Prevent status webservices from being returned on the providers endpoint

[mFelgate]

Desired Outcome

Duplictae authenticators show up in the providers endpoint due to not removing the status webservices from the list of providers. This pr removes web services that end in /status from the list of authenticators

Implemented Changes

Describe how the desired outcome above has been achieved with this PR. In
particular, consider:

• What's changed? Why were these changes made?
  Added the regex used in InstalledAuthenticators to remove the status webservices
• How should the reviewer approach this PR, especially if manual tests are required?
  That the tests work effectively and the code is reasonably made
• Are there relevant screenshots you can add to the PR description?
  No

Connected Issue/Story

Resolves #[relevant GitHub issue(s), e.g. 76]

CyberArk internal issue link: ONYX-25530

Definition of Done

At least 1 todo must be completed in the sections below for the PR to be
merged.

Changelog

• The CHANGELOG has been updated, or
• This PR does not include user-facing changes and doesn't require a
  CHANGELOG update

Test coverage

• This PR includes new unit and integration tests to go with the code
  changes, or
• The changes in this PR do not require tests

Documentation

• Docs (e.g. READMEs) were updated in this PR
• A follow-up issue to update official docs has been filed here: insert issue ID
• This PR does not require updating any documentation

Behavior

• This PR changes product behavior and has been reviewed by a PO, or
• These changes are part of a larger initiative that will be reviewed later, or
• No behavior was changed with this PR

Security

• Security architect has reviewed the changes in this PR,
• These changes are part of a larger initiative with a separate security review, or
• There are no security aspects to these changes

[micahlee]

It would be worth adding a comment here explaining how this regex prevents the status resources from being included in the result. (No forward slashes are allowed after authn).

[micahlee]

Also, given this isn't an urgent change, would should improve this re-use beyond just copying the regex between this location and https://github.com/cyberark/conjur/blob/master/app/domain/authentication/installed_authenticators.rb#L31.

For example, it should probably be a constant in one class or the other, and just reference in the other location:

# installed_authenticators.rb

...
class InstalledAuthenticators
    ...
    AUTHN_RESOURCE_PREFIX = "conjur/authn-"
    AUTHN_STATUS_FILTER = %r{conjur/(authn(?:-[^/]+)?(?:/[^/]+)?)$}
    ...
    # filter out nested status webservice
    .map { |id| id[AUTHN_STATUS_FILTER, 1] } 
    ...

# authenticator_repository.rb
...
...
Sequel.like(
  identifier,
  # filter out nested status webservice
  Authentication::InstalledAuthenticators::AUTHN_STATUS_FILTER
)
...

[micahlee]

How cumbersome would it be to actually verify the contents of the list, rather than just the count?

Being explicit about the expected outcome would be a more valuable assurance than just the number of results.

[mFelgate]

would not work since we and not brining over the real resource_id in the repository, but a created one based on the service_id which is the same between the status and normal web-services.

[imheresamir]

When you get a chance could you fill out the PR description @mFelgate ? Thanks

[qlty-cloud-legacy]

Freeze mutable objects assigned to constants.

[qlty-cloud-legacy]

Lists should be surrounded by blank lines

[jvanderhoof]

Each changelog entry should go under a single header, not multiple. I think this makes more sense under Fixed.

[jvanderhoof]

I'd recommend something like:

Suggested change

	- Removed Status webservices from the list providers endpoint
	- OIDC Provider endpoint no longer includes duplicates when Status is enabled.

[jvanderhoof]

I'd actually recommend making the changes in the DB::Repository::AuthenticatorRepository class. If we updated the initializer and the find_all method to something like:

module DB
  module Repository
    class AuthenticatorRepository
      def initialize(data_object:, resource_repository: ::Resource, logger: Rails.logger, enabled_authenticators: Rails.application.config.conjur_config.authenticators)
        @resource_repository = resource_repository
        @data_object = data_object
        @logger = logger
        @enabled_authenticators = enabled_authenticators
      end

      def find_all(type:, account:)
        enabled_authenticator_types = @enabled_authenticators
          .select { |authenticator| authenticator.match(/^#{type}/) }
          .map { |authenticator| "#{account}:webservice:conjur/#{authenticator}" }

        @resource_repository.where(
          Sequel.like(
            :resource_id,
            "#{account}:webservice:conjur/#{type}/%"
          )
        )
          .all
          .select { |webservice| enabled_authenticator_types.include?(webservice.id) }
          .map do |webservice|
            load_authenticator(account: account, id: webservice.id.split(':').last, type: type)
          end
          .compact
      end
      ...

we can limit the available authenticators to those enabled AND strip out the Status webservices.

[qlty-cloud-legacy]

Inconsistent indentation detected.

[qlty-cloud-legacy]

Use 2 (not 8) spaces for indenting an expression in an assignment spanning multiple lines.

[qlty-cloud-legacy]

Space after closing | missing.

[qlty-cloud-legacy]

Prefer to_s over string interpolation.

[qlty-cloud-legacy]

Code Climate has analyzed commit de1e574 and detected 8 issues on this pull request.

Here's the issue category breakdown:

Category	Count
Style	7
Complexity	1

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 89.9% (-1.6% change).

View more on Code Climate.