root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Fix some test cases

This commit is contained in:
Marcial Rosales 2024-09-16 14:51:09 +02:00 committed by Marcial Rosales
parent 66d9323148
commit b5230f7afd
2 changed files with 104 additions and 280 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema vendored
View File

@ -130,7 +130,7 @@
{translation, {translation,
"rabbitmq_auth_backend_oauth2.key_config.signing_keys", "rabbitmq_auth_backend_oauth2.key_config.signing_keys",
fun(Conf) -> fun(Conf) ->
rabbit_oauth2_schema:translate_signing_keys(Conf) oauth2_schema:translate_signing_keys(Conf)
end}. end}.
{mapping, {mapping,
@ -170,7 +170,7 @@
{translation, "rabbitmq_auth_backend_oauth2.authorization_endpoint_params", {translation, "rabbitmq_auth_backend_oauth2.authorization_endpoint_params",
fun(Conf) -> fun(Conf) ->
rabbit_oauth2_schema:translate_authorization_endpoint_params(Conf) oauth2_schema:translate_authorization_endpoint_params(Conf)
end}. end}.
{mapping, {mapping,
@ -180,7 +180,7 @@
{translation, "rabbitmq_auth_backend_oauth2.oauth_providers", {translation, "rabbitmq_auth_backend_oauth2.oauth_providers",
fun(Conf) -> fun(Conf) ->
rabbit_oauth2_schema:translate_oauth_providers(Conf) oauth2_schema:translate_oauth_providers(Conf)
end}. end}.
{mapping, {mapping,
@ -317,7 +317,7 @@
{translation, "rabbitmq_auth_backend_oauth2.oauth_providers", {translation, "rabbitmq_auth_backend_oauth2.oauth_providers",
fun(Conf) -> fun(Conf) ->
rabbit_oauth2_schema:translate_oauth_providers(Conf) oauth2_schema:translate_oauth_providers(Conf)
end}. end}.
{mapping, {mapping,
@ -359,5 +359,5 @@
{translation, "rabbitmq_auth_backend_oauth2.resource_servers", {translation, "rabbitmq_auth_backend_oauth2.resource_servers",
fun(Conf) -> fun(Conf) ->
rabbit_oauth2_schema:translate_resource_servers(Conf) oauth2_schema:translate_resource_servers(Conf)
end}. end}.

374
deps/rabbitmq_auth_backend_oauth2/test/oauth_provider_SUITE.erl vendored
View File

@ -46,45 +46,25 @@ groups() -> [
replace_override_static_keys_with_newly_added_keys replace_override_static_keys_with_newly_added_keys
]} ]}
]}, ]},
{verify_oauth_provider_A, [], [ {verify_oauth_provider_A, [], verify_provider()},
internal_oauth_provider_A_has_no_default_key, {verify_oauth_provider_root, [], verify_provider()}
{oauth_provider_A_with_default_key, [], [ ].
internal_oauth_provider_A_has_default_key
]}, verify_provider() -> [
internal_oauth_provider_A_has_no_algorithms, internal_oauth_provider_has_no_default_key,
{oauth_provider_A_with_algorithms, [], [ {oauth_provider_with_default_key, [], [
internal_oauth_provider_A_has_algorithms internal_oauth_provider_has_default_key
]},
oauth_provider_A_with_jwks_uri_returns_error,
{oauth_provider_A_with_jwks_uri, [], [
oauth_provider_A_has_jwks_uri
]},
{oauth_provider_A_with_issuer, [], [
{oauth_provider_A_with_jwks_uri, [], [
oauth_provider_A_has_jwks_uri
]},
oauth_provider_A_has_to_discover_jwks_uri_endpoint
]}
]}, ]},
{verify_oauth_provider_root, [], [ internal_oauth_provider_has_no_algorithms,
internal_oauth_provider_root_has_no_default_key, {oauth_provider_with_algorithms, [], [
{with_default_key, [], [ internal_oauth_provider_has_algorithms
internal_oauth_provider_root_has_default_key ]},
]}, get_oauth_provider_with_jwks_uri_returns_error,
internal_oauth_provider_root_has_no_algorithms, {oauth_provider_with_jwks_uri, [], [
{with_algorithms, [], [ get_oauth_provider_has_jwks_uri
internal_oauth_provider_root_has_algorithms ]},
]}, {oauth_provider_with_issuer, [], [
oauth_provider_root_with_jwks_uri_returns_error, get_oauth_provider_has_jwks_uri
{with_jwks_uri, [], [
oauth_provider_root_has_jwks_uri
]},
{with_issuer, [], [
{with_jwks_uri, [], [
oauth_provider_root_has_jwks_uri
]},
oauth_provider_root_has_to_discover_jwks_uri_endpoint
]}
]} ]}
]. ].
