Change variable name mapping-claims to claim-aliases

CHANGELOG.md

@@ -12,6 +12,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
   [cyberark/conjur#2376](https://github.com/cyberark/conjur/pull/2376)
   [cyberark/conjur#2377](https://github.com/cyberark/conjur/pull/2377)
 
+### Changed
+- Changed claims mapping variable name ('mapping-claims' => 'claim-aliases').
+  [cyberark/conjur#2382](https://github.com/cyberark/conjur/pull/2382)
+
 ## [1.13.1] - 2021-09-13
 
 ### Fixed

app/domain/authentication/authn_jwt/consts.rb

@@ -16,7 +16,7 @@ module AuthnJwt
     IDENTITY_PATH_CHARACTER_DELIMITER = "/"
     IDENTITY_TYPE_HOST = "host"
     ENFORCED_CLAIMS_RESOURCE_NAME = "enforced-claims"
-    MAPPING_CLAIMS_RESOURCE_NAME = "mapping-claims"
+    MAPPING_CLAIMS_RESOURCE_NAME = "claim-aliases"
     AUDIENCE_RESOURCE_NAME = "audience"
     PRIVILEGE_AUTHENTICATE="authenticate"
     ISS_CLAIM_NAME = "iss"

app/domain/authentication/authn_jwt/input_validation/parse_mapping_claims.rb

@@ -1,7 +1,7 @@
 module Authentication
   module AuthnJwt
     module InputValidation
-      # Parse mapping-claims secret value and return a validated mapping hashtable
+      # Parse claim-aliases secret value and return a validated mapping hashtable
       ParseMappingClaims ||= CommandClass.new(
         dependencies: {
           validate_claim_name: ValidateClaimName.new(

app/domain/authentication/authn_jwt/restriction_validation/fetch_mapping_claims.rb

@@ -3,7 +3,7 @@
 module Authentication
   module AuthnJwt
     module RestrictionValidation
-      # Fetch the mapping claims from the JWT authenticator policy which enforce
+      # Fetch the claim aliases from the JWT authenticator policy which enforce
       # definition of annotations keys on JWT hosts 
       FetchMappingClaims = CommandClass.new(
         dependencies: {

app/domain/errors.rb

@@ -516,30 +516,30 @@ module AuthnJwt
       )
 
       MappingClaimsMissingInput = ::Util::TrackableErrorClass.new(
-        msg: "Failed to parse mapping claims: the mapping claims value is empty or was not found.",
+        msg: "Failed to parse claim aliases: the claim aliases value is empty or was not found.",
         code: "CONJ00109E"
       )
 
       MappingClaimsBlankOrEmpty = ::Util::TrackableErrorClass.new(
-        msg: "Failed to parse mapping claims: one or more mapping statements are blank or empty " \
-             "'{0-mapping-claims-value}'.",
+        msg: "Failed to parse claim aliases: one or more mapping statements are blank or empty " \
+             "'{0-claim-aliases-value}'.",
         code: "CONJ00110E"
       )
 
       MappingClaimInvalidFormat = ::Util::TrackableErrorClass.new(
-        msg: "Failed to parse mapping claims: the mapping claim value '{0-mapping-claim-value}' is in invalid format."\
+        msg: "Failed to parse claim aliases: the claim alias value '{0-claim-alias-value}' is in invalid format."\
              "The correct format is: 'annotation_name:claim_name'",
         code: "CONJ00111E"
       )
 
       MappingClaimInvalidClaimFormat = ::Util::TrackableErrorClass.new(
-        msg: "Failed to parse mapping claims: one of the claims in the mapping claim value '{0-mapping-claim-value}' " \
+        msg: "Failed to parse claim aliases: one of the claims in the claim alias value '{0-claim-alias-value}' " \
              "is in an invalid format : {1-claim-verification-error}.",
         code: "CONJ00112E"
       )
 
