|
before do
|
19
|
-
|
20
|
-
store.add_cert cert
|
21
|
-
stub_const 'OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE', store
|
19
|
+
cert_store.add_cert(cert)
|
22
20
|
end
|
23
21
|
|
24
22
|
it 'works' do
|
25
23
|
expect { Conjur::API.login 'foo', 'bar', account: "the-account" }.to raise_error RestClient::ResourceNotFound
|
26
24
|
end
|
27
25
|
end
|
28
|
-
|
26
|
+
|
29
27
|
let(:server) do
|
30
28
|
server = WEBrick::HTTPServer.new \
|
31
29
|
Port: 0, SSLEnable: true,
|
@@ -33,8 +31,14 @@ describe 'SSL connection' do
|
|
33
31
|
SSLCertificate: cert, SSLPrivateKey: key
|
34
32
|
end
|
35
33
|
let(:port) { server.config[:Port] }
|
34
|
+
let(:cert_store) { OpenSSL::X509::Store.new }
|
36
35
|
|
37
36
|
before do
|
37
|
+
# Reset configuration to allow each test to use its own stub
|
38
|
+
# of OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.
|
39
|
+
Conjur.configuration = nil
|
40
|
+
stub_const 'OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE', cert_store
|
41
|
+
|
38
42
|
allow(Conjur.configuration).to receive(:authn_url).and_return "https://localhost:#{port}"
|
39
43
|
end
|
40
44
|
|
@@ -50,15 +54,23 @@ describe 'SSL connection' do
|
|
50
54
|
let(:cert) do
|
51
55
|
OpenSSL::X509::Certificate.new """
|
52
56
|
-----BEGIN CERTIFICATE-----
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
57
|
+
MIIDCzCCAfOgAwIBAgIUaApjB95cJZlMTwDg4EBk4Mf1y4swDQYJKoZIhvcNAQEL
|
58
|
+
BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTIxMDQyODIxNTA1OFoYDzQ3NTkw
|
59
|
+
MzI1MjE1MDU4WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
|
60
|
+
AQUAA4IBDwAwggEKAoIBAQC+MIx1LCzBeAl7kHfI21wYmA6W8luyq14+DecaQPMd
|
61
|
+
bW7fMlHSMJC/nlFDQyqmfYfKlVCiJRV/QTdUtA9hCytPlEKjlVmm4WIYLKfjj8Sp
|
62
|
+
A+X9VURk75Fz+Z7UsF8u2J3pF9wFfhBzznwePlFdcWYyQMIRtghoHk/WSsbJVXVQ
|
63
|
+
so7+0BLFyMYB3otfCyK+H/iyoXWLZll2irYZJedVm/lyTlnc9dT1XDAWWI8kSeUV
|
64
|
+
lCkEulqOf8qZyU7wNUafRkzBuYkR7ddp1Qdkq+QYw7blmfZXyJbAYSt4gEMyDMk8
|
65
|
+
ArScP8j+Efz5D54wS7fZFwmQp41+iP5WTxGsSU3dh44fAgMBAAGjUzBRMB0GA1Ud
|
66
|
+
DgQWBBS4ZJDxXOs8rK3+SyfLopDFqK0IWDAfBgNVHSMEGDAWgBS4ZJDxXOs8rK3+
|
67
|
+
SyfLopDFqK0IWDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAE
|
68
|
+