@ -102,12 +82,6 @@ init_per_group(with_rabbitmq_node, Config) ->
]), ]),
rabbit_ct_helpers:run_steps(Config1, rabbit_ct_broker_helpers:setup_steps()); rabbit_ct_helpers:run_steps(Config1, rabbit_ct_broker_helpers:setup_steps());
init_per_group(with_default_key, Config) ->
KeyConfig = get_env(key_config, []),
set_env(key_config, proplists:delete(default_key, KeyConfig) ++
[{default_key,<<"default-key">>}]),
Config;
init_per_group(with_root_static_signing_keys, Config) -> init_per_group(with_root_static_signing_keys, Config) ->
KeyConfig = call_get_env(Config, key_config, []), KeyConfig = call_get_env(Config, key_config, []),
SigningKeys = #{ SigningKeys = #{
@ -132,13 +106,15 @@ init_per_group(with_static_signing_keys_for_specific_oauth_provider, Config) ->
OAuthProviders)), OAuthProviders)),
Config; Config;
init_per_group(with_jwks_url, Config) -> init_per_group(oauth_provider_with_jwks_uri, Config) ->
KeyConfig = get_env(key_config, []), URL = build_url_to_oauth_provider(<<"/keys">>),
set_env(key_config, KeyConfig ++ case ?config(oauth_provider_id) of
[{jwks_url,build_url_to_oauth_provider(<<"/keys">>)}]), root -> set_env(jkws_url, URL);
[{key_config_before_group_with_jwks_url, KeyConfig} | Config]; Id -> set_oauth_provider_properties(Id, [{jwks_uri, URL}])
end,
[{jwks_uri, URL} | Config];
init_per_group(with_issuer, Config) -> init_per_group(oauth_provider_with_issuer, Config) ->
{ok, _} = application:ensure_all_started(inets), {ok, _} = application:ensure_all_started(inets),
{ok, _} = application:ensure_all_started(ssl), {ok, _} = application:ensure_all_started(ssl),
application:ensure_all_started(cowboy), application:ensure_all_started(cowboy),
@ -151,61 +127,12 @@ init_per_group(with_issuer, Config) ->
start_https_oauth_server(?AUTH_PORT, CertsDir, ListOfExpectations), start_https_oauth_server(?AUTH_PORT, CertsDir, ListOfExpectations),
set_env(use_global_locks, false), set_env(use_global_locks, false),
set_env(issuer, IssuerUrl = build_url_to_oauth_provider(<<"/">>),
build_url_to_oauth_provider(<<"/">>)), case ?config(oauth_provider_id, Config) of
KeyConfig = get_env(key_config, []), root -> set_env(issuer, IssuerUrl);
set_env(key_config, Id -> set_oauth_provider_properties(Id,
KeyConfig ++ SslOptions), [{issuer, IssuerUrl}, {ssl_options, SslOptions}])
end,
[{key_config_before_group_with_issuer, KeyConfig},
{ssl_options, SslOptions} | Config];
init_per_group(with_oauth_providers_A_with_jwks_uri, Config) ->
set_env(oauth_providers,
#{<<"A">> => [
{issuer, build_url_to_oauth_provider(<<"/A">>) },
{jwks_uri,build_url_to_oauth_provider(<<"/A/keys">>) }
] } ),
Config;
init_per_group(with_oauth_providers_A_with_issuer, Config) ->
set_env(oauth_providers,
#{<<"A">> => [
{issuer, build_url_to_oauth_provider(<<"/A">>) },
{https, ?config(ssl_options, Config)}
] } ),
Config;
init_per_group(with_oauth_providers_A_B_with_jwks_uri, Config) ->
set_env(oauth_providers,
#{ <<"A">> => [
{issuer, build_url_to_oauth_provider(<<"/A">>) },
{jwks_uri, build_url_to_oauth_provider(<<"/A/keys">>)}
],
<<"B">> => [
{issuer, build_url_to_oauth_provider(<<"/B">>) },
{jwks_uri, build_url_to_oauth_provider(<<"/B/keys">>)}
] }),
Config;
