Fix schema issues

And fix selenium script to run
rabbitrmq locally

Author: MarcialRosales

deps/rabbitmq_auth_backend_oauth2/src/oauth2_schema.erl

@@ -69,8 +69,7 @@ translate_list_of_signing_keys(ListOfKidPath) ->
 -spec translate_endpoint_params(list(), [{list(), binary()}]) -> map().
 translate_endpoint_params(Variable, Conf) ->
     Params0 = cuttlefish_variable:filter_by_prefix("auth_oauth2." ++ Variable, Conf),
-    Params = [{list_to_binary(Param), list_to_binary(V)} ||
-        {["auth_oauth2", _, Param], V} <- Params0],
+    Params = [{Param, V} || {["auth_oauth2", _, Param], V} <- Params0],
     maps:from_list(Params).
 
 validator_file_exists(Attr, Filename) ->
@@ -120,7 +119,7 @@ mapOauthProviderProperty({Key, Value}) ->
         token_endpoint -> validator_https_uri(Key, Value);
         jwks_uri -> validator_https_uri(Key, Value);
         end_session_endpoint -> validator_https_uri(Key, Value);
-        authorization_endpoint -> validator_https_uri(Key, Value);        
+        authorization_endpoint -> validator_https_uri(Key, Value);
         discovery_endpoint_params ->
             cuttlefish:invalid(io_lib:format(
                 "Invalid attribute (~p) value: should be a map of Key,Value pairs", [Key]));

deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/rabbitmq_auth_backend_oauth2.snippets

@@ -18,6 +18,8 @@
         auth_oauth2.https.depth = 5
         auth_oauth2.https.fail_if_no_peer_cert = false
         auth_oauth2.https.hostname_verification = wildcard
+        auth_oauth2.discovery_endpoint_path = /.well-known/openid-configuration
+        auth_oauth2.discovery_endpoint_params.param1 = value1
         auth_oauth2.https.crl_check = true
         auth_oauth2.algorithms.1 = HS256
         auth_oauth2.algorithms.2 = RS256",
@@ -30,6 +32,10 @@
             {preferred_username_claims, [<<"user_name">>, <<"username">>, <<"email">>]},
             {verify_aud, true},
             {issuer, "https://my-jwt-issuer"},
+            {discovery_endpoint_path, "/.well-known/openid-configuration"},
+            {discovery_endpoint_params, #{
+                "param1" => "value1"
+            }},
             {key_config, [
               {default_key, <<"id1">>},
               {signing_keys,

deps/rabbitmq_auth_backend_oauth2/test/oauth2_schema_SUITE.erl

@@ -60,7 +60,7 @@ test_with_endpoint_params(_) ->
         {["auth_oauth2","discovery_endpoint_params","param1"], "some-value1"},
         {["auth_oauth2","discovery_endpoint_params","param2"], "some-value2"}
     ],
-    #{ <<"param1">> := <<"some-value1">>, <<"param2">> := <<"some-value2">> } =
+    #{ "param1" := "some-value1", "param2" := "some-value2" } =
         translate_endpoint_params("discovery_endpoint_params", Conf).
 
 test_invalid_oauth_providers_endpoint_params(_) ->
@@ -103,7 +103,7 @@ test_with_many_oauth_providers(_) ->
             {["auth_oauth2","oauth_providers","uaa","issuer"],"https://uaa"},
             {["auth_oauth2","oauth_providers","uaa","discovery_endpoint_path"],"/some-path"}
             ],
-    #{<<"keycloak">> := [{issuer, <<"https://keycloak">>}                
+    #{<<"keycloak">> := [{issuer, <<"https://keycloak">>}
                         ],
       <<"uaa">> := [{issuer, <<"https://uaa">>},
                     {discovery_endpoint_path, <<"/some-path">>}

deps/rabbitmq_management/priv/schema/rabbitmq_management.schema

@@ -473,7 +473,7 @@ end}.
     [{datatype, string}]}.
 
 %% Configure OAuth2 authorization_endpoint additional request parameters
-{mapping, "management.oauth_authorization_endpoint_params.$name", 
+{mapping, "management.oauth_authorization_endpoint_params.$name",
     "rabbitmq_management.oauth_authorization_endpoint_params",
     [{datatype, string}]}.
 
@@ -483,7 +483,7 @@ end}.
  end}.
 
 %% Configure OAuth2 token_endpoint additional request parameters
-{mapping, "management.oauth_token_endpoint_params.$name", 
+{mapping, "management.oauth_token_endpoint_params.$name",
     "rabbitmq_management.oauth_token_endpoint_params",
     [{datatype, string}]}.
 
@@ -568,17 +568,17 @@ end}.
     "rabbitmq_management.oauth_resource_servers",
   [{datatype, {enum, [sp_initiated, idp_initiated]}}]}.
 
