conjur-api 5.4.0 → 5.4.1.pre.508
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -2
- data/VERSION +1 -1
- data/features/authn.feature +13 -2
- data/features/load_policy.feature +2 -1
- data/features/step_definitions/api_steps.rb +12 -2
- data/lib/conjur/api/authn.rb +13 -1
- data/spec/api/host_factories_spec.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f7831b6bc5f5385959bf52949472e1ebcef0e6c42544235d28088703993472be
|
|
4
|
+
data.tar.gz: b2657be52ef3c84cecea5c6e3cc05448cc4318b777514a80fdf486092be09297
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b4a2f8a658b6c250d25722fb6b681969cffcbc684f29468d9a8cfcd887e78c3e2c4dc5305a17f0e22507c7ae91ddb6ea752cdbf0cb8fd7471ff92f4ec2653dd0
|
|
7
|
+
data.tar.gz: fc8715335fb1f7e2c8d54c782613190a22f7293587f405e6cc1318183868711f18ca283214b3c96bc9f891309ab48499cd56489cd8e5c6a3e688b4fdf5f88e6c
|
data/CHANGELOG.md
CHANGED
|
@@ -9,13 +9,18 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
9
9
|
- Nothing should go in this section, please add to the latest unreleased version
|
|
10
10
|
(and update the corresponding date), or add a new version.
|
|
11
11
|
|
|
12
|
+
## [5.4.1] - 2023-03-29
|
|
13
|
+
### Added
|
|
14
|
+
- Added authenticate wrapper to access unparsed response object (including headers).
|
|
15
|
+
[cyberark/conjur-api-ruby#213](https://github.com/cyberark/conjur-api-ruby/pull/213)
|
|
16
|
+
|
|
12
17
|
## [5.4.0] - 2022-08-16
|
|
13
18
|
|
|
14
19
|
### Added
|
|
15
20
|
- Added support for OIDC V2 authentication endpoint.
|
|
16
|
-
[cyberark/
|
|
21
|
+
[cyberark/conjur-api-ruby#207](https://github.com/cyberark/conjur-api-ruby/pull/207)
|
|
17
22
|
- Added support for OIDC authenticator providers endpoint.
|
|
18
|
-
[cyberark/
|
|
23
|
+
[cyberark/conjur-api-ruby#207](https://github.com/cyberark/conjur-api-ruby/pull/207)
|
|
19
24
|
|
|
20
25
|
### Changed
|
|
21
26
|
- Remove support for Ruby versions <2.7 which are [end of life](https://endoflife.date/ruby).
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
5.4.
|
|
1
|
+
5.4.1-508
|
data/features/authn.feature
CHANGED
|
@@ -3,8 +3,8 @@ Feature: Authenticate with Conjur
|
|
|
3
3
|
Background:
|
|
4
4
|
Given I setup a keycloak authenticator
|
|
5
5
|
|
|
6
|
-
Scenario: Authenticate with OIDC
|
|
7
|
-
When I retrieve the
|
|
6
|
+
Scenario: Authenticate with OIDC code
|
|
7
|
+
When I retrieve the provider details for OIDC authenticator "keycloak"
|
|
8
8
|
And I retrieve auth info for the OIDC provider with username: "alice" and password: "alice"
|
|
9
9
|
And I run the code:
|
|
10
10
|
"""
|
|
@@ -12,3 +12,14 @@ Feature: Authenticate with Conjur
|
|
|
12
12
|
Conjur::API.authenticator_authenticate("authn-oidc", "keycloak", options: @auth_body)
|
|
13
13
|
"""
|
|
14
14
|
Then the JSON should have "payload"
|
|
15
|
+
|
|
16
|
+
Scenario: Authenticate with OIDC code requesting unparsed result
|
|
17
|
+
When I retrieve the provider details for OIDC authenticator "keycloak"
|
|
18
|
+
And I retrieve auth info for the OIDC provider with username: "alice" and password: "alice"
|
|
19
|
+
And I run the code:
|
|
20
|
+
"""
|
|
21
|
+
$conjur.authenticator_enable "authn-oidc", "keycloak"
|
|
22
|
+
Conjur::API.authenticator_authenticate_get("authn-oidc", "keycloak", options: @auth_body)
|
|
23
|
+
"""
|
|
24
|
+
Then the response body contains: "payload"
|
|
25
|
+
And the response includes headers
|
|
@@ -17,9 +17,11 @@ Then(/^this code should fail with "([^"]*)"$/) do |error_msg, code|
|
|
|
17
17
|
end
|
|
18
18
|
end
|
|
19
19
|
|
|
20
|
-
Given(/^I retrieve the
|
|
20
|
+
Given(/^I retrieve the provider details for OIDC authenticator "([^"]+)"$/) do |service_id|
|
|
21
21
|