init_per_group(with_oauth_providers_A_B_with_issuer, Config) ->
set_env(oauth_providers,
#{ <<"A">> => [
{issuer, build_url_to_oauth_provider(<<"/A">>) },
{https, ?config(ssl_options, Config)}
],
<<"B">> => [
{issuer, build_url_to_oauth_provider(<<"/B">>) },
{https, ?config(ssl_options, Config)}
] }),
Config;
init_per_group(with_default_oauth_provider_A, Config) ->
set_env(default_oauth_provider, <<"A">>),
Config;
init_per_group(with_default_oauth_provider_B, Config) ->
set_env(default_oauth_provider, <<"B">>),
Config; Config;
init_per_group(with_resource_server_id, Config) -> init_per_group(with_resource_server_id, Config) ->
@ -235,23 +162,6 @@ init_per_group(with_different_oauth_provider_for_each_resource, Config) ->
ResourceServers1)), ResourceServers1)),
Config; Config;
init_per_group(with_resource_servers, Config) ->
set_env(resource_servers,
#{?RABBITMQ_RESOURCE_ONE => [
{ key_config, [
{jwks_url,<<"https://oauth-for-rabbitmq1">> }
]}
],
?RABBITMQ_RESOURCE_TWO => [
{ key_config, [
{jwks_url,<<"https://oauth-for-rabbitmq2">> }
]}
],
<<"0">> => [ {id, <<"rabbitmq-0">> } ],
<<"1">> => [ {id, <<"rabbitmq-1">> } ]
}),
Config;
init_per_group(verify_oauth_provider_A, Config) -> init_per_group(verify_oauth_provider_A, Config) ->
set_env(oauth_providers, set_env(oauth_providers,
@ -259,7 +169,10 @@ init_per_group(verify_oauth_provider_A, Config) ->
{id, <<"A">>} {id, <<"A">>}
] ]
}), }),
Config; [{oauth_provider_id, <<"A">>} |Config];
init_per_group(verify_oauth_provider_root, Config) ->
[{oauth_provider_id, root} |Config];
init_per_group(_any, Config) -> init_per_group(_any, Config) ->
Config. Config.
@ -276,99 +189,20 @@ end_per_group(with_resource_server_id, Config) ->
unset_env(resource_server_id), unset_env(resource_server_id),
Config; Config;
end_per_group(with_verify_aud_false, Config) -> end_per_group(oauth_provider_with_issuer, Config) ->
unset_env(verify_aud), case ?config(oauth_provider_id, Config) of
Config; root -> unset_env(issuer);
Id -> unset_oauth_provider_properties(Id, [issuer])
end_per_group(with_verify_aud_false_for_resource_two, Config) -> end,
ResourceServers = get_env(resource_servers, #{}),
Proplist = maps:get(?RABBITMQ_RESOURCE_TWO, ResourceServers, []),
set_env(resource_servers, maps:put(?RABBITMQ_RESOURCE_TWO,
proplists:delete(verify_aud, Proplist), ResourceServers)),
Config;
end_per_group(with_empty_scope_prefix_for_resource_one, Config) ->
ResourceServers = get_env(resource_servers, #{}),
Proplist = maps:get(?RABBITMQ_RESOURCE_ONE, ResourceServers, []),
set_env(resource_servers, maps:put(?RABBITMQ_RESOURCE_ONE,
proplists:delete(scope_prefix, Proplist), ResourceServers)),
Config;
end_per_group(with_default_key, Config) ->
KeyConfig = get_env(key_config, []),
set_env(key_config, proplists:delete(default_key, KeyConfig)),
Config;
end_per_group(with_algorithms, Config) ->
KeyConfig = get_env(key_config, []),
set_env(key_config, proplists:delete(algorithms, KeyConfig)),
Config;
end_per_group(with_algorithms_for_provider_A, Config) ->
OAuthProviders = get_env(oauth_providers, #{}),
OAuthProvider = maps:get(<<"A">>, OAuthProviders, []),
set_env(oauth_providers, maps:put(<<"A">>,
proplists:delete(algorithms, OAuthProvider), OAuthProviders)),