-{mapping, "management.oauth_resource_servers.$name.oauth_authorization_endpoint_params.$name", 
-    ""rabbitmq_management.oauth_resource_servers",
+{mapping, "management.oauth_resource_servers.$name.oauth_authorization_endpoint_params.$name",
+    "rabbitmq_management.oauth_resource_servers",
     [{datatype, string}]}.
 
-{mapping, "management.oauth_resource_servers.$name.oauth_token_endpoint_params.$name", 
-    ""rabbitmq_management.oauth_resource_servers",
+{mapping, "management.oauth_resource_servers.$name.oauth_token_endpoint_params.$name",
+    "rabbitmq_management.oauth_resource_servers",
     [{datatype, string}]}.
 
 {translation, "rabbitmq_management.oauth_resource_servers",
  fun(Conf) ->
-     rabbit_mgmt_schema:translate_resource_servers(Conf)
+     rabbit_mgmt_schema:translate_oauth_resource_servers(Conf)
  end}.
 
 %% ===========================================================================

deps/rabbitmq_management/src/rabbit_mgmt_schema.erl

@@ -13,13 +13,15 @@
     translate_endpoint_params/2
 ]).
 
+extract_key({Name,_}) -> Name.
 extract_key_as_binary({Name,_}) -> list_to_binary(Name).
 extract_value({_Name,V}) -> V.
 
 -spec translate_oauth_resource_servers([{list(), binary()}]) -> map().
 translate_oauth_resource_servers(Conf) ->
     Settings = cuttlefish_variable:filter_by_prefix(
         "management.oauth_resource_servers", Conf),
+    rabbit_log:debug("Settings: ~p", [Settings]),
     Map = merge_list_of_maps([
         extract_resource_server_properties(Settings),
         extract_resource_server_endpoint_params(oauth_authorization_endpoint_params, Settings),
@@ -37,28 +39,31 @@ translate_oauth_resource_servers(Conf) ->
 -spec translate_endpoint_params(list(), [{list(), binary()}]) -> map().
 translate_endpoint_params(Variable, Conf) ->
     Params0 = cuttlefish_variable:filter_by_prefix("management." ++ Variable, Conf),
-    Params = [{list_to_binary(Param), list_to_binary(V)} ||
-        {["management", _, Param], V} <- Params0],
-    maps:from_list(Params).
+    Params = [{Param, list_to_binary(V)} || {["management", _, Param], V} <- Params0].
 
 merge_list_of_maps(ListOfMaps) ->
     lists:foldl(fun(Elem, AccIn) -> maps:merge_with(fun(_K,V1,V2) -> V1 ++ V2 end,
         Elem, AccIn) end, #{}, ListOfMaps).
 
 
 extract_resource_server_properties(Settings) ->
-    KeyFun = fun extract_key_as_binary/1,
+    KeyFun = fun extract_key/1,
     ValueFun = fun extract_value/1,
 
-    OAuthProviders = [{Name, {list_to_atom(Key), list_to_binary(V)}}
+    OAuthProviders = [{Name, {list_to_atom(Key), V}}
         || {["management","oauth_resource_servers", Name, Key], V} <- Settings ],
-    maps:groups_from_list(KeyFun, ValueFun, OAuthProviders).
+    rabbit_log:debug("extract_resource_server_properties ~p", [Settings]),
+    Result = maps:groups_from_list(KeyFun, ValueFun, OAuthProviders),
+    rabbit_log:debug("extract_resource_server_properties -> ~p", [Result]),
+
+    Result.
 
 extract_resource_server_endpoint_params(Variable, Settings) ->
-    KeyFun = fun extract_key_as_binary/1,
+    KeyFun = fun extract_key/1,
 
-    IndexedParams = [{Name, {list_to_binary(ParamName), list_to_binary(V)}} ||
+    rabbit_log:debug("extract_resource_server_endpoint_params ~p ~p", [Variable, Settings]),
+    IndexedParams = [{Name, {ParamName, list_to_binary(V)}} ||
         {["management","oauth_resource_servers", Name, EndpointVar, ParamName], V}
             <- Settings, EndpointVar == atom_to_list(Variable) ],
-    maps:map(fun(_K,V)-> [{Variable, maps:from_list(V)}] end,
-        maps:groups_from_list(KeyFun, fun({_, V}) -> V end, IndexedParams)).
+    maps:map(fun(_K,V)-> [{Variable, V}] end,
+        maps:groups_from_list(KeyFun, fun({_, V}) -> V end, IndexedParams)).

deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl

@@ -25,16 +25,16 @@ variances(Req, Context) ->
 content_types_provided(ReqData, Context) ->
    {rabbit_mgmt_util:responder_map(to_json), ReqData, Context}.
 
