Deprecate service/discovery API and implement the new one

[mladen-rusev-cyberark]

We were made aware in an email thread that the v2/service/discovery API will be deprecated in the end of 2025. A new API will be provided by Q3 2025. It is detailed in this document under /api/tenant-discovery/public. It will take a subdomain name as a query parameter &bySubdomain= and return a response in the following format:

{
  "region": "string",
  "dr_region": "string",
  "subdomain": "string",
  "platform_id": "string",
  "identity_id": "string",
  "default_url": "string",
  "tenant_flags": {
    "is_crdr_supported": true,
    "is_crdr_active": true
  },
  "services": [
    {
      "service_name": "string",
      "region": "string",
      "endpoints": [
        {
          "is_active": true,
          "type": "main",
          "ui": "string",
          "api": "string"
        }
      ]
    }
  ]
}

In this MR:

1. Replace all usage of the old API with the new one
2. Create structs to parse the new JSON structure into
3. Filter for the services we need (identity_administration and discoverycontext) and return their URLs
4. Changes to the MockDiscoveryServer to accommodate the changes

@wallrj-cyberark invited me to the test tenant https://tlskp-test.integration-cyberark.cloud/ which allowed me to run the TestCyberArkClient_PutSnapshot_RealAPI test

$ go test ./pkg/internal/cyberark -v -count 1 -run TestCyberArkClient_PutSnapshot_RealAPI -args -testing.v 6
=== RUN   TestCyberArkClient_PutSnapshot_RealAPI
    round_trippers.go:632: I0903 11:56:10.355088] Response verb="GET" url="https://platform-discovery.integration-cyberark.cloud/api/public/tenant-discovery?bySubdomain=tlskp-test" status="200 OK" milliseconds=466
    round_trippers.go:632: I0903 11:56:10.963827] Response verb="POST" url="https://anb5751.id.integration-cyberark.cloud/Security/StartAuthentication" status="200 OK" milliseconds=608
    identity.go:303: I0903 11:56:10.964094] made successful request to StartAuthentication source="Identity.doStartAuthentication" summary="NewPackage"
    round_trippers.go:632: I0903 11:56:11.318450] Response verb="POST" url="https://anb5751.id.integration-cyberark.cloud/Security/AdvanceAuthentication" status="200 OK" milliseconds=354
    round_trippers.go:632: I0903 11:56:22.200393] Response verb="POST" url="https://anb5751.id.integration-cyberark.cloud/Security/StartAuthentication" status="200 OK" milliseconds=872
    identity.go:303: I0903 11:56:22.200528] made successful request to StartAuthentication source="Identity.doStartAuthentication" summary="NewPackage"
    round_trippers.go:632: I0903 11:56:22.643333] Response verb="POST" url="https://anb5751.id.integration-cyberark.cloud/Security/AdvanceAuthentication" status="200 OK" milliseconds=442
    round_trippers.go:632: I0903 11:56:32.841489] Response verb="POST" url="https://anb5751.id.integration-cyberark.cloud/Security/StartAuthentication" status="200 OK" milliseconds=197
    identity.go:303: I0903 11:56:32.841773] made successful request to StartAuthentication source="Identity.doStartAuthentication" summary="NewPackage"
    round_trippers.go:632: I0903 11:56:33.077864] Response verb="POST" url="https://anb5751.id.integration-cyberark.cloud/Security/AdvanceAuthentication" status="200 OK" milliseconds=235
    round_trippers.go:632: I0903 11:56:43.278994] Response verb="POST" url="https://anb5751.id.integration-cyberark.cloud/Security/StartAuthentication" status="200 OK" milliseconds=192
    identity.go:303: I0903 11:56:43.279196] made successful request to StartAuthentication source="Identity.doStartAuthentication" summary="NewPackage"
    round_trippers.go:632: I0903 11:56:43.413130] Response verb="POST" url="https://anb5751.id.integration-cyberark.cloud/Security/AdvanceAuthentication" status="200 OK" milliseconds=133

[mladen-rusev-cyberark]

I was not sure if I should check the Type and IsActive but I've added them. I don't understand the difference between Type main and crdr.

[wallrj-cyberark]

I'm not sure either. Let's merge as-is and adapt it if we learn more from the API team.

[mladen-rusev-cyberark]

We check for identityAPI but not for discoveryContextAPI. Was this intentional?

[wallrj-cyberark]

I thought about adding it, but didn't know what actionable message to return if it's not found.
Thanks for adding the TODO, lets address that in a future PR.

[wallrj-cyberark]

Thanks @mladen-rusev-cyberark

Looks great.

[wallrj-cyberark]

I thought about adding it, but didn't know what actionable message to return if it's not found.
Thanks for adding the TODO, lets address that in a future PR.

[wallrj-cyberark]

I'm not sure either. Let's merge as-is and adapt it if we learn more from the API team.

[wallrj-cyberark]

I tested this and it worked well:

$ go run pkg/internal/cyberark/identity/cmd/testidentity/main.go -subdomain $ARK_SUBDOMAIN -username $ARK_USERNAME
I0903 16:45:13.361918 1414535 round_trippers.go:632] "Response" verb="GET" url="https://platform-discovery.integration-cyberark.cloud/api/public/tenant-discovery?bySubdomain=tlskp-test" status="200 OK" milliseconds=354
I0903 16:45:13.905341 1414535 round_trippers.go:632] "Response" verb="POST" url="https://anb5751.id.integration-cyberark.cloud/Security/StartAuthentication" status="200 OK" milliseconds=536
I0903 16:45:13.906041 1414535 identity.go:303] "made successful request to StartAuthentication" source="Identity.doStartAuthentication" summary="NewPackage"
I0903 16:45:14.772488 1414535 round_trippers.go:632] "Response" verb="POST" url="https://anb5751.id.integration-cyberark.cloud/Security/AdvanceAuthentication" status="200 OK" milliseconds=866
I0903 16:45:14.773137 1414535 identity.go:419] "successfully completed AdvanceAuthentication request to CyberArk Identity; login complete" username="<REDACTED>"

[wallrj-cyberark]

@mladen-rusev-cyberark I'll merge this because I want to use it in my helm branch. Hope you don't mind.