conjur-api 6.0.0 → 6.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f9abe53aac5d77960b35ee9f111cf86250adc0286b4411672184e1ebee57ddff
-  data.tar.gz: e10e88374f348076d1e7064ab53c066462d25e2f4f981a5f610881bbb53eda05
+  metadata.gz: edd37d8f4fed6b48c464041843e3c1a3a3e9e0789f35de47acff48923719fdac
+  data.tar.gz: c9c22c87a9837a41b9c0e5d8195fa7c93933146f6e5ec53c9d6b0272ec982a8f
 SHA512:
-  metadata.gz: 3307984dfc0e5f7cafccd2ea76462e6c3f50acad8a4a77ec44bfe9d228d8e3c4bad822db33fa2744cf13402147d528b8109787af844c9c880899fd77b0c21b14
-  data.tar.gz: e6da130a448c56bda7316b064e673c50e5d15227d843d473602c4de9f07c0c340e52946bdc08da2d908a84d433b74e00d3ef72a8e73fd38943287787d229d447
+  metadata.gz: 1eec52c956fa30a3017d439998805576e320ae428544bfb1ac336a32b81996a397eb829d78557c42cb45d25c22c924b1e53c5560a136541379f0e9492fffff17
+  data.tar.gz: e10a616c7977f0aa5f9b1412b4160fa1152763e380db161295fbc7aa09fff0aec6d1277b1a17c4c1c70299232c31df68a56bc99e0b08228771c544e95202e9ff

data/.github/workflows/close-stale.yml

@@ -0,0 +1,23 @@
+name: Close inactive issues
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write # For the Actions cache
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v9
+        with:
+          days-before-issue-stale: 30
+          days-before-issue-close: 14
+          stale-issue-label: "stale"
+          stale-issue-message: "This issue is stale because it has been inactive for 30 days. Please comment to keep it open. Otherwise, it will be automatically closed in 14 days."
+          close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale. Please feel free to reopen it or create a new issue if you think it should still be addressed."
+          days-before-pr-stale: -1
+          days-before-pr-close: -1
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

data/CHANGELOG.md

@@ -9,6 +9,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Nothing should go in this section, please add to the latest unreleased version
   (and update the corresponding date), or add a new version.
 
+## [6.0.1] - 2025-09-05
+
+### Fixed
+- Updated README.md, CONTRIBUTING.md, and SECURITY.md to align with Conjur Enterprise name change to Secrets Manager. (CNJR-10968)
+- Pass valid field in #memberships to fix listing roles (CNJR-2109)
+- Pull keycloak image from internal repository
+
 ## [6.0.0] - 2023-12-28
 
 ### Removed
@@ -389,7 +396,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [2.0.0] - 2013-13-12
 
-[Unreleased]: https://github.com/cyberark/conjur-api-ruby/compare/v6.0.0...HEAD
+[Unreleased]: https://github.com/cyberark/conjur-api-ruby/compare/v6.0.1...HEAD
+[6.0.1]: https://github.com/cyberark/conjur-api-ruby/compare/v6.0.0...v6.0.1
 [6.0.0]: https://github.com/cyberark/conjur-api-ruby/compare/v5.4.1...v6.0.0
 [5.4.1]: https://github.com/cyberark/conjur-api-ruby/compare/v5.4.0...v5.4.1
 [5.4.0]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.7...v5.4.0

data/CONTRIBUTING.md

@@ -17,7 +17,7 @@ contributor!
 
 ## Development
 
-To develop and run tests against Conjur, use the `start` and `stop` scripts in the `dev` folder. The start script brings up an open source Conjur (and Postgres database), CLI container, and a "work" container, with the gem code mounted into the working directory.
+To develop and run tests against Conjur OSS, use the `start` and `stop` scripts in the `dev` folder. The start script brings up a Conjur OSS (and Postgres database), CLI container, and a "work" container, with the gem code mounted into the working directory.
 
