conjur-api 5.3.3 → 5.3.7.pre.167

data/lib/conjur/configuration.rb

@@ -24,7 +24,6 @@ require 'set'
 require 'conjur/cert_utils'
 
 module Conjur
-  
   class << self
     # Saves the current thread local {Conjur::Configuration},
     # sets the thread local {Conjur::Configuration} to `config`, yields to the block, and ensures that
@@ -68,7 +67,7 @@ module Conjur
     ensure
       Thread.current[:conjur_configuration] = oldvalue
     end
-    
+
     # Gets the current thread-local or global configuration.
     #
     # The thread-local Conjur configuration can only be set using the {Conjur.with_configuration}
@@ -79,7 +78,7 @@ module Conjur
     def configuration
       Thread.current[:conjur_configuration] || (@config ||= Configuration.new)
     end
-    
+
     # Sets the global configuration.
     #
     # This method *has no effect* on the thread local configuration.  Use {Conjur.with_configuration} instead if
@@ -191,25 +190,25 @@ module Conjur
       @supplied = options.dup
       @computed = Hash.new
     end
-    
+
     class << self
       # @api private
       def accepted_options
         require 'set'
         @options ||= Set.new
       end
-      
+
       # @param [Symbol] name
       # @param [Hash] options
-      # @option options [Boolean] :boolean (false) whether this option should have a '?' accessor 
+      # @option options [Boolean] :boolean (false) whether this option should have a '?' accessor
       # @option options [Boolean, String] :env Environment variable for this option.  Set to false
       #   to disallow environment based configuration.  Default is CONJUR_<OPTION_NAME>.
       # @option options [Proc, *] :default Default value or proc to provide it
       # @option options [Boolean] :required (false) when true, raise an exception if the option is
       #   not set
-      # @option options [Proc, #to_proc] :convert proc-ish to convert environment 
+      # @option options [Proc, #to_proc] :convert proc-ish to convert environment
       #   values to appropriate types
-      # @param [Proc] def_proc block to provide default values 
+      # @param [Proc] def_proc block to provide default values
       # @api private
       def add_option name, options = {}, &def_proc
         accepted_options << name
@@ -217,7 +216,7 @@ module Conjur
         env_var = options[:env] || "CONJUR_#{name.to_s.upcase}"
         def_val = options[:default]
         opt_name = name
-        
+
         def_proc ||= if def_val.respond_to?(:call)
           def_val
         elsif options[:required]
@@ -225,10 +224,10 @@ module Conjur
         else
           proc { def_val }
         end
-        
+
         convert = options[:convert] || ->(x){ x }
         # Allow a Symbol, for example
-        convert = convert.to_proc if convert.respond_to?(:to_proc) 
+        convert = convert.to_proc if convert.respond_to?(:to_proc)
 
         define_method("#{name}=") do |value|
           set name, value
@@ -237,7 +236,7 @@ module Conjur
         define_method("#{name}_env_var") do
           allow_env ? env_var : nil
         end
-        
+
         define_method(name) do
           value = computed[name]
           return value unless value.nil?
@@ -246,7 +245,7 @@ module Conjur
             supplied[name]
           elsif allow_env && ENV.member?(env_var)
             instance_exec(ENV[env_var], &convert)
-          else 
+          else
             instance_eval(&def_proc)
           end.tap do |value|
             computed[name] = value
@@ -256,7 +255,7 @@ module Conjur
         alias_method("#{name}?", name) if options[:boolean]
       end
     end
-    
+
     # Return a copy of this {Conjur::Configuration} instance, optionally
     # updating the copy with options from the `override_options` hash.
     #
@@ -290,8 +289,8 @@ module Conjur
     #
     # The url for the {http://developer.conjur.net/reference/services/authentication Conjur authentication service}.
     #
-    # By default, this will be built from the +appliance_url+. To use a custom authenticator, 
-    # set this option in code or set `CONJUR_AUTHN_URL`. 
+    # By default, this will be built from the +appliance_url+. To use a custom authenticator,
+    # set this option in code or set `CONJUR_AUTHN_URL`.
     #
     #
     # @return [String] the authentication service url
@@ -369,10 +368,30 @@ module Conjur
     # @see cert_file
     add_option :ssl_certificate
 
