conjur-api 5.3.4 → 5.3.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 476ea2f5b5e2a375363e03e6c4659f5a425837b5e3036f41ae5aea208c56f781
4
- data.tar.gz: 973be7e50f9a8a86c78770125723e42460e2264ceb7d71823fbd5d4962a31195
3
+ metadata.gz: a664240f5431ca1fb74de0bd5e32f9ee7e6cf2b8f1097b11fb208632d95854d8
4
+ data.tar.gz: 1e2c3a22bc9c592bf24c8c66e9912f34fbcc60ada3025d0d4fd35c617d367df0
5
5
  SHA512:
6
- metadata.gz: 5c1cb2ded26fe6dfd44992ef4a81e5e71a01551f2874c1045a66fb556da05b55268cceef5124323dfbe14c7e032da3382e0d48cf21732a443a3c52e70af53b38
7
- data.tar.gz: 58e061632c5c072134f5d2a23dab0103d73790750c054d5f6167ee0fa239598908130fc921aa3f74b9f57a93ced1092ec6165b55ae54728b3e16114baca486f1
6
+ metadata.gz: 19ad919e8defda0e5ca25c3d68b3837221301764827c9f365f7e69cd81d7e217f89e23f714a66990aa0448362687266d98f5eb870d2a53d7d72fbc4f23f91aca
7
+ data.tar.gz: a2549d4e49565c8b533385dd71e4c2886acda2d5b1a98c4585ded7461ea0a9e7234c92e3010dc1c1270524d6916fa6ab8e0e641c99d42cd5ee045464a07a9c7c
data/.github/CODEOWNERS CHANGED
@@ -1,4 +1,4 @@
1
- * @cyberark/conjur-core-team @conjurinc/conjur-core-team @conjurdemos/conjur-core-team
1
+ * @cyberark/community-and-integrations-team @conjurinc/community-and-integrations-team @conjurdemos/community-and-integrations-team
2
2
 
3
3
  # Changes to .trivyignore require Security Architect approval
4
4
  .trivyignore @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects
data/.gitleaks.toml CHANGED
@@ -1,4 +1,4 @@
1
- title = "Secretless Broker gitleaks config"
1
+ title = "Conjur API Ruby gitleaks config"
2
2
 
3
3
  # This is the config file for gitleaks. You can configure gitleaks what to search for and what to whitelist.
4
4
  # If GITLEAKS_CONFIG environment variable
data/CHANGELOG.md CHANGED
@@ -6,11 +6,25 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ## [5.3.5] - 2021-05-04
10
+
11
+ ### Added
12
+ - Add `rest_client_options` option to `Conjur.configuration`. This allows users to
13
+ configure the RestClient instance used by Conjur API to communicate with the Conjur
14
+ server.
15
+ [cyberark/conjur-api-ruby#188](https://github.com/cyberark/conjur-api-ruby/issues/188)
16
+
17
+ ### Changed
18
+ - Replace monkey patching `RestClient::Request` with defaults on `Conjur.configuration.rest_client_options`
19
+ in order to limit the scope of the default `:ssl_cert_store` option only to inside
20
+ Conjur API.
21
+ [cyberark/conjur-api-ruby#188](https://github.com/cyberark/conjur-api-ruby/issues/188)
22
+
9
23
  ## [5.3.4] - 2020-10-29
10
24
 
11
25
  ### Changed
12
26
  - When rotating the currently logged in user's/host's API key, we now explictily
13
- prevent use of `resource(<own_id>).rotate_api_key` for that action as the
27
+ prevent use of `resource({own_id}).rotate_api_key` for that action as the
14
28
  `Conjur::API.rotate_api_key` should be used instead for that. This change is a
15
29
  downstream enforcement of the stricter key rotation requirements on the server
16
30
  covered by [this](https://github.com/cyberark/conjur/security/advisories/GHSA-qhjf-g9gm-64jq)
@@ -332,7 +346,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
332
346
 
333
347
  ## [2.0.0] - 2013-13-12
334
348
 
335
- [Unreleased]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.4...HEAD
349
+ [Unreleased]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.5...HEAD
350
+ [5.3.5]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.4...v5.3.5
336
351
  [5.3.4]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.3...v5.3.4
337
352
  [5.3.3]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.1...v5.3.3
338
353
  [5.3.1]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.0...v5.3.1
data/README.md CHANGED
@@ -128,6 +128,28 @@ Conjur::API.new_from_key login, api_key
128
128
  Note that if you are connecting as a [Host](http://developer.conjur.net/reference/services/directory/host), the login should be
129
129
  prefixed with `host/`. For example: `host/myhost.example.com`, not just `myhost.example.com`.
130
130
 
131
+ ## Configuring RestClient
132
+
133
+ [Conjur::Configuration](https://github.com/conjurinc/api-ruby/blob/master/lib/conjur/configuration.rb)
134
+ allows optional configuration of the [RestClient](https://github.com/rest-client/rest-client)
135
+ instance used by Conjur API to communicate with the Conjur server, via the options hash
136
+ `Conjur.configuration.rest_client_options`.
137
+
138
+ The default value for the options hash is:
139
+ ```ruby
140
+ {
141
+ ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
142
+ }
143
+ ```
144
+
145
+ For example, here's how you would configure the client to use a proxy and `ssl_ca_file` (instead of the default `ssl_cert_store`).
146
+ ```ruby
147
+ Conjur.configuration.rest_client_options = {
148
+ ssl_ca_file: "ca_certificate.pem",
149
+ proxy: "http://proxy.example.com/"
150
+ }
151
+ ```
152
+
131
153
  ## Contributing
132
154
 
133
155
  We welcome contributions of all kinds to this repository. For instructions on how to get started and descriptions of our development workflows, please see our [contributing
@@ -19,6 +19,6 @@
19
19
 
20
20
  module Conjur
21
21
  class API
22
- VERSION = "5.3.4"
22
+ VERSION = "5.3.5"
23
23
  end
24
24
  end
data/lib/conjur/api.rb CHANGED
@@ -50,24 +50,6 @@ require 'conjur/layer'
50
50
  require 'conjur/cache'
51
51
  require 'conjur-api/version'
52
52
 
