doodlesbykumbi
commented
3 years ago Hi @fmang. Thank you for submitting the issue.
However, we can’t apply these settings globally because we have other uses of RestClient with different parameters. This is definitely not ideal, and is likely to bite other consumers of the library.
I've been exploring your suggestion, and removing the monkey patching in favour of the additional key on Conjur configuration seems (to me) entirely viable. The places where RestClient is invoked across the codebase are few, and it does not seem to implicitly slip into other dependencies or to other projects using conjur-api-ruby.
I think we can flesh out the changes over the coming day.
Please know that the project is open to contribution and we're more than happy to collaborate.
Is your feature request related to a problem? Please describe.
We need to configure custom connection parameters for accessing the Conjur API, like proxies, TLS certificates and other TLS-related options. However, we can’t apply these settings globally because we have other uses of RestClient with different parameters.
Describe the solution you would like
Given conjur-api has a configuration object, having an extra key for passing a Hash of RestClient options sounds like a natural solution.
I noticed conjur-api patches RestClient for applying custom parameters, meaning it potentially conflicts with other gems that use RestClient too. If conjur-api supported local RestClient options, that monkey patching would not be needed.
https://github.com/cyberark/conjur-api-ruby/blob/a0b2be4b6abdc3077a556fea667a0d5f66f35fbc/lib/conjur/api.rb#L53-L57
I also noticed Conjur::Configuration has options ssl_certificate and cert_file, but they do not seem to apply when using
Conjur::API.new_from_key.Describe alternatives you have considered
Isolating the calls to the Conjur in a separate Ruby environment so that the global variables do not interfere, but that sounds quite overkill.