conjur-api 5.3.8.pre.319 → 5.4.0

data/spec/ssl_spec.rb

@@ -0,0 +1,109 @@
+require 'active_support'
+require 'spec_helper'
+
+require 'helpers/errors_matcher'
+
+require 'webrick'
+require 'webrick/https'
+
+describe 'SSL connection' do
+  context 'with an untrusted certificate' do
+    it 'fails' do
+      expect { Conjur::API.login 'foo', 'bar', account: "the-account" }.to \
+          raise_one_of(RestClient::SSLCertificateNotVerified, OpenSSL::SSL::SSLError)
+    end
+  end
+
+  context 'with certificate added to the default OpenSSL cert store' do
+    before do
+      cert_store.add_cert(cert)
+    end
+
+    it 'works' do
+      expect { Conjur::API.login 'foo', 'bar', account: "the-account" }.to raise_error RestClient::ResourceNotFound
+    end
+  end
+
+  let(:server) do
+    server = WEBrick::HTTPServer.new \
+        Port: 0, SSLEnable: true,
+        AccessLog: [], Logger: Logger.new('/dev/null'), # shut up, WEBrick
+        SSLCertificate: cert, SSLPrivateKey: key
+  end
+  let(:port) { server.config[:Port] }
+  let(:cert_store) { OpenSSL::X509::Store.new }
+
+  before do
+    # Reset configuration to allow each test to use its own stub
+    # of OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.
+    Conjur.configuration = nil
+    stub_const 'OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE', cert_store
+
+    allow(Conjur.configuration).to receive(:authn_url).and_return "https://localhost:#{port}"
+  end
+
+  around do |example|
+    server_thread = Thread.new do
+      server.start
+    end
+    example.run
+    server.shutdown
+    server_thread.join
+  end
+
+  let(:cert) do
+    OpenSSL::X509::Certificate.new """
+      -----BEGIN CERTIFICATE-----
+      MIIDCzCCAfOgAwIBAgIUaApjB95cJZlMTwDg4EBk4Mf1y4swDQYJKoZIhvcNAQEL
+      BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTIxMDQyODIxNTA1OFoYDzQ3NTkw
+      MzI1MjE1MDU4WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
+      AQUAA4IBDwAwggEKAoIBAQC+MIx1LCzBeAl7kHfI21wYmA6W8luyq14+DecaQPMd
+      bW7fMlHSMJC/nlFDQyqmfYfKlVCiJRV/QTdUtA9hCytPlEKjlVmm4WIYLKfjj8Sp
+      A+X9VURk75Fz+Z7UsF8u2J3pF9wFfhBzznwePlFdcWYyQMIRtghoHk/WSsbJVXVQ
+      so7+0BLFyMYB3otfCyK+H/iyoXWLZll2irYZJedVm/lyTlnc9dT1XDAWWI8kSeUV
+      lCkEulqOf8qZyU7wNUafRkzBuYkR7ddp1Qdkq+QYw7blmfZXyJbAYSt4gEMyDMk8
+      ArScP8j+Efz5D54wS7fZFwmQp41+iP5WTxGsSU3dh44fAgMBAAGjUzBRMB0GA1Ud
+      DgQWBBS4ZJDxXOs8rK3+SyfLopDFqK0IWDAfBgNVHSMEGDAWgBS4ZJDxXOs8rK3+
+      SyfLopDFqK0IWDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAE
+      WuzjqQ/gyho/pluX31hq7EMAFgqqz7ECN6DqmvpqabMD6s1kQ662KTo7gCBEcNtA