53
- # Monkey patch RestClient::Request so it always uses
54
- # :ssl_cert_store. (RestClient::Resource uses Request to send
55
- # requests, so it sees :ssl_cert_store, too).
56
- # @api private
57
- class RestClient::Request
58
- alias_method :initialize_without_defaults, :initialize
59
-
60
- def default_args
61
- {
62
- ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
63
- }
64
- end
65
-
66
- def initialize args
67
- initialize_without_defaults default_args.merge(args)
68
- end
69
- end
70
-
71
53
  # @api private
72
54
  class RestClient::Resource
73
55
  include Conjur::Escape
@@ -50,7 +50,7 @@ module Conjur
50
50
  url_for(:authn_login, account, username, password).get
51
51
  end
52
52
 
53
- # Exchanges Conjur the API key (refresh token) for an access token. The access token can
53
+ # Exchanges Conjur the API key (refresh token) for an access token. The access token can
54
54
  # then be used to authenticate further API calls.
55
55
  #
56
56
  # @param [String] username The username or host id for which we want a token
@@ -65,7 +65,7 @@ module Conjur
65
65
  JSON.parse url_for(:authn_authenticate, account, username).post(api_key, content_type: 'text/plain')
66
66
  end
67
67
 
68
- # Obtains an access token from the +authn_local+ service. The access token can
68
+ # Obtains an access token from the +authn_local+ service. The access token can
69
69
  # then be used to authenticate further API calls.
70
70
  #
71
71
  # @param [String] username The username or host id for which we want a token
@@ -80,7 +80,7 @@ module Conjur
80
80
  require 'json'
81
81
  require 'socket'
82
82
  message = url_for(:authn_authenticate_local, username, account, expiration, cidr)
83
- JSON.parse(UNIXSocket.open(Conjur.configuration.authn_local_socket) {|s| s.puts message; s.gets })
83
+ JSON.parse(UNIXSocket.open(Conjur.configuration.authn_local_socket) {|s| s.puts message; s.gets })
84
84
  end
85
85
 
86
86
  # Change a user's password. To do this, you must have the user's current password. This does not change or rotate
@@ -8,18 +8,27 @@ module Conjur
8
8
 
9
9
  def authn_login account, username, password
10
10
  verify_account(account)
11
- RestClient::Resource.new(Conjur.configuration.authn_url, user: username, password: password)['users/login']
11
+ RestClient::Resource.new(
12
+ Conjur.configuration.authn_url,
13
+ Conjur.configuration.create_rest_client_options(
14
+ user: username,
15
+ password: password
16
+ )
17
+ )['users/login']
12
18
  end
13
19
 
14
20
  def authn_authenticate account, username
15
21
  verify_account(account)
16
- RestClient::Resource.new(Conjur.configuration.authn_url)['users'][fully_escape username]['authenticate']
22
+ RestClient::Resource.new(
23
+ Conjur.configuration.authn_url,
24
+ Conjur.configuration.rest_client_options
25
+ )['users'][fully_escape username]['authenticate']
17
26
  end
18
27
 
19
28
  # For v4, the authn-local message is the username.
20
29
  def authn_authenticate_local username, account, expiration, cidr, &block
21
30
  verify_account(account)
22
-
31
+
23
32
  raise "'expiration' is not supported for authn-local v4" if expiration
24
33
  raise "'cidr' is not supported for authn-local v4" if cidr
25
34
 
@@ -28,36 +37,51 @@ module Conjur
28
37
 
29
38
  def authn_rotate_api_key credentials, account, id
30
39
  verify_account(account)
31
- username = if id.kind == "user"
32
- id.identifier
33
- else
34
- [ id.kind, id.identifier ].join('/')
35
- end
36
- RestClient::Resource.new(Conjur.configuration.authn_url, credentials)['users']["api_key?id=#{username}"]
40
+ username = id.kind == "user" ? id.identifier : [id.kind, id.identifier].join('/')
41
+ RestClient::Resource.new(
42
+ Conjur.configuration.authn_url,
43
+ Conjur.configuration.create_rest_client_options(credentials)
44
+ )['users']["api_key?id=#{username}"]
37
45
  end
38
46
 
39
47
  def authn_rotate_own_api_key account, username, password
40
48
  verify_account(account)
41
- RestClient::Resource.new(Conjur.configuration.authn_url, user: username, password: password)['users']["api_key"]
49
+ RestClient::Resource.new(
50
+ Conjur.configuration.authn_url,
51
+ Conjur.configuration.create_rest_client_options(user: username, password: password)
52
+ )['users']["api_key"]
42
53
  end
43
54
 
44
55
  def host_factory_create_host token
45
56
  http_options = {
46
57
  headers: { authorization: %Q(Token token="#{token}") }
47
58
  }
48
- RestClient::Resource.new(Conjur.configuration.core_url, http_options)['host_factories']['hosts']
59
+ RestClient::Resource.new(
60
+ Conjur.configuration.core_url,
61
+ Conjur.configuration.create_rest_client_options(http_options)
62
+ )['host_factories']['hosts']
49
63
  end
50
64
 
51
65
  def host_factory_create_tokens credentials, id
52
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['host_factories'][id.identifier]['tokens']
66
+ RestClient::Resource.new(
67
+ Conjur.configuration.core_url,
68
+ Conjur.configuration.create_rest_client_options(credentials)
69
+ )['host_factories'][id.identifier]['tokens']
53
70
  end
54
71
 
55
72
  def host_factory_revoke_token credentials, token
56
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['host_factories']['tokens'][token]
73
+ RestClient::Resource.new(
74
+ Conjur.configuration.core_url,
75
+ Conjur.configuration.create_rest_client_options(credentials)
76
+ )['host_factories']['tokens'][token]
57
77
  end
58
78
 
59
79
  def resources_resource credentials, id
60
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['authz'][id.account]['resources'][id.kind][id.identifier]
80
+
81
+ RestClient::Resource.new(
82
+ Conjur.configuration.core_url,
83
+ Conjur.configuration.create_rest_client_options(credentials)
84
+ )['authz'][id.account]['resources'][id.kind][id.identifier]
61
85
  end
62
86
 