       MappingClaimDuplicationError = ::Util::TrackableErrorClass.new(
-        msg: "Failed to parse mapping claims: {0-purpose} value '{1-claim-value}' appears more than once",
+        msg: "Failed to parse claim aliases: {0-purpose} value '{1-claim-value}' appears more than once",
         code: "CONJ00113E"
       )
 

app/domain/logs.rb

@@ -621,12 +621,12 @@ module AuthnJwt
       )
 
       ParsingMappingClaims = ::Util::TrackableLogMessageClass.new(
-        msg: "Parsing mapping claims '{0-mapping-claims}'...",
+        msg: "Parsing claim aliases '{0-claim-aliases}'...",
         code: "CONJ00125D"
       )
 
       ParsedMappingClaims = ::Util::TrackableLogMessageClass.new(
-        msg: "Successfully parsed mapping claims '{0-mapping-claims-table}'",
+        msg: "Successfully parsed claim aliases '{0-claim-aliases-table}'",
         code: "CONJ00126D"
       )
 
@@ -636,17 +636,17 @@ module AuthnJwt
       )
 
       FetchingMappingClaims = ::Util::TrackableLogMessageClass.new(
-        msg: "Fetching mapping claims...",
+        msg: "Fetching claim aliases...",
         code: "CONJ00128D"
       )
 
       NotConfiguredMappingClaims = ::Util::TrackableLogMessageClass.new(
-        msg: "No mapping claims configured",
+        msg: "No claim aliases configured",
         code: "CONJ00129D"
       )
 
       FetchedMappingClaims = ::Util::TrackableLogMessageClass.new(
-        msg: "Successfully fetched mapping claims '{0-mapping-claims}'",
+        msg: "Successfully fetched claim aliases '{0-claim-aliases}'",
         code: "CONJ00130I"
       )
 
@@ -676,7 +676,7 @@ module AuthnJwt
       )
 
       ValidatedMappingClaimsConfiguration = ::Util::TrackableLogMessageClass.new(
-        msg: "Successfully validated the configured mapping claims",
+        msg: "Successfully validated the configured claim aliases",
         code: "CONJ00136D"
       )
 

cucumber/authenticators_jwt/features/authn_jwt_token_schema.feature

@@ -224,7 +224,7 @@ Feature: JWT Authenticator - Token Schema
     Given I extend the policy with:
     """
     - !variable conjur/authn-jwt/raw/enforced-claims
-    - !variable conjur/authn-jwt/raw/mapping-claims
+    - !variable conjur/authn-jwt/raw/claim-aliases
 
     - !host
       id: myapp
@@ -235,7 +235,7 @@ Feature: JWT Authenticator - Token Schema
       role: !group conjur/authn-jwt/raw/hosts
       member: !host myapp
     """
-    And I successfully set authn-jwt "mapping-claims" variable to value "branch:ref"
+    And I successfully set authn-jwt "claim-aliases" variable to value "branch:ref"
     And I am using file "authn-jwt-token-schema" and alg "RS256" for remotely issue token:
     """
     {
@@ -315,7 +315,7 @@ Feature: JWT Authenticator - Token Schema
   Scenario: ONYX-10472 Unrelated mapping
     Given I extend the policy with:
     """
-    - !variable conjur/authn-jwt/raw/mapping-claims
+    - !variable conjur/authn-jwt/raw/claim-aliases
 
     - !host
       id: myapp
@@ -327,7 +327,7 @@ Feature: JWT Authenticator - Token Schema
       role: !group conjur/authn-jwt/raw/hosts
       member: !host myapp
     """
-    And I successfully set authn-jwt "mapping-claims" variable to value "branch:ref"
+    And I successfully set authn-jwt "claim-aliases" variable to value "branch:ref"
     And I am using file "authn-jwt-token-schema" and alg "RS256" for remotely issue token:
     """
     {
@@ -345,10 +345,10 @@ Feature: JWT Authenticator - Token Schema
     """
 
