diff --git a/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema b/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema index 8d8bc0dc1c4..5f8f37133ba 100644 --- a/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema +++ b/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema @@ -73,6 +73,11 @@ list_to_binary(cuttlefish:conf_get("auth_oauth2.additional_scopes_key", Conf)) end}. +{mapping, + "auth_oauth2.scope_aliases.$alias", + "rabbitmq_auth_backend_oauth2.scope_aliases", + [{datatype, string}]}. + {mapping, "auth_oauth2.scope_aliases.$index.alias", "rabbitmq_auth_backend_oauth2.scope_aliases", diff --git a/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl b/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl index 47d50921a15..4f8cf179804 100644 --- a/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl +++ b/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl @@ -31,12 +31,20 @@ extract_value({_Name,V}) -> V. translate_scope_aliases(Conf) -> Settings = cuttlefish_variable:filter_by_prefix( ?AUTH_OAUTH2_SCOPE_ALIASES, Conf), - extract_scope_aliases_as_a_list_of_alias_scope_props(Settings). + maps:merge(extract_scope_alias_as_map(Settings), + extract_scope_aliases_as_list_of_alias_scope_props(Settings)). convert_space_separated_string_to_list_of_binaries(String) -> [ list_to_binary(V) || V <- string:tokens(String, " ")]. -extract_scope_aliases_as_a_list_of_alias_scope_props(Settings) -> +extract_scope_alias_as_map(Settings) -> + maps:from_list([{ + list_to_binary(Alias), + convert_space_separated_string_to_list_of_binaries(Scope) + } + || {[?AUTH_OAUTH2, ?SCOPE_ALIASES, Alias], Scope} <- Settings ]). + +extract_scope_aliases_as_list_of_alias_scope_props(Settings) -> KeyFun = fun extract_key_as_binary/1, ValueFun = fun extract_value/1, diff --git a/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/rabbitmq_auth_backend_oauth2.snippets b/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/rabbitmq_auth_backend_oauth2.snippets index 0e9d86dcd3e..80b56ba8f9b 100644 --- a/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/rabbitmq_auth_backend_oauth2.snippets +++ b/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/rabbitmq_auth_backend_oauth2.snippets @@ -185,6 +185,25 @@ ]} ],[] }, + {scope_aliases_1, + "auth_oauth2.resource_server_id = new_resource_server_id + auth_oauth2.scope_aliases.admin = rabbitmq.tag:administrator + auth_oauth2.scope_aliases.developer = rabbitmq.tag:management rabbitmq.read:*/*", + [ + {rabbitmq_auth_backend_oauth2, [ + {resource_server_id,<<"new_resource_server_id">>}, + {scope_aliases, #{ + <<"admin">> => [ + <<"rabbitmq.tag:administrator">> + ], + <<"developer">> => [ + <<"rabbitmq.tag:management">>, + <<"rabbitmq.read:*/*">> + ] + }} + ]} + ], [] + }, {scope_aliases_2, "auth_oauth2.resource_server_id = new_resource_server_id auth_oauth2.scope_aliases.1.alias = admin diff --git a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl index af0a0baf941..234cb5657da 100644 --- a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl +++ b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl @@ -28,8 +28,8 @@ all() -> test_with_one_resource_server, test_with_many_resource_servers, test_resource_servers_attributes, - test_scope_aliases - + test_scope_aliases_configured_as_list_of_properties, + test_scope_aliases_configured_as_map ]. @@ -221,7 +221,7 @@ test_oauth_providers_signing_keys(Conf) -> <<"2">> := {pem, <<"I'm not a certificate">>} } = SigningKeys. -test_scope_aliases(_) -> +test_scope_aliases_configured_as_list_of_properties(_) -> CuttlefishConf = [ {["auth_oauth2","scope_aliases","1","alias"], "admin"}, @@ -237,6 +237,18 @@ test_scope_aliases(_) -> <<"developer">> := [<<"rabbitmq.tag:management">>, <<"rabbitmq.read:*/*">>] } = rabbit_oauth2_schema:translate_scope_aliases(CuttlefishConf). +test_scope_aliases_configured_as_map(_) -> + CuttlefishConf = [ + {["auth_oauth2","scope_aliases","admin"], + "rabbitmq.tag:administrator"}, + {["auth_oauth2","scope_aliases","developer"], + "rabbitmq.tag:management rabbitmq.read:*/*"} + ], + #{ + <<"admin">> := [<<"rabbitmq.tag:administrator">>], + <<"developer">> := [<<"rabbitmq.tag:management">>, <<"rabbitmq.read:*/*">>] + } = rabbit_oauth2_schema:translate_scope_aliases(CuttlefishConf). + cert_filename(Conf) -> string:concat(?config(data_dir, Conf), "certs/cert.pem").