63
87
  def resources_check credentials, id, privilege, role
@@ -73,47 +97,80 @@ module Conjur
73
97
  end
74
98
 
75
99
  def resources_permitted_roles credentials, id, privilege
76
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['authz'][id.account]['roles']['allowed_to'][privilege][id.kind][id.identifier]
100
+ RestClient::Resource.new(
101
+ Conjur.configuration.core_url,
102
+ Conjur.configuration.create_rest_client_options(credentials)
103
+ )['authz'][id.account]['roles']['allowed_to'][privilege][id.kind][id.identifier]
77
104
  end
78
105
 
79
106
  def roles_role credentials, id
80
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['authz'][id.account]['roles'][id.kind][id.identifier]
107
+ RestClient::Resource.new(
108
+ Conjur.configuration.core_url,
109
+ Conjur.configuration.create_rest_client_options(credentials)
110
+ )['authz'][id.account]['roles'][id.kind][id.identifier]
81
111
  end
82
112
 
83
113
  def secrets_add credentials, id
84
114
  verify_account(id.account)
85
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['variables'][fully_escape id.identifier]['values']
115
+ RestClient::Resource.new(
116
+ Conjur.configuration.core_url,
117
+ Conjur.configuration.create_rest_client_options(credentials)
118
+ )['variables'][fully_escape id.identifier]['values']
86
119
  end
87
120
 
88
121
  def variable credentials, id
89
122
  verify_account(id.account)
90
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['variables'][fully_escape id.identifier]
123
+ RestClient::Resource.new(
124
+ Conjur.configuration.core_url,
125
+ Conjur.configuration.create_rest_client_options(credentials)
126
+ )['variables'][fully_escape id.identifier]
91
127
  end
92
128
 
93
129
  def secrets_value credentials, id, options
94
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['variables'][fully_escape id.identifier]['value'][options_querystring options]
130
+ RestClient::Resource.new(
131
+ Conjur.configuration.core_url,
132
+ Conjur.configuration.create_rest_client_options(credentials)
133
+ )['variables'][fully_escape id.identifier]['value'][options_querystring options]
95
134
  end
96
135
 
97
136
  def secrets_values credentials, variable_ids
98
137
  options = {
99
138
  vars: Array(variable_ids).map { |v| fully_escape(v.identifier) }.join(',')
100
139
  }
101
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['variables']['values'][options_querystring options]
140
+ RestClient::Resource.new(
141
+ Conjur.configuration.core_url,
142
+ Conjur.configuration.create_rest_client_options(credentials)
143
+ )['variables']['values'][options_querystring options]
102
144
  end
103
145
 
104
146
  def group_attributes credentials, resource, id
105
147
  verify_account(id.account)
106
- JSON.parse(RestClient::Resource.new(Conjur.configuration.core_url, credentials)['groups'][fully_escape id.identifier].get)
148
+ JSON.parse(
149
+ RestClient::Resource.new(
150
+ Conjur.configuration.core_url,
151
+ Conjur.configuration.create_rest_client_options(credentials)
152
+ )['groups'][fully_escape id.identifier].get
153
+ )
107
154
  end
108
155
 
109
156
  def variable_attributes credentials, resource, id
110
157
  verify_account(id.account)
111
- JSON.parse(RestClient::Resource.new(Conjur.configuration.core_url, credentials)['variables'][fully_escape id.identifier].get)
158
+ JSON.parse(
159
+ RestClient::Resource.new(
160
+ Conjur.configuration.core_url,
161
+ Conjur.configuration.create_rest_client_options(credentials)
162
+ )['variables'][fully_escape id.identifier].get
163
+ )
112
164
  end
113
165
 
114
166
  def user_attributes credentials, resource, id
115
167
  verify_account(id.account)
116
- JSON.parse(RestClient::Resource.new(Conjur.configuration.core_url, credentials)['users'][fully_escape id.identifier].get)
168
+ JSON.parse(
169
+ RestClient::Resource.new(
170
+ Conjur.configuration.core_url,
171
+ Conjur.configuration.create_rest_client_options(credentials)
172
+ )['users'][fully_escape id.identifier].get
173
+ )
117
174
  end
118
175
 
119
176
  def parse_group_gidnumber attributes
@@ -27,19 +27,34 @@ module Conjur
27
27
  extend self
28
28
 
29
29
  def authn_login account, username, password
30
- RestClient::Resource.new(Conjur.configuration.authn_url, user: username, password: password)[fully_escape account]['login']
30
+ RestClient::Resource.new(
31
+ Conjur.configuration.authn_url,
32
+ Conjur.configuration.create_rest_client_options(
33
+ user: username,
34
+ password: password
35
+ )
36
+ )[fully_escape account]['login']
31
37
  end
32
38
 
33
39
  def authn_authenticate account, username
34
- RestClient::Resource.new(Conjur.configuration.authn_url)[fully_escape account][fully_escape username]['authenticate']
40
+ RestClient::Resource.new(
41
+ Conjur.configuration.authn_url,
42
+ Conjur.configuration.rest_client_options
43
+ )[fully_escape account][fully_escape username]['authenticate']
35
44
  end
36
45
 
37
46
  def authenticator account, authenticator, service_id, credentials
38
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)[fully_escape authenticator][fully_escape service_id][fully_escape account]
47
+ RestClient::Resource.new(
48
+ Conjur.configuration.core_url,
49
+ Conjur.configuration.create_rest_client_options(credentials)
50
+ )[fully_escape authenticator][fully_escape service_id][fully_escape account]
39
51
  end
40
52
 
41
53
  def authenticators
42
- RestClient::Resource.new(Conjur.configuration.core_url)['authenticators']
54
+ RestClient::Resource.new(
55
+ Conjur.configuration.core_url,
56
+ Conjur.configuration.rest_client_options
57
+ )['authenticators']
43
58
  end
44
59
 
45
60
  # For v5, the authn-local message is a JSON string with account, sub, and optional fields.
@@ -51,38 +66,68 @@ module Conjur
51
66
  end
52
67
 
