Update better configuration names

- "strict" changes to "https.peer_verification" - "cacertfile" changes to "https.cacertfile"
2021-12-09 16:51:18 +07:00 · 2021-12-09 16:51:18 +07:00 · 1615cbfb8b
parent dd685f1179
commit 1615cbfb8b
4 changed files with 17 additions and 21 deletions
--- a/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema
+++ b/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema
@ -84,12 +84,12 @@
 [{datatype, string}, {validators, ["uri", "https_uri"]}]}.

 {mapping,
- "auth_oauth2.strict",
- "rabbitmq_auth_backend_oauth2.key_config.strict",
- [{datatype, {enum, [true, false]}}]}.
+ "auth_oauth2.https.peer_verification",
+ "rabbitmq_auth_backend_oauth2.key_config.peer_verification",
+ [{datatype, {enum, [verify_peer, verify_none]}}]}.

 {mapping,
- "auth_oauth2.cacertfile",
+ "auth_oauth2.https.cacertfile",
 "rabbitmq_auth_backend_oauth2.key_config.cacertfile",
 [{datatype, file}, {validators, ["file_accessible"]}]}.

--- a/deps/rabbitmq_auth_backend_oauth2/src/uaa_jwt.erl
+++ b/deps/rabbitmq_auth_backend_oauth2/src/uaa_jwt.erl
@ -71,14 +71,10 @@ update_jwks_signing_keys() ->
 -spec fetch_keys(binary() | list()) -> {ok, term()} | {error, term()}.
 fetch_keys(JwksUrl) ->
    UaaEnv = application:get_env(?APP, key_config, []),
-    case proplists:get_value(strict, UaaEnv, true) of
-        false ->
-            httpc:request(JwksUrl);
-        true ->
-            CaCertFile = proplists:get_value(cacertfile, UaaEnv),
-            SslOpts = [{verify, verify_peer}, {cacertfile, CaCertFile}, {fail_if_no_peer_cert, true}],
-            httpc:request(get, {JwksUrl, []}, [{ssl, SslOpts}], [])
-    end.
+    PeerVerification = proplists:get_value(peer_verification, UaaEnv, verify_peer),
+    CaCertFile = proplists:get_value(cacertfile, UaaEnv),
+    SslOpts = [{verify, PeerVerification}, {cacertfile, CaCertFile}],
+    httpc:request(get, {JwksUrl, []}, [{ssl, SslOpts}], []).

 -spec decode_and_verify(binary()) -> {boolean(), map()} | {error, term()}.
 decode_and_verify(Token) ->
--- a/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/rabbitmq_auth_backend_oauth2.snippets
+++ b/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/rabbitmq_auth_backend_oauth2.snippets
@ -6,8 +6,8 @@
        auth_oauth2.signing_keys.id1 = test/config_schema_SUITE_data/certs/key.pem
        auth_oauth2.signing_keys.id2 = test/config_schema_SUITE_data/certs/cert.pem
        auth_oauth2.jwks_url = https://my-jwt-issuer/jwks.json
-        auth_oauth2.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem
-        auth_oauth2.strict = false
+        auth_oauth2.https.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem
+        auth_oauth2.https.peer_verification = verify_none
        auth_oauth2.algorithms.1 = HS256
        auth_oauth2.algorithms.2 = RS256",
        [
@ -24,7 +24,7 @@
            },
            {jwks_url, "https://my-jwt-issuer/jwks.json"},
            {cacertfile, "test/config_schema_SUITE_data/certs/cacert.pem"},
-            {strict, false},
+            {peer_verification, verify_none},
            {algorithms, [<<"HS256">>, <<"RS256">>]}
            ]
            }
--- a/deps/rabbitmq_auth_backend_oauth2/test/jwks_SUITE.erl
+++ b/deps/rabbitmq_auth_backend_oauth2/test/jwks_SUITE.erl
@ -23,7 +23,7 @@ all() ->
     {group, happy_path},
     {group, unhappy_path},
     {group, unvalidated_jwks_server},
-     {group, non_strict_mode}
+     {group, no_peer_verification}
    ].

 groups() ->
@ -49,7 +49,7 @@ groups() ->
                         test_failed_token_refresh_case2
                        ]},
     {unvalidated_jwks_server, [], [test_failed_connection_with_unvalidated_jwks_server]},
-     {non_strict_mode, [], [{group, happy_path}, {group, unhappy_path}]}
+     {no_peer_verification, [], [{group, happy_path}, {group, unhappy_path}]}
    ].

 %%
@ -75,9 +75,9 @@ end_per_suite(Config) ->
        fun stop_jwks_server/1
      ] ++ rabbit_ct_broker_helpers:teardown_steps()).

-init_per_group(non_strict_mode, Config) ->
+init_per_group(no_peer_verification, Config) ->
    add_vhosts(Config),
-    KeyConfig = rabbit_ct_helpers:set_config(?config(key_config, Config), [{jwks_url, ?config(non_strict_jwks_url, Config)}, {strict, false}]),
+    KeyConfig = rabbit_ct_helpers:set_config(?config(key_config, Config), [{jwks_url, ?config(non_strict_jwks_url, Config)}, {peer_verification, verify_none}]),
    ok = rabbit_ct_broker_helpers:rpc(Config, 0, application, set_env, [rabbitmq_auth_backend_oauth2, key_config, KeyConfig]),
    rabbit_ct_helpers:set_config(Config, {key_config, KeyConfig});

@ -85,9 +85,9 @@ init_per_group(_Group, Config) ->
    add_vhosts(Config),
    Config.

-end_per_group(non_strict_mode, Config) ->
+end_per_group(no_peer_verification, Config) ->
    delete_vhosts(Config),
-    KeyConfig = rabbit_ct_helpers:set_config(?config(key_config, Config), [{jwks_url, ?config(strict_jwks_url, Config)}, {strict, true}]),
+    KeyConfig = rabbit_ct_helpers:set_config(?config(key_config, Config), [{jwks_url, ?config(strict_jwks_url, Config)}, {peer_verification, verify_peer}]),
    ok = rabbit_ct_broker_helpers:rpc(Config, 0, application, set_env, [rabbitmq_auth_backend_oauth2, key_config, KeyConfig]),
    rabbit_ct_helpers:set_config(Config, {key_config, KeyConfig});