root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fix schema mapping issues 

And location of cert files when running
multioauth test suites locally
This commit is contained in:
Marcial Rosales 2024-09-24 13:15:45 +02:00 committed by Marcial Rosales
parent 6e74d8b60e
commit 4b7f8b28e2
7 changed files with 53 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
deps/rabbitmq_management/src/rabbit_mgmt_schema.erl vendored
View File

@ -21,7 +21,6 @@ extract_value({_Name,V}) -> V.
translate_oauth_resource_servers(Conf) -> translate_oauth_resource_servers(Conf) ->
Settings = cuttlefish_variable:filter_by_prefix( Settings = cuttlefish_variable:filter_by_prefix(
"management.oauth_resource_servers", Conf), "management.oauth_resource_servers", Conf),
rabbit_log:debug("Settings: ~p", [Settings]),
Map = merge_list_of_maps([ Map = merge_list_of_maps([
extract_resource_server_properties(Settings), extract_resource_server_properties(Settings),
extract_resource_server_endpoint_params(oauth_authorization_endpoint_params, Settings), extract_resource_server_endpoint_params(oauth_authorization_endpoint_params, Settings),
@ -45,23 +44,23 @@ merge_list_of_maps(ListOfMaps) ->
lists:foldl(fun(Elem, AccIn) -> maps:merge_with(fun(_K,V1,V2) -> V1 ++ V2 end, lists:foldl(fun(Elem, AccIn) -> maps:merge_with(fun(_K,V1,V2) -> V1 ++ V2 end,
Elem, AccIn) end, #{}, ListOfMaps). Elem, AccIn) end, #{}, ListOfMaps).
convert_list_to_binary(V) when is_list(V) ->
list_to_binary(V);
convert_list_to_binary(V) ->
V.
extract_resource_server_properties(Settings) -> extract_resource_server_properties(Settings) ->
KeyFun = fun extract_key/1, KeyFun = fun extract_key_as_binary/1,
ValueFun = fun extract_value/1, ValueFun = fun extract_value/1,
OAuthProviders = [{Name, {list_to_atom(Key), V}} OAuthResourceServers = [{Name, {list_to_atom(Key), convert_list_to_binary(V)}}
|| {["management","oauth_resource_servers", Name, Key], V} <- Settings ], || {["management","oauth_resource_servers", Name, Key], V} <- Settings ],
rabbit_log:debug("extract_resource_server_properties ~p", [Settings]), maps:groups_from_list(KeyFun, ValueFun, OAuthResourceServers).
Result = maps:groups_from_list(KeyFun, ValueFun, OAuthProviders),
rabbit_log:debug("extract_resource_server_properties -> ~p", [Result]),
Result.
extract_resource_server_endpoint_params(Variable, Settings) -> extract_resource_server_endpoint_params(Variable, Settings) ->
KeyFun = fun extract_key/1, KeyFun = fun extract_key_as_binary/1,
rabbit_log:debug("extract_resource_server_endpoint_params ~p ~p", [Variable, Settings]),
IndexedParams = [{Name, {list_to_binary(ParamName), list_to_binary(V)}} || IndexedParams = [{Name, {list_to_binary(ParamName), list_to_binary(V)}} ||
{["management","oauth_resource_servers", Name, EndpointVar, ParamName], V} {["management","oauth_resource_servers", Name, EndpointVar, ParamName], V}
<- Settings, EndpointVar == atom_to_list(Variable) ], <- Settings, EndpointVar == atom_to_list(Variable) ],

3
deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl vendored
View File

@ -80,6 +80,9 @@ extract_oauth2_and_mgt_resources(OAuth2BackendProps, ManagementProps) ->
MgtResources = maps:map( MgtResources = maps:map(
fun(K,V) -> merge_oauth_provider_info(maps:get(K, OAuth2Resources, #{}), V, ManagementProps) end, fun(K,V) -> merge_oauth_provider_info(maps:get(K, OAuth2Resources, #{}), V, ManagementProps) end,
skip_disabled_mgt_resource_servers(MgtResources1)), skip_disabled_mgt_resource_servers(MgtResources1)),
rabbit_log:debug("ManagementProps: ~p", [ManagementProps]),
rabbit_log:debug("extract_oauth2_and_mgt_resources OAuth2Resources: ~p, MgtResources0: ~p MgtResources1: ~p MgtResources: ~p",
[OAuth2Resources, MgtResources0, MgtResources1, MgtResources]),
case maps:size(MgtResources) of case maps:size(MgtResources) of
0 -> {}; 0 -> {};
_ -> {MgtResources} _ -> {MgtResources}

