From dfb5197ed7b2d4643e234b7d2cb9c361fda058d5 Mon Sep 17 00:00:00 2001 From: Semyon Estrin Date: Thu, 14 Oct 2021 12:57:25 +0300 Subject: [PATCH] Change internal implementation to rename mapping-claims into claim-aliases ONYX-12932: Rename claim mapping variable (#2382) Rename fetch_mapping_claims class name Fix error reporting --- app/domain/authentication/authn_jwt/consts.rb | 4 ++++ .../input_validation/parse_mapping_claims.rb | 5 ++++ ...pping_claims.rb => fetch_claim_aliases.rb} | 0 .../configuration_jwt_generic_vendor.rb | 2 +- app/domain/errors.rb | 20 ++++++++++++++++ app/domain/logs.rb | 24 +++++++++++++++++++ .../features/authn_jwt_token_schema.feature | 8 +++++-- .../fetch_mapping_claims_spec.rb | 4 ++++ .../authn-jwt/validate_status_spec.rb | 8 +++++++ 9 files changed, 72 insertions(+), 3 deletions(-) rename app/domain/authentication/authn_jwt/restriction_validation/{fetch_mapping_claims.rb => fetch_claim_aliases.rb} (100%) diff --git a/app/domain/authentication/authn_jwt/consts.rb b/app/domain/authentication/authn_jwt/consts.rb index 524ff2dafb..34cdac6961 100644 --- a/app/domain/authentication/authn_jwt/consts.rb +++ b/app/domain/authentication/authn_jwt/consts.rb @@ -16,7 +16,11 @@ module AuthnJwt IDENTITY_PATH_CHARACTER_DELIMITER = "/" IDENTITY_TYPE_HOST = "host" ENFORCED_CLAIMS_RESOURCE_NAME = "enforced-claims" +<<<<<<< HEAD CLAIM_ALIASES_RESOURCE_NAME = "claim-aliases" +======= + MAPPING_CLAIMS_RESOURCE_NAME = "claim-aliases" +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) AUDIENCE_RESOURCE_NAME = "audience" PRIVILEGE_AUTHENTICATE="authenticate" ISS_CLAIM_NAME = "iss" diff --git a/app/domain/authentication/authn_jwt/input_validation/parse_mapping_claims.rb b/app/domain/authentication/authn_jwt/input_validation/parse_mapping_claims.rb index bb6871ebf4..7b466767ac 100644 --- a/app/domain/authentication/authn_jwt/input_validation/parse_mapping_claims.rb +++ b/app/domain/authentication/authn_jwt/input_validation/parse_mapping_claims.rb @@ -1,8 +1,13 @@ module Authentication module AuthnJwt module InputValidation +<<<<<<< HEAD # Parse claim-aliases secret value and return a validated alias hashtable ParseClaimAliases ||= CommandClass.new( +======= + # Parse claim-aliases secret value and return a validated mapping hashtable + ParseMappingClaims ||= CommandClass.new( +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) dependencies: { validate_claim_name: ValidateClaimName.new( deny_claims_list_value: CLAIMS_DENY_LIST diff --git a/app/domain/authentication/authn_jwt/restriction_validation/fetch_mapping_claims.rb b/app/domain/authentication/authn_jwt/restriction_validation/fetch_claim_aliases.rb similarity index 100% rename from app/domain/authentication/authn_jwt/restriction_validation/fetch_mapping_claims.rb rename to app/domain/authentication/authn_jwt/restriction_validation/fetch_claim_aliases.rb diff --git a/app/domain/authentication/authn_jwt/vendor_configurations/configuration_jwt_generic_vendor.rb b/app/domain/authentication/authn_jwt/vendor_configurations/configuration_jwt_generic_vendor.rb index a7fa1b69bb..676943e668 100644 --- a/app/domain/authentication/authn_jwt/vendor_configurations/configuration_jwt_generic_vendor.rb +++ b/app/domain/authentication/authn_jwt/vendor_configurations/configuration_jwt_generic_vendor.rb @@ -56,7 +56,7 @@ def validate_restrictions ) ) rescue Errors::Authentication::Constraints::NonPermittedRestrictionGiven => e - raise Errors::Authentication::AuthnJwt::RoleWithRegisteredOrMappedClaimError, e.inspect + raise Errors::Authentication::AuthnJwt::RoleWithRegisteredOrClaimAliasError, e.inspect end def validate_and_decode_token diff --git a/app/domain/errors.rb b/app/domain/errors.rb index 7393786914..0eda480f86 100644 --- a/app/domain/errors.rb +++ b/app/domain/errors.rb @@ -515,30 +515,50 @@ module AuthnJwt code: "CONJ00108E" ) +<<<<<<< HEAD ClaimAliasesMissingInput = ::Util::TrackableErrorClass.new( +======= + MappingClaimsMissingInput = ::Util::TrackableErrorClass.new( +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) msg: "Failed to parse claim aliases: the claim aliases value is empty or was not found.", code: "CONJ00109E" ) +<<<<<<< HEAD ClaimAliasesBlankOrEmpty = ::Util::TrackableErrorClass.new( +======= + MappingClaimsBlankOrEmpty = ::Util::TrackableErrorClass.new( +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) msg: "Failed to parse claim aliases: one or more mapping statements are blank or empty " \ "'{0-claim-aliases-value}'.", code: "CONJ00110E" ) +<<<<<<< HEAD ClaimAliasInvalidFormat = ::Util::TrackableErrorClass.new( +======= + MappingClaimInvalidFormat = ::Util::TrackableErrorClass.new( +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) msg: "Failed to parse claim aliases: the claim alias value '{0-claim-alias-value}' is in invalid format."\ "The correct format is: 'annotation_name:claim_name'", code: "CONJ00111E" ) +<<<<<<< HEAD ClaimAliasInvalidClaimFormat = ::Util::TrackableErrorClass.new( +======= + MappingClaimInvalidClaimFormat = ::Util::TrackableErrorClass.new( +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) msg: "Failed to parse claim aliases: one of the claims in the claim alias value '{0-claim-alias-value}' " \ "is in an invalid format : {1-claim-verification-error}.", code: "CONJ00112E" ) +<<<<<<< HEAD ClaimAliasDuplicationError = ::Util::TrackableErrorClass.new( +======= + MappingClaimDuplicationError = ::Util::TrackableErrorClass.new( +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) msg: "Failed to parse claim aliases: {0-purpose} value '{1-claim-value}' appears more than once", code: "CONJ00113E" ) diff --git a/app/domain/logs.rb b/app/domain/logs.rb index 9a23277470..ac9b5a6183 100644 --- a/app/domain/logs.rb +++ b/app/domain/logs.rb @@ -620,12 +620,20 @@ module AuthnJwt code: "CONJ00124I" ) +<<<<<<< HEAD ParsingClaimAliases = ::Util::TrackableLogMessageClass.new( +======= + ParsingMappingClaims = ::Util::TrackableLogMessageClass.new( +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) msg: "Parsing claim aliases '{0-claim-aliases}'...", code: "CONJ00125D" ) +<<<<<<< HEAD ParsedClaimAliases = ::Util::TrackableLogMessageClass.new( +======= + ParsedMappingClaims = ::Util::TrackableLogMessageClass.new( +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) msg: "Successfully parsed claim aliases '{0-claim-aliases-table}'", code: "CONJ00126D" ) @@ -635,17 +643,29 @@ module AuthnJwt code: "CONJ00127D" ) +<<<<<<< HEAD FetchingClaimAliases = ::Util::TrackableLogMessageClass.new( +======= + FetchingMappingClaims = ::Util::TrackableLogMessageClass.new( +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) msg: "Fetching claim aliases...", code: "CONJ00128D" ) +<<<<<<< HEAD NotConfiguredClaimAliases = ::Util::TrackableLogMessageClass.new( +======= + NotConfiguredMappingClaims = ::Util::TrackableLogMessageClass.new( +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) msg: "No claim aliases configured", code: "CONJ00129D" ) +<<<<<<< HEAD FetchedClaimAliases = ::Util::TrackableLogMessageClass.new( +======= + FetchedMappingClaims = ::Util::TrackableLogMessageClass.new( +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) msg: "Successfully fetched claim aliases '{0-claim-aliases}'", code: "CONJ00130I" ) @@ -675,7 +695,11 @@ module AuthnJwt code: "CONJ00135D" ) +<<<<<<< HEAD ValidatedClaimAliasesConfiguration = ::Util::TrackableLogMessageClass.new( +======= + ValidatedMappingClaimsConfiguration = ::Util::TrackableLogMessageClass.new( +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) msg: "Successfully validated the configured claim aliases", code: "CONJ00136D" ) diff --git a/cucumber/authenticators_jwt/features/authn_jwt_token_schema.feature b/cucumber/authenticators_jwt/features/authn_jwt_token_schema.feature index 722f5404d3..fda003e751 100644 --- a/cucumber/authenticators_jwt/features/authn_jwt_token_schema.feature +++ b/cucumber/authenticators_jwt/features/authn_jwt_token_schema.feature @@ -214,7 +214,7 @@ Feature: JWT Authenticator - Token Schema Then the HTTP response status code is 401 And The following appears in the log after my savepoint: """ - CONJ00069E Role can't have registered or mapped claim + CONJ00069E Role can't have registered or aliased claim """ Examples: | claim | @@ -412,7 +412,7 @@ Feature: JWT Authenticator - Token Schema Then the HTTP response status code is 401 And The following appears in the log after my savepoint: """ - CONJ00069E Role can't have registered or mapped claim + CONJ00069E Role can't have registered or aliased claim """ @sanity @@ -629,7 +629,11 @@ Feature: JWT Authenticator - Token Schema role: !group conjur/authn-jwt/raw/hosts member: !host myapp """ +<<<<<<< HEAD And I successfully set authn-jwt "claim-aliases" variable to value "" +======= + And I successfully set authn-jwt "claim-aliases" variable to value "" +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) And I am using file "authn-jwt-token-schema" and alg "RS256" for remotely issue token: """ { diff --git a/spec/app/domain/authentication/authn-jwt/restriction_validation/fetch_mapping_claims_spec.rb b/spec/app/domain/authentication/authn-jwt/restriction_validation/fetch_mapping_claims_spec.rb index 0f8e4074a2..e4bb3c3731 100644 --- a/spec/app/domain/authentication/authn-jwt/restriction_validation/fetch_mapping_claims_spec.rb +++ b/spec/app/domain/authentication/authn-jwt/restriction_validation/fetch_mapping_claims_spec.rb @@ -124,7 +124,11 @@ end it "returns parsed claim aliases hashtable" do +<<<<<<< HEAD expect(subject).to eql(claim_aliases_valid_parsed_secret_value) +======= + expect(subject).to eql(mapping_claims_valid_parsed_secret_value) +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) end end end diff --git a/spec/app/domain/authentication/authn-jwt/validate_status_spec.rb b/spec/app/domain/authentication/authn-jwt/validate_status_spec.rb index e0e81c6247..3d278e91c9 100644 --- a/spec/app/domain/authentication/authn-jwt/validate_status_spec.rb +++ b/spec/app/domain/authentication/authn-jwt/validate_status_spec.rb @@ -29,7 +29,11 @@ let(:mocked_invalid_fetch_issuer_value) { double("Mocked invalid fetch issuer value") } let(:mocked_invalid_fetch_audience_value) { double("Mocked invalid audience issuer value") } let(:mocked_invalid_fetch_enforced_claims) { double("Mocked invalid fetch enforced claims value") } +<<<<<<< HEAD let(:mocked_invalid_fetch_claim_aliases) { double("Mocked invalid fetch claim aliases value") } +======= + let(:mocked_invalid_fetch_mapping_claims) { double("Mocked invalid fetch claim aliases value") } +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) let(:mocked_valid_identity_from_decoded_token_provider) { double("Mocked valid identity from decoded token provider") } let(:mocked_valid_identity_configured_properly) { double("Mocked valid identity configured properly") } let(:mocked_invalid_identity_configured_properly) { double("Mocked invalid identity configured properly") } @@ -48,7 +52,11 @@ let(:fetch_issuer_configuration_is_invalid_error) { "Fetch issuer configuration is invalid" } let(:fetch_audience_configuration_is_invalid_error) { "Fetch audience configuration is invalid" } let(:fetch_enforced_claims_configuration_is_invalid_error) { "Fetch enforced claims configuration is invalid" } +<<<<<<< HEAD let(:fetch_claim_aliases_configuration_is_invalid_error) { "Fetch claim aliases configuration is invalid" } +======= + let(:fetch_mapping_claims_configuration_is_invalid_error) { "Fetch claim aliases configuration is invalid" } +>>>>>>> 6d75f108... ONYX-12932: Rename claim mapping variable (#2382) let(:webservice_is_not_whitelisted_error) { "Webservice is not whitelisted" } let(:user_cant_access_webservice_error) { "User cant access webservice" } let(:webservice_does_not_exist_error) { "Webservice does not exist" }