53
68
  def authn_update_password account, username, password
54
- RestClient::Resource.new(Conjur.configuration.authn_url, user: username, password: password)[fully_escape account]['password']
69
+ RestClient::Resource.new(
70
+ Conjur.configuration.authn_url,
71
+ Conjur.configuration.create_rest_client_options(
72
+ user: username,
73
+ password: password
74
+ )
75
+ )[fully_escape account]['password']
55
76
  end
56
77
 
57
78
  def authn_rotate_api_key credentials, account, id
58
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['authn'][fully_escape account]["api_key?role=#{id}"]
79
+ RestClient::Resource.new(
80
+ Conjur.configuration.core_url,
81
+ Conjur.configuration.create_rest_client_options(credentials)
82
+ )['authn'][fully_escape account]["api_key?role=#{id}"]
59
83
  end
60
84
 
61
85
  def authn_rotate_own_api_key account, username, password
62
- RestClient::Resource.new(Conjur.configuration.authn_url, user: username, password: password)[fully_escape account]['api_key']
86
+ RestClient::Resource.new(
87
+ Conjur.configuration.authn_url,
88
+ Conjur.configuration.create_rest_client_options(
89
+ user: username,
90
+ password: password
91
+ )
92
+ )[fully_escape account]['api_key']
63
93
  end
64
94
 
65
95
  def host_factory_create_host token
66
96
  http_options = {
67
97
  headers: { authorization: %Q(Token token="#{token}") }
68
98
  }
69
- RestClient::Resource.new(Conjur.configuration.core_url, http_options)["host_factories"]["hosts"]
99
+ RestClient::Resource.new(
100
+ Conjur.configuration.core_url,
101
+ Conjur.configuration.create_rest_client_options(http_options)
102
+ )["host_factories"]["hosts"]
70
103
  end
71
104
 
72
105
  def host_factory_create_tokens credentials, id
73
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['host_factory_tokens']
106
+ RestClient::Resource.new(
107
+ Conjur.configuration.core_url,
108
+ Conjur.configuration.create_rest_client_options(credentials)
109
+ )['host_factory_tokens']
74
110
  end
75
111
 
76
112
  def host_factory_revoke_token credentials, token
77
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['host_factory_tokens'][token]
113
+ RestClient::Resource.new(
114
+ Conjur.configuration.core_url,
115
+ Conjur.configuration.create_rest_client_options(credentials)
116
+ )['host_factory_tokens'][token]
78
117
  end
79
118
 
80
119
  def policies_load_policy credentials, account, id
81
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['policies'][fully_escape account]['policy'][fully_escape id]
120
+ RestClient::Resource.new(
121
+ Conjur.configuration.core_url,
122
+ Conjur.configuration.create_rest_client_options(credentials)
123
+ )['policies'][fully_escape account]['policy'][fully_escape id]
82
124
  end
83
125
 
84
126
  def public_keys_for_user account, username
85
- RestClient::Resource.new(Conjur.configuration.core_url)['public_keys'][fully_escape account]['user'][fully_escape username]
127
+ RestClient::Resource.new(
128
+ Conjur.configuration.core_url,
129
+ Conjur.configuration.rest_client_options
130
+ )['public_keys'][fully_escape account]['user'][fully_escape username]
86
131
  end
87
132
 
88
133
  def resources credentials, account, kind, options
@@ -91,11 +136,17 @@ module Conjur
91
136
  path = "/resources/#{fully_escape account}"
92
137
  path += "/#{fully_escape kind}" if kind
93
138
 
94
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)[path][options_querystring options]
139
+ RestClient::Resource.new(
140
+ Conjur.configuration.core_url,
141
+ Conjur.configuration.create_rest_client_options(credentials)
142
+ )[path][options_querystring options]
95
143
  end
96
144
 
97
145
  def resources_resource credentials, id
98
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['resources'][id.to_url_path]
146
+ RestClient::Resource.new(
147
+ Conjur.configuration.core_url,
148
+ Conjur.configuration.create_rest_client_options(credentials)
149
+ )['resources'][id.to_url_path]
99
150
  end
100
151
 
101
152
  def resources_permitted_roles credentials, id, privilege
@@ -114,22 +165,34 @@ module Conjur
114
165
  end
115
166
 
116
167
  def roles_role credentials, id
117
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['roles'][id.to_url_path]
168
+ RestClient::Resource.new(
169
+ Conjur.configuration.core_url,
170
+ Conjur.configuration.create_rest_client_options(credentials)
171
+ )['roles'][id.to_url_path]
118
172
  end
119
173
 
120
174
  def secrets_add credentials, id
121
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['secrets'][id.to_url_path]
175
+ RestClient::Resource.new(
176
+ Conjur.configuration.core_url,
177
+ Conjur.configuration.create_rest_client_options(credentials)
178
+ )['secrets'][id.to_url_path]
122
179
  end
123
180
 
124
181
  def secrets_value credentials, id, options
125
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['secrets'][id.to_url_path][options_querystring options]
182
+ RestClient::Resource.new(
183
+ Conjur.configuration.core_url,
184
+ Conjur.configuration.create_rest_client_options(credentials)
185
+ )['secrets'][id.to_url_path][options_querystring options]
126
186
  end
127
187
 
128
188
  def secrets_values credentials, variable_ids
129
189
  options = {
130
190
  variable_ids: Array(variable_ids).join(',')
131
191
  }
132
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['secrets'][options_querystring(options).gsub("%2C", ',')]
192
+ RestClient::Resource.new(
193
+ Conjur.configuration.core_url,
194
+ Conjur.configuration.create_rest_client_options(credentials)
195
+ )['secrets'][options_querystring(options).gsub("%2C", ',')]
133
196
  end
134
197
 
135
198
  def group_attributes credentials, resource, id
@@ -167,13 +230,16 @@ module Conjur
167
230
  end
168
231
 
169
232
  def ldap_sync_policy(credentials, config_name)
170
- RestClient::Resource.new(Conjur.configuration.core_url, credentials)['ldap-sync']["policy?config_name=#{fully_escape(config_name)}"]
233
+ RestClient::Resource.new(
234
+ Conjur.configuration.core_url,
235
+ Conjur.configuration.create_rest_client_options(credentials)
236
+ )['ldap-sync']["policy?config_name=#{fully_escape(config_name)}"]
171
237
  end
172
238
 