 ### Starting a Shell
 

data/Dockerfile

@@ -1,7 +1,7 @@
 ARG RUBY_VERSION
 FROM ruby:$RUBY_VERSION
 
-RUN apt-get update && apt-get install -y vim curl
+RUN apt-get update && apt-get install -y --no-install-recommends vim curl libyaml-dev
 
 WORKDIR /src/conjur-api
 

data/Gemfile

@@ -1,6 +1,6 @@
 source 'https://rubygems.org'
 
-#ruby=ruby-3.0
+#ruby=ruby-3.2
 #ruby-gemset=conjur-api
 
 # Specify your gem's dependencies in conjur-api.gemspec

data/Jenkinsfile

@@ -25,14 +25,15 @@ pipeline {
     buildDiscarder(logRotator(numToKeepStr: '30'))
   }
 
-  triggers {
-    cron(getDailyCronString())
-  }
-
   environment {
     MODE = release.canonicalizeMode()
   }
 
+  triggers {
+    cron(getDailyCronString())
+    parameterizedCron(getWeeklyCronString("H(1-5)","%MODE=RELEASE"))
+  }
+
   stages {
     stage ("Skip build if triggering job didn't create a release") {
       when {
@@ -48,6 +49,14 @@ pipeline {
       }
     }
 
+    stage('Scan for internal URLs') {
+      steps {
+        script {
+          detectInternalUrls()
+        }
+      }
+    }
+
     stage('Get InfraPool Agent') {
       steps {
         script {
@@ -71,53 +80,56 @@ pipeline {
       }
     }
 
-    stage('Test Ruby 3.0') {
+    stage('Test Ruby 3.2') {
       environment {
-        RUBY_VERSION = '3.0'
+        INFRAPOOL_RUBY_VERSION = '3.2'
+        INFRAPOOL_REGISTRY_URL = "registry.tld"
       }
       steps {
         script {
           infrapool.agentSh "./test.sh"
-          infrapool.agentStash name: 'reports3.0', includes: '**/reports/*.xml'
+          infrapool.agentStash name: 'reports3.2', includes: '**/reports/*.xml'
         }
       }
       post {
         always {
-          unstash 'reports3.0'
+          unstash 'reports3.2'
         }
       }
     }
 
-    stage('Test Ruby 3.1') {
+    stage('Test Ruby 3.3') {
       environment {
-        RUBY_VERSION = '3.1'
+        INFRAPOOL_RUBY_VERSION = '3.3'
+        INFRAPOOL_REGISTRY_URL = "registry.tld"
       }
       steps {
         script {
           infrapool.agentSh "./test.sh"
-          infrapool.agentStash name: 'reports3.1', includes: '**/reports/*.xml'
+          infrapool.agentStash name: 'reports3.3', includes: '**/reports/*.xml'
         }
       }
       post {
         always {
-          unstash 'reports3.1'
+          unstash 'reports3.3'
         }
       }
     }
 
-    stage('Test Ruby 3.2') {
+    stage('Test Ruby 3.4') {
       environment {
-        RUBY_VERSION = '3.2'
+        INFRAPOOL_RUBY_VERSION = '3.4'
+        INFRAPOOL_REGISTRY_URL = "registry.tld"
       }
       steps {
         script {
           infrapool.agentSh "./test.sh"
-          infrapool.agentStash name: 'reports3.2', includes: '**/reports/*.xml'
+          infrapool.agentStash name: 'reports3.4', includes: '**/reports/*.xml'
         }
       }
       post {
         always {
-          unstash 'reports3.2'
+          unstash 'reports3.4'
         }
       }
     }

data/README.md

@@ -1,6 +1,6 @@
-# Conjur::API
+# CyberArk Secrets Manager API for Ruby
 
-Programmatic Ruby access to the Conjur API.
+Programmatic Ruby access to the Secrets Manager API.
 
 RDocs are available from the through the [Ruby Gem details page](https://rubygems.org/gems/conjur-api)
 
@@ -31,23 +31,20 @@ Or install it yourself as:
 
 # Usage
 
-Connecting to Conjur is a two-step process:
+Connecting to Secrets Manager is a two-step process:
 
-* **Configuration** Instruct the API where to find the Conjur endpoint and how to secure the connection.
+* **Configuration** Instruct the API where to find the Secrets Manager endpoint and how to secure the connection.
 * **Authentication** Provide the API with credentials that it can use to authenticate.
 