28
deps/rabbitmq_management/test/config_schema_SUITE_data/rabbitmq_management.snippets vendored
View File

@ -636,7 +636,7 @@
{oauth_scopes, "openid profile rabbitmq.*"}, {oauth_scopes, "openid profile rabbitmq.*"},
{oauth_initiated_logon_type, idp_initiated}, {oauth_initiated_logon_type, idp_initiated},
{oauth_token_endpoint_params, [ {oauth_token_endpoint_params, [
{"param2", <<"value2">>} {<<"param2">>, <<"value2">>}
]} ]}
]} ]}
], [rabbitmq_management] ], [rabbitmq_management]
@ -660,28 +660,28 @@
{oauth_enabled, true}, {oauth_enabled, true},
{oauth_resource_servers, {oauth_resource_servers,
#{ #{
"3" => [ <<"3">> => [
{oauth_provider_url, "http://three"}, {oauth_provider_url, <<"http://three">>},
{oauth_initiated_logon_type, idp_initiated}, {oauth_initiated_logon_type, idp_initiated},
{id, "3"} {id, <<"3">>}
], ],
"resource-one" => [ <<"resource-one">> => [
{oauth_token_endpoint_params, [ {oauth_token_endpoint_params, [
{<<"param2">>, <<"value2">>} {<<"param2">>, <<"value2">>}
]}, ]},
{oauth_scopes, "openid profile rabbitmq.*"}, {oauth_scopes, <<"openid profile rabbitmq.*">>},
{oauth_client_id, "one"}, {oauth_client_id, <<"one">>},
{label, "One"}, {label, <<"One">>},
{id, "resource-one"}, {id, <<"resource-one">>},
{oauth_provider_url, "http://one:8080"} {oauth_provider_url, <<"http://one:8080">>}
], ],
"resource-two" => [ <<"resource-two">> => [
{oauth_authorization_endpoint_params, [ {oauth_authorization_endpoint_params, [
{<<"param1">>, <<"value1">>} {<<"param1">>, <<"value1">>}
]}, ]},
{oauth_client_id, "two"}, {oauth_client_id, <<"two">>},
{id, "resource-two"}, {id, <<"resource-two">>},
{oauth_provider_url, "http://two"} {oauth_provider_url, <<"http://two">>}
] ]
} }
} }

16
deps/rabbitmq_management/test/rabbit_mgmt_schema_SUITE.erl vendored
View File

@ -46,8 +46,8 @@ test_with_one_resource_server(_) ->
{["management","oauth_resource_servers","rabbitmq1","id"],"rabbitmq1"} {["management","oauth_resource_servers","rabbitmq1","id"],"rabbitmq1"}
], ],
#{ #{
"rabbitmq1" := [ <<"rabbitmq1">> := [
{id, "rabbitmq1"} {id, <<"rabbitmq1">>}
] ]
} = translate_oauth_resource_servers(Conf). } = translate_oauth_resource_servers(Conf).
@ -57,13 +57,13 @@ test_with_many_resource_servers(_) ->
{["management","oauth_resource_servers","uaa","label"],"Uaa"} {["management","oauth_resource_servers","uaa","label"],"Uaa"}
], ],
#{ #{
"keycloak" := [ <<"keycloak">> := [
{label, "Keycloak"}, {label, <<"Keycloak">>},
{id, "keycloak"} {id, <<"keycloak">>}
], ],
"uaa" := [ <<"uaa">> := [
{label, "Uaa"}, {label, <<"Uaa">>},
{id, "uaa"} {id, <<"uaa">>}
] ]
} = translate_oauth_resource_servers(Conf). } = translate_oauth_resource_servers(Conf).

