Merge pull request #115 from cyberark/iam-authenticator

Add generic authenticator endpoints to spec
cyberark · Jan 19, 2021 · 5404481 · 5404481
2 parents 6302d6d + b2cf344
commit 5404481
Show file tree

Hide file tree

Showing 21 changed files with 750 additions and 54 deletions.
diff --git a/.gitleaks.toml b/.gitleaks.toml
@@ -180,5 +180,6 @@ tags = ["key", "twilio"]
 files = [
   '''(.*?)(jpg|gif|doc|pdf|bin)$''',
   '''(.*?)conjur.key$''',
-  '''.gitleaks.toml'''
+  '''.gitleaks.toml''',
+  '''ldap-server.key.pem'''
 ]
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -28,3 +28,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
   [cybeark/conjur-openapi-spec#68](https://github.com/cyberark/conjur-openapi-spec/issues/68)
 - The roles `graph` query parameter is now included in the spec file. Allows for viewing a role as a graph/tree.
   [cyberark/conjur-openapi-spec#69](https://github.com/cyberark/conjur-openapi-spec/issues/69)
+- Generic authenticator endpoint that covers most Conjur platform authenticators.
+  [cyberark/conjur-openapi-spec#74](https://github.com/cyberark/conjur-openapi-spec/issues/74)
+  [cyberark/conjur-openapi-spec#70](https://github.com/cyberark/conjur-openapi-spec/issues/70)
+  [cyberark/conjur-openapi-spec#75](https://github.com/cyberark/conjur-openapi-spec/issues/75)
+- Endpoint to configure enabled Conjur authenticators via the API.
+  [cyberark/conjur-openapi-spec#66](https://github.com/cyberark/conjur-openapi-spec/issues/66)
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -20,7 +20,7 @@ pipeline {
             post {
                 always {
                     junit 'nose2-junit.xml'
-                    cobertura autoUpdateHealth: false, autoUpdateStability: true, coberturaReportFile: 'coverage.xml', conditionalCoverageTargets: '75, 0, 75', failUnhealthy: true, failUnstable: true, lineCoverageTargets: '75, 0, 75', maxNumberOfBuilds: 0, methodCoverageTargets: '75, 0, 75', onlyStable: false, sourceEncoding: 'ASCII', zoomCoverageChart: false
+                    cobertura autoUpdateHealth: false, autoUpdateStability: false, coberturaReportFile: 'coverage.xml', conditionalCoverageTargets: '75, 0, 75', failUnhealthy: true, failUnstable: false, lineCoverageTargets: '75, 0, 75', maxNumberOfBuilds: 0, methodCoverageTargets: '75, 0, 75', onlyStable: false, sourceEncoding: 'ASCII', zoomCoverageChart: false
                     sh """
                     if [[ -x cc-test-reporter ]]; then
                       echo "cc-test-reporter binary found, reporting coverage data to code climate"

diff --git a/bin/cli b/bin/cli
@@ -1,4 +1,7 @@
 #!/bin/bash
 
+./bin/get_conjur_admin_key
+
 docker-compose up -d cli
+docker-compose exec cli bash -c "conjur init -u http://conjur -a dev"
 docker-compose exec cli bash
diff --git a/bin/get_conjur_admin_key b/bin/get_conjur_admin_key
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+admin_api_key=$(docker-compose exec -T conjur conjurctl role retrieve-key dev:user:admin | tr -d '\r')
+export CONJUR_AUTHN_API_KEY=$admin_api_key
+
+echo "Conjur admin api key $admin_api_key"
+
+# Docker-compose will pick this file up when starting containers
+# so we will have these variables in the container
+cat <<ENV > .env
+CONJUR_AUTHN_API_KEY=$admin_api_key
+ENV
diff --git a/bin/integration_tests b/bin/integration_tests
@@ -13,15 +13,7 @@ fi
 bin/generate_client
 bin/start_conjur
 
-echo "Configuring Conjur..."
-admin_api_key=$(docker-compose exec -T conjur conjurctl role retrieve-key dev:user:admin | tr -d '\r')
-export CONJUR_AUTHN_API_KEY=$admin_api_key
-
-# Docker-compose will pick this file up when starting containers
-# so we will have these variables in the container
-cat <<ENV > .env
-CONJUR_AUTHN_API_KEY=$admin_api_key
-ENV
+bin/get_conjur_admin_key
 
 echo "Building and starting test env..."
 docker-compose build test-python
@@ -37,4 +29,4 @@ fi
 docker-compose run \
   --no-deps \
   test-python \
-  nose2 --plugin nose2.plugins.junitxml --with-coverage --coverage-report xml -X -v -s test/python/
+  nose2 --plugin nose2.plugins.junitxml --with-coverage --coverage-report xml -X -v -s test/python
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -12,12 +12,19 @@ services:
       CONJUR_DATA_KEY: 'OyXV68Mip14xj33huGaQKewmmS+gKtDlp6ECZ2iATpU='
       DATABASE_URL: postgres://postgres@pg/postgres
       RAILS_ENV: development
+      CONJUR_AUTHENTICATORS: authn-ldap/test,authn
+      LDAP_URI: ldap://ldap-server:389
+      LDAP_BASE: dc=conjur,dc=net
+      LDAP_BINDDN: cn=admin,dc=conjur,dc=net
+      LDAP_BINDPW: ldapsecret
+      LDAP_FILTER: (uid=%s)
     ports:
       - "80:80"
     volumes:
       - ./test/config:/policy:ro
     depends_on:
       - pg
+      - ldap-server
 
   conjur-https:
     image: nginx:alpine
@@ -50,6 +57,7 @@ services:
       - conjur-https
     volumes:
       - .:/opt/conjur-openapi-spec
+      - ./test/config/ldap/certs:/ldap-certs:ro
 
   test-api:
     build:
@@ -85,7 +93,29 @@ services:
       CONJUR_HTTPS_APPLIANCE_URL: https://conjur-https
       CONJUR_ACCOUNT: dev
       CONJUR_AUTHN_LOGIN: admin
-      CONJUR_AUTHN_API_KEY: Null
       CONJUR_CA_BUNDLE: /opt/conjur-openapi-spec/config/https/ca.crt
+      CONJUR_AUTHN_API_KEY: Null
     volumes:
       - ./:/src
+    depends_on:
+      - conjur
+      - conjur-https
+
+  ldap-server:
+    image: osixia/openldap
+    command: --copy-service --loglevel debug
+    hostname: ldap-server
+    environment:
+      LDAP_ORGANIZATION: CyberArk
+      LDAP_DOMAIN: conjur.net
+      LDAP_ADMIN_PASSWORD: ldapsecret
+      LDAP_TLS_CA_CRT_FILENAME: "ca-chain.cert.pem"
+      LDAP_TLS_CRT_FILENAME: "ldap-server.cert.pem"
+      LDAP_TLS_KEY_FILENAME: "ldap-server.key.pem"
+      LDAP_TLS_DH_PARAM_FILENAME: 'dhparam.pem'
+      LDAP_TLS_VERIFY_CLIENT: try
+    ports:
+      - "389:389"
+    volumes:
+      - ./test/config/ldap:/container/service/slapd/assets/config/bootstrap/ldif/custom
+      - ./test/config/ldap/certs:/container/service/slapd/assets/certs:ro