 ## Configuration
 
-The simplest way to configure the Conjur API is to use the configuration file stored on the machine.
-If you have configured the machine with [conjur init](http://developer.conjur.net/reference/tools/init.html),
+The simplest way to configure the Secrets Manager API is to use the configuration file stored on the machine.
+If you have configured the machine with [Secrets Manager CLI](https://github.com/cyberark/conjur-cli-go),
 its default location is `~/.conjurrc`.
 
-The Conjur configuration process also checks `/etc/conjur.conf` for global settings. This is typically used
-in server environments.
-
 For custom scenarios, the location of the file can be overridden using the `CONJURRC` environment variable.
 
-You can load the Conjur configuration file using the following Ruby code:
+You can load the Secrets Manager configuration file using the following Ruby code:
 
 ```ruby
 require 'conjur/cli'
@@ -55,18 +52,15 @@ Conjur::Config.load
 Conjur::Config.apply
 ```
 
-**Note** this code requires the [conjur-cli](https://github.com/conjurinc/cli-ruby) gem, which should also be in your
-gemset or bundle.
-
 ## Authentication
 
-Once Conjur is configured, the connection can be established like this:
+Once Secrets Manager is configured, the connection can be established like this:
 
 ```
 conjur = Conjur::Authn.connect nil, noask: true
 ```
 
-To [authenticate](http://developer.conjur.net/reference/services/authentication/authenticate.html), the API client must
+To authenticate, the API client must
 provide a `login` name and `api_key`. The `Conjur::Authn.connect` will attempt the following, in order:
 
 1. Look for `login` in environment variable `CONJUR_AUTHN_LOGIN`, and `api_key` in `CONJUR_AUTHN_API_KEY`
@@ -76,7 +70,7 @@ can be overridden using the configuration file `netrc_path` option.
 
 ## Connecting Without Files
 
-It's possible to configure and authenticate the Conjur connection without using any files, and without requiring
+It's possible to configure and authenticate the Secrets Manager connection without using any files, and without requiring
 the `conjur-cli` gem.
 
 To accomplish this, apply the configuration settings directly to the [Conjur::Configuration](https://github.com/conjurinc/api-ruby/blob/master/lib/conjur/configuration.rb)
@@ -99,20 +93,20 @@ In either case, you will also need to configure certificate trust. For example:
 OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.add_file "/etc/conjur-yourorg.pem"
 ```
 
-Once Conjur is configured, you can create a new API client by providing a `login` and `api_key`:
+Once Secrets Manager is configured, you can create a new API client by providing a `login` and `api_key`:
 
