Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom RestClient options #188

Closed
fmang opened this issue Mar 17, 2021 · 3 comments
Closed

Custom RestClient options #188

fmang opened this issue Mar 17, 2021 · 3 comments
Assignees
@doodlesbykumbi
Labels
component/api/ruby contributor kind/enhancement

Comments

@fmang
Copy link

fmang commented Mar 17, 2021

Is your feature request related to a problem? Please describe.

We need to configure custom connection parameters for accessing the Conjur API, like proxies, TLS certificates and other TLS-related options. However, we can’t apply these settings globally because we have other uses of RestClient with different parameters.

Describe the solution you would like

Given conjur-api has a configuration object, having an extra key for passing a Hash of RestClient options sounds like a natural solution.

Conjur.configuration.rest_client_options = {
  ssl_ca_file: "ca_certificate.pem",
  proxy: "http://proxy.example.com/"
}

I noticed conjur-api patches RestClient for applying custom parameters, meaning it potentially conflicts with other gems that use RestClient too. If conjur-api supported local RestClient options, that monkey patching would not be needed.

conjur-api-ruby/lib/conjur/api.rb

Lines 53 to 57 in a0b2be4

# Monkey patch RestClient::Request so it always uses
# :ssl_cert_store. (RestClient::Resource uses Request to send
# requests, so it sees :ssl_cert_store, too).
# @api private
class RestClient::Request

I also noticed Conjur::Configuration has options ssl_certificate and cert_file, but they do not seem to apply when using Conjur::API.new_from_key.

Describe alternatives you have considered

Isolating the calls to the Conjur in a separate Ruby environment so that the global variables do not interfere, but that sounds quite overkill.
@doodlesbykumbi
Copy link
Contributor

Hi @fmang. Thank you for submitting the issue.

However, we can’t apply these settings globally because we have other uses of RestClient with different parameters.
This is definitely not ideal, and is likely to bite other consumers of the library.

I've been exploring your suggestion, and removing the monkey patching in favour of the additional key on Conjur configuration seems (to me) entirely viable. The places where RestClient is invoked across the codebase are few, and it does not seem to implicitly slip into other dependencies or to other projects using conjur-api-ruby.

I think we can flesh out the changes over the coming day.

Please know that the project is open to contribution and we're more than happy to collaborate.

@doodlesbykumbi
Copy link
Contributor

I also noticed Conjur::Configuration has options ssl_certificate and cert_file, but they do not seem to apply when using Conjur::API.new_from_key.

I believe you need to run Conjur.configuration.apply_cert_config! in order for those values to be applied

@doodlesbykumbi doodlesbykumbi mentioned this issue Apr 29, 2021
Merged
6 tasks
@doodlesbykumbi
Copy link
Contributor

Closed as part of #189

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@doodlesbykumbi doodlesbykumbi

Labels
component/api/ruby contributor kind/enhancement
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fmang @doodlesbykumbi @izgeri