1616-define (USER_PATH , " /auth/user"
1717-define (ALLOWED_USER , #{username => <<" Ala1"
1818 password => <<" Kocur"
19- expected_credentials => [username , password ],
19+ expected_credentials => [username , password ],
2020 tags => [policymaker , monitoring ]}).
2121-define (ALLOWED_USER_WITH_EXTRA_CREDENTIALS , #{username => <<" Ala2"
22- password => <<" Kocur"
23- client_id => <<" some_id"
24- expected_credentials => [username , password , client_id ],
25- tags => [policymaker , monitoring ]}).
22+ password => <<" Kocur"
23+ client_id => <<" some_id"
24+ expected_credentials => [username , password , client_id ],
25+ tags => [policymaker , monitoring ]}).
2626-define (DENIED_USER , #{username => <<" Alice"
27- password => <<" Cat"
28- }).
27+ password => <<" Cat"
28+ }).
2929
30- all () ->
30+ all () ->
3131 [
3232 {group , over_https },
3333 {group , over_http }
@@ -49,31 +49,30 @@ shared() ->
4949 grants_access_to_user_with_credentials_in_rabbit_auth_backend_cache
5050 ].
5151
52- init_per_suite (Config ) ->
53- rabbit_ct_helpers :run_setup_steps (Config ) ++
52+ init_per_suite (Config ) ->
53+ rabbit_ct_helpers :run_setup_steps (Config ) ++
5454 [{allowed_user , ? ALLOWED_USER },
5555 {allowed_user_with_extra_credentials , ? ALLOWED_USER_WITH_EXTRA_CREDENTIALS },
5656 {denied_user , ? DENIED_USER }].
5757
5858init_per_group (over_http , Config ) ->
5959 configure_http_auth_backend (" http" Config ),
6060 {User1 , Tuple1 } = extractUserTuple (? ALLOWED_USER ),
61- {User2 , Tuple2 } = extractUserTuple (? ALLOWED_USER_WITH_EXTRA_CREDENTIALS ),
61+ {User2 , Tuple2 } = extractUserTuple (? ALLOWED_USER_WITH_EXTRA_CREDENTIALS ),
6262 start_http_auth_server (? AUTH_PORT , ? USER_PATH , #{User1 => Tuple1 , User2 => Tuple2 }),
6363 Config ;
6464
6565init_per_group (over_https , Config ) ->
6666 configure_http_auth_backend (" https" Config ),
6767 {User1 , Tuple1 } = extractUserTuple (? ALLOWED_USER ),
68- {User2 , Tuple2 } = extractUserTuple (? ALLOWED_USER_WITH_EXTRA_CREDENTIALS ),
68+ {User2 , Tuple2 } = extractUserTuple (? ALLOWED_USER_WITH_EXTRA_CREDENTIALS ),
6969 CertsDir = ? config (rmq_certsdir , Config ),
7070 start_https_auth_server (? AUTH_PORT , CertsDir , ? USER_PATH , #{User1 => Tuple1 , User2 => Tuple2 }),
7171 Config .
7272
73-
7473extractUserTuple (User ) ->
75- #{username := Username , password := Password , tags := Tags , expected_credentials := ExpectedCredentials } = User ,
76- {Username , {Password , Tags , ExpectedCredentials }}.
74+ #{username := Username , password := Password , tags := Tags , expected_credentials := ExpectedCredentials } = User ,
75+ {Username , {Password , Tags , ExpectedCredentials }}.
7776
7877end_per_suite (Config ) ->
7978 Config .
@@ -87,94 +86,88 @@ end_per_group(over_https, Config) ->
8786
8887grants_access_to_user (Config ) ->
8988 #{username := U , password := P , tags := T } = ? config (allowed_user , Config ),
90- AuthProps = [{password , P }],
89+ AuthProps = [{password , P }],
9190 {ok , User } = rabbit_auth_backend_http :user_login_authentication (U , AuthProps ),
92-
9391 ? assertMatch ({U , T , AuthProps },
9492 {User # auth_user .username , User # auth_user .tags , (User # auth_user .impl )()}).