 ```
 Conjur::API.new_from_key login, api_key
 ```
 
-Note that if you are connecting as a [Host](http://developer.conjur.net/reference/services/directory/host), the login should be
+Note that if you are connecting as a Host, the login should be
 prefixed with `host/`. For example: `host/myhost.example.com`, not just `myhost.example.com`.
 
 ## Configuring RestClient
 
 [Conjur::Configuration](https://github.com/conjurinc/api-ruby/blob/master/lib/conjur/configuration.rb)
 allows optional configuration of the [RestClient](https://github.com/rest-client/rest-client)
-instance used by Conjur API to communicate with the Conjur server, via the options hash
+instance used by Secrets Manager API to communicate with the Secrets Manager server, via the options hash
 `Conjur.configuration.rest_client_options`.
 
 The default value for the options hash is:

data/Rakefile

@@ -24,7 +24,7 @@ begin
   require 'cucumber/rake/task'
 
   Cucumber::Rake::Task.new(:cucumber) do |t|
-    t.cucumber_opts = "--tags ~@wip --format pretty --format junit --out features/reports"
+    t.cucumber_opts = "--tags 'not @wip' --format pretty --format junit --out features/reports"
   end
 
   begin

data/SECURITY.md

@@ -1,42 +1,6 @@
 # Security Policies and Procedures
 
-This document outlines security procedures and general policies for the CyberArk Conjur
-suite of tools and products.
-
-  * [Reporting a Bug](#reporting-a-bug)
-  * [Disclosure Policy](#disclosure-policy)
-  * [Comments on this Policy](#comments-on-this-policy)
-
 ## Reporting a Bug
+CyberArk takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you follow responsible disclosure guidelines and contact product_security@cyberark.com and work with us toward a quick resolution to protect our customers.
 
-The CyberArk Conjur team and community take all security bugs in the Conjur suite seriously.
-Thank you for improving the security of the Conjur suite. We appreciate your efforts and
-responsible disclosure and will make every effort to acknowledge your
-contributions.
-
-Report security bugs by emailing the lead maintainers at security@conjur.org.
-
-The maintainers will acknowledge your email within 2 business days. Subsequently, we will 
-send a more detailed response within 2 business days of our acknowledgement indicating
-the next steps in handling your report. After the initial reply to your report, the security
-team will endeavor to keep you informed of the progress towards a fix and full
-announcement, and may ask for additional information or guidance.
-
-Report security bugs in third-party modules to the person or team maintaining
-the module.
-
-## Disclosure Policy
-
-When the security team receives a security bug report, they will assign it to a
-primary handler. This person will coordinate the fix and release process,
-involving the following steps:
-
-  * Confirm the problem and determine the affected versions.
-  * Audit code to find any potential similar problems.
-  * Prepare fixes for all releases still under maintenance. These fixes will be
-    released as fast as possible.
-
-## Comments on this Policy
-
-If you have suggestions on how this process could be improved please submit a
-pull request.
+Refer to [CyberArk's Security Vulnerability Policy](https://www.cyberark.com/cyberark-security-vulinerability-policy.pdf) for more details.

data/VERSION

@@ -1 +1 @@
-6.0.0
+6.0.1

data/ci/configure.sh

@@ -15,5 +15,7 @@ done
 curl -o /dev/null -fs -X OPTIONS http://localhost > /dev/null
 CONFIGURE
 
+wait_for_keycloak_server
+
 fetch_keycloak_certificate
 create_keycloak_users

data/conjur-api.gemspec

@@ -29,9 +29,9 @@ Gem::Specification.new do |gem|
   gem.add_development_dependency 'rspec', '~> 3'
   gem.add_development_dependency 'rspec-expectations', '~> 3.4'
   gem.add_development_dependency 'json_spec'
-  gem.add_development_dependency 'cucumber', '~> 2.99'
+  gem.add_development_dependency 'cucumber'
   gem.add_development_dependency 'ci_reporter_rspec'
