conjur-api 5.4.0 → 5.4.1.pre.508
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -2
- data/VERSION +1 -1
- data/features/authn.feature +13 -2
- data/features/load_policy.feature +2 -1
- data/features/step_definitions/api_steps.rb +12 -2
- data/lib/conjur/api/authn.rb +13 -1
- data/spec/api/host_factories_spec.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f7831b6bc5f5385959bf52949472e1ebcef0e6c42544235d28088703993472be
|
|
4
|
+
data.tar.gz: b2657be52ef3c84cecea5c6e3cc05448cc4318b777514a80fdf486092be09297
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b4a2f8a658b6c250d25722fb6b681969cffcbc684f29468d9a8cfcd887e78c3e2c4dc5305a17f0e22507c7ae91ddb6ea752cdbf0cb8fd7471ff92f4ec2653dd0
|
|
7
|
+
data.tar.gz: fc8715335fb1f7e2c8d54c782613190a22f7293587f405e6cc1318183868711f18ca283214b3c96bc9f891309ab48499cd56489cd8e5c6a3e688b4fdf5f88e6c
|
data/CHANGELOG.md
CHANGED
|
@@ -9,13 +9,18 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
9
9
|
- Nothing should go in this section, please add to the latest unreleased version
|
|
10
10
|
(and update the corresponding date), or add a new version.
|
|
11
11
|
|
|
12
|
+
## [5.4.1] - 2023-03-29
|
|
13
|
+
### Added
|
|
14
|
+
- Added authenticate wrapper to access unparsed response object (including headers).
|
|
15
|
+
[cyberark/conjur-api-ruby#213](https://github.com/cyberark/conjur-api-ruby/pull/213)
|
|
16
|
+
|
|
12
17
|
## [5.4.0] - 2022-08-16
|
|
13
18
|
|
|
14
19
|
### Added
|
|
15
20
|
- Added support for OIDC V2 authentication endpoint.
|
|
16
|
-
[cyberark/
|
|
21
|
+
[cyberark/conjur-api-ruby#207](https://github.com/cyberark/conjur-api-ruby/pull/207)
|
|
17
22
|
- Added support for OIDC authenticator providers endpoint.
|
|
18
|
-
[cyberark/
|
|
23
|
+
[cyberark/conjur-api-ruby#207](https://github.com/cyberark/conjur-api-ruby/pull/207)
|
|
19
24
|
|
|
20
25
|
### Changed
|
|
21
26
|
- Remove support for Ruby versions <2.7 which are [end of life](https://endoflife.date/ruby).
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
5.4.
|
|
1
|
+
5.4.1-508
|
data/features/authn.feature
CHANGED
|
@@ -3,8 +3,8 @@ Feature: Authenticate with Conjur
|
|
|
3
3
|
Background:
|
|
4
4
|
Given I setup a keycloak authenticator
|
|
5
5
|
|
|
6
|
-
Scenario: Authenticate with OIDC
|
|
7
|
-
When I retrieve the
|
|
6
|
+
Scenario: Authenticate with OIDC code
|
|
7
|
+
When I retrieve the provider details for OIDC authenticator "keycloak"
|
|
8
8
|
And I retrieve auth info for the OIDC provider with username: "alice" and password: "alice"
|
|
9
9
|
And I run the code:
|
|
10
10
|
"""
|
|
@@ -12,3 +12,14 @@ Feature: Authenticate with Conjur
|
|
|
12
12
|
Conjur::API.authenticator_authenticate("authn-oidc", "keycloak", options: @auth_body)
|
|
13
13
|
"""
|
|
14
14
|
Then the JSON should have "payload"
|
|
15
|
+
|
|
16
|
+
Scenario: Authenticate with OIDC code requesting unparsed result
|
|
17
|
+
When I retrieve the provider details for OIDC authenticator "keycloak"
|
|
18
|
+
And I retrieve auth info for the OIDC provider with username: "alice" and password: "alice"
|
|
19
|
+
And I run the code:
|
|
20
|
+
"""
|
|
21
|
+
$conjur.authenticator_enable "authn-oidc", "keycloak"
|
|
22
|
+
Conjur::API.authenticator_authenticate_get("authn-oidc", "keycloak", options: @auth_body)
|
|
23
|
+
"""
|
|
24
|
+
Then the response body contains: "payload"
|
|
25
|
+
And the response includes headers
|
|
@@ -17,9 +17,11 @@ Then(/^this code should fail with "([^"]*)"$/) do |error_msg, code|
|
|
|
17
17
|
end
|
|
18
18
|
end
|
|
19
19
|
|
|
20
|
-
Given(/^I retrieve the
|
|
20
|
+
Given(/^I retrieve the provider details for OIDC authenticator "([^"]+)"$/) do |service_id|
|
|
21
21
|