   @sanity
-  Scenario: ONYX-10473 Mapping claims with subsequent annotation
+  Scenario: ONYX-10473 Claim aliases with subsequent annotation
     Given I extend the policy with:
     """
-    - !variable conjur/authn-jwt/raw/mapping-claims
+    - !variable conjur/authn-jwt/raw/claim-aliases
     
     - !host
       id: myapp
@@ -360,7 +360,7 @@ Feature: JWT Authenticator - Token Schema
       role: !group conjur/authn-jwt/raw/hosts
       member: !host myapp
     """
-    And I successfully set authn-jwt "mapping-claims" variable to value "branch:ref"
+    And I successfully set authn-jwt "claim-aliases" variable to value "branch:ref"
     And I am using file "authn-jwt-token-schema" and alg "RS256" for remotely issue token:
     """
     {
@@ -405,9 +405,9 @@ Feature: JWT Authenticator - Token Schema
     """
     When I extend the policy with:
     """
-    - !variable conjur/authn-jwt/raw/mapping-claims
+    - !variable conjur/authn-jwt/raw/claim-aliases
     """
-    And I successfully set authn-jwt "mapping-claims" variable to value "branch:ref"
+    And I successfully set authn-jwt "claim-aliases" variable to value "branch:ref"
     And I authenticate via authn-jwt with the JWT token
     Then the HTTP response status code is 401
     And The following appears in the log after my savepoint:
@@ -419,7 +419,7 @@ Feature: JWT Authenticator - Token Schema
   Scenario: ONYX-10705: enforced Claims and Mappings exist and host annotation are correct
     Given I extend the policy with:
     """
-    - !variable conjur/authn-jwt/raw/mapping-claims
+    - !variable conjur/authn-jwt/raw/claim-aliases
     - !variable conjur/authn-jwt/raw/enforced-claims
 
     - !host
@@ -431,7 +431,7 @@ Feature: JWT Authenticator - Token Schema
       role: !group conjur/authn-jwt/raw/hosts
       member: !host myapp
     """
-    And I successfully set authn-jwt "mapping-claims" variable to value "branch:ref"
+    And I successfully set authn-jwt "claim-aliases" variable to value "branch:ref"
     And I successfully set authn-jwt "enforced-claims" variable to value "ref"
     And I am using file "authn-jwt-token-schema" and alg "RS256" for remotely issue token:
     """
@@ -452,7 +452,7 @@ Feature: JWT Authenticator - Token Schema
     Given I extend the policy with:
     """
     - !variable conjur/authn-jwt/raw/enforced-claims
-    - !variable conjur/authn-jwt/raw/mapping-claims
+    - !variable conjur/authn-jwt/raw/claim-aliases
 
     - !host
       id: myapp
@@ -464,7 +464,7 @@ Feature: JWT Authenticator - Token Schema
       member: !host myapp
     """
     And I successfully set authn-jwt "enforced-claims" variable to value "ref"
-    And I successfully set authn-jwt "mapping-claims" variable to value "branch:ref"
+    And I successfully set authn-jwt "claim-aliases" variable to value "branch:ref"
     And I am using file "authn-jwt-token-schema" and alg "RS256" for remotely issue token:
     """
     {
@@ -482,7 +482,7 @@ Feature: JWT Authenticator - Token Schema
   Scenario: ONYX-10874 - Claim being mapped to another claim - 401 Error
     Given I extend the policy with:
     """
-    - !variable conjur/authn-jwt/raw/mapping-claims
+    - !variable conjur/authn-jwt/raw/claim-aliases
 
     - !host
       id: myapp
@@ -493,7 +493,7 @@ Feature: JWT Authenticator - Token Schema
       role: !group conjur/authn-jwt/raw/hosts
       member: !host myapp
     """
-    And I successfully set authn-jwt "mapping-claims" variable to value "sub:ref"
+    And I successfully set authn-jwt "claim-aliases" variable to value "sub:ref"
     And I am using file "authn-jwt-token-schema" and alg "RS256" for remotely issue token:
     """
     {
@@ -510,10 +510,10 @@ Feature: JWT Authenticator - Token Schema
     CONJ00049E Resource restriction 'sub' does not match with the corresponding value in the request
     """
 