Config;
end_per_group(with_jwks_url, Config) ->
KeyConfig = ?config(key_config_before_group_with_jwks_url, Config),
set_env(key_config, KeyConfig),
Config;
end_per_group(with_issuer, Config) ->
KeyConfig = ?config(key_config_before_group_with_issuer, Config),
unset_env(issuer),
set_env(key_config, KeyConfig),
stop_http_auth_server(), stop_http_auth_server(),
Config; Config;
end_per_group(with_oauth_providers_A_with_jwks_uri, Config) -> end_per_group(oauth_provider_with_default_key, Config) ->
unset_env(oauth_providers), DefaultKey = <<"default-key">>,
Config; case ?config(oauth_provider_id, Config) of
root -> unset_env(default_key);
end_per_group(with_oauth_providers_A_with_issuer, Config) -> Id -> unset_oauth_provider_properties(Id, [default_key])
unset_env(oauth_providers), end,
Config;
end_per_group(with_oauth_providers_A_B_with_jwks_uri, Config) ->
unset_env(oauth_providers),
Config;
end_per_group(with_oauth_providers_A_B_with_issuer, Config) ->
unset_env(oauth_providers),
Config;
end_per_group(with_oauth_providers_A, Config) ->
unset_env(oauth_providers),
Config;
end_per_group(with_oauth_providers_A_B, Config) ->
unset_env(oauth_providers),
Config;
end_per_group(with_default_oauth_provider_B, Config) ->
unset_env(default_oauth_provider),
Config;
end_per_group(with_default_oauth_provider_A, Config) ->
unset_env(default_oauth_provider),
Config;
end_per_group(get_oauth_provider_for_resource_server_id, Config) ->
unset_env(resource_server_id),
Config;
end_per_group(with_resource_servers_and_resource_server_id, Config) ->
unset_env(resource_server_id),
Config;
end_per_group(with_resource_servers, Config) ->
unset_env(resource_servers),
Config;
end_per_group(with_root_scope_prefix, Config) ->
unset_env(scope_prefix),
Config; Config;
end_per_group(_any, Config) -> end_per_group(_any, Config) ->
@ -388,19 +222,19 @@ call_add_signing_key(Config, Args) ->
rabbit_ct_broker_helpers:rpc(Config, 0, oauth_provider, add_signing_key, Args). rabbit_ct_broker_helpers:rpc(Config, 0, oauth_provider, add_signing_key, Args).
call_get_signing_keys(Config, Args) -> call_get_signing_keys(Config, Args) ->
rabbit_ct_broker_helpers:rpc(Config, 0, rabbit_oauth2_config, get_signing_keys, Args). rabbit_ct_broker_helpers:rpc(Config, 0, oauth_provider, get_signing_keys, Args).
call_get_signing_keys(Config) -> call_get_signing_keys(Config) ->
call_get_signing_keys(Config, []). call_get_signing_keys(Config, []).
call_get_signing_key(Config, Args) -> call_get_signing_key(Config, Args) ->
rabbit_ct_broker_helpers:rpc(Config, 0, rabbit_oauth2_config, get_signing_key, Args). rabbit_ct_broker_helpers:rpc(Config, 0, oauth_provider, get_signing_key, Args).
call_add_signing_keys(Config, Args) -> call_add_signing_keys(Config, Args) ->
rabbit_ct_broker_helpers:rpc(Config, 0, rabbit_oauth2_config, add_signing_keys, Args). rabbit_ct_broker_helpers:rpc(Config, 0, oauth_provider, add_signing_keys, Args).
call_replace_signing_keys(Config, Args) -> call_replace_signing_keys(Config, Args) ->
rabbit_ct_broker_helpers:rpc(Config, 0, rabbit_oauth2_config, replace_signing_keys, Args). rabbit_ct_broker_helpers:rpc(Config, 0, oauth_provider, replace_signing_keys, Args).
