Enable gcp authenticator #2448
Enable gcp authenticator #2448
Conversation
![codeclimate[bot]](https://avatars.githubusercontent.com/in/9403?s=60&v=4){kind=small}
app/domain/authentication/security/validate_webservice_is_authenticator.rb
Show resolved
Hide resolved
app/domain/authentication/security/validate_webservice_is_authenticator.rb
Show resolved
Hide resolved
aloncarmel111
force-pushed
the
enable-gcp-authenticator
branch
from
1b2aaf0
to
00c271e
Compare
| @@ -21,7 +21,7 @@ def validate_webservice_is_configured_authenticator | |||
| end | |||
|
|
|||
| def webservice_id | |||
| "#{@webservice.authenticator_name}/#{@webservice.service_id}" | |||
| @webservice.service_id.blank? ? @webservice.authenticator_name : "#{@webservice.authenticator_name}/#{@webservice.service_id}" | |||
There was a problem hiding this comment.
Maybe in this place you should call function that checks if the authenticator is with mandatory for service id?
| @@ -25,7 +25,7 @@ def matches?(request) | |||
| get '/authn-jwt/:service_id/:account/status' => 'authenticate#authn_jwt_status' | |||
| get '/:authenticator(/:service_id)/:account/status' => 'authenticate#status' | |||
|
|
|||
| patch '/:authenticator/:service_id/:account' => 'authenticate#update_config' | |||
| patch '/:authenticator(/:service_id)/:account' => 'authenticate#update_config' | |||
There was a problem hiding this comment.
WDYT on the following change?
patch '/:authn-gcp/:account' => 'authenticate#update_config'
patch '/:authenticator/:service_id/:account' => 'authenticate#update_config'
There was a problem hiding this comment.
Think that there are some other authenticator define with service-id as an optional parameter
| """ | ||
| And authenticator "cucumber:webservice:conjur/authn-gcp" is disabled | ||
|
|
||
| Scenario: Authenticated user can not update authenticator without service-id |
There was a problem hiding this comment.
the headline is misleading , did you meant to test here an unauthorized user ?
There was a problem hiding this comment.
yes fixed the scenario name
| """ | ||
| enabled=true | ||
| """ | ||
| Then the HTTP response status code is 401 |
There was a problem hiding this comment.
if you will agree to my change above o thin that here you will get 404 instead of 401
There was a problem hiding this comment.
we will get also 401 because the url is still valid
CHANGELOG.md
Outdated
| @@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. | |||
|
|
|||
| ## [Unreleased] | |||
|
|
|||
| ### Added | |||
| - Added API endpoint to enable and disable GCP authenticator. [#2448](https://github.com/cyberark/conjur/pull/2448) | |||
There was a problem hiding this comment.
Lists should be surrounded by blank lines
aloncarmel111
dismissed stale reviews from tzheleznyak and uCatu
via
e4f5fa5
aloncarmel111
force-pushed
the
enable-gcp-authenticator
branch
from
00c271e
to
e4f5fa5
Compare
|
Code Climate has analyzed commit e4f5fa5 and detected 3 issues on this pull request. Here's the issue category breakdown:
The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 91.0% (0.0% change). View more on Code Climate. |
|
Internal issue link. |
Desired Outcome
I want to be able to enable GCP authenticator on Conjur, so I could authenticate using authn-gcp authenticator, to authenticate securely on GCP platform.
Currently to enable authenticator, the user needs to run REST API request to enable the authenticator. The REST doesn't support authenticator that doesn't have serviceid.
We should add the ability to enable authenticator that missing service-id.
Implemented Changes
We want to use the existing REST API endpoint, and update service-id to be optional parameter in the URL
Before change:
patch '/:authenticator/:service_id/:account' => 'authenticate#update_config'
After change:
patch '/:authenticator/(:service_id)/:account' => 'authenticate#update_config'
Connected Issue/Story
Resolves #2389
Definition of Done
At least 1 todo must be completed in the sections below for the PR to be
merged.
Changelog
CHANGELOG update
Test coverage
changes, or
Documentation
READMEs) were updated in this PRBehavior
Security