conjur-api 5.3.8.pre.321 → 5.4.0.pre.404
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -3
- data/VERSION +1 -1
- data/features/authn.feature +13 -2
- data/features/step_definitions/api_steps.rb +12 -2
- data/lib/conjur/api/authn.rb +13 -1
- data/spec/api/host_factories_spec.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d39f007a40ecbf4a9edfd87189801def062b00e4a240bbf405d02d362f7bdd24
|
4
|
+
data.tar.gz: 8f3fd11807b81446e0e35a34220c60eec19fc3e1985d075bb6dc39e6eef16c2f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8da8d30687d52bc01d2776c894e5450f7cb9486f32c29919fcffc43e37b198960c9b6f9119b011c1bd65c8bab823cdcdfbf5b93e959d564af4aa7cd25c836224
|
7
|
+
data.tar.gz: e4306d6d8c8ce9ec70492e62a1c6bfb4130af4276d9c3f231525d18ab67d8fc3088a82401a375e09459caffc65ad127d5d0d073fc6fa2ef4bac6f06ba45fdcde
|
data/CHANGELOG.md
CHANGED
@@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
9
9
|
- Nothing should go in this section, please add to the latest unreleased version
|
10
10
|
(and update the corresponding date), or add a new version.
|
11
11
|
|
12
|
-
## [5.
|
12
|
+
## [5.4.0] - 2022-08-16
|
13
13
|
|
14
14
|
### Added
|
15
15
|
- Added support for OIDC V2 authentication endpoint.
|
@@ -376,8 +376,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
376
376
|
|
377
377
|
## [2.0.0] - 2013-13-12
|
378
378
|
|
379
|
-
[Unreleased]: https://github.com/cyberark/conjur-api-ruby/compare/v5.
|
380
|
-
[5.
|
379
|
+
[Unreleased]: https://github.com/cyberark/conjur-api-ruby/compare/v5.4.0...HEAD
|
380
|
+
[5.4.0]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.7...v5.4.0
|
381
381
|
[5.3.7]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.6...v5.3.7
|
382
382
|
[5.3.6]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.5...v5.3.6
|
383
383
|
[5.3.5]: https://github.com/cyberark/conjur-api-ruby/compare/v5.3.4...v5.3.5
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
5.
|
1
|
+
5.4.0-404
|
data/features/authn.feature
CHANGED
@@ -3,8 +3,8 @@ Feature: Authenticate with Conjur
|
|
3
3
|
Background:
|
4
4
|
Given I setup a keycloak authenticator
|
5
5
|
|
6
|
-
Scenario: Authenticate with OIDC
|
7
|
-
When I retrieve the
|
6
|
+
Scenario: Authenticate with OIDC code
|
7
|
+
When I retrieve the provider details for OIDC authenticator "keycloak"
|
8
8
|
And I retrieve auth info for the OIDC provider with username: "alice" and password: "alice"
|
9
9
|
And I run the code:
|
10
10
|
"""
|
@@ -12,3 +12,14 @@ Feature: Authenticate with Conjur
|
|
12
12
|
Conjur::API.authenticator_authenticate("authn-oidc", "keycloak", options: @auth_body)
|
13
13
|
"""
|
14
14
|
Then the JSON should have "payload"
|
15
|
+
|
16
|
+
Scenario: Authenticate with OIDC code requesting unparsed result
|
17
|
+
When I retrieve the provider details for OIDC authenticator "keycloak"
|
18
|
+
And I retrieve auth info for the OIDC provider with username: "alice" and password: "alice"
|
19
|
+
And I run the code:
|
20
|
+
"""
|
21
|
+
$conjur.authenticator_enable "authn-oidc", "keycloak"
|
22
|
+
Conjur::API.authenticator_authenticate_get("authn-oidc", "keycloak", options: @auth_body)
|
23
|
+
"""
|
24
|
+
Then the response body contains: "payload"
|
25
|
+
And the response includes headers
|
@@ -17,9 +17,11 @@ Then(/^this code should fail with "([^"]*)"$/) do |error_msg, code|
|
|
17
17
|
end
|
18
18
|
end