WuzjqQ/gyho/pluX31hq7EMAFgqqz7ECN6DqmvpqabMD6s1kQ662KTo7gCBEcNtA
|
69
|
+
nC7QycFp4v/Cr8+aUEa1W3+q2MqbmshORonUrLE/vxejK+NUvhSCWnmrM8v60zhR
|
70
|
+
pn9lSSgQCBKWDgaU0VQVn0I9MuexeAj64Qv2uUHnZK3QUx+Gk3uurTmhKEN5FI+D
|
71
|
+
sC7xO0qquTZ1Vv1EkLEso4dnFVW84EjdfmfeiW6JmHO7z1p1ebGsRwoQead/qTKw
|
72
|
+
ze+Y1A1w3GzuhDo55aHlWE/Wvnou0aM3O9gUd++a2j+XJ2P7qaTB/L7SJk4qZ9RA
|
73
|
+
t2PbKVP+tyZjXKtXmgzp
|
62
74
|
-----END CERTIFICATE-----
|
63
75
|
""".lines.map(&:strip).join("\n")
|
64
76
|
end
|
@@ -66,19 +78,31 @@ describe 'SSL connection' do
|
|
66
78
|
let(:key) do
|
67
79
|
OpenSSL::PKey.read """
|
68
80
|
-----BEGIN RSA PRIVATE KEY-----
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
81
|
+
MIIEowIBAAKCAQEAvjCMdSwswXgJe5B3yNtcGJgOlvJbsqtePg3nGkDzHW1u3zJR
|
82
|
+
0jCQv55RQ0Mqpn2HypVQoiUVf0E3VLQPYQsrT5RCo5VZpuFiGCyn44/EqQPl/VVE
|
83
|
+
ZO+Rc/me1LBfLtid6RfcBX4Qc858Hj5RXXFmMkDCEbYIaB5P1krGyVV1ULKO/tAS
|
84
|
+
xcjGAd6LXwsivh/4sqF1i2ZZdoq2GSXnVZv5ck5Z3PXU9VwwFliPJEnlFZQpBLpa
|
85
|
+
jn/KmclO8DVGn0ZMwbmJEe3XadUHZKvkGMO25Zn2V8iWwGEreIBDMgzJPAK0nD/I
|
86
|
+
/hH8+Q+eMEu32RcJkKeNfoj+Vk8RrElN3YeOHwIDAQABAoIBAQCnW0ctkDqt3/fQ
|
87
|
+
MHcHWue2iI9GCmvgU+WxC0DSHFcSDQrkAn53S98DjseJPaBZMtr7y9pRY/p/qR6M
|
88
|
+
PYnO5iotc5QUKEbkjy1nglwV5Zuy8kg+XPq7Kwg+GmjGVZDcQybpRuKIPr8xeIBF
|
89
|
+
iKbGaBP6ontjZGAPZqTwN4qm/bkm0QRQkMEVQLpBaOlXjl0BCknhCMgyNA1F0jGc
|
90
|
+
HLqJpFO46qvWDkDaKriMY/ezrkGYxlvV8xGJ2lzoaNWBsQeMXtcDJXuFMJO3lZl4
|
91
|
+
VUjeNbyPprUzL6/kLZGMVFdRWhzKAluJEy3B6zybY4xxmgmifqn8/OxIaT172IXN
|
92
|
+
KACuEorpAoGBAOYZEfuON+73dcstpjq3062+XUOxAAc77aFcGFQ2pqDTUtvoR05R
|
93
|
+
o0uXrSuQqt0/FJVdZqdDx1and6idI7j/LfkOwvmPPg2dJIwKV73T2HdR7BpJaYlI
|
94
|
+
KS6Bgl0AiW2ibjZJbBFJMiINb2tRGeYcOPfWlis309D2DXxl1f1TJTKTAoGBANOZ
|
95
|
+
aDH1VJXh7rdAHrwNonTjoCeYKG7oAh0WTfqmCqcBjAkXsVc7dBd/98XKGS5LPRtl
|
96
|
+
dIaJdYngeYyH5Ey5O2l/63tk0d4sqE8l+GVy+OHFn2AZMuaVXS0JXIQspn4s/U7F
|
97
|
+
CuawmFszE8fv41WgVNhF00ijheoRz/X19yu0ULHFAoGAYmJZ1AutUtowXZ25M+Yh
|
98
|
+
9motCqKF9pHjO1lbdbagbKevCCQ7SPuTLOE/xB7pUAyGyo7TM7XBaAXXHhuCiLlj
|
99
|
+
eNic+YQL7lpApDhP5/TK28oFf//fxjk6ko4Bpa5zFJOdOE0QjhuT+gdwmpxkzIVI
|
100
|
+
vn/cWcJXKUPr5ELOyrBgeU0CgYBWqIUbsLWrjJQPSJtNuOfHp1F35cDpausyrmfR
|
101
|
+
