Configure scope_aliases also per resource_server
This commit is contained in:
Marcial Rosales
Michael Klishin
parent
3e81cfa89d
commit
b966ab7b72
|
|
@ -375,6 +375,21 @@
|
|||
[{datatype, string}]
|
||||
}.
|
||||
|
||||
{mapping,
|
||||
"auth_oauth2.resource_servers.$name.scope_aliases.$alias",
|
||||
"rabbitmq_auth_backend_oauth2.resource_servers",
|
||||
[{datatype, string}]}.
|
||||
|
||||
{mapping,
|
||||
"auth_oauth2.resource_servers.$name.scope_aliases.$index.alias",
|
||||
"rabbitmq_auth_backend_oauth2.resource_servers",
|
||||
[{datatype, string}]}.
|
||||
|
||||
{mapping,
|
||||
"auth_oauth2.resource_servers.$name.scope_aliases.$index.scope",
|
||||
"rabbitmq_auth_backend_oauth2.resource_servers",
|
||||
[{datatype, string}]}.
|
||||
|
||||
{mapping,
|
||||
"auth_oauth2.resource_servers.$name.oauth_provider_id",
|
||||
"rabbitmq_auth_backend_oauth2.resource_servers",
|
||||
|
|
|
|||
|
|
@ -78,13 +78,60 @@ extract_scope_alias_mapping(Proplist) ->
|
|||
_ = V -> V
|
||||
end.
|
||||
|
||||
extract_resource_server_scope_aliases_as_list_of_props(Settings) ->
|
||||
KeyFun = fun extract_key_as_binary/1,
|
||||
ValueFun = fun extract_value/1,
|
||||
|
||||
List0 = [
|
||||
{
|
||||
Name,
|
||||
{Index, {list_to_atom(Attr), V}}
|
||||
} ||
|
||||
{[
|
||||
?AUTH_OAUTH2, ?RESOURCE_SERVERS, Name, ?SCOPE_ALIASES,
|
||||
Index, Attr
|
||||
], V
|
||||
} <- Settings ],
|
||||
Map0 = maps:groups_from_list(KeyFun, ValueFun, List0),
|
||||
|
||||
Map4 = maps:map(fun (_, L) ->
|
||||
Map2 = maps:map(fun (_, L2) -> extract_scope_alias_mapping(L2) end,
|
||||
maps:groups_from_list(KeyFun, ValueFun, L)),
|
||||
Map3 = maps:filter(fun (_,V) -> V =/= {} end, Map2),
|
||||
[{scope_aliases, maps:from_list([ V || {_, V} <- maps:to_list(Map3)])}]
|
||||
end, Map0),
|
||||
|
||||
Map4.
|
||||
|
||||
extract_resource_server_scope_aliases_as_map(Settings) ->
|
||||
KeyFun = fun extract_key_as_binary/1,
|
||||
ValueFun = fun extract_value/1,
|
||||
|
||||
List0 = [
|
||||
{
|
||||
Name,
|
||||
{
|
||||
list_to_binary(Alias),
|
||||
convert_space_separated_string_to_list_of_binaries(Scope)
|
||||
}
|
||||
} ||
|
||||
{[
|
||||
?AUTH_OAUTH2, ?RESOURCE_SERVERS, Name, ?SCOPE_ALIASES,
|
||||
Alias
|
||||
], Scope
|
||||
} <- Settings ],
|
||||
Map0 = maps:groups_from_list(KeyFun, ValueFun, List0),
|
||||
maps:map(fun (_, L) -> [{scope_aliases, maps:from_list(L)}] end, Map0).
|
||||
|
||||
-spec translate_resource_servers([{list(), binary()}]) -> map().
|
||||
translate_resource_servers(Conf) ->
|
||||
Settings = cuttlefish_variable:filter_by_prefix(
|
||||
?AUTH_OAUTH2_RESOURCE_SERVERS, Conf),
|
||||
Map = merge_list_of_maps([
|
||||
extract_resource_server_properties(Settings),
|
||||
extract_resource_server_preferred_username_claims(Settings)
|
||||
extract_resource_server_preferred_username_claims(Settings),
|
||||
extract_resource_server_scope_aliases_as_list_of_props(Settings),
|
||||
extract_resource_server_scope_aliases_as_map(Settings)
|
||||
]),
|
||||
Map0 = maps:map(fun(K,V) ->
|
||||
case proplists:get_value(id, V) of
|
||||
|
|
@ -97,7 +144,8 @@ translate_resource_servers(Conf) ->
|
|||
|
||||
-spec translate_oauth_providers([{list(), binary()}]) -> map().