-  gem.add_development_dependency 'simplecov', '~> 0.17', '< 0.18'
+  gem.add_development_dependency 'simplecov'
   gem.add_development_dependency 'simplecov-cobertura'
   gem.add_development_dependency 'io-grab'
   gem.add_development_dependency 'rdoc'

data/dev/Dockerfile.dev

@@ -1,6 +1,6 @@
 FROM ruby:3-slim
 
-RUN apt-get update && apt-get install -y vim curl git build-essential
+RUN apt-get update && apt-get install -y --no-install-recommends vim curl git build-essential libyaml-dev
 
 WORKDIR /src/conjur-api
 

data/dev/docker-compose.yml

@@ -1,4 +1,3 @@
-version: '3'
 services:
   pg:
     image: postgres:15

data/dev/start

@@ -5,7 +5,7 @@ function development() {
 
   docker compose exec -T conjur conjurctl wait
 
-  local api_key=$(docker compose exec -T conjur rake 'role:retrieve-key[cucumber:user:admin]')
+  local api_key=$(docker compose exec -T conjur bundle exec rake 'role:retrieve-key[cucumber:user:admin]')
   api_key=$(docker compose exec -T conjur conjurctl role retrieve-key cucumber:user:admin | tr -d '\r')
 
   docker exec -e CONJUR_AUTHN_API_KEY="$api_key" -it --detach-keys 'ctrl-\' $(docker compose ps -q gem) bash

data/docker-compose.yml

@@ -1,4 +1,3 @@
-version: '2.1'
 services:
   pg:
     image: postgres:15
@@ -6,7 +5,7 @@ services:
       POSTGRES_HOST_AUTH_METHOD: trust
 
   conjur:
-    image: cyberark/conjur:edge
+    image: ${REGISTRY_URL:-docker.io}/cyberark/conjur:edge
     # TODO: Test with a version that supports authn-sut
     command: server -a cucumber
     environment:
@@ -20,7 +19,7 @@ services:
       - keycloak
 
   keycloak:
-    image: jboss/keycloak:4.3.0.Final
+    image: registry.tld/jboss/keycloak:4.3.0.Final
     environment:
       - KEYCLOAK_USER=admin
       - KEYCLOAK_PASSWORD=admin

data/example/demo.rb

@@ -3,6 +3,7 @@
 require 'conjur-api'
 require 'securerandom'
 
+# deepcode ignore HardcodedCredential: This is demo code
 username = "admin"
 
 arguments = ARGV.dup

data/features/members.feature

@@ -49,3 +49,10 @@ Feature: Display role members and memberships.
       }
     ]
     """
+
+  Scenario: Show a role's memberships non-recursive.
+    When I run the code:
+    """
+    $conjur.role('cucumber:group:developers').memberships(recursive: false).any?
+    """
+    Then the result should be "true"

data/features/support/env.rb

@@ -20,4 +20,4 @@ $username = ENV['CONJUR_AUTHN_LOGIN'] || 'admin'
 $password = ENV['CONJUR_AUTHN_API_KEY'] || 'secret'
 
 $api_key = Conjur::API.login $username, $password
-$conjur = Conjur::API.new_from_key $username, $api_key
+$conjur = Conjur::API.new_from_key $username, $api_key

data/kics.config

@@ -0,0 +1,19 @@
+# All of the following issues are not a concern for the infrastructure files in this
+# repository since they're only used in the build process or testing.
+exclude-queries:
+  - 965a08d7-ef86-4f14-8792-4a3b2098937e # Apt Get Install Pin Version Not Defined
+  - fd54f200-402c-4333-a5a4-36ef6709af2f # Missing User Instruction
+  - ce76b7d0-9e77-464d-b86f-c5c48e03e22d # Container Capabilities Unrestricted
+  - 8c978947-0ff6-485c-b0c2-0bfca6026466 # Shared Volumes Between Containers
+  - 610e266e-6c12-4bca-9925-1ed0cd29742b # Security Opt Not Set
+  - b03a748a-542d-44f4-bb86-9199ab4fd2d5 # Healthcheck Instruction Missing
+  - 698ed579-b239-4f8f-a388-baa4bcb13ef8 # Healthcheck Not Set
+  - 451d79dc-0588-476a-ad03-3c7f0320abb3 # Container Traffic Not Bound To Host Interface
+  - df746b39-6564-4fed-bf85-e9c44382303c # Apt Get Install Lists Were Not Deleted
+  - 4f31dd9f-2cc3-4751-9b53-67e4af83dac0 # Host Namespace is Shared
+  - ce14a68b-1668-41a0-ab7d-facd9f784742 # Networks Not Set
+
+# The following files are used for development and testing only.
+exclude-paths:
+  - "conjur-api-ruby/docker-compose.yml"
+  - "conjur-api-ruby/dev/docker-compose.yml"

data/lib/conjur/acts_as_role.rb

@@ -108,7 +108,7 @@ module Conjur
           if item.is_a?(String)
             build_object(item, default_class: Role)
           else
-            RoleGrant.parse_from_json(item, self.options)