-  Scenario: ONYX-10861 - Mapping claims configured but not populated - 401 Error
+  Scenario: ONYX-10861 - Claim aliases configured but not populated - 401 Error
     Given I extend the policy with:
     """
-    - !variable conjur/authn-jwt/raw/mapping-claims
+    - !variable conjur/authn-jwt/raw/claim-aliases
     - !variable conjur/authn-jwt/raw/enforced-claims
 
     - !host
@@ -538,14 +538,14 @@ Feature: JWT Authenticator - Token Schema
     Then the HTTP response status code is 401
     And The following appears in the log after my savepoint:
     """
-     CONJ00037E Missing value for resource: cucumber:variable:conjur/authn-jwt/raw/mapping-claims
+     CONJ00037E Missing value for resource: cucumber:variable:conjur/authn-jwt/raw/claim-aliases
     """
 
   @sanity
   Scenario: ONYX-11117: Enforced Claims and Mappings with special allowed characters. Annotations are correct. 200 OK
     Given I extend the policy with:
     """
-    - !variable conjur/authn-jwt/raw/mapping-claims
+    - !variable conjur/authn-jwt/raw/claim-aliases
     - !variable conjur/authn-jwt/raw/enforced-claims
 
     - !host
@@ -559,7 +559,7 @@ Feature: JWT Authenticator - Token Schema
       role: !group conjur/authn-jwt/raw/hosts
       member: !host myapp
     """
-    And I successfully set authn-jwt "mapping-claims" variable to value "claim_ant:claim.ant..., _:claim_name"
+    And I successfully set authn-jwt "claim-aliases" variable to value "claim_ant:claim.ant..., _:claim_name"
     And I successfully set authn-jwt "enforced-claims" variable to value "claim.name, claim.ant..."
     And I am using file "authn-jwt-token-schema" and alg "RS256" for remotely issue token:
     """
@@ -581,7 +581,7 @@ Feature: JWT Authenticator - Token Schema
   Scenario Outline: ONYX-10873 - Broken claims mapping - 401 Error
     Given I extend the policy with:
     """
-    - !variable conjur/authn-jwt/raw/mapping-claims
+    - !variable conjur/authn-jwt/raw/claim-aliases
 
     - !host
       id: myapp
@@ -593,7 +593,7 @@ Feature: JWT Authenticator - Token Schema
       role: !group conjur/authn-jwt/raw/hosts
       member: !host myapp
     """
-    And I successfully set authn-jwt "mapping-claims" variable to value "<mapping>"
+    And I successfully set authn-jwt "claim-aliases" variable to value "<aliases>"
     And I am using file "authn-jwt-token-schema" and alg "RS256" for remotely issue token:
     """
     {
@@ -610,14 +610,14 @@ Feature: JWT Authenticator - Token Schema
     <err>
     """
     Examples:
-      | mapping                     | err                                                                             |
-      |   branch: ref, branch:sub   | CONJ00113E Failed to parse mapping claims: annotation name value 'branch' appears more than once |
-      |   branch: sub, job: sub     | CONJ00113E Failed to parse mapping claims: claim name value 'sub' appears more than once   |
+      | aliases                     | err                                                                             |
+      |   branch: ref, branch:sub   | CONJ00113E Failed to parse claim aliases: annotation name value 'branch' appears more than once |
+      |   branch: sub, job: sub     | CONJ00113E Failed to parse claim aliases: claim name value 'sub' appears more than once   |
 
