Update API to enable OIDC, Keychain, etc #108
Conversation
szh
force-pushed
the
udpate-api
branch
6 times, most recently
from
be8197e to
27049e1
Compare
| go install github.com/jstemmer/go-junit-report@latest && \ | ||
| go install github.com/axw/gocov/gocov@latest && \ | ||
| go install github.com/AlekSi/gocov-xml@latest && \ |
There was a problem hiding this comment.
I am wary of using @latest and potentially unintended consequences. How about we pin to specific versions instead ?
There was a problem hiding this comment.
Given that this is only for the test image, I think it might be worth the tradeoff to use latest (which is what we were doing before this change with go get -u). Otherwise we'll end up having to update this on a regular basis to keep up with security disclosures.
| @@ -165,7 +165,7 @@ echo $token | |||
| _, stderr, err := RunCommand(PackageName, variableIdentifier) | |||
|
|
|||
| assert.Error(t, err) | |||
| assert.Contains(t, stderr.String(), "not found in account") | |||
| assert.Contains(t, stderr.String(), "CONJ00076E Variable cucumber:variable:non-existent-variable is empty or not found") | |||
There was a problem hiding this comment.
Just a fly by comment. One of the reasons I like error contains is that it simplifies asserting on errors
There was a problem hiding this comment.
We can do that as well but here we're specifically testing that the error message gets written to stderr.
| ### Security | ||
| - Update golang.org/x/sys to v0.1.0 for CVE-2022-29526 (not vulnerable) | ||
| [cyberark/summon-conjur#110](https://github.com/cyberark/summon-conjur/pull/110) | ||
|
|
||
| ### Removed | ||
| - Removed support for Conjur v4 |
There was a problem hiding this comment.
In doing this we're moving to test summon-conjur against Conjur OSS, with the understanding that the interface for enterprise is identical ?
There was a problem hiding this comment.
Yes. @jvanderhoof can you confirm this is a safe assumption?
There was a problem hiding this comment.
It's true! 😄. Enterprise adds health and info, but nothing to the primary API.
Desired Outcome
Update conjur-api-go dependency to enable OIDC authentication and other new features in v0.11.0.
This fixes #54 by adding native platform keystore support.
Remove support for Conjur v4 (fixes #72)
Implemented Changes
Connected Issue/Story
Resolves #54 and #72
CyberArk internal issue ID: N/A
Changelog
CHANGELOG update
Test coverage
changes, or
Documentation
READMEs) were updated in this PRBehavior
Security