Add new route for enabling authenticator with default service

cyberark · Dec 21, 2021 · 7be6687 · 7be6687
1 parent c6455ca
commit 7be6687
Show file tree

Hide file tree

Showing 3 changed files with 101 additions and 0 deletions.
diff --git a/spec/authentication.yml b/spec/authentication.yml
@@ -980,6 +980,68 @@ components:
           - basicAuth: []
             conjurAuth: []
 
+    EnableAuthenticator:
+      parameters:
+        - $ref: 'openapi.yml#/components/parameters/RequestID'
+      patch:
+        tags:
+          - "authentication"
+        summary: "Enables or disables authenticator defined with default service instance."
+        description: |
+          Allows you to either enable or disable a given authenticator defined with default service instance.
+
+          When you enable or disable an authenticator via this
+          endpoint, the status of the authenticator is stored
+          in the Conjur database. The enablement status of the authenticator
+          service instance may be overridden by setting the `CONJUR_AUTHENTICATORS`
+          environment variable on the Conjur server; in the case where this
+          environment variable is set, the database record of whether the
+          authenticator service instance is enabled will be ignored.
+
+          **This endpoint is part of an early implementation of support for enabling Conjur
+          authenticators via the API, and is currently available at the Community
+          (or early alpha) level. This endpoint is still subject to breaking
+          changes in the future.**
+        operationId: "enableAuthenticator"
+        parameters:
+          - name: "authenticator"
+            in: "path"
+            description: "The authenticator to update"
+            required: true
+            schema:
+              $ref: '#/components/schemas/ServiceAuthenticators'
+            example: "authn-gcp"
+
+          - name: "account"
+            in: "path"
+            description: "Organization account name"
+            required: true
+            schema:
+              type: string
+            example: "dev"
+
+        requestBody:
+          description: |
+            Contains either `enabled=true` or `enabled=false` to
+            enable or disable an authenticator
+          required: true
+          content:
+            application/x-www-form-urlencoded:
+              schema:
+                $ref: '#/components/schemas/EnableAuthenticatorSetting'
+
+        responses:
+          "204":
+            description: "The config was updated properly"
+          "400":
+            $ref: 'openapi.yml#/components/responses/BadRequest'
+          "401":
+            $ref: 'openapi.yml#/components/responses/UnauthorizedError'
+          "404":
+            $ref: 'openapi.yml#/components/responses/ResourceNotFound'
+          "500":
+            $ref: 'openapi.yml#/components/responses/InternalServerError'
+
     EnableAuthenticatorInstance:
       parameters:
         - $ref: 'openapi.yml#/components/parameters/RequestID'

diff --git a/spec/openapi.yml b/spec/openapi.yml
@@ -215,6 +215,9 @@ paths:
   '/authn/{account}/api_key':
     $ref: 'authentication.yml#/components/paths/RotateApiKey'
 
+  '/{authenticator}/{account}':
+    $ref: 'authentication.yml#/components/paths/EnableAuthenticator'
+
   '/{authenticator}/{service_id}/{account}':
     $ref: 'authentication.yml#/components/paths/EnableAuthenticatorInstance'
 

diff --git a/test/python/auth/test_authentication_external_api.py b/test/python/auth/test_authentication_external_api.py
@@ -73,6 +73,42 @@ def test_enable_authenticator_instance_404(self):
 
         self.assertEqual(context.exception.status, 404)
 
+    def test_enable_authenticator_204(self):
+        """Test case for enable_authenticator 204 response
+
+        Updates the authenticators configuration
+        """
+        _, status, _ = self.api.enable_authenticator_with_http_info(
+            'authn-gcp',
+            self.account,
+            enabled=True
+        )
+
+        self.assertEqual(status, 204)
+
+    def test_enable_authenticator_401(self):
+        """Test case for enable_authenticator 401 response"""
+        with self.assertRaises(conjur.exceptions.ApiException) as context:
+            self.bad_auth_api.enable_authenticator(
+                'authn-gcp',
+                self.account,
+                enabled=False
+            )
+
+        self.assertEqual(context.exception.status, 401)
+
+    def test_enable_authenticator_404(self):
+        """Test case for enable_authenticator 404 response"""
+        with self.assertRaises(conjur.exceptions.ApiException) as context:
+            self.api.enable_authenticator(
+                'authn-gcp',
+                self.account,
+                enabled=False
+            )
+
+        self.assertEqual(context.exception.status, 404)
+
+
     def test_get_api_key_via_ldap_200(self):
         """Test case for get_api_key_via_ldap 200 response"""
         alice_config = api_config.get_api_config(username='alice')