+      nC7QycFp4v/Cr8+aUEa1W3+q2MqbmshORonUrLE/vxejK+NUvhSCWnmrM8v60zhR
+      pn9lSSgQCBKWDgaU0VQVn0I9MuexeAj64Qv2uUHnZK3QUx+Gk3uurTmhKEN5FI+D
+      sC7xO0qquTZ1Vv1EkLEso4dnFVW84EjdfmfeiW6JmHO7z1p1ebGsRwoQead/qTKw
+      ze+Y1A1w3GzuhDo55aHlWE/Wvnou0aM3O9gUd++a2j+XJ2P7qaTB/L7SJk4qZ9RA
+      t2PbKVP+tyZjXKtXmgzp
+      -----END CERTIFICATE-----
+    """.lines.map(&:strip).join("\n")
+  end
+
+  let(:key) do
+    OpenSSL::PKey.read """
+      -----BEGIN RSA PRIVATE KEY-----
+      MIIEowIBAAKCAQEAvjCMdSwswXgJe5B3yNtcGJgOlvJbsqtePg3nGkDzHW1u3zJR
+      0jCQv55RQ0Mqpn2HypVQoiUVf0E3VLQPYQsrT5RCo5VZpuFiGCyn44/EqQPl/VVE
+      ZO+Rc/me1LBfLtid6RfcBX4Qc858Hj5RXXFmMkDCEbYIaB5P1krGyVV1ULKO/tAS
+      xcjGAd6LXwsivh/4sqF1i2ZZdoq2GSXnVZv5ck5Z3PXU9VwwFliPJEnlFZQpBLpa
+      jn/KmclO8DVGn0ZMwbmJEe3XadUHZKvkGMO25Zn2V8iWwGEreIBDMgzJPAK0nD/I
+      /hH8+Q+eMEu32RcJkKeNfoj+Vk8RrElN3YeOHwIDAQABAoIBAQCnW0ctkDqt3/fQ
+      MHcHWue2iI9GCmvgU+WxC0DSHFcSDQrkAn53S98DjseJPaBZMtr7y9pRY/p/qR6M
+      PYnO5iotc5QUKEbkjy1nglwV5Zuy8kg+XPq7Kwg+GmjGVZDcQybpRuKIPr8xeIBF
+      iKbGaBP6ontjZGAPZqTwN4qm/bkm0QRQkMEVQLpBaOlXjl0BCknhCMgyNA1F0jGc
+      HLqJpFO46qvWDkDaKriMY/ezrkGYxlvV8xGJ2lzoaNWBsQeMXtcDJXuFMJO3lZl4
+      VUjeNbyPprUzL6/kLZGMVFdRWhzKAluJEy3B6zybY4xxmgmifqn8/OxIaT172IXN
+      KACuEorpAoGBAOYZEfuON+73dcstpjq3062+XUOxAAc77aFcGFQ2pqDTUtvoR05R
+      o0uXrSuQqt0/FJVdZqdDx1and6idI7j/LfkOwvmPPg2dJIwKV73T2HdR7BpJaYlI
+      KS6Bgl0AiW2ibjZJbBFJMiINb2tRGeYcOPfWlis309D2DXxl1f1TJTKTAoGBANOZ
+      aDH1VJXh7rdAHrwNonTjoCeYKG7oAh0WTfqmCqcBjAkXsVc7dBd/98XKGS5LPRtl
+      dIaJdYngeYyH5Ey5O2l/63tk0d4sqE8l+GVy+OHFn2AZMuaVXS0JXIQspn4s/U7F
+      CuawmFszE8fv41WgVNhF00ijheoRz/X19yu0ULHFAoGAYmJZ1AutUtowXZ25M+Yh
+      9motCqKF9pHjO1lbdbagbKevCCQ7SPuTLOE/xB7pUAyGyo7TM7XBaAXXHhuCiLlj
+      eNic+YQL7lpApDhP5/TK28oFf//fxjk6ko4Bpa5zFJOdOE0QjhuT+gdwmpxkzIVI
+      vn/cWcJXKUPr5ELOyrBgeU0CgYBWqIUbsLWrjJQPSJtNuOfHp1F35cDpausyrmfR
+      Nx81tlR7hNCEQT0SQr5eqp4Vb4rfJXXLg5A3n08oVp8RLOtAEbuHFYs9ylxDzfEk
+      2ylCjYTv/mHyPUmjoCnbl8237wTutZP5VmmPMCPxxjT8ZGVbDX2ySgYWDqV0vf80
+      TuydYQKBgG24Wpes1CJmKiuWGnPi5I/+iIKZRfpEGidpjnsktkr3O+VZSZNQtDfC
+      uWp/NgMxzxXxYdmmaQTwektB5axrsPUnxxiHmb8KkVU1IcMpYvUulFYiKVvFx+JJ
+      bx/fkItCZ4AP3CG2Onz8xZdosg+c+MEdIlCrg94dA1EmHewCt2Hv
+      -----END RSA PRIVATE KEY-----
+    """.lines.map(&:strip).join("\n")
+  end
+end

data/spec/uri_escape_spec.rb

@@ -0,0 +1,21 @@
+require 'spec_helper'
+require 'conjur/id'
+require 'conjur/api/router/v5'
+
+describe 'url escaping' do
+  it 'Id to path is escaped' do