9593
9694denies_access_to_user (Config ) ->
9795 #{username := U , password := P } = ? config (denied_user , Config ),
9896 ? assertMatch ({refused , " Denied by the backing HTTP service"
99- rabbit_auth_backend_http :user_login_authentication (U , [{password , P }])).
100-
97+ rabbit_auth_backend_http :user_login_authentication (U , [{password , P }])).
10198
10299grants_access_to_user_passing_additional_required_authprops (Config ) ->
103100 #{username := U , password := P , tags := T , client_id := ClientId } = ? config (allowed_user_with_extra_credentials , Config ),
104- AuthProps = [{password , P }, {client_id , ClientId }],
101+ AuthProps = [{password , P }, {client_id , ClientId }],
105102 {ok , User } = rabbit_auth_backend_http :user_login_authentication (U , AuthProps ),
106- ? assertMatch ({U , T , AuthProps },
103+ ? assertMatch ({U , T , AuthProps },
107104 {User # auth_user .username , User # auth_user .tags , (User # auth_user .impl )()}).
108105
109106grants_access_to_user_skipping_internal_authprops (Config ) ->
110107 #{username := U , password := P , tags := T , client_id := ClientId } = ? config (allowed_user_with_extra_credentials , Config ),
111- AuthProps = [{password , P }, {client_id , ClientId }, {rabbit_any_internal_property , <<" some value"
108+ AuthProps = [{password , P }, {client_id , ClientId }, {rabbit_any_internal_property , <<" some value"
112109 {ok , User } = rabbit_auth_backend_http :user_login_authentication (U , AuthProps ),
113-
114- ? assertMatch ({U , T , AuthProps },
110+ ? assertMatch ({U , T , AuthProps },
115111 {User # auth_user .username , User # auth_user .tags , (User # auth_user .impl )()}).
116112
117113grants_access_to_user_with_credentials_in_rabbit_auth_backend_http (Config ) ->
118114 #{username := U , password := P , tags := T , client_id := ClientId } = ? config (allowed_user_with_extra_credentials , Config ),
119- AuthProps = [{rabbit_auth_backend_http , fun () -> [{password , P }, {client_id , ClientId }] end }],
115+ AuthProps = [{rabbit_auth_backend_http , fun () -> [{password , P }, {client_id , ClientId }] end }],
120116 {ok , User } = rabbit_auth_backend_http :user_login_authentication (U , AuthProps ),
121-
122117 ? assertMatch ({U , T , AuthProps },
123118 {User # auth_user .username , User # auth_user .tags , (User # auth_user .impl )()}).
124119
125120grants_access_to_user_with_credentials_in_rabbit_auth_backend_cache (Config ) ->
126121 #{username := U , password := P , tags := T , client_id := ClientId } = ? config (allowed_user_with_extra_credentials , Config ),
127- AuthProps = [{rabbit_auth_backend_cache , fun () -> [{password , P }, {client_id , ClientId }] end }],
122+ AuthProps = [{rabbit_auth_backend_cache , fun () -> [{password , P }, {client_id , ClientId }] end }],
128123 {ok , User } = rabbit_auth_backend_http :user_login_authentication (U , AuthProps ),
129-
130124 ? assertMatch ({U , T , AuthProps },
131125 {User # auth_user .username , User # auth_user .tags , (User # auth_user .impl )()}).
132126
133127% %% HELPERS
134128
135129configure_http_auth_backend (Scheme , Config ) ->
136130 [application :set_env (rabbitmq_auth_backend_http , K , V ) || {K , V } <- generate_backend_config (Scheme , Config )].
137- undo_configure_http_auth_backend (Scheme , Config ) ->
131+ undo_configure_http_auth_backend (Scheme , Config ) ->
138132 [application :unset_env (rabbitmq_auth_backend_http , K ) || {K , _V } <- generate_backend_config (Scheme , Config )].
