Skip to content

Commit

Permalink
Test translation function of scope_aliases
Browse files Browse the repository at this point in the history
  • Loading branch information
MarcialRosales committed Oct 3, 2024
1 parent 8562e4d commit 7f1952c
Show file tree
Hide file tree
Showing 2 changed files with 112 additions and 49 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,7 @@ extract_oauth_providers_signing_keys(Settings) ->
KeyFun = fun extract_key_as_binary/1,

IndexedSigningKeys = [{Name, {list_to_binary(Kid), list_to_binary(V)}} ||
{[?AUTH_OAUTH2, ?OAUTH_PROVIDERS, Name, "signing_keys", Kid], V}
{[?AUTH_OAUTH2, ?OAUTH_PROVIDERS, Name, ?SIGNING_KEYS, Kid], V}
<- Settings ],
maps:map(fun(_K,V)-> [{signing_keys, translate_list_of_signing_keys(V)}] end,
maps:groups_from_list(KeyFun, fun({_, V}) -> V end, IndexedSigningKeys)).
159 changes: 111 additions & 48 deletions deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@ all() ->
test_without_resource_servers,
test_with_one_resource_server,
test_with_many_resource_servers,
test_resource_servers_attributes
test_resource_servers_attributes,
test_scope_aliases

].

Expand All @@ -39,21 +40,27 @@ test_without_resource_servers(_) ->
#{} = rabbit_oauth2_schema:translate_resource_servers([]).

test_with_one_oauth_provider(_) ->
Conf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"https://rabbit"}
],
Conf = [
{["auth_oauth2","oauth_providers","keycloak","issuer"],
"https://rabbit"}
],
#{<<"keycloak">> := [{issuer, <<"https://rabbit">>}]
} = rabbit_oauth2_schema:translate_oauth_providers(Conf).

test_with_one_resource_server(_) ->
Conf = [{["auth_oauth2","resource_servers","rabbitmq1","id"],"rabbitmq1"}
],
Conf = [
{["auth_oauth2","resource_servers","rabbitmq1","id"],"rabbitmq1"}
],
#{<<"rabbitmq1">> := [{id, <<"rabbitmq1">>}]
} = rabbit_oauth2_schema:translate_resource_servers(Conf).

test_with_many_oauth_providers(_) ->
Conf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"https://keycloak"},
{["auth_oauth2","oauth_providers","uaa","issuer"],"https://uaa"}
],
Conf = [
{["auth_oauth2","oauth_providers","keycloak","issuer"],
"https://keycloak"},
{["auth_oauth2","oauth_providers","uaa","issuer"],
"https://uaa"}
],
#{<<"keycloak">> := [{issuer, <<"https://keycloak">>}
],
<<"uaa">> := [{issuer, <<"https://uaa">>}
Expand All @@ -62,31 +69,43 @@ test_with_many_oauth_providers(_) ->


test_with_many_resource_servers(_) ->
Conf = [{["auth_oauth2","resource_servers","rabbitmq1","id"],"rabbitmq1"},
{["auth_oauth2","resource_servers","rabbitmq2","id"],"rabbitmq2"}
],
Conf = [
{["auth_oauth2","resource_servers","rabbitmq1","id"],
"rabbitmq1"},
{["auth_oauth2","resource_servers","rabbitmq2","id"],
"rabbitmq2"}
],
#{<<"rabbitmq1">> := [{id, <<"rabbitmq1">>}
],
<<"rabbitmq2">> := [{id, <<"rabbitmq2">>}
]
} = rabbit_oauth2_schema:translate_resource_servers(Conf).

test_oauth_providers_attributes(_) ->
Conf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"https://keycloak"},
{["auth_oauth2","oauth_providers","keycloak","default_key"],"token-key"}
],
Conf = [
{["auth_oauth2","oauth_providers","keycloak","issuer"],
"https://keycloak"},
{["auth_oauth2","oauth_providers","keycloak","default_key"],
"token-key"}
],
#{<<"keycloak">> := [{default_key, <<"token-key">>},
{issuer, <<"https://keycloak">>}
]
} = sort_settings(rabbit_oauth2_schema:translate_oauth_providers(Conf)).