+    id = Conjur::Id.new('cucumber:variable:one two/three')
+    expect(id.to_url_path).to eq('cucumber/variable/one%20two%2Fthree')
+  end
+
+  it 'Resources path is escaped' do
+    request = Conjur::API::Router::V5.resources(nil, 'cucumber/two', 'extended variable', {})
+    expect(request.url).to eq('http://localhost:5000/resources/cucumber%2Ftwo/extended%20variable/')
+  end
+
+  it 'Resource path is escaped' do
+    resource = Conjur::Id.new('cucumber:variable:one two/three')
+    request = Conjur::API::Router::V5.resources_resource(nil, resource)
+    expect(request.url).to eq('http://localhost:5000/resources/cucumber/variable/one%20two%2Fthree')
+  end
+end

data/test.sh

@@ -0,0 +1,76 @@
+#!/bin/bash -e
+
+: "${RUBY_VERSION=3.0}"
+# My local RUBY_VERSION is set to ruby-#.#.# so this allows running locally.
+RUBY_VERSION="$(cut -d '-' -f 2 <<< "$RUBY_VERSION")"
+
+source ./ci/oauth/keycloak/keycloak_functions.sh
+
+function finish {
+  echo 'Removing test environment'
+  echo '---'
+  docker-compose down --rmi 'local' --volumes
+}
+
+trap finish EXIT
+
+# Set up VERSION file for local development
+if [ ! -f "../VERSION" ]; then
+  echo -n "0.0.dev" > ../VERSION
+fi
+
+function main() {
+  if ! docker info >/dev/null 2>&1; then
+    echo "Docker does not seem to be running, run it first and retry"
+    exit 1
+  fi
+  # Generate reports folders locally
+  mkdir -p spec/reports features/reports features_v4/reports
+
+  startConjur
+  runTests_5
+  runTests_4
+}
+
+function startConjur() {
+  echo 'Starting Conjur environment'
+  echo '-----'
+
+  # We want to pull to make sure we're testing against the newest release;
+  # failing to ensure that has caused many mysterious failures in CI.
+  # However, unconditionally pulling prevents working offline even
+  # with a warm cache. So try to pull, but ignore failures.
+  docker-compose pull --ignore-pull-failures
+  docker-compose build --build-arg RUBY_VERSION="$RUBY_VERSION"
+  docker-compose up -d pg conjur_4 conjur_5
+}
+
+function runTests_5() {
+  echo 'Waiting for Conjur v5 to come up, and configuring it...'
+  ./ci/configure_v5.sh
+
+  local api_key=$(docker-compose exec -T conjur_5 rake 'role:retrieve-key[cucumber:user:admin]')
+
+  echo 'Running tests'
+  echo '-----'
+  docker-compose run --rm \
+    -e CONJUR_AUTHN_API_KEY="$api_key" \
+    -e SSL_CERT_FILE=/etc/ssl/certs/keycloak.pem \
+    tester_5 \
+    "/scripts/fetch_certificate && rake jenkins_init jenkins_spec jenkins_cucumber_v5"
+}
+
+function runTests_4() {
+  echo 'Waiting for Conjur v4 to come up, and configuring it...'