173
239
  private
174
240
 
175
241
  def resource_annotations resource
176
- resource.attributes['annotations'] || {}
242
+ resource.attributes['annotations']
177
243
  end
178
244
  end
179
245
  end
@@ -24,7 +24,6 @@ require 'set'
24
24
  require 'conjur/cert_utils'
25
25
 
26
26
  module Conjur
27
-
28
27
  class << self
29
28
  # Saves the current thread local {Conjur::Configuration},
30
29
  # sets the thread local {Conjur::Configuration} to `config`, yields to the block, and ensures that
@@ -68,7 +67,7 @@ module Conjur
68
67
  ensure
69
68
  Thread.current[:conjur_configuration] = oldvalue
70
69
  end
71
-
70
+
72
71
  # Gets the current thread-local or global configuration.
73
72
  #
74
73
  # The thread-local Conjur configuration can only be set using the {Conjur.with_configuration}
@@ -79,7 +78,7 @@ module Conjur
79
78
  def configuration
80
79
  Thread.current[:conjur_configuration] || (@config ||= Configuration.new)
81
80
  end
82
-
81
+
83
82
  # Sets the global configuration.
84
83
  #
85
84
  # This method *has no effect* on the thread local configuration. Use {Conjur.with_configuration} instead if
@@ -191,25 +190,25 @@ module Conjur
191
190
  @supplied = options.dup
192
191
  @computed = Hash.new
193
192
  end
194
-
193
+
195
194
  class << self
196
195
  # @api private
197
196
  def accepted_options
198
197
  require 'set'
199
198
  @options ||= Set.new
200
199
  end
201
-
200
+
202
201
  # @param [Symbol] name
203
202
  # @param [Hash] options
204
- # @option options [Boolean] :boolean (false) whether this option should have a '?' accessor
203
+ # @option options [Boolean] :boolean (false) whether this option should have a '?' accessor
205
204
  # @option options [Boolean, String] :env Environment variable for this option. Set to false
206
205
  # to disallow environment based configuration. Default is CONJUR_<OPTION_NAME>.
207
206
  # @option options [Proc, *] :default Default value or proc to provide it
208
207
  # @option options [Boolean] :required (false) when true, raise an exception if the option is
209
208
  # not set
210
- # @option options [Proc, #to_proc] :convert proc-ish to convert environment
209
+ # @option options [Proc, #to_proc] :convert proc-ish to convert environment
211
210
  # values to appropriate types
212
- # @param [Proc] def_proc block to provide default values
211
+ # @param [Proc] def_proc block to provide default values
213
212
  # @api private
214
213
  def add_option name, options = {}, &def_proc
215
214
  accepted_options << name
@@ -217,7 +216,7 @@ module Conjur
217
216
  env_var = options[:env] || "CONJUR_#{name.to_s.upcase}"
218
217
  def_val = options[:default]
219
218
  opt_name = name
220
-
219
+
221
220
  def_proc ||= if def_val.respond_to?(:call)
222
221
  def_val
223
222
  elsif options[:required]
@@ -225,10 +224,10 @@ module Conjur
225
224
  else
226
225
  proc { def_val }
227
226
  end
228
-
227
+
229
228
  convert = options[:convert] || ->(x){ x }
230
229
  # Allow a Symbol, for example
231
- convert = convert.to_proc if convert.respond_to?(:to_proc)
230
+ convert = convert.to_proc if convert.respond_to?(:to_proc)
232
231
 
233
232
  define_method("#{name}=") do |value|
234
233
  set name, value
@@ -237,7 +236,7 @@ module Conjur
237
236
  define_method("#{name}_env_var") do
238
237
  allow_env ? env_var : nil
239
238
  end
240
-
239
+
241
240
  define_method(name) do
242
241
  value = computed[name]
243
242
  return value unless value.nil?
@@ -246,7 +245,7 @@ module Conjur
246
245
  supplied[name]
247
246
  elsif allow_env && ENV.member?(env_var)
248
247
  instance_exec(ENV[env_var], &convert)
249
- else
248
+ else
250
249
  instance_eval(&def_proc)
251
250
  end.tap do |value|
252
251
  computed[name] = value
@@ -256,7 +255,7 @@ module Conjur
256
255
  alias_method("#{name}?", name) if options[:boolean]
257
256
  end
258
257
  end
259
-
258
+
260
259
  # Return a copy of this {Conjur::Configuration} instance, optionally
261
260
  # updating the copy with options from the `override_options` hash.
262
261
  #
@@ -290,8 +289,8 @@ module Conjur
290
289
  #
291
290
  # The url for the {http://developer.conjur.net/reference/services/authentication Conjur authentication service}.
292
291
  #
293
- # By default, this will be built from the +appliance_url+. To use a custom authenticator,
294
- # set this option in code or set `CONJUR_AUTHN_URL`.
292
+ # By default, this will be built from the +appliance_url+. To use a custom authenticator,
293
+ # set this option in code or set `CONJUR_AUTHN_URL`.
295
294
  #
296
295
  #
297
296
  # @return [String] the authentication service url
@@ -369,10 +368,30 @@ module Conjur
369
368
  # @see cert_file
370
369
  add_option :ssl_certificate
371
370
 
371
+ # @!attribute rest_client_options
372
+ #
373
+ # Custom options for the underlying RestClient Requests. This defaults to:
374
+ # ```
375
+ # {
376
+ # ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
377
+ # }
378
+ # ``
379
+ #
380
+ # The `ssl_cert_store` value aligns with the default certificate store used by
381
+ # {#apply_cert_config!}.
382
+ #
383
+ # NOTE: When setting the value of rest_client_options the defaults are not retained,
384
+ # you must manually set them on the value you provide.
385
+ add_option :rest_client_options do
386
+ {
387
+ ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
388
+ }
389
+ end
390
+
372
391
  # @!attribute version
373
392
  #
374
393
  # Selects the major API version of the Conjur server. With this setting, the API
375
- # will use the routing scheme for API version `4` or `5`.
394
+ # will use the routing scheme for API version `4` or `5`.
376
395
  #
377
396
  # Methods which are not available in the selected version will raise NoMethodError.
378
397
  add_option :version, default: 5
@@ -383,6 +402,12 @@ module Conjur
383
402
  # This is only available when the API client is running on the Conjur server.
384
403
  add_option :authn_local_socket, default: "/run/authn-local/.socket"
385
404
 