test_resource_servers_attributes(_) ->
Conf = [{["auth_oauth2","resource_servers","rabbitmq1","id"],"rabbitmq1xxx"},
{["auth_oauth2","resource_servers","rabbitmq1","scope_prefix"],"somescope."},
{["auth_oauth2","resource_servers","rabbitmq1","additional_scopes_key"],"roles"},
{["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","1"],"userid"},
{["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","2"],"groupid"}
],
Conf = [
{["auth_oauth2","resource_servers","rabbitmq1","id"],
"rabbitmq1xxx"},
{["auth_oauth2","resource_servers","rabbitmq1","scope_prefix"],
"somescope."},
{["auth_oauth2","resource_servers","rabbitmq1","additional_scopes_key"],
"roles"},
{["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","1"],
"userid"},
{["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","2"],
"groupid"}
],
#{<<"rabbitmq1xxx">> := [{additional_scopes_key, <<"roles">>},
{id, <<"rabbitmq1xxx">>},
{preferred_username_claims, [<<"userid">>, <<"groupid">>]},
Expand All @@ -95,11 +114,15 @@ test_resource_servers_attributes(_) ->
} = sort_settings(rabbit_oauth2_schema:translate_resource_servers(Conf)),

Conf2 = [
{["auth_oauth2","resource_servers","rabbitmq1","scope_prefix"],"somescope."},
{["auth_oauth2","resource_servers","rabbitmq1","additional_scopes_key"],"roles"},
{["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","1"],"userid"},
{["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","2"],"groupid"}
],
{["auth_oauth2","resource_servers","rabbitmq1","scope_prefix"],
"somescope."},
{["auth_oauth2","resource_servers","rabbitmq1","additional_scopes_key"],
"roles"},
{["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","1"],
"userid"},
{["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","2"],
"groupid"}
],
#{<<"rabbitmq1">> := [{additional_scopes_key, <<"roles">>},
{id, <<"rabbitmq1">>},
{preferred_username_claims, [<<"userid">>, <<"groupid">>]},
Expand All @@ -108,36 +131,52 @@ test_resource_servers_attributes(_) ->
} = sort_settings(rabbit_oauth2_schema:translate_resource_servers(Conf2)).

test_oauth_providers_attributes_with_invalid_uri(_) ->
Conf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"http://keycloak"},
{["auth_oauth2","oauth_providers","keycloak","default_key"],"token-key"}
],
Conf = [
{["auth_oauth2","oauth_providers","keycloak","issuer"],
"http://keycloak"},
{["auth_oauth2","oauth_providers","keycloak","default_key"],
"token-key"}
],
try sort_settings(rabbit_oauth2_schema:translate_oauth_providers(Conf)) of
_ -> {throw, should_have_failed}
catch
_ -> ok
end.

test_oauth_providers_algorithms(_) ->
Conf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"https://keycloak"},
{["auth_oauth2","oauth_providers","keycloak","algorithms","2"],"HS256"},
{["auth_oauth2","oauth_providers","keycloak","algorithms","1"],"RS256"}
],
Conf = [
{["auth_oauth2","oauth_providers","keycloak","issuer"],
"https://keycloak"},
{["auth_oauth2","oauth_providers","keycloak","algorithms","2"],
"HS256"},
{["auth_oauth2","oauth_providers","keycloak","algorithms","1"],
"RS256"}
],
#{<<"keycloak">> := [{algorithms, [<<"RS256">>, <<"HS256">>]},
{issuer, <<"https://keycloak">>}
]
} = sort_settings(rabbit_oauth2_schema:translate_oauth_providers(Conf)).

