Skip to content

Commit

Permalink
Refactoring
Browse files Browse the repository at this point in the history
- Use rabbit_oauth2 prefix for modules which do not have it
- Ensure most lines stick to 80 column
  • Loading branch information
MarcialRosales committed Oct 4, 2024
1 parent 762d615 commit 11d405d
Show file tree
Hide file tree
Showing 17 changed files with 639 additions and 454 deletions.
48 changes: 24 additions & 24 deletions deps/rabbitmq_auth_backend_oauth2/app.bzl
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@ def all_beam_files(name = "all_beam_files"):
"src/Elixir.RabbitMQ.CLI.Ctl.Commands.AddUaaKeyCommand.erl",
"src/rabbit_auth_backend_oauth2.erl",
"src/rabbit_auth_backend_oauth2_app.erl",
"src/oauth_provider.erl",
"src/resource_server.erl",
"src/rar.erl",
"src/keycloak.erl",
"src/oauth2_schema.erl",
"src/rabbit_oauth2_provider.erl",
"src/rabbit_oauth2_resource_server.erl",
"src/rabbit_oauth2_rar.erl",
"src/rabbit_oauth2_keycloak.erl",
"src/rabbit_oauth2_schema.erl",
"src/rabbit_oauth2_scope.erl",
"src/uaa_jwks.erl",
"src/uaa_jwt.erl",
Expand Down Expand Up @@ -51,11 +51,11 @@ def all_test_beam_files(name = "all_test_beam_files"):
"src/Elixir.RabbitMQ.CLI.Ctl.Commands.AddUaaKeyCommand.erl",
"src/rabbit_auth_backend_oauth2.erl",
"src/rabbit_auth_backend_oauth2_app.erl",
"src/resource_server.erl",
"src/oauth_provider.erl",
"src/oauth2_schema.erl",
"src/rar.erl",
"src/keycloak.erl",
"src/rabbit_oauth2_resource_server.erl",
"src/rabbit_oauth2_provider.erl",
"src/rabbit_oauth2_schema.erl",
"src/rabbit_oauth2_rar.erl",
"src/rabbit_oauth2_keycloak.erl",
"src/rabbit_oauth2_scope.erl",
"src/uaa_jwks.erl",
"src/uaa_jwt.erl",
Expand Down Expand Up @@ -101,11 +101,11 @@ def all_srcs(name = "all_srcs"):
"src/Elixir.RabbitMQ.CLI.Ctl.Commands.AddUaaKeyCommand.erl",
"src/rabbit_auth_backend_oauth2.erl",
"src/rabbit_auth_backend_oauth2_app.erl",
"src/oauth_provider.erl",
"src/resource_server.erl",
"src/oauth2_schema.erl",
"src/rar.erl",
"src/keycloak.erl",
"src/rabbit_oauth2_provider.erl",
"src/rabbit_oauth2_resource_server.erl",
"src/rabbit_oauth2_schema.erl",
"src/rabbit_oauth2_rar.erl",
"src/rabbit_oauth2_keycloak.erl",
"src/rabbit_oauth2_scope.erl",
"src/uaa_jwks.erl",
"src/uaa_jwt.erl",
Expand Down Expand Up @@ -169,10 +169,10 @@ def test_suite_beam_files(name = "test_suite_beam_files"):
deps = ["//deps/rabbit_common:erlang_app"],
)
erlang_bytecode(
name = "oauth2_schema_SUITE_beam_files",
name = "rabbit_oauth2_schema_SUITE_beam_files",
testonly = True,
srcs = ["test/oauth2_schema_SUITE.erl"],
outs = ["test/oauth2_schema_SUITE.beam"],
srcs = ["test/rabbit_oauth2_schema_SUITE.erl"],
outs = ["test/rabbit_oauth2_schema_SUITE.beam"],
app_name = "rabbitmq_auth_backend_oauth2",
erlc_opts = "//:test_erlc_opts",
deps = ["//deps/rabbit_common:erlang_app"],
Expand Down Expand Up @@ -248,20 +248,20 @@ def test_suite_beam_files(name = "test_suite_beam_files"):
erlc_opts = "//:test_erlc_opts",
)
erlang_bytecode(
name = "oauth_provider_SUITE_beam_files",
name = "rabbit_oauth2_provider_SUITE_beam_files",
testonly = True,
srcs = ["test/oauth_provider_SUITE.erl"],
outs = ["test/oauth_provider_SUITE.beam"],
srcs = ["test/rabbit_oauth2_provider_SUITE.erl"],
outs = ["test/rabbit_oauth2_provider_SUITE.beam"],
hdrs = ["include/oauth2.hrl"],
app_name = "rabbitmq_auth_backend_oauth2",
erlc_opts = "//:test_erlc_opts",
deps = ["//deps/oauth2_client:erlang_app"],
)
erlang_bytecode(
name = "resource_server_SUITE_beam_files",
name = "rabbit_oauth2_resource_server_SUITE_beam_files",
testonly = True,
srcs = ["test/resource_server_SUITE.erl"],
outs = ["test/resource_server_SUITE.beam"],
srcs = ["test/rabbit_oauth2_resource_server_SUITE.erl"],
outs = ["test/rabbit_oauth2_resource_server_SUITE.beam"],
hdrs = ["include/oauth2.hrl"],
app_name = "rabbitmq_auth_backend_oauth2",
erlc_opts = "//:test_erlc_opts",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@
{translation,
"rabbitmq_auth_backend_oauth2.key_config.signing_keys",
fun(Conf) ->
oauth2_schema:translate_signing_keys(Conf)
rabbit_oauth2_schema:translate_signing_keys(Conf)
end}.