405
+ # Create rest_client_options by merging the input with the
406
+ # rest_client_options present on the configuration object.
407
+ def create_rest_client_options options
408
+ rest_client_options.merge(options || {})
409
+ end
410
+
386
411
  # Calls a major-version-specific function.
387
412
  def version_logic v4_logic, v5_logic
388
413
  case version.to_s
@@ -398,6 +423,9 @@ module Conjur
398
423
  # Add the certificate configured by the {#ssl_certificate} and {#cert_file} options to the certificate
399
424
  # store used by Conjur clients.
400
425
  #
426
+ # NOTE: If you specify a non-default `store` value, you must manually set the
427
+ # `ssl_cert_store` value on {#rest_client_options} to the same value.
428
+ #
401
429
  # @param [OpenSSL::X509::Store] store the certificate store that the certificate will be installed in.
402
430
  # @return [Boolean] whether a certificate was added to the store.
403
431
  def apply_cert_config! store=OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
@@ -29,6 +29,28 @@ describe Conjur::Configuration do
29
29
  configuration.account = "the-account"
30
30
  configuration.appliance_url = "https://conjur/api"
31
31
  }
32
+
33
+ it "rest_client_options defaults" do
34
+ expected = {
35
+ ssl_cert_store: OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE
36
+ }
37
+ expect(configuration.rest_client_options).to eq(expected)
38
+ end
39
+
40
+ it "rest_client_options propagate to RestClient::Resource" do
41
+ expected = {
42
+ ssl_ca_file: "ca_certificate.pem",
43
+ proxy: "http://proxy.example.com/"
44
+ }
45
+ configuration.rest_client_options = {
46
+ ssl_ca_file: "ca_certificate.pem",
47
+ proxy: "http://proxy.example.com/"
48
+ }
49
+
50
+ resource = Conjur::API.url_for(:authn_login, *["account", "username", "password"])
51
+ expect(resource.options).to include(expected)
52
+ end
53
+
32
54
  it "can still be changed by changing the appliance_url" do
33
55
  configuration.appliance_url = "https://other/api"
34
56
  expect(configuration.core_url).to eq "https://other/api"
@@ -40,7 +62,7 @@ describe Conjur::Configuration do
40
62
  expect(configuration.authn_url).to eq "http://authn-docker"
41
63
  end
42
64
 
43
- context "and duplicated" do
65
+ context "and duplicated" do
44
66
  subject { configuration.clone override_options }
45
67
  let(:override_options) { Hash.new }
46
68
 
@@ -72,7 +94,7 @@ describe Conjur::Configuration do
72
94
  end
73
95
  end
74
96
  end
75
-
97
+
76
98
  describe "url generation" do
77
99
  describe 'authn_url' do
78
100
  before {
@@ -281,7 +303,7 @@ RjvSxre4Xg2qlI9Laybb4oZ4g6DI8hRbL0VdFAsveg6SXg2RxgJcXeJUFw==
281
303
  expect(subject).to be_truthy
282
304
  end
283
305
  end
284
-
306
+
285
307
  end
286
308
 
287
309
  context 'when cert file is not readable' do
data/spec/spec_helper.rb CHANGED
@@ -84,7 +84,7 @@ end
84
84
  require 'conjur/api'
85
85
 
86
86
  KIND="asset_kind"
87
- ID="unique_id"
87
+ ID="unique_id"
88
88
  ROLE='<role>'
89
89
  MEMBER='<member>'
90
90
  PRIVILEGE='<privilege>'
data/spec/ssl_spec.rb CHANGED
@@ -16,16 +16,14 @@ describe 'SSL connection' do
16
16
 
17
17
  context 'with certificate added to the default OpenSSL cert store' do
18
18
  before do
19
- store = OpenSSL::X509::Store.new
20
- store.add_cert cert
21
- stub_const 'OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE', store
19
+ cert_store.add_cert(cert)
22
20
  end
23
21
 
24
22
  it 'works' do
25
23
  expect { Conjur::API.login 'foo', 'bar', account: "the-account" }.to raise_error RestClient::ResourceNotFound
26
24
  end
27
25
  end
28
-
26
+
29
27
  let(:server) do
30
28
  server = WEBrick::HTTPServer.new \
31
29
  Port: 0, SSLEnable: true,
@@ -33,8 +31,14 @@ describe 'SSL connection' do
33
31
  SSLCertificate: cert, SSLPrivateKey: key
34
32
  end
35
33
  let(:port) { server.config[:Port] }
34
+ let(:cert_store) { OpenSSL::X509::Store.new }
36
35
 
37
36
  before do
37
+ # Reset configuration to allow each test to use its own stub
38
+ # of OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.
39
+ Conjur.configuration = nil
40
+ stub_const 'OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE', cert_store
41
+
38
42
  allow(Conjur.configuration).to receive(:authn_url).and_return "https://localhost:#{port}"
39
43
  end
40
44
 