+    # @!attribute rest_client_options
+    #
+    # Custom options for the underlying RestClient Requests. This defaults to:
+    # ```
+    # {
+    #   ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
+    # }
+    # ``
+    #
+    # The `ssl_cert_store` value aligns with the default certificate store used by
+    # {#apply_cert_config!}.
+    #
+    # NOTE: When setting the value of rest_client_options the defaults are not retained,
+    # you must manually set them on the value you provide.
+    add_option :rest_client_options do
+      {
+        ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
+      }
+    end
+
     # @!attribute version
     #
     # Selects the major API version of the Conjur server. With this setting, the API
-    # will use the routing scheme for API version `4` or `5`. 
+    # will use the routing scheme for API version `4` or `5`.
     #
     # Methods which are not available in the selected version will raise NoMethodError.
     add_option :version, default: 5
@@ -383,6 +402,12 @@ module Conjur
     # This is only available when the API client is running on the Conjur server.
     add_option :authn_local_socket, default: "/run/authn-local/.socket"
 
+    # Create rest_client_options by merging the input with the
+    # rest_client_options present on the configuration object.
+    def create_rest_client_options options
+      rest_client_options.merge(options || {})
+    end
+
     # Calls a major-version-specific function.
     def version_logic v4_logic, v5_logic
       case version.to_s
@@ -398,6 +423,9 @@ module Conjur
     # Add the certificate configured by the {#ssl_certificate} and {#cert_file} options to the certificate
     # store used by Conjur clients.
     #
+    # NOTE: If you specify a non-default `store` value, you must manually set the
+    # `ssl_cert_store` value on {#rest_client_options} to the same value.
+    #
     # @param [OpenSSL::X509::Store] store the certificate store that the certificate will be installed in.
     # @return [Boolean]  whether a certificate was added to the store.
     def apply_cert_config! store=OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE

data/lib/conjur/escape.rb

@@ -80,9 +80,8 @@ module Conjur
         return "false" unless str
         str = str.id if str.respond_to?(:id)
         # Leave colons and forward slashes alone
-        require 'uri'
-        pattern = URI::PATTERN::UNRESERVED + ":\\/@"
-        URI.escape(str.to_s, Regexp.new("[^#{pattern}]"))
+        require 'addressable/uri'
+        Addressable::URI.encode(str.to_s)
       end
     end
 

data/lib/conjur-api/version.rb

@@ -1,4 +1,4 @@
-# Copyright 2013-2017 Conjur Inc.
+# Copyright 2013-2021 Conjur Inc.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy of
 # this software and associated documentation files (the "Software"), to deal in
@@ -19,6 +19,6 @@
 
 module Conjur
   class API
-    VERSION = "5.3.3"
+    VERSION = File.read(File.expand_path('../../VERSION', __dir__))
   end
 end

data/spec/api_spec.rb

@@ -4,29 +4,26 @@ require 'fakefs/spec_helpers'
 describe Conjur::API do
 
   let(:account) { 'api-spec-acount' }
+  let(:remote_ip) { nil }
   before { allow(Conjur.configuration).to receive_messages account: account }
 
   shared_context "logged in", logged_in: true do
     let(:login) { "bob" }
     let(:token) { { 'data' => login, 'timestamp' => Time.now.to_s } }
-    let(:remote_ip) { nil }
-    let(:api_args) { [ token, { remote_ip: remote_ip } ] }
-    subject(:api) { Conjur::API.new_from_token(*api_args) }
+    subject(:api) { Conjur::API.new_from_token(token, remote_ip: remote_ip) }
   end
 
   shared_context "logged in with an API key", logged_in: :api_key do
     include_context "logged in"
     let(:api_key) { "theapikey" }
-    let(:api_args) { [ login, api_key, { remote_ip: remote_ip, account: account } ] }
-    subject(:api) { Conjur::API.new_from_key(*api_args) }
+    subject(:api) { Conjur::API.new_from_key(login, api_key, account: account ,remote_ip: remote_ip) }
   end
 
