Add JWT authenticator and status endpoints to OpenAPI #193
Conversation
spec/authentication.yml
Outdated
| schema: | ||
| $ref: 'openapi.yml#/components/schemas/AccountName' | ||
|
|
||
| - $ref: openapi.yml#/components/parameters/ServiceID |
There was a problem hiding this comment.
| - $ref: openapi.yml#/components/parameters/ServiceID | |
| - $ref: 'openapi.yml#/components/parameters/ServiceID' |
spec/status.yml
Outdated
| @@ -206,6 +206,46 @@ components: | |||
| security: | |||
| - conjurAuth: [] | |||
|
|
|||
| JWTAuthenticatorStatus: | |||
There was a problem hiding this comment.
Looks like this endpoint might already be covered by the existing ServiceAuthenticatorStatus endpoint definition.
There was a problem hiding this comment.
I understand your point, but dont we need to specify anyway to represent the separate JWT status route in conjur repository?
There was a problem hiding this comment.
The route isn't separate though, it is already fully described by the existing ServiceAuthenticatorStatus endpoint. We have separate endpoints for each authenticator in the authentication.yml file because they cannot all be accurately described with a single one.
spec/openapi.yml
Outdated
| @@ -235,6 +238,9 @@ paths: | |||
| '/whoami': | |||
| $ref: 'status.yml#/components/paths/WhoAmI' | |||
|
|
|||
| '/authn-jwt/{service_id}/{account}/status': | |||
There was a problem hiding this comment.
| '/authn-jwt/{service_id}/{account}/status': |
docker-compose.yml
Outdated
| @@ -12,7 +12,7 @@ services: | |||
| CONJUR_DATA_KEY: 'OyXV68Mip14xj33huGaQKewmmS+gKtDlp6ECZ2iATpU=' | |||
| DATABASE_URL: postgres://postgres@pg/postgres | |||
| RAILS_ENV: development | |||
| CONJUR_AUTHENTICATORS: authn-ldap/test,authn-oidc/test,authn | |||
| CONJUR_AUTHENTICATORS: authn-ldap/test,authn-oidc/test,authn-jwt/test,authn | |||
There was a problem hiding this comment.
This is only necessary if you are going to stand up an instance of the JWT authenticator and run integration tests against it in a client. It would be nice to see this if possible. We have been avoiding setting up e2e tests but if we could stand up a local instance in the docker environment it would be worthwhile to write some tests for the python client.
There was a problem hiding this comment.
I dont entirely understand what you mean by "going to stand up an instance", is this something that exists for other authenticators right now?
should I add tests for this new authenticator in the OpenApi?
As far as I know, as a team we want to do the minimum regarding the OpenApi at the moment
spec/authentication.yml
Outdated
| @@ -106,6 +140,13 @@ components: | |||
| schema: | |||
| type: string | |||
|
|
|||
| JWTToken: | |||
There was a problem hiding this comment.
This response doesn't seem to be used anywhere. Is it meant to be referenced in responses of the new endpoint.
spec/status.yml
Outdated
| @@ -206,6 +206,46 @@ components: | |||
| security: | |||
| - conjurAuth: [] | |||
|
|
|||
| JWTAuthenticatorStatus: | |||
There was a problem hiding this comment.
The route isn't separate though, it is already fully described by the existing ServiceAuthenticatorStatus endpoint. We have separate endpoints for each authenticator in the authentication.yml file because they cannot all be accurately described with a single one.
Avi-Eyal
force-pushed
the
add-jwt-authenticator-endpoints
branch
4 times, most recently
from
a232bc1 to
12dd24b
Compare
Avi-Eyal
force-pushed
the
add-jwt-authenticator-endpoints
branch
from
12dd24b to
6a1b769
Compare
What does this PR do?
Checklists
Change log
Test coverage
Documentation
READMEs) were updated in this PR, and/or there is a follow-on issue to update docs, or