+  ./ci/configure_v4.sh
+
+  local api_key=$(docker-compose exec -T conjur_4 su conjur -c "conjur-plugin-service authn env RAILS_ENV=appliance rails r \"puts User['admin'].api_key\" 2>/dev/null")
+
+  echo 'Running tests'
+  echo '-----'
+  docker-compose run --rm \
+    -e CONJUR_AUTHN_API_KEY="$api_key" \
+    tester_4 rake jenkins_cucumber_v4
+}
+
+main

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: conjur-api
 version: !ruby/object:Gem::Version
-  version: 5.3.8.pre.319
+  version: 5.4.0
 platform: ruby
 authors:
 - CyberArk Maintainers
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-07-19 00:00:00.000000000 Z
+date: 2022-08-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -247,7 +247,154 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".codeclimate.yml"
+- ".dockerignore"
+- ".github/CODEOWNERS"
+- ".gitignore"
+- ".gitleaks.toml"
+- ".overcommit.yml"
+- ".project"
+- ".rubocop.yml"
+- ".rubocop_settings.yml"
+- ".rubocop_todo.yml"
+- ".yardopts"
+- CHANGELOG.md
+- CONTRIBUTING.md
+- Dockerfile
+- Gemfile
+- Jenkinsfile
+- LICENSE
+- README.md
+- Rakefile
+- SECURITY.md
 - VERSION
+- bin/parse-changelog.sh
+- ci/configure_v4.sh
+- ci/configure_v5.sh
+- ci/oauth/keycloak/create_client
+- ci/oauth/keycloak/create_user
+- ci/oauth/keycloak/fetch_certificate
+- ci/oauth/keycloak/keycloak_functions.sh
+- ci/oauth/keycloak/standalone.xml
+- ci/oauth/keycloak/wait_for_server
+- ci/submit-coverage
+- conjur-api.gemspec
+- dev/Dockerfile.dev
+- dev/docker-compose.yml
+- dev/start
+- dev/stop
+- docker-compose.yml
+- example/demo_v4.rb
+- example/demo_v5.rb
+- features/authenticators.feature
+- features/authn.feature
+- features/authn_local.feature
+- features/exists.feature
+- features/group.feature
+- features/host.feature
+- features/host_factory_create_host.feature
+- features/host_factory_token.feature
+- features/load_policy.feature
+- features/members.feature
+- features/new_api.feature
+- features/permitted.feature
+- features/permitted_roles.feature
+- features/public_keys.feature
+- features/resource_fields.feature
+- features/role_fields.feature
+- features/rotate_api_key.feature
+- features/step_definitions/api_steps.rb
+- features/step_definitions/policy_steps.rb
+- features/step_definitions/result_steps.rb
+- features/support/env.rb
+- features/support/hooks.rb
+- features/support/world.rb
+- features/update_password.feature
+- features/user.feature
+- features/variable_fields.feature
+- features/variable_value.feature
+- features_v4/authn_local.feature
+- features_v4/exists.feature
+- features_v4/host.feature
+- features_v4/host_factory_token.feature
+- features_v4/members.feature
+- features_v4/permitted.feature
+- features_v4/permitted_roles.feature
+- features_v4/resource_fields.feature
+- features_v4/rotate_api_key.feature
+- features_v4/step_definitions/api_steps.rb
+- features_v4/step_definitions/result_steps.rb
+- features_v4/support/env.rb
+- features_v4/support/policy.yml
+- features_v4/support/world.rb
+- features_v4/variable_fields.feature
+- features_v4/variable_value.feature
+- lib/conjur-api.rb
+- lib/conjur-api/version.rb
+- lib/conjur/acts_as_resource.rb
+- lib/conjur/acts_as_role.rb
+- lib/conjur/acts_as_rolsource.rb
+- lib/conjur/acts_as_user.rb