   shared_context "logged in with a token file", logged_in: :token_file do
     include FakeFS::SpecHelpers
     include_context "logged in"
     let(:token_file) { "token_file" }
-    let(:api_args) { [ token_file, { remote_ip: remote_ip } ] }
-    subject(:api) { Conjur::API.new_from_token_file(*api_args) }
+    subject(:api) { Conjur::API.new_from_token_file(token_file, remote_ip: remote_ip) }
   end
 
   def time_travel delta
@@ -60,11 +57,11 @@ describe Conjur::API do
       context "after expiration" do
         it 'it reads a new token' do
           expect(Time.parse(api.token['timestamp'])).to be_within(5.seconds).of(Time.now)
-          
+
           time_travel 6.minutes
           new_token = token.merge "timestamp" => Time.now.to_s
           write_token new_token
-          
+
           expect(api.token).to eq(new_token)
         end
       end
@@ -85,10 +82,10 @@ describe Conjur::API do
           it 'by refreshing' do
             allow(Conjur::API).to receive(:authenticate).with(login, api_key, account: account).and_return token
             expect(Time.parse(api.token['timestamp'])).to be_within(5.seconds).of(Time.now)
-            
+
             time_travel 6.minutes
             new_token = token.merge "timestamp" => Time.now.to_s
-            
+
             expect(Conjur::API).to receive(:authenticate).with(login, api_key, account: account).and_return new_token
             expect(api.token).to eq(new_token)
           end
@@ -118,7 +115,7 @@ describe Conjur::API do
         subject { super().credentials }
         it { is_expected.to eq({ headers: { authorization: "Token token=\"#{Base64.strict_encode64(token.to_json)}\"" }, username: login }) }
       end
-      
+
       context "with remote_ip" do
         let(:remote_ip) { "66.0.0.1" }
         describe '#credentials' do
@@ -153,7 +150,7 @@ describe Conjur::API do
       context 'basic functioning' do
         it_behaves_like 'it can clone itself'
       end
-      
+
       context "forwarded for" do
         let(:forwarded_for_header) { "66.0.0.1" }
         let(:headers) { base_headers.merge(x_forwarded_for: forwarded_for_header) }
@@ -172,6 +169,55 @@ describe Conjur::API do
     end
   end
 
+  describe "#username" do
+    let(:jwt_payload) do
+      'eyJzdWIiOiJ1c2VyLTlhYjBiYmZiOWJlNjA5Yzk2ZjUyN2Y1YiIsImlhdCI6MTYwMzQ5MDA4MH0='
+    end
+
+    let(:jwt_header) do
+      'eyJhbGciOiJjb25qdXIub3JnL3Nsb3NpbG8vdjIiLCJraWQiOiI2MWZjOGRiZDM4MjA4NDll' \
+      'ZDI4YTZhYTAwMzFjNjM5MjkxZjJmMDQzNDVjYTU0MWI5NzUxMGQ5NjkyM2I3NDlmIn0='
+    end
+
+    let(:conjur_token) do
+      {
+        'data' => 'conjur-user-1234',
+        'timestamp' => Time.now.to_s
+      }
+    end
+
+    let(:jwt_token) do
+      {
+        'protected' => jwt_header,
+        'payload' => jwt_payload,
+      }
+    end
+
+    it "can correctly extract the username from old Conjur token" do
+      expect(Conjur::API.new_from_token(conjur_token).username).to(
+        eq('conjur-user-1234')
+      )
+    end
+
+    context 'when using JWT token' do
+      it "can correctly extract username" do
+        expect(Conjur::API.new_from_token(jwt_token).username).to(
+          eq('user-9ab0bbfb9be609c96f527f5b')
+        )
+      end
+
+      it "returns nil when JWT token has no payload field" do
+        no_payload_jwt_token = { 'protected' => jwt_header }
+        expect(Conjur::API.new_from_token(no_payload_jwt_token).username).to be_nil
+      end
+
+      it "returns nil when JWT token has no 'sub' field in payload" do
+        no_sub_token = { 'payload' => 'eyJpYXQiOjE2MDM0OTAwODB9' }
+        expect(Conjur::API.new_from_token(no_sub_token).username).to be_nil
+      end
+    end
+  end
+
   describe "#current_role", logged_in: true do
     context "when logged in as user" do
       let(:login) { 'joerandom' }