+            RoleGrant.parse_from_json(item, self.credentials)
           end
         end
       end

data/lib/conjur/configuration.rb

@@ -22,6 +22,7 @@
 require 'openssl'
 require 'set'
 require 'conjur/cert_utils'
+require 'base64'
 
 module Conjur
   class << self
@@ -368,6 +369,19 @@ module Conjur
     # @see cert_file
     add_option :ssl_certificate
 
+    # add custom header to request containing customer detail and sdk version
+    add_option :integration_name, default: "SecretsManagerRuby SDK" 
+    
+    add_option :integration_type, default: "cybr-secretsmanager"
+
+    add_option :integration_version, default: Conjur::API::VERSION
+    
+    add_option :vendor_name, default: "CyberArk"
+
+    add_option :vendor_version, default: nil
+    
+    add_option :final_telemetry_header
+
     # @!attribute rest_client_options
     #
     # Custom options for the underlying RestClient Requests. This defaults to:
@@ -384,7 +398,10 @@ module Conjur
     # you must manually set them on the value you provide.
     add_option :rest_client_options do
       {
-        ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
+        ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE,
+        headers: { 
+          'x-cybr-telemetry': get_telemetry_header
+        }
       }
     end
 
@@ -397,7 +414,8 @@ module Conjur
     # Create rest_client_options by merging the input with the
     # rest_client_options present on the configuration object.
     def create_rest_client_options options
-      rest_client_options.merge(options || {})
+      options ||= {}
+      rest_client_options.merge(options) { |key, left, right| left.merge(right) }
     end
 
     # Add the certificate configured by the {#ssl_certificate} and {#cert_file} options to the certificate
@@ -436,5 +454,43 @@ module Conjur
       # propagate.
       File.open(path) {}
     end
+
+    # get_telemetry_header constructs and returns a base64-encoded telemetry header string.
+    #
+    # The method checks the values of various instance variables (`integration_name`,
+    # `integration_version`, `integration_type`, `vendor_name`, `vendor_version`) and
+    # constructs the header accordingly. If any of these values are not provided (empty or nil),
+    # they will be omitted from the final header string.
+    #
+    # The telemetry header is formatted as a series of key-value pairs separated by "&". Each key-value
+    # pair corresponds to one of the following fields:
+    #   - `in`: Integration Name
+    #   - `iv`: Integration Version
+    #   - `it`: Integration Type
+    #   - `vn`: Vendor Name
+    #   - `vv`: Vendor Version
+    #
+    # The final header string is base64-encoded using URL-safe encoding (without padding).
+    # If the header has been previously generated and cached in `final_telemetry_header`, it is returned directly.
+    #
+    # Returns:
+    #   - String: The base64-encoded telemetry header string.
+    def get_telemetry_header
+      unless final_telemetry_header.nil?
+        return final_telemetry_header
+      end
+      final_telemetry_header = ""
+      if integration_name && !integration_name.strip.empty?
+        final_telemetry_header += "in=#{integration_name}" 
+        final_telemetry_header += "&iv=#{integration_version}"  if integration_version && !integration_version.strip.empty?
+        final_telemetry_header += "&it=#{integration_type}" if integration_type && !integration_type.strip.empty?
+      end
+
+      if vendor_name && !vendor_name.strip.empty?
+        final_telemetry_header += "&vn=#{vendor_name}"
+        final_telemetry_header += "&vv=#{vendor_version}" if vendor_version && !vendor_version.strip.empty?
+      end
+      Base64.urlsafe_encode64(final_telemetry_header, padding: false)
+    end
   end
 end

data/spec/api_spec.rb

@@ -146,6 +146,7 @@ describe Conjur::API do
       let(:token_encoded) { Base64.strict_encode64(token.to_json) }
       let(:base_headers) { { authorization: authz_header } }