%% ----- Test cases %% ----- Test cases
@ -515,70 +349,44 @@ get_algorithms_for_provider_A(Config) ->
Algorithms = OAuthProvider#internal_oauth_provider.algorithms, Algorithms = OAuthProvider#internal_oauth_provider.algorithms,
?assertEqual(?config(algorithms, Config), Algorithms). ?assertEqual(?config(algorithms, Config), Algorithms).
get_oauth_provider_root_with_jwks_uri_should_fail(_Config) ->
{error, _Message} = get_oauth_provider(root, [jwks_uri]).
get_oauth_provider_A_with_jwks_uri_should_fail(_Config) ->
{error, _Message} = get_oauth_provider(<<"A">>, [jwks_uri]).
get_oauth_provider_should_return_root_oauth_provider_with_jwks_uri(_Config) ->
{ok, OAuthProvider} = get_oauth_provider(root, [jwks_uri]),
?assertEqual(build_url_to_oauth_provider(<<"/keys">>),
OAuthProvider#oauth_provider.jwks_uri).
get_oauth_provider_for_both_resources_should_return_root_oauth_provider(_Config) ->
{ok, OAuthProvider} = get_oauth_provider(root, [jwks_uri]),
?assertEqual(build_url_to_oauth_provider(<<"/keys">>),
OAuthProvider#oauth_provider.jwks_uri).
get_oauth_provider_for_resource_one_should_return_oauth_provider_A(_Config) ->
{ok, OAuthProvider} = get_oauth_provider(<<"A">>, [jwks_uri]),
?assertEqual(build_url_to_oauth_provider(<<"/A/keys">>),
OAuthProvider#oauth_provider.jwks_uri).
get_oauth_provider_for_both_resources_should_return_oauth_provider_A(_Config) ->
{ok, OAuthProvider} = get_oauth_provider(<<"A">>, [jwks_uri]),
?assertEqual(build_url_to_oauth_provider(<<"/A/keys">>),
OAuthProvider#oauth_provider.jwks_uri).
get_oauth_provider_for_resource_two_should_return_oauth_provider_B(_Config) ->
{ok, OAuthProvider} = get_oauth_provider(<<"B">>, [jwks_uri]),
?assertEqual(build_url_to_oauth_provider(<<"/B/keys">>),
OAuthProvider#oauth_provider.jwks_uri).
get_oauth_provider_should_return_root_oauth_provider_with_all_discovered_endpoints(_Config) ->
{ok, OAuthProvider} = get_oauth_provider(root, [jwks_uri]),
?assertEqual(build_url_to_oauth_provider(<<"/keys">>),
OAuthProvider#oauth_provider.jwks_uri),
?assertEqual(build_url_to_oauth_provider(<<"/">>),
OAuthProvider#oauth_provider.issuer).
append_paths(Path1, Path2) -> append_paths(Path1, Path2) ->
erlang:iolist_to_binary([Path1, Path2]). erlang:iolist_to_binary([Path1, Path2]).
get_oauth_provider_should_return_oauth_provider_B_with_jwks_uri(_Config) ->
{ok, OAuthProvider} = get_oauth_provider(<<"B">>, [jwks_uri]),
?assertEqual(build_url_to_oauth_provider(<<"/B/keys">>),
OAuthProvider#oauth_provider.jwks_uri).
get_oauth_provider_should_return_oauth_provider_B_with_all_discovered_endpoints(_Config) ->
{ok, OAuthProvider} = get_oauth_provider(<<"B">>, [jwks_uri]),
?assertEqual(build_url_to_oauth_provider(<<"/B/keys">>),
OAuthProvider#oauth_provider.jwks_uri),
?assertEqual(build_url_to_oauth_provider(<<"/B">>),
OAuthProvider#oauth_provider.issuer).