data/spec/base_object_spec.rb

@@ -10,5 +10,4 @@ describe Conjur::BaseObject do
     expect(base_obj.inspect).to include("id='#{id_str}'")
     expect(base_obj.inspect).to include(Conjur::BaseObject.name)
   end
-
 end

data/spec/configuration_spec.rb

@@ -29,6 +29,28 @@ describe Conjur::Configuration do
       configuration.account = "the-account"
       configuration.appliance_url = "https://conjur/api"
     }
+
+    it "rest_client_options defaults" do
+      expected = {
+        ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
+      }
+      expect(configuration.rest_client_options).to eq(expected)
+    end
+
+    it "rest_client_options propagate to RestClient::Resource" do
+      expected = {
+        ssl_ca_file: "ca_certificate.pem",
+        proxy: "http://proxy.example.com/"
+      }
+      configuration.rest_client_options = {
+        ssl_ca_file: "ca_certificate.pem",
+        proxy: "http://proxy.example.com/"
+      }
+
+      resource = Conjur::API.url_for(:authn_login, *["account", "username", "password"])
+      expect(resource.options).to include(expected)
+    end
+
     it "can still be changed by changing the appliance_url" do
       configuration.appliance_url = "https://other/api"
       expect(configuration.core_url).to eq "https://other/api"
@@ -40,7 +62,7 @@ describe Conjur::Configuration do
       expect(configuration.authn_url).to eq "http://authn-docker"
     end
 
-    context "and duplicated" do 
+    context "and duplicated" do
       subject { configuration.clone override_options }
       let(:override_options) { Hash.new }
 
@@ -72,7 +94,7 @@ describe Conjur::Configuration do
       end
     end
   end
-    
+
   describe "url generation" do
     describe 'authn_url' do
       before {
@@ -281,7 +303,7 @@ RjvSxre4Xg2qlI9Laybb4oZ4g6DI8hRbL0VdFAsveg6SXg2RxgJcXeJUFw==
           expect(subject).to be_truthy
         end
       end
-      
+
     end
 
     context 'when cert file is not readable' do

data/spec/spec_helper.rb

@@ -1,8 +1,8 @@
 require 'simplecov'
-require 'simplecov-cobertura'
 
-SimpleCov.formatter = SimpleCov::Formatter::CoberturaFormatter
-SimpleCov.start
+SimpleCov.start do
+  command_name "#{ENV['RUBY_VERSION']}"
+end
 
 require 'rubygems'
 $:.unshift File.join(File.dirname(__FILE__), "..", "lib")
@@ -84,7 +84,7 @@ end
 require 'conjur/api'
 
 KIND="asset_kind"
-ID="unique_id" 
+ID="unique_id"
 ROLE='<role>'
 MEMBER='<member>'
 PRIVILEGE='<privilege>'

data/spec/ssl_spec.rb

@@ -16,16 +16,14 @@ describe 'SSL connection' do
 
   context 'with certificate added to the default OpenSSL cert store' do
     before do
-      store = OpenSSL::X509::Store.new
-      store.add_cert cert
-      stub_const 'OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE', store
+      cert_store.add_cert(cert)
     end
 
     it 'works' do
       expect { Conjur::API.login 'foo', 'bar', account: "the-account" }.to raise_error RestClient::ResourceNotFound
     end
   end
-  
+
   let(:server) do
     server = WEBrick::HTTPServer.new \
         Port: 0, SSLEnable: true,
@@ -33,8 +31,14 @@ describe 'SSL connection' do
         SSLCertificate: cert, SSLPrivateKey: key
   end
   let(:port) { server.config[:Port] }
+  let(:cert_store) { OpenSSL::X509::Store.new }
 
   before do
+    # Reset configuration to allow each test to use its own stub
+    # of OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.
+    Conjur.configuration = nil
+    stub_const 'OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE', cert_store
+
     allow(Conjur.configuration).to receive(:authn_url).and_return "https://localhost:#{port}"
   end
 