Nx81tlR7hNCEQT0SQr5eqp4Vb4rfJXXLg5A3n08oVp8RLOtAEbuHFYs9ylxDzfEk
|
102
|
+
2ylCjYTv/mHyPUmjoCnbl8237wTutZP5VmmPMCPxxjT8ZGVbDX2ySgYWDqV0vf80
|
103
|
+
TuydYQKBgG24Wpes1CJmKiuWGnPi5I/+iIKZRfpEGidpjnsktkr3O+VZSZNQtDfC
|
104
|
+
uWp/NgMxzxXxYdmmaQTwektB5axrsPUnxxiHmb8KkVU1IcMpYvUulFYiKVvFx+JJ
|
105
|
+
bx/fkItCZ4AP3CG2Onz8xZdosg+c+MEdIlCrg94dA1EmHewCt2Hv
|
82
106
|
-----END RSA PRIVATE KEY-----
|
83
107
|
""".lines.map(&:strip).join("\n")
|
84
108
|
end
|
data/test.sh
CHANGED
@@ -1,5 +1,10 @@
|
|
1
1
|
#!/bin/bash -e
|
2
2
|
|
3
|
+
: "${RUBY_VERSION=3.0}"
|
4
|
+
# My local RUBY_VERSION is set to ruby-#.#.# so this allows running locally.
|
5
|
+
RUBY_VERSION="$(cut -d '-' -f 2 <<< "$RUBY_VERSION")"
|
6
|
+
|
7
|
+
|
3
8
|
function finish {
|
4
9
|
echo 'Removing test environment'
|
5
10
|
echo '---'
|
@@ -8,29 +13,18 @@ function finish {
|
|
8
13
|
|
9
14
|
trap finish EXIT
|
10
15
|
|
11
|
-
function publishToCodeClimate() {
|
12
|
-
docker build -f ci/codeclimate.dockerfile -t cyberark/code-climate:latest .
|
13
|
-
docker run \
|
14
|
-
--rm \
|
15
|
-
-e GIT_BRANCH \
|
16
|
-
-e GIT_COMMIT \
|
17
|
-
-e TRID \
|
18
|
-
--volume "$PWD:/src/conjur-api" \
|
19
|
-
-w "/src/conjur-api" \
|
20
|
-
cyberark/code-climate:latest \
|
21
|
-
after-build \
|
22
|
-
-r "$(<TRID)" \
|
23
|
-
-t "simplecov"
|
24
|
-
}
|
25
16
|
|
26
17
|
function main() {
|
18
|
+
if ! docker info >/dev/null 2>&1; then
|
19
|
+
echo "Docker does not seem to be running, run it first and retry"
|
20
|
+
exit 1
|
21
|
+
fi
|
27
22
|
# Generate reports folders locally
|
28
23
|
mkdir -p spec/reports features/reports features_v4/reports
|
29
24
|
|
30
25
|
startConjur
|
31
26
|
runTests_5
|
32
27
|
runTests_4
|
33
|
-
publishToCodeClimate
|
34
28
|
}
|
35
29
|
|
36
30
|
function startConjur() {
|
@@ -42,8 +36,7 @@ function startConjur() {
|
|
42
36
|
# However, unconditionally pulling prevents working offline even
|
43
37
|
# with a warm cache. So try to pull, but ignore failures.
|
44
38
|
docker-compose pull --ignore-pull-failures
|
45
|
-
|
46
|
-
docker-compose build
|
39
|
+
docker-compose build --build-arg RUBY_VERSION="$RUBY_VERSION"
|
47
40
|
docker-compose up -d pg conjur_4 conjur_5
|
48
41
|
}
|
49
42
|
|