Skip to content

Major update of the code #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Major update of the code #1

wants to merge 12 commits into from

Conversation

zamothh
Copy link

@zamothh zamothh commented Sep 27, 2021

Desired Outcome

  • Simplification of the code to call functions
  • Storing the API key in a PsCredential object, rather than in clear text, which was very bad
  • Directly retrieve credential object from secrets
  • Centralized configuration as a single command

Implemented Changes

Changed the way Conjur is beeing configured. The API key is now stored in a PsCredential object, which is much more secured.
Simplified all the functions code, which brought more complication in the code calling the API
Added some new functions
Added some new switches
could not check anything related to AWS, as I don't have access to such implementation. All AWS code would need to be tested.

Connected Issue/Story

Resolves my own requirements

Definition of Done

Changelog

  • The CHANGELOG has not been updated

Test coverage

No test

Documentation

README was updated
Inline help was updated

Behavior

  • Mostly working as before, but with some new functions

Security

  • Storing API key as PsCredential Object

@infamousjoeg infamousjoeg self-requested a review October 22, 2021 12:31
infamousjoeg
infamousjoeg requested changes Oct 22, 2021
View reviewed changes
Copy link
Member

@infamousjoeg infamousjoeg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added comments in-line for all the changes requested.

I will note that while trying to test this in my lab, I was unable to Initialize Conjur using the example on the README.

After changes are made and example code on the README is fixed, I will be able to run tests on all functions and provide further review.

CyberarkConjur.psm1 Outdated
$CCConfig = @{
AWS_MetaData = "169.254.169.254"
Account = $null
AuthaurityName = $null
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be AuthorityName

CyberarkConjur.psm1 Outdated
AWS_MetaData = "169.254.169.254"
Account = $null
AuthaurityName = $null
AuthaurityName_WR = $null
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be AuthorityName_WR

CyberarkConjur.psm1 Outdated
$responseBody = $null
<#
.SYNOPSIS
This is the main fonction that does all the API calls.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be function

CyberarkConjur.psm1 Outdated
return $responseBody;
}
.PARAMETER API
[Mandatory] the main API branch you are calling
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please provide an example for further clarity.

CyberarkConjur.psm1 Outdated
return $res
}
.PARAMETER FixUri
Fixing URI issues
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please provide a better description of what is being fixed in regards to "URI issues".

README.md Outdated
#### Conjur authentication
Prior to launching any commands, you will need to configure your conjur environment
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Capitalize conjur and end with :

README.md Outdated
PS C:\> $env:CONJUR_AUTHN_API_KEY="adminPassword"
PS C:\> $env:CONJUR_APPLIANCE_URL="https://conjur.yourorg.com:443"
PS C:\> $PsCredential = Get-Credential -Message "CyberArk Conjur Credential input" -UserName "host\Host_Identifier"
PS C:\> Initialize-Conjur -Account Account -AuthnLogin "Identifier of a host" -Crednetial $PsCredential
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be -Credential

Also, I used this command to test the PR code and it failed with the following error:

PS C:\Users\jgarcia\Downloads\conjur-api-powershell> Initialize-Conjur -Account "cyberarkdemo" -AuthnLogin "https://conj
ur.joegarcia.dev" -Credential $PsCredential
Initialize-Conjur : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:1
+ Initialize-Conjur -Account "cyberarkdemo" -AuthnLogin "https://conjur ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Initialize-Conjur], ParameterBindingException
    + FullyQualifiedErrorId : AmbiguousParameterSet,Initialize-Conjur

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Until this is resolved, I cannot continue testing functions provided in this PR.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there, there is some mistake here, you need to use this :
Initialize-Conjur -Account "cyberarkdemo" -AuthaurityName"conjur.joegarcia.dev" -Credential $PsCredential

Changed the readme again to bring more explenations

README.md Outdated
PS C:\> $env:CONJUR_AUTHN_LOGIN="host/cust-portal/622703825757/ubuntu-client-conjur-identity"
PS C:\> $env:CONJUR_IAM_AUTHN_BRANCH="authnBranchName"
PS C:\> $env:CONJUR_APPLIANCE_URL="https://conjur.yourorg.com:443"
PS C:\> Initialize-Conjur -Account Account -AuthnLogin "Identifier of a host" -AuthnApiKey "Your API generated key" -AuthaurityName "your-conjur-auth-read.mycompany.com"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be -AuthorityName after corrections are made to CyberarkConjur.psm1

README.md Outdated
```

#### IAM Authentication
Some code has been started to be written, but is not good enough to publish anything yet.
This would require someone with an IAM access to continue developping this code
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be developing and end with .

README.md Outdated
#### Initialize-Conjur

```powershell
PS C:\> Initialize-Conjur -Account Account -AuthnLogin "Identifier of a host" -AuthnApiKey "Your API generated key" -AuthaurityName "your-conjur-auth-read.mycompany.com"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be -AuthorityName after changes are made to CyberarkConjur.psm1

@infamousjoeg
Copy link
Member

Just a gently nudge that there are still pending requested changes in order to merge this PR. 😄

@zamothh
Copy link
Author

zamothh commented Mar 11, 2022
edited
Loading

Hello @infamousjoeg ... I might be wrong, but I really think I fixed all of your issues.
One of the error you are talking about might be this one :

Initialize-Conjur -Account "cyberarkdemo" -AuthnLogin "https://conjur.joegarcia.dev" -Credential $PsCredential

The issue does not come from the module but from how you are using the command.

Initialize-Conjur can work in 2 different ways, and you can not mix them (different parameter set)

  1. -Credential : which is a PsCredential object (secured) containing both your login/ApiKey in username/password
  2. -AuthnLogin and AuthnApiKey : which are both required, but comes as an not encrypted data

You can not mix -Credential and -AuthnLogin

This is also shown under the SYNTAX section of the get-help :

PS> get-help Initialize-Conjur

NAME
    Initialize-Conjur

SYNOPSIS
    This command is required prior to running any other one. This will configure the module with the required settings.


SYNTAX
    Initialize-Conjur [-Account <String>] [-Credential <PSCredential>] [-AuthorityName <String>] [-AuthorityName_WR
    <String>] [-IamAuthnBranch <String>] [-AWS_MetaData <String>] [-IgnoreSsl] [<CommonParameters>]

    Initialize-Conjur [-Account <String>] -AuthnLogin <String> -AuthnApiKey <String> [-AuthorityName <String>]
    [-AuthorityName_WR <String>] [-IamAuthnBranch <String>] [-AWS_MetaData <String>] [-IgnoreSsl] [<CommonParameters>]


DESCRIPTION
    Please check all the parameters in the help file.
    Mandatory parameters are :
    Account     : Organization account name
    Credential : Will store the API key that will grant you access to Conjur
    AuthorityName : DNS authority name of your Conjur instance


RELATED LINKS

REMARKS
    To see the examples, type: "Get-Help Initialize-Conjur -Examples"
    For more information, type: "Get-Help Initialize-Conjur -Detailed"
    For technical information, type: "Get-Help Initialize-Conjur -Full"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@infamousjoeg infamousjoeg infamousjoeg requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zamothh @infamousjoeg @tfarray