       let(:headers) { base_headers }
+      # deepcode ignore InsecureTransmission: This is test code
       let(:resource) { RestClient::Resource.new("http://example.com", { headers: headers })}
       context 'basic functioning' do
         it_behaves_like 'it can clone itself'

data/spec/configuration_spec.rb

@@ -31,10 +31,12 @@ describe Conjur::Configuration do
     }
 
     it "rest_client_options defaults" do
+      encoded_attr = Base64.urlsafe_encode64("in=SecretsManager Ruby SDK&iv=0.0.dev&it=cybr-secretsmanager&vn=CyberArk", padding: false)
       expected = {
-        ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
+        ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE,
+        headers: { 'x-cybr-telemetry': encoded_attr}
       }
-      expect(configuration.rest_client_options).to eq(expected)
+      expect(configuration.rest_client_options[:headers]).to include(:'x-cybr-telemetry')
     end
 
     it "rest_client_options propagate to RestClient::Resource" do

data/spec/spec_helper.rb

@@ -114,4 +114,4 @@ shared_context logging: :temp do
   let(:logfile) { Tempfile.new("log") }
   before { Conjur.log = logfile.path }
   let(:log) { logfile.read }
-end
+end

data/spec/unit/policy_load_result_spec.rb

@@ -0,0 +1,102 @@
+require 'spec_helper'
+require 'conjur/policy_load_result'
+
+# Tests the behavior of the Conjur::PolicyLoadResult class when parsing API responses.
+describe Conjur::PolicyLoadResult do
+  let(:data) do
+    {
+      "created_roles" => {
+        "conjur:host:data/host-no-key" => {
+          "id" => "conjur:host:data/host-no-key",
+          "api_key" => nil
+        },
+        "conjur:host:data/host-with-key" => {
+          "id" => "conjur:host:data/host-with-key",
+          "api_key" => "12345"
+        }
+      },
+      "version" => 1
+    }
+  end
+
+  subject { described_class.new(data) }
+
+  describe "#created_roles" do
+    it "parses created roles with their API keys" do
+      created_roles = subject.created_roles
+
+      expect(created_roles).to include("conjur:host:data/host-no-key")
+      expect(created_roles["conjur:host:data/host-no-key"]["api_key"]).to be_nil
+
+      expect(created_roles).to include("conjur:host:data/host-with-key")
+      expect(created_roles["conjur:host:data/host-with-key"]["api_key"]).to eq("12345")
+    end
+
+    it "returns nil if created_roles is missing" do
+      data.delete("created_roles")
+      expect(subject.created_roles).to be_nil
+    end
+
+    it "returns an empty hash if created_roles is empty" do
+      data["created_roles"] = {}
+      expect(subject.created_roles).to eq({})
+    end
+
+    it "handles multiple roles with mixed api_key states, including null and missing keys" do
+      data["created_roles"] = {
+        "conjur:host:data/host-no-key" => {
+          "id" => "conjur:host:data/host-no-key",
+          "api_key" => nil
+        },
+        "conjur:host:data/host-with-key" => {
+          "id" => "conjur:host:data/host-with-key",
+          "api_key" => "valid_api_key"
+        },
+        "conjur:host:data/host-missing-key" => {
+          "id" => "conjur:host:data/host-missing-key"
+        },
+        "conjur:host:data/host-another-no-key" => {
+          "id" => "conjur:host:data/host-another-no-key",
+          "api_key" => nil
+        }
+      }
+
+      created_roles = subject.created_roles
+
+      # Check the role with a null API key
+      host_no_key = created_roles["conjur:host:data/host-no-key"]
+      expect(host_no_key).not_to be_nil
+      expect(host_no_key["id"]).to eq("conjur:host:data/host-no-key")
+      expect(host_no_key["api_key"]).to be_nil
+
+      # Check the role with a valid API key
+      host_with_key = created_roles["conjur:host:data/host-with-key"]
+      expect(host_with_key).not_to be_nil
+      expect(host_with_key["id"]).to eq("conjur:host:data/host-with-key")
+      expect(host_with_key["api_key"]).to eq("valid_api_key")
+
+      # Check the role with a missing API key field
