Change internal implementation to rename mapping-claims into claim-al…

…iases ONYX-12932: Rename claim mapping variable (#2382) Rename fetch_mapping_claims class name Fix error reporting
cyberark · Oct 14, 2021 · dfb5197 · dfb5197
1 parent b2a1b2b
commit dfb5197
Show file tree

Hide file tree

Showing 9 changed files with 72 additions and 3 deletions.
diff --git a/app/domain/authentication/authn_jwt/consts.rb b/app/domain/authentication/authn_jwt/consts.rb
@@ -16,7 +16,11 @@ module AuthnJwt
  IDENTITY_PATH_CHARACTER_DELIMITER = "/"
  IDENTITY_TYPE_HOST = "host"
  ENFORCED_CLAIMS_RESOURCE_NAME = "enforced-claims"
+<<<<<<< HEAD
  CLAIM_ALIASES_RESOURCE_NAME = "claim-aliases"
+=======
+ MAPPING_CLAIMS_RESOURCE_NAME = "claim-aliases"
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  AUDIENCE_RESOURCE_NAME = "audience"
  PRIVILEGE_AUTHENTICATE="authenticate"
  ISS_CLAIM_NAME = "iss"

diff --git a/app/domain/authentication/authn_jwt/input_validation/parse_mapping_claims.rb b/app/domain/authentication/authn_jwt/input_validation/parse_mapping_claims.rb
@@ -1,8 +1,13 @@
 module Authentication
  module AuthnJwt
  module InputValidation
+<<<<<<< HEAD
  # Parse claim-aliases secret value and return a validated alias hashtable
  ParseClaimAliases ||= CommandClass.new(
+=======
+ # Parse claim-aliases secret value and return a validated mapping hashtable
+ ParseMappingClaims ||= CommandClass.new(
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  dependencies: {
  validate_claim_name: ValidateClaimName.new(
  deny_claims_list_value: CLAIMS_DENY_LIST

diff --git a/...iction_validation/fetch_mapping_claims.rb → ...riction_validation/fetch_claim_aliases.rb b/...iction_validation/fetch_mapping_claims.rb → ...riction_validation/fetch_claim_aliases.rb
diff --git a/...domain/authentication/authn_jwt/vendor_configurations/configuration_jwt_generic_vendor.rb b/...domain/authentication/authn_jwt/vendor_configurations/configuration_jwt_generic_vendor.rb
@@ -56,7 +56,7 @@ def validate_restrictions
  )
  )
  rescue Errors::Authentication::Constraints::NonPermittedRestrictionGiven => e
- raise Errors::Authentication::AuthnJwt::RoleWithRegisteredOrMappedClaimError, e.inspect
+ raise Errors::Authentication::AuthnJwt::RoleWithRegisteredOrClaimAliasError, e.inspect
  end
 
  def validate_and_decode_token

diff --git a/app/domain/errors.rb b/app/domain/errors.rb
@@ -515,30 +515,50 @@ module AuthnJwt
  code: "CONJ00108E"
  )
 
+<<<<<<< HEAD
  ClaimAliasesMissingInput = ::Util::TrackableErrorClass.new(
+=======
+ MappingClaimsMissingInput = ::Util::TrackableErrorClass.new(
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  msg: "Failed to parse claim aliases: the claim aliases value is empty or was not found.",
  code: "CONJ00109E"
  )
 
+<<<<<<< HEAD
  ClaimAliasesBlankOrEmpty = ::Util::TrackableErrorClass.new(
+=======
+ MappingClaimsBlankOrEmpty = ::Util::TrackableErrorClass.new(
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  msg: "Failed to parse claim aliases: one or more mapping statements are blank or empty " \
  "'{0-claim-aliases-value}'.",
  code: "CONJ00110E"
  )
 
+<<<<<<< HEAD
  ClaimAliasInvalidFormat = ::Util::TrackableErrorClass.new(
+=======
+ MappingClaimInvalidFormat = ::Util::TrackableErrorClass.new(
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  msg: "Failed to parse claim aliases: the claim alias value '{0-claim-alias-value}' is in invalid format."\
  "The correct format is: 'annotation_name:claim_name'",
  code: "CONJ00111E"
  )
 
+<<<<<<< HEAD
  ClaimAliasInvalidClaimFormat = ::Util::TrackableErrorClass.new(
+=======
+ MappingClaimInvalidClaimFormat = ::Util::TrackableErrorClass.new(
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  msg: "Failed to parse claim aliases: one of the claims in the claim alias value '{0-claim-alias-value}' " \
  "is in an invalid format : {1-claim-verification-error}.",
  code: "CONJ00112E"
  )
 
+<<<<<<< HEAD
  ClaimAliasDuplicationError = ::Util::TrackableErrorClass.new(
+=======
+ MappingClaimDuplicationError = ::Util::TrackableErrorClass.new(
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  msg: "Failed to parse claim aliases: {0-purpose} value '{1-claim-value}' appears more than once",
  code: "CONJ00113E"
  )

diff --git a/app/domain/logs.rb b/app/domain/logs.rb
@@ -620,12 +620,20 @@ module AuthnJwt
  code: "CONJ00124I"
  )
 
+<<<<<<< HEAD
  ParsingClaimAliases = ::Util::TrackableLogMessageClass.new(
+=======
+ ParsingMappingClaims = ::Util::TrackableLogMessageClass.new(
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  msg: "Parsing claim aliases '{0-claim-aliases}'...",
  code: "CONJ00125D"
  )
 