19
deps/rabbitmq_management/test/rabbit_mgmt_wm_auth_SUITE.erl vendored
View File

@ -22,6 +22,7 @@ all() ->
{group, verify_mgt_oauth_provider_url_with_single_resource_and_another_resource}, {group, verify_mgt_oauth_provider_url_with_single_resource_and_another_resource},
{group, verify_end_session_endpoint_with_single_resource}, {group, verify_end_session_endpoint_with_single_resource},
{group, verify_end_session_endpoint_with_single_resource_and_another_resource}, {group, verify_end_session_endpoint_with_single_resource_and_another_resource},
{group, verify_multi_resource_and_provider},
{group, verify_oauth_initiated_logon_type_for_sp_initiated}, {group, verify_oauth_initiated_logon_type_for_sp_initiated},
{group, verify_oauth_initiated_logon_type_for_idp_initiated}, {group, verify_oauth_initiated_logon_type_for_idp_initiated},
{group, verify_oauth_disable_basic_auth}, {group, verify_oauth_disable_basic_auth},
@ -31,6 +32,22 @@ all() ->
groups() -> groups() ->
[ [
{verify_multi_resource_and_provider, [], [
{with_oauth_enabled, [], [
{with_oauth_providers_idp1_idp2, [], [
{with_default_oauth_provider_idp1, [], [
{with_resource_server_a, [], [
should_return_disabled_auth_settings,
{with_mgt_resource_server_a_with_client_id_x, [], [
should_return_oauth_enabled,
should_return_oauth_resource_server_a_with_client_id_x
]}
]}
]}
]}
]}
]},
{without_any_settings, [], [ {without_any_settings, [], [
should_return_disabled_auth_settings should_return_disabled_auth_settings
]}, ]},
@ -325,7 +342,6 @@ groups() ->
{with_mgt_resource_server_a_with_token_endpoint_params_1, [], [ {with_mgt_resource_server_a_with_token_endpoint_params_1, [], [
should_return_mgt_oauth_resource_a_with_token_endpoint_params_1 should_return_mgt_oauth_resource_a_with_token_endpoint_params_1
]} ]}
]} ]}
]} ]}
]} ]}
@ -452,6 +468,7 @@ init_per_group(with_mgt_resource_server_a_with_client_id_x, Config) ->
set_attribute_in_entry_for_env_variable(rabbitmq_management, oauth_resource_servers, set_attribute_in_entry_for_env_variable(rabbitmq_management, oauth_resource_servers,
?config(a, Config), oauth_client_id, ?config(x, Config)), ?config(a, Config), oauth_client_id, ?config(x, Config)),
Config; Config;
init_per_group(with_default_oauth_provider_idp1, Config) -> init_per_group(with_default_oauth_provider_idp1, Config) ->
set_env(rabbitmq_auth_backend_oauth2, default_oauth_provider, ?config(idp1, Config)), set_env(rabbitmq_auth_backend_oauth2, default_oauth_provider, ?config(idp1, Config)),
Config; Config;

2
selenium/test/multi-oauth/env.local.devkeycloak
View File

@ -1,2 +1,2 @@
export DEVKEYCLOAK_URL=https://localhost:8442/realms/dev export DEVKEYCLOAK_URL=https://localhost:8442/realms/dev
export DEVKEYCLOAK_CA_CERT=test/multi-oauth/devkeycloak/ca_certificate.pem export DEVKEYCLOAK_CA_CERT=${SELENIUM}/test/multi-oauth/devkeycloak/ca_certificate.pem

2
selenium/test/multi-oauth/env.local.prodkeycloak
View File

@ -1,2 +1,2 @@
export PRODKEYCLOAK_URL=https://localhost:8443/realms/prod export PRODKEYCLOAK_URL=https://localhost:8443/realms/prod
export PRODKEYCLOAK_CA_CERT=test/multi-oauth/prodkeycloak/ca_certificate.pem export PRODKEYCLOAK_CA_CERT=${SELENIUM}/test/multi-oauth/prodkeycloak/ca_certificate.pem