|
19
19
|
|
20
|
-
Given(/^I retrieve the
|
20
|
+
Given(/^I retrieve the provider details for OIDC authenticator "([^"]+)"$/) do |service_id|
|
21
21
|
provider = $conjur.authentication_providers("authn-oidc").select {|provider_details| provider_details["service_id"] == service_id}
|
22
22
|
@login_url = provider[0]["redirect_uri"]
|
23
|
+
@nonce = provider[0]["nonce"]
|
24
|
+
@code_verifier = provider[0]["code_verifier"]
|
23
25
|
puts @login_url
|
24
26
|
end
|
25
27
|
|
@@ -47,6 +49,14 @@ Given(/^I retrieve auth info for the OIDC provider with username: "([^"]+)" and
|
|
47
49
|
|
48
50
|
if response.is_a?(Net::HTTPRedirection)
|
49
51
|
response_details = URI.decode_www_form(URI(response['location']).query)
|
50
|
-
@auth_body = {
|
52
|
+
@auth_body = {code: response_details.assoc('code')[1], nonce: @nonce, code_verifier: @code_verifier}
|
51
53
|
end
|
52
54
|
end
|
55
|
+
|
56
|
+
Then(/^the response body contains: "([^"]+)"$/) do |element|
|
57
|
+
expect(@result).to include(element)
|
58
|
+
end
|
59
|
+
|
60
|
+
Then(/^the response includes headers$/) do
|
61
|
+
expect(@result.headers).not_to be_empty
|
62
|
+
end
|
data/lib/conjur/api/authn.rb
CHANGED
@@ -63,10 +63,22 @@ module Conjur
|
|
63
63
|
# @param [Hash] params Additional params to send to authenticator
|
64
64
|
# @return [String] A JSON formatted authentication token.
|
65
65
|
def authenticator_authenticate authenticator, service_id, account: Conjur.configuration.account, options: {}
|
66
|
+
JSON.parse authenticator_authenticate_get authenticator, service_id, account: account, options: options
|
67
|
+
end
|
68
|
+
|
69
|
+
# Authenticates using a third party authenticator like authn-oidc via GET request.
|
70
|
+
# It will return an response object containing access/refresh token data.
|
71
|
+
#
|
72
|
+
# @param [String] authenticator
|
73
|
+
# @param [String] service_id
|
74
|
+
# @param [String] account The organization account.
|
75
|
+
# @param [Hash] params Additional params to send to authenticator
|
76
|
+
# @return [RestClient::Response] Response object
|
77
|
+
def authenticator_authenticate_get authenticator, service_id, account: Conjur.configuration.account, options: {}
|
66
78
|
if Conjur.log
|
67
79
|
Conjur.log << "Authenticating to account #{account} using #{authenticator}/#{service_id}\n"
|
68
80
|
end
|
69
|
-
|
81
|
+
url_for(:authenticator_authenticate, account, service_id, authenticator, options).get
|
70
82
|
end
|
71
83
|
|
72
84
|
# Exchanges Conjur the API key (refresh token) for an access token. The access token can
|
@@ -13,7 +13,7 @@ describe "Conjur::API.host_factory_create_host", api: :dummy do
|
|
13
13
|
resource = instance_double(RestClient::Resource, "hosts")
|
14
14
|
)
|
15
15
|
|
16
|
-
allow(resource).to receive(:post).with(id: id).and_return(
|
16
|
+
allow(resource).to receive(:post).with({id: id}).and_return(
|
17
17
|
instance_double(RestClient::Response, "host response", body: '
|
18
18
|
{
|
19
19
|
"id": "test-host",
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conjur-api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.
|
4
|
+
version: 5.4.0.pre.404
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- CyberArk Maintainers
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-11-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rest-client
|