   Scenario Outline: ONYX-10858 - Standard claim in mapping - 401 Error
     Given I extend the policy with:
     """
-    - !variable conjur/authn-jwt/raw/mapping-claims
+    - !variable conjur/authn-jwt/raw/claim-aliases
 
     - !host
       id: myapp
@@ -629,7 +629,7 @@ Feature: JWT Authenticator - Token Schema
       role: !group conjur/authn-jwt/raw/hosts
       member: !host myapp
     """
-    And I successfully set authn-jwt "mapping-claims" variable to value "<mapping>"
+    And I successfully set authn-jwt "claim-aliases" variable to value "<mapping>"
     And I am using file "authn-jwt-token-schema" and alg "RS256" for remotely issue token:
     """
     {
@@ -681,10 +681,10 @@ Feature: JWT Authenticator - Token Schema
     CONJ00104E Failed to validate claim: claim name '%@^#[{]}$~=-+_?.><&^@*@#*sdhj812ehd' does not match regular expression: '(?-mix:^[a-zA-Z|$|_][a-zA-Z|$|_|0-9|.]*$)'.>
     """
 
-  Scenario: ONYX-10863 - Mapping claims invalid variable - 401 Error
+  Scenario: ONYX-10863 - Claim aliases invalid variable - 401 Error
     Given I extend the policy with:
     """
-    - !variable conjur/authn-jwt/raw/mapping-claims
+    - !variable conjur/authn-jwt/raw/claim-aliases
 
     - !host
       id: myapp
@@ -695,7 +695,7 @@ Feature: JWT Authenticator - Token Schema
       role: !group conjur/authn-jwt/raw/hosts
       member: !host myapp
     """
-    And I successfully set authn-jwt "mapping-claims" variable to value "aaa: %@^#&^[{]}$~=-+_?.><812ehd"
+    And I successfully set authn-jwt "claim-aliases" variable to value "aaa: %@^#&^[{]}$~=-+_?.><812ehd"
     And I permit host "myapp" to "execute" it
     And I am using file "authn-jwt-token-schema" and alg "RS256" for remotely issue token:
     """
@@ -738,9 +738,9 @@ Feature: JWT Authenticator - Token Schema
     And the HTTP response status code is 200
     And I extend the policy with:
     """
-    - !variable conjur/authn-jwt/raw/mapping-claims
+    - !variable conjur/authn-jwt/raw/claim-aliases
     """
-    And I successfully set authn-jwt "mapping-claims" variable to value "branch:ref"
+    And I successfully set authn-jwt "claim-aliases" variable to value "branch:ref"
     And I save my place in the audit log file
     And I authenticate via authn-jwt with the JWT token
     And the HTTP response status code is 401
@@ -789,7 +789,7 @@ Feature: JWT Authenticator - Token Schema
   Scenario: ONYX-10896:  Authn JWT - Complex Case - Changing Mapping after host configuration
     Given I extend the policy with:
     """
-    - !variable conjur/authn-jwt/raw/mapping-claims
+    - !variable conjur/authn-jwt/raw/claim-aliases
 
     - !host
       id: myapp
@@ -800,7 +800,7 @@ Feature: JWT Authenticator - Token Schema
       role: !group conjur/authn-jwt/raw/hosts
       member: !host myapp
     """
-    And I successfully set authn-jwt "mapping-claims" variable to value "branch:ref"
+    And I successfully set authn-jwt "claim-aliases" variable to value "branch:ref"
     And I am using file "authn-jwt-token-schema" and alg "RS256" for remotely issue token:
     """
     {
@@ -810,7 +810,7 @@ Feature: JWT Authenticator - Token Schema
     """
     And I authenticate via authn-jwt with the JWT token
     And the HTTP response status code is 200
-    When I successfully set authn-jwt "mapping-claims" variable to value "job:ref"
+    When I successfully set authn-jwt "claim-aliases" variable to value "job:ref"
     And I save my place in the audit log file
     And I authenticate via authn-jwt with the JWT token
     And the HTTP response status code is 401