{mapping,
Expand Down Expand Up @@ -170,7 +170,7 @@

{translation, "rabbitmq_auth_backend_oauth2.discovery_endpoint_params",
fun(Conf) ->
oauth2_schema:translate_endpoint_params("discovery_endpoint_params", Conf)
rabbit_oauth2_schema:translate_endpoint_params("discovery_endpoint_params", Conf)
end}.

{mapping,
Expand All @@ -190,7 +190,7 @@

{translation, "rabbitmq_auth_backend_oauth2.oauth_providers",
fun(Conf) ->
oauth2_schema:translate_oauth_providers(Conf)
rabbit_oauth2_schema:translate_oauth_providers(Conf)
end}.

{mapping,
Expand Down Expand Up @@ -327,7 +327,7 @@

{translation, "rabbitmq_auth_backend_oauth2.oauth_providers",
fun(Conf) ->
oauth2_schema:translate_oauth_providers(Conf)
rabbit_oauth2_schema:translate_oauth_providers(Conf)
end}.

{mapping,
Expand Down Expand Up @@ -369,5 +369,5 @@

{translation, "rabbitmq_auth_backend_oauth2.resource_servers",
fun(Conf) ->
oauth2_schema:translate_resource_servers(Conf)
rabbit_oauth2_schema:translate_resource_servers(Conf)
end}.
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@
get_scope/1, set_scope/2,
resolve_resource_server/1]).

-import(keycloak, [has_keycloak_scopes/1, extract_scopes_from_keycloak_format/1]).
-import(rar, [extract_scopes_from_rich_auth_request/2, has_rich_auth_request_scopes/1]).
-import(rabbit_oauth2_keycloak, [has_keycloak_scopes/1, extract_scopes_from_keycloak_format/1]).
-import(rabbit_oauth2_rar, [extract_scopes_from_rich_auth_request/2, has_rich_auth_request_scopes/1]).

-import(rabbit_oauth2_scope, [filter_matching_scope_prefix_and_drop_it/2]).

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
%% Copyright (c) 2007-2024 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. All rights reserved.
%%

-module(keycloak).
-module(rabbit_oauth2_keycloak).

-include("oauth2.hrl").

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
%% Copyright (c) 2007-2024 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. All rights reserved.
%%

-module(oauth_provider).
-module(rabbit_oauth2_provider).

-include("oauth2.hrl").

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
%%

% Rich Authorization Request
-module(rar).
-module(rabbit_oauth2_rar).

-include("oauth2.hrl").
-import(uaa_jwt, [get_scope/1, set_scope/2]).
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
%% Copyright (c) 2007-2024 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. All rights reserved.
%%

-module(resource_server).
-module(rabbit_oauth2_resource_server).

-include("oauth2.hrl").

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
%% Copyright (c) 2007-2024 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. All rights reserved.
%%

-module(oauth2_schema).
-module(rabbit_oauth2_schema).


-export([
Expand All @@ -20,7 +20,8 @@ extract_value({_Name,V}) -> V.

-spec translate_resource_servers([{list(), binary()}]) -> map().
translate_resource_servers(Conf) ->
Settings = cuttlefish_variable:filter_by_prefix("auth_oauth2.resource_servers", Conf),
Settings = cuttlefish_variable:filter_by_prefix("auth_oauth2.resource_servers",
Conf),
Map = merge_list_of_maps([
extract_resource_server_properties(Settings),
extract_resource_server_preferred_username_claims(Settings)
Expand All @@ -31,25 +32,30 @@ translate_resource_servers(Conf) ->
_ -> V
end end, Map),
ResourceServers = maps:values(Map0),
lists:foldl(fun(Elem,AccMap)-> maps:put(proplists:get_value(id, Elem), Elem, AccMap) end, #{},
lists:foldl(fun(Elem,AccMap) ->
maps:put(proplists:get_value(id, Elem), Elem, AccMap) end, #{},
ResourceServers).