+      host_missing_key = created_roles["conjur:host:data/host-missing-key"]
+      expect(host_missing_key).not_to be_nil
+      expect(host_missing_key["id"]).to eq("conjur:host:data/host-missing-key")
+      expect(host_missing_key["api_key"]).to be_nil
+
+      # Check another role with a null API key
+      another_no_key = created_roles["conjur:host:data/host-another-no-key"]
+      expect(another_no_key).not_to be_nil
+      expect(another_no_key["id"]).to eq("conjur:host:data/host-another-no-key")
+      expect(another_no_key["api_key"]).to be_nil
+    end
+  end
+
+  describe "#version" do
+    it "parses the version of the policy" do
+      expect(subject.version).to eq(1)
+    end
+
+    it "returns nil if version is missing" do
+      data.delete("version")
+      expect(subject.version).to be_nil
+    end
+  end
+end

data/test.sh

@@ -1,9 +1,12 @@
 #!/bin/bash -e
 
-: "${RUBY_VERSION=3.0}"
+: "${RUBY_VERSION=3.2}"
 # My local RUBY_VERSION is set to ruby-#.#.# so this allows running locally.
 RUBY_VERSION="$(cut -d '-' -f 2 <<< "$RUBY_VERSION")"
 
+export REGISTRY_URL=${INFRAPOOL_REGISTRY_URL:-"docker.io"}
+export RUBY_VERSION="${INFRAPOOL_RUBY_VERSION:-$RUBY_VERSION}"
+
 source ./ci/oauth/keycloak/keycloak_functions.sh
 TOP_LEVEL=$(git rev-parse --show-toplevel)
 
@@ -49,7 +52,7 @@ function runTests() {
   echo 'Waiting for Conjur to come up, and configuring it...'
   ./ci/configure.sh
 
-  local api_key=$(docker compose exec -T conjur rake 'role:retrieve-key[cucumber:user:admin]')
+  local api_key=$(docker compose exec -T conjur bundle exec rake 'role:retrieve-key[cucumber:user:admin]')
 
   echo 'Running tests'
   echo '-----'
@@ -57,7 +60,7 @@ function runTests() {
     -e CONJUR_AUTHN_API_KEY="$api_key" \
     -e SSL_CERT_FILE=/etc/ssl/certs/keycloak.pem \
     tester \
-    "/scripts/fetch_certificate && rake jenkins_init jenkins_spec jenkins_cucumber"
+    "/scripts/fetch_certificate && bundle exec rake jenkins_init jenkins_spec jenkins_cucumber"
 }
 
-main
+main

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: conjur-api
 version: !ruby/object:Gem::Version
-  version: 6.0.0
+  version: 6.0.1
 platform: ruby
 authors:
 - CyberArk Maintainers
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-02-16 00:00:00.000000000 Z
+date: 2025-10-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -112,16 +112,16 @@ dependencies:
   name: cucumber
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.99'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.99'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: ci_reporter_rspec
   requirement: !ruby/object:Gem::Requirement
@@ -140,22 +140,16 @@ dependencies:
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.17'
-    - - "<"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.18'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.17'
-    - - "<"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.18'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov-cobertura
   requirement: !ruby/object:Gem::Requirement
@@ -278,8 +272,9 @@ files:
 - ".codeclimate.yml"
 - ".dockerignore"
 - ".github/CODEOWNERS"
+- ".github/workflows/close-stale.yml"
 - ".gitignore"
-- ".gitleaks.toml"
+- ".oldgitleaks.toml"
 - ".overcommit.yml"
 - ".project"
 - ".rubocop.yml"
@@ -339,6 +334,7 @@ files:
 - features/user.feature
 - features/variable_fields.feature
 - features/variable_value.feature
+- kics.config
 - lib/conjur-api.rb
 - lib/conjur-api/version.rb
 - lib/conjur/acts_as_resource.rb
@@ -401,6 +397,7 @@ files:
 - spec/roles_spec.rb
 - spec/spec_helper.rb
 - spec/ssl_spec.rb
+- spec/unit/policy_load_result_spec.rb
 - spec/uri_escape_spec.rb
 - test.sh
 - tmp/.keep
@@ -423,7 +420,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.4.19
 signing_key: 
 specification_version: 4
 summary: Conjur API
@@ -472,4 +469,5 @@ test_files:
 - spec/roles_spec.rb
 - spec/spec_helper.rb
 - spec/ssl_spec.rb
+- spec/unit/policy_load_result_spec.rb
 - spec/uri_escape_spec.rb