+<<<<<<< HEAD
  ParsedClaimAliases = ::Util::TrackableLogMessageClass.new(
+=======
+ ParsedMappingClaims = ::Util::TrackableLogMessageClass.new(
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  msg: "Successfully parsed claim aliases '{0-claim-aliases-table}'",
  code: "CONJ00126D"
  )
@@ -635,17 +643,29 @@ module AuthnJwt
  code: "CONJ00127D"
  )
 
+<<<<<<< HEAD
  FetchingClaimAliases = ::Util::TrackableLogMessageClass.new(
+=======
+ FetchingMappingClaims = ::Util::TrackableLogMessageClass.new(
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  msg: "Fetching claim aliases...",
  code: "CONJ00128D"
  )
 
+<<<<<<< HEAD
  NotConfiguredClaimAliases = ::Util::TrackableLogMessageClass.new(
+=======
+ NotConfiguredMappingClaims = ::Util::TrackableLogMessageClass.new(
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  msg: "No claim aliases configured",
  code: "CONJ00129D"
  )
 
+<<<<<<< HEAD
  FetchedClaimAliases = ::Util::TrackableLogMessageClass.new(
+=======
+ FetchedMappingClaims = ::Util::TrackableLogMessageClass.new(
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  msg: "Successfully fetched claim aliases '{0-claim-aliases}'",
  code: "CONJ00130I"
  )
@@ -675,7 +695,11 @@ module AuthnJwt
  code: "CONJ00135D"
  )
 
+<<<<<<< HEAD
  ValidatedClaimAliasesConfiguration = ::Util::TrackableLogMessageClass.new(
+=======
+ ValidatedMappingClaimsConfiguration = ::Util::TrackableLogMessageClass.new(
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  msg: "Successfully validated the configured claim aliases",
  code: "CONJ00136D"
  )

diff --git a/cucumber/authenticators_jwt/features/authn_jwt_token_schema.feature b/cucumber/authenticators_jwt/features/authn_jwt_token_schema.feature
@@ -214,7 +214,7 @@ Feature: JWT Authenticator - Token Schema
  Then the HTTP response status code is 401
  And The following appears in the log after my savepoint:
  """
- CONJ00069E Role can't have registered or mapped claim
+ CONJ00069E Role can't have registered or aliased claim
  """
  Examples:
  | claim |
@@ -412,7 +412,7 @@ Feature: JWT Authenticator - Token Schema
  Then the HTTP response status code is 401
  And The following appears in the log after my savepoint:
  """
- CONJ00069E Role can't have registered or mapped claim
+ CONJ00069E Role can't have registered or aliased claim
  """
 
  @sanity
@@ -629,7 +629,11 @@ Feature: JWT Authenticator - Token Schema
  role: !group conjur/authn-jwt/raw/hosts
  member: !host myapp
  """
+<<<<<<< HEAD
  And I successfully set authn-jwt "claim-aliases" variable to value "<alias>"
+=======
+ And I successfully set authn-jwt "claim-aliases" variable to value "<mapping>"
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  And I am using file "authn-jwt-token-schema" and alg "RS256" for remotely issue token:
  """
  {

diff --git a/spec/app/domain/authentication/authn-jwt/restriction_validation/fetch_mapping_claims_spec.rb b/spec/app/domain/authentication/authn-jwt/restriction_validation/fetch_mapping_claims_spec.rb
@@ -124,7 +124,11 @@
  end
 
  it "returns parsed claim aliases hashtable" do
+<<<<<<< HEAD
  expect(subject).to eql(claim_aliases_valid_parsed_secret_value)
+=======
+ expect(subject).to eql(mapping_claims_valid_parsed_secret_value)
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  end
  end
  end

diff --git a/spec/app/domain/authentication/authn-jwt/validate_status_spec.rb b/spec/app/domain/authentication/authn-jwt/validate_status_spec.rb
@@ -29,7 +29,11 @@
  let(:mocked_invalid_fetch_issuer_value) { double("Mocked invalid fetch issuer value") }
  let(:mocked_invalid_fetch_audience_value) { double("Mocked invalid audience issuer value") }
  let(:mocked_invalid_fetch_enforced_claims) { double("Mocked invalid fetch enforced claims value") }
+<<<<<<< HEAD
  let(:mocked_invalid_fetch_claim_aliases) { double("Mocked invalid fetch claim aliases value") }
+=======
+ let(:mocked_invalid_fetch_mapping_claims) { double("Mocked invalid fetch claim aliases value") }
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  let(:mocked_valid_identity_from_decoded_token_provider) { double("Mocked valid identity from decoded token provider") }
  let(:mocked_valid_identity_configured_properly) { double("Mocked valid identity configured properly") }
  let(:mocked_invalid_identity_configured_properly) { double("Mocked invalid identity configured properly") }
@@ -48,7 +52,11 @@
  let(:fetch_issuer_configuration_is_invalid_error) { "Fetch issuer configuration is invalid" }
  let(:fetch_audience_configuration_is_invalid_error) { "Fetch audience configuration is invalid" }
  let(:fetch_enforced_claims_configuration_is_invalid_error) { "Fetch enforced claims configuration is invalid" }
+<<<<<<< HEAD
  let(:fetch_claim_aliases_configuration_is_invalid_error) { "Fetch claim aliases configuration is invalid" }
+=======
+ let(:fetch_mapping_claims_configuration_is_invalid_error) { "Fetch claim aliases configuration is invalid" }
+>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382)
  let(:webservice_is_not_whitelisted_error) { "Webservice is not whitelisted" }
  let(:user_cant_access_webservice_error) { "User cant access webservice" }
  let(:webservice_does_not_exist_error) { "Webservice does not exist" }