get_oauth_provider_should_return_oauth_provider_A_with_jwks_uri(_Config) -> internal_oauth_provider_has_no_default_key(Config) ->
{ok, OAuthProvider} = get_oauth_provider(<<"A">>, [jwks_uri]), InternalOAuthProvider = get_internal_oauth_provider(
?assertEqual(build_url_to_oauth_provider(<<"/A/keys">>), ?config(oauth_provider_id, Config)),
OAuthProvider#oauth_provider.jwks_uri). ?assertEqual(undefined,
InternalOAuthProvider#internal_oauth_provider.default_key).
internal_oauth_provider_has_default_key(Config) ->
InternalOAuthProvider = get_internal_oauth_provider(
?config(oauth_provider_id, Config)),
?assertEqual(?config(default_key, Config),
InternalOAuthProvider#internal_oauth_provider.default_key).
internal_oauth_provider_has_no_algorithms(Config) ->
InternalOAuthProvider = get_internal_oauth_provider(
?config(oauth_provider_id, Config)),
?assertEqual(undefined,
InternalOAuthProvider#internal_oauth_provider.algorithms).
internal_oauth_provider_has_algorithms(Config) ->
InternalOAuthProvider = get_internal_oauth_provider(
?config(oauth_provider_id, Config)),
?assertEqual(?config(algorithms, Config),
InternalOAuthProvider#internal_oauth_provider.algorithms).
get_oauth_provider_with_jwks_uri_returns_error(Config) ->
{error, _} = get_oauth_provider(
?config(oauth_provider_id, Config), [jwks_uri]).
get_oauth_provider_has_jwks_uri(Config) ->
OAuthProvider = get_oauth_provider(
?config(oauth_provider_id, Config), [jwks_uri]),
?assertEqual(?config(jwks_uri, Config), OAuthProvider#oauth_provider.jwks_uri).
get_oauth_provider_should_return_oauth_provider_A_with_all_discovered_endpoints(_Config) ->
{ok, OAuthProvider} = get_oauth_provider(<<"A">>, [jwks_uri]),
?assertEqual(build_url_to_oauth_provider(<<"/A/keys">>),
OAuthProvider#oauth_provider.jwks_uri),
?assertEqual(build_url_to_oauth_provider(<<"/A">>),
OAuthProvider#oauth_provider.issuer).
%% ---- Utility functions %% ---- Utility functions
@ -666,6 +474,22 @@ build_url_to_oauth_provider(Path) ->
stop_http_auth_server() -> stop_http_auth_server() ->
cowboy:stop_listener(mock_http_auth_listener). cowboy:stop_listener(mock_http_auth_listener).
set_oauth_provider_properties(OAuthProviderId, Proplist) ->
OAuthProviders = get_env(oauth_providers, #{}),
CurProplist = maps:get(OAuthProviderId, OAuthProviders),
CurMap = proplists:to_map(CurProplist),
Map = proplists:to_map(Proplist),
set_env(oauth_providers, maps:put(OAuthProviderId, maps:to_list(maps:merge(CurMap, Map)),
OAuthProviders)).
unset_oauth_provider_properties(OAuthProviderId, PropertyNameList) ->
OAuthProviders = get_env(oauth_providers, #{}),
CurProplist = maps:get(OAuthProviderId, OAuthProviders),
CurMap = proplists:to_map(CurProplist),
set_env(oauth_provider, maps:put(OAuthProviderId,
maps:filter(fun(K,V) -> not proplists:is_defined(K, PropertyNameList) end, CurMap),
OAuthProviders)).
-spec ssl_options(ssl:verify_type(), boolean(), file:filename()) -> list(). -spec ssl_options(ssl:verify_type(), boolean(), file:filename()) -> list().
ssl_options(PeerVerification, FailIfNoPeerCert, CaCertFile) -> ssl_options(PeerVerification, FailIfNoPeerCert, CaCertFile) ->
[{verify, PeerVerification}, [{verify, PeerVerification},