|
||||
translate_oauth_providers(Conf) ->
|
||||
Settings = cuttlefish_variable:filter_by_prefix(?AUTH_OAUTH2_OAUTH_PROVIDERS, Conf),
|
||||
Settings = cuttlefish_variable:filter_by_prefix(
|
||||
?AUTH_OAUTH2_OAUTH_PROVIDERS, Conf),
|
||||
|
||||
merge_list_of_maps([
|
||||
extract_oauth_providers_properties(Settings),
|
||||
|
|
|
|||
|
|
@ -236,5 +236,81 @@
|
|||
}}
|
||||
]}
|
||||
], []
|
||||
},
|
||||
{scope_aliases_3,
|
||||
"auth_oauth2.resource_server_id = new_resource_server_id
|
||||
auth_oauth2.resource_servers.a.scope_aliases.admin = rabbitmq.tag:administrator
|
||||
auth_oauth2.resource_servers.a.scope_aliases.developer = rabbitmq.tag:management rabbitmq.read:*/*
|
||||
auth_oauth2.resource_servers.b.scope_aliases.admin_b = rabbitmq.tag:administrator
|
||||
auth_oauth2.resource_servers.b.scope_aliases.developer_b = rabbitmq.tag:management rabbitmq.read:*/*",
|
||||
[
|
||||
{rabbitmq_auth_backend_oauth2, [
|
||||
{resource_server_id,<<"new_resource_server_id">>},
|
||||
{resource_servers, #{
|
||||
<<"a">> => [
|
||||
{scope_aliases, #{
|
||||
<<"admin">> => [
|
||||
<<"rabbitmq.tag:administrator">>
|
||||
],
|
||||
<<"developer">> => [
|
||||
<<"rabbitmq.tag:management">>,
|
||||
<<"rabbitmq.read:*/*">>
|
||||
]
|
||||
}},
|
||||
{id, <<"a">>}
|
||||
],
|
||||
<<"b">> => [
|
||||
{scope_aliases, #{
|
||||
<<"admin_b">> => [
|
||||
<<"rabbitmq.tag:administrator">>
|
||||
],
|
||||
<<"developer_b">> => [
|
||||
<<"rabbitmq.tag:management">>,
|
||||
<<"rabbitmq.read:*/*">>
|
||||
]
|
||||
}},
|
||||
{id, <<"b">>}
|
||||
]
|
||||
}
|
||||
}
|
||||
]}
|
||||
], []
|
||||
},
|
||||
{scope_aliases_4,
|
||||
"auth_oauth2.resource_server_id = new_resource_server_id
|
||||
auth_oauth2.resource_servers.b.scope_aliases.1.alias = admin_b
|
||||
auth_oauth2.resource_servers.b.scope_aliases.1.scope = rabbitmq.tag:administrator
|
||||
auth_oauth2.resource_servers.a.scope_aliases.1.alias = admin
|
||||
auth_oauth2.resource_servers.a.scope_aliases.1.scope = rabbitmq.tag:administrator
|
||||
auth_oauth2.resource_servers.a.scope_aliases.2.alias = developer
|
||||
auth_oauth2.resource_servers.a.scope_aliases.2.scope = rabbitmq.tag:management rabbitmq.read:*/*",
|
||||
[
|
||||
{rabbitmq_auth_backend_oauth2, [
|
||||
{resource_server_id,<<"new_resource_server_id">>},
|
||||
{resource_servers, #{
|
||||
<<"a">> => [
|
||||
{scope_aliases, #{
|
||||
<<"admin">> => [
|
||||
<<"rabbitmq.tag:administrator">>
|
||||
],
|
||||
<<"developer">> => [
|
||||
<<"rabbitmq.tag:management">>,
|
||||
<<"rabbitmq.read:*/*">>
|
||||
]
|
||||
}},
|
||||
{id, <<"a">>}
|
||||
],
|
||||
<<"b">> => [
|
||||
{scope_aliases, #{
|
||||
<<"admin_b">> => [
|
||||
<<"rabbitmq.tag:administrator">>
|
||||
]
|
||||
}},
|
||||
{id, <<"b">>}
|
||||
]
|
||||
}
|
||||
}
|
||||
]}
|
||||
], []
|
||||
}
|
||||
].
|
||||
|
|
|
|||
Loading…
Reference in New Issue