@@ -50,15 +54,23 @@ describe 'SSL connection' do
   let(:cert) do
     OpenSSL::X509::Certificate.new """
       -----BEGIN CERTIFICATE-----
-      MIIBpDCCAQ2gAwIBAgIJALVPXQuF0w39MA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
-      BAMMCWxvY2FsaG9zdDAeFw0xNTAyMTQxNTE0MDFaFw0yNTAyMTExNTE0MDFaMBQx
-      EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-      n+IqEsmbuZk7E2GdPZpBxETjXC+dGze5XlZHPyKviekQ9sachAsBWApVrjM2QDtf
-      KOwa6GuBqGQ0bdl4Ui7I0CIGB4a0UJHU/EvuDhI1cTzAVVWemW1QaqKxI/2xDgs9
-      bqY471iVirRiSYD+6lm2pFYqOnnR/d+QKIMXhPOi0DMCAwEAATANBgkqhkiG9w0B
-      AQsFAAOBgQCSPchDKAiVPNJlRkaY9KPIXfPbFX6h/+ilJRl1xtHqY+y4SxURbnU0
-      fbYVnapKiuMnrnxTWXwl1z1iMbuuzjUC0RDz8F9pZkQ9IJpBSOaSfyUmk1JrrBRU
-      INyaxnJjtc7YIzW1Yz7+aKtzZAQuFXNhiQa+CIIGeWrpzbExo2ce3Q==
+      MIIDCzCCAfOgAwIBAgIUaApjB95cJZlMTwDg4EBk4Mf1y4swDQYJKoZIhvcNAQEL
+      BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTIxMDQyODIxNTA1OFoYDzQ3NTkw
+      MzI1MjE1MDU4WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
+      AQUAA4IBDwAwggEKAoIBAQC+MIx1LCzBeAl7kHfI21wYmA6W8luyq14+DecaQPMd
+      bW7fMlHSMJC/nlFDQyqmfYfKlVCiJRV/QTdUtA9hCytPlEKjlVmm4WIYLKfjj8Sp
+      A+X9VURk75Fz+Z7UsF8u2J3pF9wFfhBzznwePlFdcWYyQMIRtghoHk/WSsbJVXVQ
+      so7+0BLFyMYB3otfCyK+H/iyoXWLZll2irYZJedVm/lyTlnc9dT1XDAWWI8kSeUV
+      lCkEulqOf8qZyU7wNUafRkzBuYkR7ddp1Qdkq+QYw7blmfZXyJbAYSt4gEMyDMk8
+      ArScP8j+Efz5D54wS7fZFwmQp41+iP5WTxGsSU3dh44fAgMBAAGjUzBRMB0GA1Ud
+      DgQWBBS4ZJDxXOs8rK3+SyfLopDFqK0IWDAfBgNVHSMEGDAWgBS4ZJDxXOs8rK3+
+      SyfLopDFqK0IWDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAE
+      WuzjqQ/gyho/pluX31hq7EMAFgqqz7ECN6DqmvpqabMD6s1kQ662KTo7gCBEcNtA
+      nC7QycFp4v/Cr8+aUEa1W3+q2MqbmshORonUrLE/vxejK+NUvhSCWnmrM8v60zhR
+      pn9lSSgQCBKWDgaU0VQVn0I9MuexeAj64Qv2uUHnZK3QUx+Gk3uurTmhKEN5FI+D
+      sC7xO0qquTZ1Vv1EkLEso4dnFVW84EjdfmfeiW6JmHO7z1p1ebGsRwoQead/qTKw
+      ze+Y1A1w3GzuhDo55aHlWE/Wvnou0aM3O9gUd++a2j+XJ2P7qaTB/L7SJk4qZ9RA
+      t2PbKVP+tyZjXKtXmgzp
       -----END CERTIFICATE-----
     """.lines.map(&:strip).join("\n")
   end
@@ -66,19 +78,31 @@ describe 'SSL connection' do
   let(:key) do
     OpenSSL::PKey.read """
       -----BEGIN RSA PRIVATE KEY-----
-      MIICXAIBAAKBgQCf4ioSyZu5mTsTYZ09mkHERONcL50bN7leVkc/Iq+J6RD2xpyE
-      CwFYClWuMzZAO18o7Broa4GoZDRt2XhSLsjQIgYHhrRQkdT8S+4OEjVxPMBVVZ6Z
-      bVBqorEj/bEOCz1upjjvWJWKtGJJgP7qWbakVio6edH935AogxeE86LQMwIDAQAB
-      AoGAUCDb7zCFUB4gglUgpfgCT+gqflAKj9J8n2/kIxsyGI7rBpKBbJfLY6FCUZyu