test_oauth_providers_https(Conf) ->

CuttlefishConf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"https://keycloak"},
{["auth_oauth2","oauth_providers","keycloak","https","verify"],verify_none},
{["auth_oauth2","oauth_providers","keycloak","https","peer_verification"],verify_peer},
{["auth_oauth2","oauth_providers","keycloak","https","depth"],2},
{["auth_oauth2","oauth_providers","keycloak","https","hostname_verification"],wildcard},
{["auth_oauth2","oauth_providers","keycloak","https","crl_check"],false},
{["auth_oauth2","oauth_providers","keycloak","https","fail_if_no_peer_cert"],true},
{["auth_oauth2","oauth_providers","keycloak","https","cacertfile"],cert_filename(Conf)}
],
CuttlefishConf = [
{["auth_oauth2","oauth_providers","keycloak","issuer"],
"https://keycloak"},
{["auth_oauth2","oauth_providers","keycloak","https","verify"],
verify_none},
{["auth_oauth2","oauth_providers","keycloak","https","peer_verification"],
verify_peer},
{["auth_oauth2","oauth_providers","keycloak","https","depth"],
2},
{["auth_oauth2","oauth_providers","keycloak","https","hostname_verification"],
wildcard},
{["auth_oauth2","oauth_providers","keycloak","https","crl_check"],
false},
{["auth_oauth2","oauth_providers","keycloak","https","fail_if_no_peer_cert"],
true},
{["auth_oauth2","oauth_providers","keycloak","https","cacertfile"],
cert_filename(Conf)}
],
#{<<"keycloak">> := [{https, [{verify, verify_none},
{peer_verification, verify_peer},
{depth, 2},
Expand All @@ -152,20 +191,27 @@ test_oauth_providers_https(Conf) ->

test_oauth_providers_https_with_missing_cacertfile(_) ->

Conf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"https://keycloak"},
{["auth_oauth2","oauth_providers","keycloak","https","cacertfile"],"/non-existent.pem"}
],
Conf = [
{["auth_oauth2","oauth_providers","keycloak","issuer"],
"https://keycloak"},
{["auth_oauth2","oauth_providers","keycloak","https","cacertfile"],
"/non-existent.pem"}
],
try sort_settings(rabbit_oauth2_schema:translate_oauth_providers(Conf)) of
_ -> {throw, should_have_failed}
catch
_ -> ok
end.

test_oauth_providers_signing_keys(Conf) ->
CuttlefishConf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"https://keycloak"},
{["auth_oauth2","oauth_providers","keycloak","signing_keys","2"], cert_filename(Conf)},
{["auth_oauth2","oauth_providers","keycloak","signing_keys","1"], cert_filename(Conf)}
],
CuttlefishConf = [
{["auth_oauth2","oauth_providers","keycloak","issuer"],
"https://keycloak"},
{["auth_oauth2","oauth_providers","keycloak","signing_keys","2"],
cert_filename(Conf)},
{["auth_oauth2","oauth_providers","keycloak","signing_keys","1"],
cert_filename(Conf)}
],
#{<<"keycloak">> := [{issuer, <<"https://keycloak">>},
{signing_keys, SigningKeys}
]
Expand All @@ -175,6 +221,23 @@ test_oauth_providers_signing_keys(Conf) ->
<<"2">> := {pem, <<"I'm not a certificate">>}
} = SigningKeys.

test_scope_aliases(_) ->
CuttlefishConf = [
{["auth_oauth2","scope_aliases","1","alias"],
"admin"},
{["auth_oauth2","scope_aliases","1","scope"],
"rabbitmq.tag:administrator"},
{["auth_oauth2","scope_aliases","2","alias"],
"developer"},
{["auth_oauth2","scope_aliases","2","scope"],
"rabbitmq.tag:management rabbitmq.read:*/*"}
],
#{
<<"admin">> := [<<"rabbitmq.tag:administrator">>],
<<"developer">> := [<<"rabbitmq.tag:management">>, <<"rabbitmq.read:*/*">>]
} = rabbit_oauth2_schema:translate_scope_aliases(CuttlefishConf).


cert_filename(Conf) ->
string:concat(?config(data_dir, Conf), "certs/cert.pem").

Expand Down

0 comments on commit 7f1952c

Please sign in to comment.