-spec translate_oauth_providers([{list(), binary()}]) -> map().
translate_oauth_providers(Conf) ->
Settings = cuttlefish_variable:filter_by_prefix("auth_oauth2.oauth_providers", Conf),
Settings = cuttlefish_variable:filter_by_prefix("auth_oauth2.oauth_providers",
Conf),

merge_list_of_maps([
extract_oauth_providers_properties(Settings),
extract_oauth_providers_endpoint_params(discovery_endpoint_params, Settings),
extract_oauth_providers_endpoint_params(discovery_endpoint_params,
Settings),
extract_oauth_providers_algorithm(Settings),
extract_oauth_providers_https(Settings),
extract_oauth_providers_signing_keys(Settings)
]).

-spec translate_signing_keys([{list(), binary()}]) -> map().
translate_signing_keys(Conf) ->
Settings = cuttlefish_variable:filter_by_prefix("auth_oauth2.signing_keys", Conf),
ListOfKidPath = lists:map(fun({Id, Path}) -> {list_to_binary(lists:last(Id)), Path} end, Settings),
Settings = cuttlefish_variable:filter_by_prefix("auth_oauth2.signing_keys",
Conf),
ListOfKidPath = lists:map(fun({Id, Path}) -> {
list_to_binary(lists:last(Id)), Path} end, Settings),
translate_list_of_signing_keys(ListOfKidPath).

-spec translate_list_of_signing_keys([{list(), list()}]) -> map().
Expand All @@ -61,15 +67,20 @@ translate_list_of_signing_keys(ListOfKidPath) ->
string:trim(Bin, trailing, "\n");
_Error ->
%% this throws and makes Cuttlefish treak the key as invalid
cuttlefish:invalid("file does not exist or cannot be read by the node")
cuttlefish:invalid("file does not exist or cannot be " ++
"read by the node")
end
end,
maps:map(fun(_K, Path) -> {pem, TryReadingFileFun(Path)} end, maps:from_list(ListOfKidPath)).
maps:map(fun(_K, Path) -> {pem, TryReadingFileFun(Path)} end,
maps:from_list(ListOfKidPath)).

-spec translate_endpoint_params(list(), [{list(), binary()}]) -> [{binary(), binary()}].
-spec translate_endpoint_params(list(), [{list(), binary()}]) ->
[{binary(), binary()}].
translate_endpoint_params(Variable, Conf) ->
Params0 = cuttlefish_variable:filter_by_prefix("auth_oauth2." ++ Variable, Conf),
[{list_to_binary(Param), list_to_binary(V)} || {["auth_oauth2", _, Param], V} <- Params0].
Params0 = cuttlefish_variable:filter_by_prefix("auth_oauth2." ++ Variable,
Conf),
[{list_to_binary(Param), list_to_binary(V)} || {["auth_oauth2", _, Param], V}
<- Params0].

validator_file_exists(Attr, Filename) ->
case file:read_file(Filename) of
Expand All @@ -78,7 +89,8 @@ validator_file_exists(Attr, Filename) ->
_Error ->
%% this throws and makes Cuttlefish treak the key as invalid
cuttlefish:invalid(io_lib:format(
"Invalid attribute (~p) value: file ~p does not exist or cannot be read by the node", [Attr, Filename]))
"Invalid attribute (~p) value: file ~p does not exist or " ++
"cannot be read by the node", [Attr, Filename]))
end.

validator_uri(Attr, Uri) when is_binary(Uri) ->
Expand All @@ -99,7 +111,8 @@ validator_https_uri(Attr, Uri) when is_list(Uri) ->
true -> Uri;
false ->
cuttlefish:invalid(io_lib:format(
"Invalid attribute (~p) value: uri ~p must be a valid https uri", [Attr, Uri]))
"Invalid attribute (~p) value: uri ~p must be a valid https uri",
[Attr, Uri]))
end.

merge_list_of_maps(ListOfMaps) ->
Expand All @@ -110,7 +123,8 @@ extract_oauth_providers_properties(Settings) ->
KeyFun = fun extract_key_as_binary/1,
ValueFun = fun extract_value/1,

OAuthProviders = [{Name, mapOauthProviderProperty({list_to_atom(Key), list_to_binary(V)})}
OAuthProviders = [
{Name, mapOauthProviderProperty({list_to_atom(Key), list_to_binary(V)})}
|| {["auth_oauth2", "oauth_providers", Name, Key], V} <- Settings],
maps:groups_from_list(KeyFun, ValueFun, OAuthProviders).

