Merge pull request #487 from shawnzhu/secure-enterprise

uses system CAs instead of given 3 CAs for Travis CI Enterprise

Author: rkh

lib/travis/cli/api_command.rb

@@ -108,7 +108,8 @@ def setup_enterprise
             endpoint
           end
           self.api_endpoint             = c[enterprise_name]
-          self.insecure                 = true if insecure.nil?
+          self.insecure                 = insecure unless insecure.nil?
+          self.session.ssl.delete :ca_file
           endpoint_config['enterprise'] = true
           @setup_ennterpise             = true
         end

spec/cli/api_command_spec.rb

@@ -0,0 +1,38 @@
+require 'spec_helper'
+
+describe Travis::CLI::ApiCommand do
+  describe 'enterprise' do
+    travis_config_path = ENV['TRAVIS_CONFIG_PATH']
+
+    before do
+      ENV['TRAVIS_CONFIG_PATH'] = File.expand_path '../support', File.dirname(__FILE__)
+      config = subject.send(:load_file, 'fake_travis_config.yml')
+      subject.config = YAML.load(config)
+
+      subject.api_endpoint = 'https://travis-ci-enterprise/api'
+      subject.enterprise_name = 'default'
+    end
+
+    after do
+      ENV['TRAVIS_CONFIG_PATH'] = travis_config_path
+    end
+
+    describe '#setup_enterprise' do
+      before do
+        subject.send(:setup_enterprise)
+      end
+
+      it 'keeps verifying peers' do
+        subject.insecure.should be_falsey
+      end
+
+      it 'uses default CAs' do
+        subject.session.ssl.should_not include(:ca_file)
+      end
+
+      it 'flags endpoint' do
+        subject.endpoint_config.should include('enterprise' => true)
+      end
+    end
+  end
+end

spec/support/fake_travis_config.yml

@@ -10,3 +10,5 @@ endpoints:
     access_token: fake-travis-com-token
   https://api.travis-ci.org/:
     access_token: fake-travis-org-token
+  https://travis-ci-enterprise/api:
+    access_token: fake-travis-enterprise-token