+- lib/conjur/api.rb
+- lib/conjur/api/authenticators.rb
+- lib/conjur/api/authn.rb
+- lib/conjur/api/host_factories.rb
+- lib/conjur/api/ldap_sync.rb
+- lib/conjur/api/policies.rb
+- lib/conjur/api/pubkeys.rb
+- lib/conjur/api/resources.rb
+- lib/conjur/api/roles.rb
+- lib/conjur/api/router/v4.rb
+- lib/conjur/api/router/v5.rb
+- lib/conjur/api/variables.rb
+- lib/conjur/base.rb
+- lib/conjur/base_object.rb
+- lib/conjur/build_object.rb
+- lib/conjur/cache.rb
+- lib/conjur/cert_utils.rb
+- lib/conjur/cidr.rb
+- lib/conjur/configuration.rb
+- lib/conjur/escape.rb
+- lib/conjur/exceptions.rb
+- lib/conjur/group.rb
+- lib/conjur/has_attributes.rb
+- lib/conjur/host.rb
+- lib/conjur/host_factory.rb
+- lib/conjur/host_factory_token.rb
+- lib/conjur/id.rb
+- lib/conjur/layer.rb
+- lib/conjur/log.rb
+- lib/conjur/log_source.rb
+- lib/conjur/policy.rb
+- lib/conjur/policy_load_result.rb
+- lib/conjur/query_string.rb
+- lib/conjur/resource.rb
+- lib/conjur/role.rb
+- lib/conjur/role_grant.rb
+- lib/conjur/routing.rb
+- lib/conjur/user.rb
+- lib/conjur/variable.rb
+- lib/conjur/webservice.rb
+- publish.sh
+- spec/api/host_factories_spec.rb
+- spec/api_spec.rb
+- spec/base_object_spec.rb
+- spec/cert_utils_spec.rb
+- spec/cidr_spec.rb
+- spec/configuration_spec.rb
+- spec/has_attributes_spec.rb
+- spec/helpers/errors_matcher.rb
+- spec/helpers/request_helpers.rb
+- spec/id_spec.rb
+- spec/ldap_sync_spec.rb
+- spec/log_source_spec.rb
+- spec/log_spec.rb
+- spec/roles_spec.rb
+- spec/spec_helper.rb
+- spec/ssl_spec.rb
+- spec/uri_escape_spec.rb
+- test.sh
+- tmp/.keep
 homepage: https://github.com/cyberark/conjur-api-ruby/
 licenses:
 - Apache-2.0
@@ -263,12 +410,56 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '1.9'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubygems_version: 3.2.33
 signing_key:
 specification_version: 4
 summary: Conjur API
-test_files: []
+test_files:
+- features/authenticators.feature
+- features/authn.feature
+- features/authn_local.feature
+- features/exists.feature
+- features/group.feature
+- features/host.feature
+- features/host_factory_create_host.feature
+- features/host_factory_token.feature
+- features/load_policy.feature
+- features/members.feature
+- features/new_api.feature
+- features/permitted.feature
+- features/permitted_roles.feature
+- features/public_keys.feature
+- features/resource_fields.feature
+- features/role_fields.feature
+- features/rotate_api_key.feature
+- features/step_definitions/api_steps.rb
+- features/step_definitions/policy_steps.rb
+- features/step_definitions/result_steps.rb
+- features/support/env.rb
+- features/support/hooks.rb
+- features/support/world.rb
+- features/update_password.feature
+- features/user.feature
+- features/variable_fields.feature
+- features/variable_value.feature
+- spec/api/host_factories_spec.rb
+- spec/api_spec.rb
+- spec/base_object_spec.rb
+- spec/cert_utils_spec.rb
+- spec/cidr_spec.rb
+- spec/configuration_spec.rb
+- spec/has_attributes_spec.rb
+- spec/helpers/errors_matcher.rb
+- spec/helpers/request_helpers.rb
+- spec/id_spec.rb
+- spec/ldap_sync_spec.rb
+- spec/log_source_spec.rb
+- spec/log_spec.rb
+- spec/roles_spec.rb
+- spec/spec_helper.rb
+- spec/ssl_spec.rb
+- spec/uri_escape_spec.rb