Expand All @@ -133,7 +147,8 @@ mapOauthProviderProperty({Key, Value}) ->
discovery_endpoint_path -> validator_uri(Key, Value);
discovery_endpoint_params ->
cuttlefish:invalid(io_lib:format(
"Invalid attribute (~p) value: should be a map of Key,Value pairs", [Key]));
"Invalid attribute (~p) value: should be a map of Key,Value pairs",
[Key]));
_ -> Value
end}.

Expand All @@ -144,7 +159,8 @@ extract_oauth_providers_https(Settings) ->
{["auth_oauth2","oauth_providers", Name, "https", Key], V} <- Settings ],

maps:map(fun(_K,V)-> [{https, V}] end,
maps:groups_from_list(ExtractProviderNameFun, fun({_, V}) -> V end, AttributesPerProvider)).
maps:groups_from_list(ExtractProviderNameFun, fun({_, V}) -> V end,
AttributesPerProvider)).

mapHttpProperty({Key, Value}) ->
{Key, case Key of
Expand All @@ -156,8 +172,10 @@ extract_oauth_providers_algorithm(Settings) ->
KeyFun = fun extract_key_as_binary/1,

IndexedAlgorithms = [{Name, {Index, list_to_binary(V)}} ||
{["auth_oauth2","oauth_providers", Name, "algorithms", Index], V} <- Settings ],
SortedAlgorithms = lists:sort(fun({_,{AI,_}},{_,{BI,_}}) -> AI < BI end, IndexedAlgorithms),
{["auth_oauth2","oauth_providers", Name, "algorithms", Index], V}
<- Settings ],
SortedAlgorithms = lists:sort(fun({_,{AI,_}},{_,{BI,_}}) -> AI < BI end,
IndexedAlgorithms),
Algorithms = [{Name, V} || {Name, {_I, V}} <- SortedAlgorithms],
maps:map(fun(_K,V)-> [{algorithms, V}] end,
maps:groups_from_list(KeyFun, fun({_, V}) -> V end, Algorithms)).
Expand All @@ -166,8 +184,10 @@ extract_resource_server_preferred_username_claims(Settings) ->
KeyFun = fun extract_key_as_binary/1,

IndexedClaims = [{Name, {Index, list_to_binary(V)}} ||
{["auth_oauth2","resource_servers", Name, "preferred_username_claims", Index], V} <- Settings ],
SortedClaims = lists:sort(fun({_,{AI,_}},{_,{BI,_}}) -> AI < BI end, IndexedClaims),
{["auth_oauth2","resource_servers", Name, "preferred_username_claims",
Index], V} <- Settings ],
SortedClaims = lists:sort(fun({_,{AI,_}},{_,{BI,_}}) -> AI < BI end,
IndexedClaims),
Claims = [{Name, V} || {Name, {_I, V}} <- SortedClaims],
maps:map(fun(_K,V)-> [{preferred_username_claims, V}] end,
maps:groups_from_list(KeyFun, fun({_, V}) -> V end, Claims)).
Expand All @@ -185,6 +205,7 @@ extract_oauth_providers_signing_keys(Settings) ->
KeyFun = fun extract_key_as_binary/1,

IndexedSigningKeys = [{Name, {list_to_binary(Kid), list_to_binary(V)}} ||
{["auth_oauth2","oauth_providers", Name, "signing_keys", Kid], V} <- Settings ],
{["auth_oauth2","oauth_providers", Name, "signing_keys", Kid], V}
<- Settings ],
maps:map(fun(_K,V)-> [{signing_keys, translate_list_of_signing_keys(V)}] end,
maps:groups_from_list(KeyFun, fun({_, V}) -> V end, IndexedSigningKeys)).
4 changes: 2 additions & 2 deletions deps/rabbitmq_auth_backend_oauth2/src/uaa_jwt.erl
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,9 @@
format_ssl_options/1,
format_oauth_provider_id/1,
get_oauth_provider/2]).
-import(resource_server, [
-import(rabbit_oauth2_resource_server, [
resolve_resource_server_from_audience/1]).
-import(oauth_provider, [
-import(rabbit_oauth2_provider, [
add_signing_key/2, get_signing_key/2,
get_internal_oauth_provider/1,
replace_signing_keys/2]).
Expand Down
Loading

0 comments on commit 11d405d

Please sign in to comment.