@@ -50,15 +54,23 @@ describe 'SSL connection' do
50
54
  let(:cert) do
51
55
  OpenSSL::X509::Certificate.new """
52
56
  -----BEGIN CERTIFICATE-----
53
- MIIBpDCCAQ2gAwIBAgIJALVPXQuF0w39MA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
54
- BAMMCWxvY2FsaG9zdDAeFw0xNTAyMTQxNTE0MDFaFw0yNTAyMTExNTE0MDFaMBQx
55
- EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
56
- n+IqEsmbuZk7E2GdPZpBxETjXC+dGze5XlZHPyKviekQ9sachAsBWApVrjM2QDtf
57
- KOwa6GuBqGQ0bdl4Ui7I0CIGB4a0UJHU/EvuDhI1cTzAVVWemW1QaqKxI/2xDgs9
58
- bqY471iVirRiSYD+6lm2pFYqOnnR/d+QKIMXhPOi0DMCAwEAATANBgkqhkiG9w0B
59
- AQsFAAOBgQCSPchDKAiVPNJlRkaY9KPIXfPbFX6h/+ilJRl1xtHqY+y4SxURbnU0
60
- fbYVnapKiuMnrnxTWXwl1z1iMbuuzjUC0RDz8F9pZkQ9IJpBSOaSfyUmk1JrrBRU
61
- INyaxnJjtc7YIzW1Yz7+aKtzZAQuFXNhiQa+CIIGeWrpzbExo2ce3Q==
57
+ MIIDCzCCAfOgAwIBAgIUaApjB95cJZlMTwDg4EBk4Mf1y4swDQYJKoZIhvcNAQEL
58
+ BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTIxMDQyODIxNTA1OFoYDzQ3NTkw
59
+ MzI1MjE1MDU4WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
60
+ AQUAA4IBDwAwggEKAoIBAQC+MIx1LCzBeAl7kHfI21wYmA6W8luyq14+DecaQPMd
61
+ bW7fMlHSMJC/nlFDQyqmfYfKlVCiJRV/QTdUtA9hCytPlEKjlVmm4WIYLKfjj8Sp
62
+ A+X9VURk75Fz+Z7UsF8u2J3pF9wFfhBzznwePlFdcWYyQMIRtghoHk/WSsbJVXVQ
63
+ so7+0BLFyMYB3otfCyK+H/iyoXWLZll2irYZJedVm/lyTlnc9dT1XDAWWI8kSeUV
64
+ lCkEulqOf8qZyU7wNUafRkzBuYkR7ddp1Qdkq+QYw7blmfZXyJbAYSt4gEMyDMk8
65
+ ArScP8j+Efz5D54wS7fZFwmQp41+iP5WTxGsSU3dh44fAgMBAAGjUzBRMB0GA1Ud
66
+ DgQWBBS4ZJDxXOs8rK3+SyfLopDFqK0IWDAfBgNVHSMEGDAWgBS4ZJDxXOs8rK3+
67
+ SyfLopDFqK0IWDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAE
68
+ WuzjqQ/gyho/pluX31hq7EMAFgqqz7ECN6DqmvpqabMD6s1kQ662KTo7gCBEcNtA
69
+ nC7QycFp4v/Cr8+aUEa1W3+q2MqbmshORonUrLE/vxejK+NUvhSCWnmrM8v60zhR
70
+ pn9lSSgQCBKWDgaU0VQVn0I9MuexeAj64Qv2uUHnZK3QUx+Gk3uurTmhKEN5FI+D
71
+ sC7xO0qquTZ1Vv1EkLEso4dnFVW84EjdfmfeiW6JmHO7z1p1ebGsRwoQead/qTKw
72
+ ze+Y1A1w3GzuhDo55aHlWE/Wvnou0aM3O9gUd++a2j+XJ2P7qaTB/L7SJk4qZ9RA
73
+ t2PbKVP+tyZjXKtXmgzp
62
74
  -----END CERTIFICATE-----
63
75
  """.lines.map(&:strip).join("\n")
64
76
  end
@@ -66,19 +78,31 @@ describe 'SSL connection' do
66
78
  let(:key) do
67
79
  OpenSSL::PKey.read """
68
80
  -----BEGIN RSA PRIVATE KEY-----
69
- MIICXAIBAAKBgQCf4ioSyZu5mTsTYZ09mkHERONcL50bN7leVkc/Iq+J6RD2xpyE
70
- CwFYClWuMzZAO18o7Broa4GoZDRt2XhSLsjQIgYHhrRQkdT8S+4OEjVxPMBVVZ6Z
71
- bVBqorEj/bEOCz1upjjvWJWKtGJJgP7qWbakVio6edH935AogxeE86LQMwIDAQAB
72
- AoGAUCDb7zCFUB4gglUgpfgCT+gqflAKj9J8n2/kIxsyGI7rBpKBbJfLY6FCUZyu
73
- 6sAWr/6seaEviQI3WHpuF9oEn6gzb1XWpKH7h9ZAu5O2sscdrc5MrpFmBvGjMBnd
74
- 80u/TcsDHX453QbPgqOJTi+Qt15Y+Ot/iE8ccQjW6pMPiCECQQDLQvNekVF7YJ9e
75
- iJNZSJMcx2c9hjAuywm/jPX+57k0xRlxGKCQxyujmxDfztDYU9kHMRHknbxz0sFr
76
- 0Vkaxo1DAkEAyV3z6vvTtUx7R5IYOUkZqIfeQ6k6ZItQoZdZPKoBW0s7QhqvJyZN
77
- qeYJMaFR87A6273LwhpXZTvQwSYUUw6KUQJAQAIfXaJphG7TARQFQtKF8UQiEM/X
78
- EIVD1pxvQwx52FJRRro4ph7ycRz93Vzli5or+AXN2q6Jj/fIjUlpw/LOvQJAfyPO
79
- FUjpM+hVUiwhFVJdW/ZlVK0tzDvWLiDkXBQvBRhsEuHMQ1jA4ov2tBpaJxXXI9Uj
80
- KKv/EFEDDmDfpk1g8QJBAIJhDsxKWgUy1lk+lGYdWRQi/D/BnkNbySklCypmZghu
81
- Q6oXJNYB9NWLRWDJaGHlHrAn40Wq6MUx95Aomvj+uHA=
81
+ MIIEowIBAAKCAQEAvjCMdSwswXgJe5B3yNtcGJgOlvJbsqtePg3nGkDzHW1u3zJR
82
+ 0jCQv55RQ0Mqpn2HypVQoiUVf0E3VLQPYQsrT5RCo5VZpuFiGCyn44/EqQPl/VVE
83
+ ZO+Rc/me1LBfLtid6RfcBX4Qc858Hj5RXXFmMkDCEbYIaB5P1krGyVV1ULKO/tAS
84
+ xcjGAd6LXwsivh/4sqF1i2ZZdoq2GSXnVZv5ck5Z3PXU9VwwFliPJEnlFZQpBLpa
85
+ jn/KmclO8DVGn0ZMwbmJEe3XadUHZKvkGMO25Zn2V8iWwGEreIBDMgzJPAK0nD/I
86
+ /hH8+Q+eMEu32RcJkKeNfoj+Vk8RrElN3YeOHwIDAQABAoIBAQCnW0ctkDqt3/fQ
87
+ MHcHWue2iI9GCmvgU+WxC0DSHFcSDQrkAn53S98DjseJPaBZMtr7y9pRY/p/qR6M
88
+ PYnO5iotc5QUKEbkjy1nglwV5Zuy8kg+XPq7Kwg+GmjGVZDcQybpRuKIPr8xeIBF
89
+ iKbGaBP6ontjZGAPZqTwN4qm/bkm0QRQkMEVQLpBaOlXjl0BCknhCMgyNA1F0jGc
90
+ HLqJpFO46qvWDkDaKriMY/ezrkGYxlvV8xGJ2lzoaNWBsQeMXtcDJXuFMJO3lZl4
91
+ VUjeNbyPprUzL6/kLZGMVFdRWhzKAluJEy3B6zybY4xxmgmifqn8/OxIaT172IXN
92
+ KACuEorpAoGBAOYZEfuON+73dcstpjq3062+XUOxAAc77aFcGFQ2pqDTUtvoR05R
93