provider = $conjur.authentication_providers("authn-oidc").select {|provider_details| provider_details["service_id"] == service_id}
|
|
22
22
|
@login_url = provider[0]["redirect_uri"]
|
|
23
|
+
@nonce = provider[0]["nonce"]
|
|
24
|
+
@code_verifier = provider[0]["code_verifier"]
|
|
23
25
|
puts @login_url
|
|
24
26
|
end
|
|
25
27
|
|
|
@@ -47,6 +49,14 @@ Given(/^I retrieve auth info for the OIDC provider with username: "([^"]+)" and
|
|
|
47
49
|
|
|
48
50
|
if response.is_a?(Net::HTTPRedirection)
|
|
49
51
|
response_details = URI.decode_www_form(URI(response['location']).query)
|
|
50
|
-
@auth_body = {
|
|
52
|
+
@auth_body = {code: response_details.assoc('code')[1], nonce: @nonce, code_verifier: @code_verifier}
|
|
51
53
|
end
|
|
52
54
|
end
|
|
55
|
+
|
|
56
|
+
Then(/^the response body contains: "([^"]+)"$/) do |element|
|
|
57
|
+
expect(@result).to include(element)
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
Then(/^the response includes headers$/) do
|
|
61
|
+
expect(@result.headers).not_to be_empty
|
|
62
|
+
end
|
data/lib/conjur/api/authn.rb
CHANGED
|
@@ -63,10 +63,22 @@ module Conjur
|
|
|
63
63
|
# @param [Hash] params Additional params to send to authenticator
|
|
64
64
|
# @return [String] A JSON formatted authentication token.
|
|
65
65
|
def authenticator_authenticate authenticator, service_id, account: Conjur.configuration.account, options: {}
|
|
66
|
+
JSON.parse authenticator_authenticate_get authenticator, service_id, account: account, options: options
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
# Authenticates using a third party authenticator like authn-oidc via GET request.
|
|
70
|
+
# It will return an response object containing access/refresh token data.
|
|
71
|
+
#
|
|
72
|
+
# @param [String] authenticator
|
|
73
|
+
# @param [String] service_id
|
|
74
|
+
# @param [String] account The organization account.
|
|
75
|
+
# @param [Hash] params Additional params to send to authenticator
|
|
76
|
+
# @return [RestClient::Response] Response object
|
|
77
|
+
def authenticator_authenticate_get authenticator, service_id, account: Conjur.configuration.account, options: {}
|
|
66
78
|
if Conjur.log
|
|
67
79
|
Conjur.log << "Authenticating to account #{account} using #{authenticator}/#{service_id}\n"
|
|
68
80
|
end
|
|
69
|
-
|
|
81
|
+
url_for(:authenticator_authenticate, account, service_id, authenticator, options).get
|
|
70
82
|
end
|
|
71
83
|
|
|
72
84
|
# Exchanges Conjur the API key (refresh token) for an access token. The access token can
|
|
@@ -13,7 +13,7 @@ describe "Conjur::API.host_factory_create_host", api: :dummy do
|
|
|
13
13
|
resource = instance_double(RestClient::Resource, "hosts")
|
|
14
14
|
)
|
|
15
15
|
|
|
16
|
-
allow(resource).to receive(:post).with(id: id).and_return(
|
|
16
|
+
allow(resource).to receive(:post).with({id: id}).and_return(
|
|
17
17
|
instance_double(RestClient::Response, "host response", body: '
|
|
18
18
|
{
|
|
19
19
|
"id": "test-host",
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: conjur-api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.4.
|
|
4
|
+
version: 5.4.1.pre.508
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- CyberArk Maintainers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-03-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rest-client
|
|
@@ -410,9 +410,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
410
410
|
version: '1.9'
|
|
411
411
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
412
412
|
requirements:
|
|
413
|
-
- - "
|
|
413
|
+
- - ">"
|
|
414
414
|
- !ruby/object:Gem::Version
|
|
415
|
-
version:
|
|
415
|
+
version: 1.3.1
|
|
416
416
|
requirements: []
|
|
417
417
|
rubygems_version: 3.2.33
|
|
418
418
|
signing_key:
|