provider = $conjur.authentication_providers("authn-oidc").select {|provider_details| provider_details["service_id"] == service_id}
|
|
22
22
|
@login_url = provider[0]["redirect_uri"]
|
|
23
|
+
@nonce = provider[0]["nonce"]
|
|
24
|
+
@code_verifier = provider[0]["code_verifier"]
|
|
23
25
|
puts @login_url
|
|
24
26
|
end
|
|
25
27
|
|
|
@@ -47,6 +49,14 @@ Given(/^I retrieve auth info for the OIDC provider with username: "([^"]+)" and
|
|
|
47
49
|
|
|
48
50
|
if response.is_a?(Net::HTTPRedirection)
|
|
49
51
|
response_details = URI.decode_www_form(URI(response['location']).query)
|
|
50
|
-
@auth_body = {
|
|
52
|
+
@auth_body = {code: response_details.assoc('code')[1], nonce: @nonce, code_verifier: @code_verifier}
|
|
51
53
|
end
|
|
52
54
|
end
|
|
55
|
+
|
|
56
|
+
Then(/^the response body contains: "([^"]+)"$/) do |element|
|
|
57
|
+
expect(@result).to include(element)
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
Then(/^the response includes headers$/) do
|
|
61
|
+
expect(@result.headers).not_to be_empty
|
|
62
|
+
end
|
data/lib/conjur/api/authn.rb
CHANGED
|
@@ -63,10 +63,22 @@ module Conjur
|
|
|
63
63
|
# @param [Hash] params Additional params to send to authenticator
|
|
64
64
|
# @return [String] A JSON formatted authentication token.
|
|
65
65
|
def authenticator_authenticate authenticator, service_id, account: Conjur.configuration.account, options: {}
|
|
66
|
+
JSON.parse authenticator_authenticate_get authenticator, service_id, account: account, options: options
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
# Authenticates using a third party authenticator like authn-oidc via GET request.
|
|
70
|
+
# It will return an response object containing access/refresh token data.
|
|
71
|
+
#
|
|
72
|
+
# @param [String] authenticator
|
|
73
|
+
# @param [String] service_id
|
|
74
|
+
# @param [String] account The organization account.
|
|
75
|
+
# @param [Hash] params Additional params to send to authenticator
|
|
76
|
+
# @return [RestClient::Response] Response object
|
|
77
|
+
def authenticator_authenticate_get authenticator, service_id, account: Conjur.configuration.account, options: {}
|
|
66
78
|
if Conjur.log
|
|
67
79
|
Conjur.log << "Authenticating to account #{account} using #{authenticator}/#{service_id}\n"
|
|
68
80
|
end
|
|
69
|
-
|
|
81
|
+
url_for(:authenticator_authenticate, account, service_id, authenticator, options).get
|
|
70
82
|
end
|
|
71
83
|
|
|
72
84
|
# Exchanges Conjur the API key (refresh token) for an access token. The access token can
|
|
@@ -13,7 +13,7 @@ describe "Conjur::API.host_factory_create_host", api: :dummy do
|
|
|
13
13
|
resource = instance_double(RestClient::Resource, "hosts")
|
|
14
14
|
)
|
|
15
15
|
|
|
16
|
-
allow(resource).to receive(:post).with(id: id).and_return(
|
|
16
|
+
allow(resource).to receive(:post).with({id: id}).and_return(
|
|
17
17
|
instance_double(RestClient::Response, "host response", body: '
|
|
18
18
|
{
|
|
19
19
|
"id": "test-host",
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: conjur-api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.4.
|
|
4
|
+
version: 5.4.1.pre.508
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- CyberArk Maintainers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-03-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rest-client
|
|
@@ -410,9 +410,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
410
410
|
version: '1.9'
|
|
411
411
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
412
412
|
requirements:
|
|
413
|
-
- - "
|
|
413
|
+
- - ">"
|
|
414
414
|
- !ruby/object:Gem::Version
|
|
415
|
-
version:
|
|
415
|
+
version: 1.3.1
|
|
416
416
|
requirements: []
|
|
417
417
|
rubygems_version: 3.2.33
|
|
418
418
|
signing_key:
|