Add Identity login automation for dev env

john-odonnell · john-odonnell · commit 6d327962aa24 · 2023-04-25T13:08:15.000-04:00
diff --git a/ci/identity/users.template.yml b/ci/identity/users.template.yml
@@ -2,14 +2,14 @@
 - !user test.user3@mycompany.com
 - !user conjur_ci_user@cyberark.com
 - !user conj_ops_dev@cyberark.com
-- !user {{ IDENTITY_USER }}
+- !user {{ IDENTITY_USERNAME }}
 
 - !grant
   members:
     - !user test.user3@mycompany.com
     - !user conjur_ci_user@cyberark.com
     - !user conj_ops_dev@cyberark.com
-    - !user {{ IDENTITY_USER }}
+    - !user {{ IDENTITY_USERNAME }}
   role: !group conjur/authn-oidc/identity/authenticatable
 
 - !permit
diff --git a/dev/docker-compose.yml b/dev/docker-compose.yml
@@ -32,6 +32,7 @@ services:
     environment:
       - OKTA_USERNAME=${OKTA_USERNAME:-user}
       - OKTA_PASSWORD=${OKTA_PASSWORD:-password}
+      - IDENTITY_USERNAME=${IDENTITY_USERNAME:-user}
     command: bash -c "cd ${PWD}/..; make install; sleep infinity"
     working_dir: ${PWD}/..
     restart: on-failure
diff --git a/dev/start b/dev/start
@@ -16,7 +16,7 @@ source "../ci/keycloak/keycloak_functions.sh"
 ENABLE_OIDC_KEYCLOAK=false
 ENABLE_OIDC_OKTA=false
 ENABLE_OIDC_IDENTITY=false
-IDENTITY_USER=""
+export IDENTITY_USERNAME=""
 
 # Minimal set of services.  We add to this list based on cmd line flags.
 services=(pg conjur proxy cli-dev)
@@ -138,7 +138,7 @@ conjur login -i alice -p alice'
     echo "Setting up Conjur for OIDC (Identity)"
     docker-compose exec cli-dev bash -c 'conjur logout
 conjur init --force-netrc --force -u http://conjur -i -a dev -t oidc --service-id identity
-conjur login -i $IDENTITY_USERNAME -p $IDENTITY_PASSWORD'
+conjur login -i $IDENTITY_USERNAME'
   fi
 
   echo
@@ -151,7 +151,7 @@ parse_options() {
       --oidc-keycloak ) ENABLE_OIDC_KEYCLOAK=true ; shift ;;
       --oidc-okta ) ENABLE_OIDC_OKTA=true ; shift ;;
       --oidc-identity ) ENABLE_OIDC_IDENTITY=true ; shift ;;
-      --identity-user ) IDENTITY_USER="$2" ; shift ; shift ;;
+      --identity-user ) IDENTITY_USERNAME="$2" ; shift ; shift ;;
       # -h | --help ) print_help ; shift ;;
        * )
          if [ -z "$1" ]; then
@@ -163,7 +163,7 @@ parse_options() {
     esac
   done
 
-  if [[ $ENABLE_OIDC_IDENTITY = true && -z "$IDENTITY_USER" ]]; then
+  if [[ $ENABLE_OIDC_IDENTITY = true && -z "$IDENTITY_USERNAME" ]]; then
     echo "Flag --oidc-identity must be paired with flag --identity-user. See --help."
     exit
   fi
@@ -261,10 +261,10 @@ setup_oidc_client() {
 }
 
 function generate_identity_policy() {
-  echo "Generating policy for AuthnOIDC V2 service 'identity' and user '$IDENTITY_USER'"
+  echo "Generating policy for AuthnOIDC V2 service 'identity' and user '$IDENTITY_USERNAME'"
   policy_dir="../ci/identity"
   rm -f "$policy_dir/users.yml"
-  sed -e "s#{{ IDENTITY_USER }}#$IDENTITY_USER#g" "$policy_dir/users.template.yml" > "$policy_dir/users.yml"
+  sed -e "s#{{ IDENTITY_USERNAME }}#$IDENTITY_USERNAME#g" "$policy_dir/users.template.yml" > "$policy_dir/users.yml"
 }
 
 check_environment_variables() {
diff --git a/go.mod b/go.mod
@@ -33,6 +33,7 @@ require (
 	github.com/sirupsen/logrus v1.8.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/zalando/go-keyring v0.2.2 // indirect
+	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
 	golang.org/x/sys v0.3.0 // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.4.0 // indirect
diff --git a/go.sum b/go.sum
@@ -63,6 +63,8 @@ github.com/zalando/go-keyring v0.2.2 h1:f0xmpYiSrHtSNAVgwip93Cg8tuF45HJM6rHq/A5R
 github.com/zalando/go-keyring v0.2.2/go.mod h1:sI3evg9Wvpw3+n4SqplGSJUMwtDeROfD4nsFz4z9PG0=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
+golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
diff --git a/pkg/clients/authn_oidc_dev.go b/pkg/clients/authn_oidc_dev.go