-      6sAWr/6seaEviQI3WHpuF9oEn6gzb1XWpKH7h9ZAu5O2sscdrc5MrpFmBvGjMBnd
-      80u/TcsDHX453QbPgqOJTi+Qt15Y+Ot/iE8ccQjW6pMPiCECQQDLQvNekVF7YJ9e
-      iJNZSJMcx2c9hjAuywm/jPX+57k0xRlxGKCQxyujmxDfztDYU9kHMRHknbxz0sFr
-      0Vkaxo1DAkEAyV3z6vvTtUx7R5IYOUkZqIfeQ6k6ZItQoZdZPKoBW0s7QhqvJyZN
-      qeYJMaFR87A6273LwhpXZTvQwSYUUw6KUQJAQAIfXaJphG7TARQFQtKF8UQiEM/X
-      EIVD1pxvQwx52FJRRro4ph7ycRz93Vzli5or+AXN2q6Jj/fIjUlpw/LOvQJAfyPO
-      FUjpM+hVUiwhFVJdW/ZlVK0tzDvWLiDkXBQvBRhsEuHMQ1jA4ov2tBpaJxXXI9Uj
-      KKv/EFEDDmDfpk1g8QJBAIJhDsxKWgUy1lk+lGYdWRQi/D/BnkNbySklCypmZghu
-      Q6oXJNYB9NWLRWDJaGHlHrAn40Wq6MUx95Aomvj+uHA=
+      MIIEowIBAAKCAQEAvjCMdSwswXgJe5B3yNtcGJgOlvJbsqtePg3nGkDzHW1u3zJR
+      0jCQv55RQ0Mqpn2HypVQoiUVf0E3VLQPYQsrT5RCo5VZpuFiGCyn44/EqQPl/VVE
+      ZO+Rc/me1LBfLtid6RfcBX4Qc858Hj5RXXFmMkDCEbYIaB5P1krGyVV1ULKO/tAS
+      xcjGAd6LXwsivh/4sqF1i2ZZdoq2GSXnVZv5ck5Z3PXU9VwwFliPJEnlFZQpBLpa
+      jn/KmclO8DVGn0ZMwbmJEe3XadUHZKvkGMO25Zn2V8iWwGEreIBDMgzJPAK0nD/I
+      /hH8+Q+eMEu32RcJkKeNfoj+Vk8RrElN3YeOHwIDAQABAoIBAQCnW0ctkDqt3/fQ
+      MHcHWue2iI9GCmvgU+WxC0DSHFcSDQrkAn53S98DjseJPaBZMtr7y9pRY/p/qR6M
+      PYnO5iotc5QUKEbkjy1nglwV5Zuy8kg+XPq7Kwg+GmjGVZDcQybpRuKIPr8xeIBF
+      iKbGaBP6ontjZGAPZqTwN4qm/bkm0QRQkMEVQLpBaOlXjl0BCknhCMgyNA1F0jGc
+      HLqJpFO46qvWDkDaKriMY/ezrkGYxlvV8xGJ2lzoaNWBsQeMXtcDJXuFMJO3lZl4
+      VUjeNbyPprUzL6/kLZGMVFdRWhzKAluJEy3B6zybY4xxmgmifqn8/OxIaT172IXN
+      KACuEorpAoGBAOYZEfuON+73dcstpjq3062+XUOxAAc77aFcGFQ2pqDTUtvoR05R
+      o0uXrSuQqt0/FJVdZqdDx1and6idI7j/LfkOwvmPPg2dJIwKV73T2HdR7BpJaYlI
+      KS6Bgl0AiW2ibjZJbBFJMiINb2tRGeYcOPfWlis309D2DXxl1f1TJTKTAoGBANOZ
+      aDH1VJXh7rdAHrwNonTjoCeYKG7oAh0WTfqmCqcBjAkXsVc7dBd/98XKGS5LPRtl
+      dIaJdYngeYyH5Ey5O2l/63tk0d4sqE8l+GVy+OHFn2AZMuaVXS0JXIQspn4s/U7F
+      CuawmFszE8fv41WgVNhF00ijheoRz/X19yu0ULHFAoGAYmJZ1AutUtowXZ25M+Yh
+      9motCqKF9pHjO1lbdbagbKevCCQ7SPuTLOE/xB7pUAyGyo7TM7XBaAXXHhuCiLlj
+      eNic+YQL7lpApDhP5/TK28oFf//fxjk6ko4Bpa5zFJOdOE0QjhuT+gdwmpxkzIVI
+      vn/cWcJXKUPr5ELOyrBgeU0CgYBWqIUbsLWrjJQPSJtNuOfHp1F35cDpausyrmfR
+      Nx81tlR7hNCEQT0SQr5eqp4Vb4rfJXXLg5A3n08oVp8RLOtAEbuHFYs9ylxDzfEk
+      2ylCjYTv/mHyPUmjoCnbl8237wTutZP5VmmPMCPxxjT8ZGVbDX2ySgYWDqV0vf80
+      TuydYQKBgG24Wpes1CJmKiuWGnPi5I/+iIKZRfpEGidpjnsktkr3O+VZSZNQtDfC
+      uWp/NgMxzxXxYdmmaQTwektB5axrsPUnxxiHmb8KkVU1IcMpYvUulFYiKVvFx+JJ
+      bx/fkItCZ4AP3CG2Onz8xZdosg+c+MEdIlCrg94dA1EmHewCt2Hv
       -----END RSA PRIVATE KEY-----
     """.lines.map(&:strip).join("\n")
   end