139133
140134start_http_auth_server (Port , Path , Users ) ->
141135 {ok , _ } = application :ensure_all_started (inets ),
142- application :ensure_all_started (cowboy ),
136+ { ok , _ } = application :ensure_all_started (cowboy ),
143137 Dispatch = cowboy_router :compile ([{'_' , [{Path , auth_http_mock , Users }]}]),
144138 {ok , _ } = cowboy :start_clear (
145- mock_http_auth_listener , [{port , Port }], #{env => #{dispatch => Dispatch }}).
139+ mock_http_auth_listener , [{port , Port }], #{env => #{dispatch => Dispatch }}).
146140
147141start_https_auth_server (Port , CertsDir , Path , Users ) ->
148142 {ok , _ } = application :ensure_all_started (inets ),
149143 {ok , _ } = application :ensure_all_started (ssl ),
150- {ok , _ } = application :ensure_all_started (cowboy ),
151-
144+ {ok , _ } = application :ensure_all_started (cowboy ),
152145 Dispatch = cowboy_router :compile ([{'_' , [{Path , auth_http_mock , Users }]}]),
153146 {ok , _ } = cowboy :start_tls (mock_http_auth_listener ,
154- [{port , Port },
155- {certfile , filename :join ([CertsDir , " server" " cert.pem"
156- {keyfile , filename :join ([CertsDir , " server" " key.pem"
157- #{env => #{dispatch => Dispatch }}).
158-
147+ [{port , Port },
148+ {certfile , filename :join ([CertsDir , " server" " cert.pem"
149+ {keyfile , filename :join ([CertsDir , " server" " key.pem"
150+ #{env => #{dispatch => Dispatch }}).
151+
159152stop_http_auth_server () ->
160153 cowboy :stop_listener (mock_http_auth_listener ).
161154
162155generate_backend_config (Scheme , Config ) ->
163156 Config0 = [{http_method , get },
164- {user_path , Scheme ++ " ://localhost:" ++ integer_to_list (? AUTH_PORT ) ++ ? USER_PATH },
165- {vhost_path , Scheme ++ " ://localhost:" ++ integer_to_list (? AUTH_PORT ) ++ " /auth/vhost"
166- {resource_path , Scheme ++ " ://localhost:" ++ integer_to_list (? AUTH_PORT ) ++ " /auth/resource"
167- {topic_path , Scheme ++ " ://localhost:" ++ integer_to_list (? AUTH_PORT ) ++ " /auth/topic"
168- Config1 = case Scheme of
169- " https"
170- CertsDir = ? config (rmq_certsdir , Config ),
171- [{ssl_options , [
172- {cacertfile , filename :join ([CertsDir , " testca" " cacert.pem"
173- {certfile , filename :join ([CertsDir , " server" " cert.pem"
174- {keyfile , filename :join ([CertsDir , " server" " key.pem"
175- {verify , verify_peer },
176- {fail_if_no_peer_cert , false }]
177- }];
178- " http"
179- end ,
180- Config0 ++ Config1 .
157+ {user_path , Scheme ++ " ://localhost:" ++ integer_to_list (? AUTH_PORT ) ++ ? USER_PATH },
158+ {vhost_path , Scheme ++ " ://localhost:" ++ integer_to_list (? AUTH_PORT ) ++ " /auth/vhost"
159+ {resource_path , Scheme ++ " ://localhost:" ++ integer_to_list (? AUTH_PORT ) ++ " /auth/resource"
160+ {topic_path , Scheme ++ " ://localhost:" ++ integer_to_list (? AUTH_PORT ) ++ " /auth/topic"
161+ Config1 = case Scheme of
162+ " https"
163+ CertsDir = ? config (rmq_certsdir , Config ),
164+ [{ssl_options , [
165+ {cacertfile , filename :join ([CertsDir , " testca" " cacert.pem"
166+ {certfile , filename :join ([CertsDir , " server" " cert.pem"
167+ {keyfile , filename :join ([CertsDir , " server" " key.pem"
168+ {verify , verify_peer },
169+ {fail_if_no_peer_cert , false }]
170+ }];
171+ " http"
172+ end ,
173+ Config0 ++ Config1 .
0 commit comments