+ o0uXrSuQqt0/FJVdZqdDx1and6idI7j/LfkOwvmPPg2dJIwKV73T2HdR7BpJaYlI
94
+ KS6Bgl0AiW2ibjZJbBFJMiINb2tRGeYcOPfWlis309D2DXxl1f1TJTKTAoGBANOZ
95
+ aDH1VJXh7rdAHrwNonTjoCeYKG7oAh0WTfqmCqcBjAkXsVc7dBd/98XKGS5LPRtl
96
+ dIaJdYngeYyH5Ey5O2l/63tk0d4sqE8l+GVy+OHFn2AZMuaVXS0JXIQspn4s/U7F
97
+ CuawmFszE8fv41WgVNhF00ijheoRz/X19yu0ULHFAoGAYmJZ1AutUtowXZ25M+Yh
98
+ 9motCqKF9pHjO1lbdbagbKevCCQ7SPuTLOE/xB7pUAyGyo7TM7XBaAXXHhuCiLlj
99
+ eNic+YQL7lpApDhP5/TK28oFf//fxjk6ko4Bpa5zFJOdOE0QjhuT+gdwmpxkzIVI
100
+ vn/cWcJXKUPr5ELOyrBgeU0CgYBWqIUbsLWrjJQPSJtNuOfHp1F35cDpausyrmfR
101
+ Nx81tlR7hNCEQT0SQr5eqp4Vb4rfJXXLg5A3n08oVp8RLOtAEbuHFYs9ylxDzfEk
102
+ 2ylCjYTv/mHyPUmjoCnbl8237wTutZP5VmmPMCPxxjT8ZGVbDX2ySgYWDqV0vf80
103
+ TuydYQKBgG24Wpes1CJmKiuWGnPi5I/+iIKZRfpEGidpjnsktkr3O+VZSZNQtDfC
104
+ uWp/NgMxzxXxYdmmaQTwektB5axrsPUnxxiHmb8KkVU1IcMpYvUulFYiKVvFx+JJ
105
+ bx/fkItCZ4AP3CG2Onz8xZdosg+c+MEdIlCrg94dA1EmHewCt2Hv
82
106
  -----END RSA PRIVATE KEY-----
83
107
  """.lines.map(&:strip).join("\n")
84
108
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: conjur-api
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.3.4
4
+ version: 5.3.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rafal Rzepecki
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2020-10-29 00:00:00.000000000 Z
12
+ date: 2021-05-04 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rest-client
@@ -356,7 +356,6 @@ files:
356
356
  - spec/spec_helper.rb
357
357
  - spec/ssl_spec.rb
358
358
  - spec/uri_escape_spec.rb
359
- - spec/vendor/rest_client_spec.rb
360
359
  - test.sh
361
360
  - tmp/.keep
362
361
  homepage: https://github.com/cyberark/conjur-api-ruby/
@@ -378,7 +377,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
378
377
  - !ruby/object:Gem::Version
379
378
  version: '0'
380
379
  requirements: []
381
- rubygems_version: 3.1.2
380
+ rubygems_version: 3.1.4
382
381
  signing_key:
383
382
  specification_version: 4
384
383
  summary: Conjur API
@@ -426,4 +425,3 @@ test_files:
426
425
  - spec/spec_helper.rb
427
426
  - spec/ssl_spec.rb
428
427
  - spec/uri_escape_spec.rb
429
- - spec/vendor/rest_client_spec.rb
@@ -1,41 +0,0 @@
1
- # Copyright (C) 2014 Conjur Inc
2
- #
3
- # Permission is hereby granted, free of charge, to any person obtaining a copy of
4
- # this software and associated documentation files (the "Software"), to deal in
5
- # the Software without restriction, including without limitation the rights to
6
- # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
7
- # the Software, and to permit persons to whom the Software is furnished to do so,
8
- # subject to the following conditions:
9
- #
10
- # The above copyright notice and this permission notice shall be included in all
11
- # copies or substantial portions of the Software.
12
- #
13
- # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14
- # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
15
- # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
16
- # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
17
- # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
18
- # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19
-
20
- require 'spec_helper'
21
- require 'tempfile'
22
-
23
- # RestClient monkey patches MIME::Types, breaking it in certain situations.
24
- # Let's make sure we monkey patch the monkey patch if necessary.
25
-
26
- describe RestClient::Request do
27
- shared_examples :restclient do
28
- it "can be initialized" do
29
- expect { RestClient::Request.new method: 'GET', url: 'http://example.com' }.to_not raise_error
30
- end
31
- end
32
-
33
- context 'default arguments' do
34
- let(:cache) { nil }
35
- let(:lazy) { false }
36
- it "sets cert_store to OpenSSL's default cert store" do
37
- request = RestClient::Request.new(method: 'GET', url: 'http://example.com')
38
- expect(request.ssl_opts[:cert_store]).to eq(OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE)
39
- end
40
- end
41
- end