data/test.sh

@@ -1,5 +1,10 @@
 #!/bin/bash -e
 
+: "${RUBY_VERSION=3.0}"
+# My local RUBY_VERSION is set to ruby-#.#.# so this allows running locally.
+RUBY_VERSION="$(cut -d '-' -f 2 <<< "$RUBY_VERSION")"
+
+
 function finish {
   echo 'Removing test environment'
   echo '---'
@@ -8,29 +13,18 @@ function finish {
 
 trap finish EXIT
 
-function publishToCodeClimate() {
-  docker build -f ci/codeclimate.dockerfile -t cyberark/code-climate:latest .
-  docker run \
-    --rm \
-    -e GIT_BRANCH \
-    -e GIT_COMMIT \
-    -e TRID \
-    --volume "$PWD:/src/conjur-api" \
-    -w "/src/conjur-api" \
-    cyberark/code-climate:latest \
-      after-build \
-        -r "$(<TRID)" \
-        -t "simplecov"
-}
 
 function main() {
+  if ! docker info >/dev/null 2>&1; then
+    echo "Docker does not seem to be running, run it first and retry"
+    exit 1
+  fi
   # Generate reports folders locally
   mkdir -p spec/reports features/reports features_v4/reports
 
   startConjur
   runTests_5
   runTests_4
-  publishToCodeClimate
 }
 
 function startConjur() {
@@ -42,8 +36,7 @@ function startConjur() {
   # However, unconditionally pulling prevents working offline even
   # with a warm cache. So try to pull, but ignore failures.
   docker-compose pull --ignore-pull-failures
-
-  docker-compose build
+  docker-compose build --build-arg RUBY_VERSION="$RUBY_VERSION"
   docker-compose up -d pg conjur_4 conjur_5
 }