-merge_property(Key, List, MapIn) -> 
-  case proplists:get_value(Key, List) of 
+merge_property(Key, List, MapIn) ->
+  case proplists:get_value(Key, List) of
     undefined -> MapIn;
     V0 -> MapIn#{Key => V0}
   end.
 
 extract_oauth_provider_info_props_as_map(ManagementProps) ->
-  lists:foldl(fun(K, Acc) -> 
-    merge_property(K, ManagementProps, Acc) end, #{}, [oauth_provider_url, 
-      oauth_metadata_url, oauth_authorization_endpoint_params, 
+  lists:foldl(fun(K, Acc) ->
+    merge_property(K, ManagementProps, Acc) end, #{}, [oauth_provider_url,
+      oauth_metadata_url, oauth_authorization_endpoint_params,
       oauth_token_endpoint_params]).
 
 merge_oauth_provider_info(OAuthResourceServer, MgtResourceServer, ManagementProps) ->
@@ -46,19 +46,19 @@ merge_oauth_provider_info(OAuthResourceServer, MgtResourceServer, ManagementProp
     {ok, OAuthProvider} -> oauth_provider_to_map(OAuthProvider);
     {error, _} -> #{}
   end,
-  OAuthProviderInfo1 = maps:merge(OAuthProviderInfo0, 
+  OAuthProviderInfo1 = maps:merge(OAuthProviderInfo0,
     extract_oauth_provider_info_props_as_map(ManagementProps)),
   maps:merge(OAuthProviderInfo1, proplists:to_map(MgtResourceServer)).
 
 oauth_provider_to_map(OAuthProvider) ->
   % only include issuer and end_session_endpoint for now. The other endpoints are resolved by oidc-client library
-  Map0 = case OAuthProvider#oauth_provider.issuer of 
+  Map0 = case OAuthProvider#oauth_provider.issuer of
     undefined -> #{};
     Issuer -> #{ oauth_provider_url => Issuer,
-                oauth_metadata_url => OAuthProvider#oauth_provider.discovery_endpoint 
+                oauth_metadata_url => OAuthProvider#oauth_provider.discovery_endpoint
               }
   end,
-  case OAuthProvider#oauth_provider.end_session_endpoint of 
+  case OAuthProvider#oauth_provider.end_session_endpoint of
     undefined -> Map0;
     V -> maps:put(end_session_endpoint, V, Map0)
   end.
@@ -80,7 +80,7 @@ extract_oauth2_and_mgt_resources(OAuth2BackendProps, ManagementProps) ->
   MgtResources = maps:map(
     fun(K,V) -> merge_oauth_provider_info(maps:get(K, OAuth2Resources, #{}), V, ManagementProps) end,
     skip_disabled_mgt_resource_servers(MgtResources1)),
-  case maps:size(MgtResources) of 
+  case maps:size(MgtResources) of
     0 -> {};
     _ -> {MgtResources}
   end.
@@ -89,21 +89,21 @@ getAllDeclaredOauth2Resources(OAuth2BackendProps) ->
   OAuth2Resources = proplists:get_value(resource_servers, OAuth2BackendProps, #{}),
   case proplists:get_value(resource_server_id, OAuth2BackendProps) of
     undefined -> OAuth2Resources;
-    Id -> maps:put(Id, buildRootResourceServerIfAny(Id, OAuth2BackendProps), 
+    Id -> maps:put(Id, buildRootResourceServerIfAny(Id, OAuth2BackendProps),
     OAuth2Resources)
   end.
 buildRootResourceServerIfAny(Id, Props) ->
-  [ {id, Id}, 
-    {oauth_client_id, 
-        proplists:get_value(oauth_client_id, Props)}, 
+  [ {id, Id},
+    {oauth_client_id,
+        proplists:get_value(oauth_client_id, Props)},
     {oauth_client_secret,
         proplists:get_value(oauth_client_secret, Props)},
-    {oauth_response_type, 
+    {oauth_response_type,
         proplists:get_value(oauth_response_type, Props)},
-    {authorization_endpoint_params, 
+    {authorization_endpoint_params,
         proplists:get_value(authorization_endpoint_params, Props)},
-    {token_endpoint_params, 
-        proplists:get_value(token_endpoint_params, Props)} 
+    {token_endpoint_params,
+        proplists:get_value(token_endpoint_params, Props)}
   ].
 
 authSettings() ->
@@ -114,7 +114,10 @@ authSettings() ->
     false -> [{oauth_enabled, false}];
     true ->
       case extract_oauth2_and_mgt_resources(OAuth2BackendProps, ManagementProps) of
-        {MgtResources} -> produce_auth_settings(MgtResources, ManagementProps);
+        {MgtResources} ->
+            Settings = produce_auth_settings(MgtResources, ManagementProps),
+            rabbit_log:debug("authSettings: ~p", [Settings]),
+            Settings;
         {} -> [{oauth_enabled, false}]
       end
   end.
@@ -137,18 +140,18 @@ filter_mgt_resource_servers_without_oauth_client_id_for_sp_initiated(MgtResource
   end.
 
 filter_mgt_resource_servers_without_oauth_provider_url(MgtResourceServers) ->
-  maps:filter(fun(_K1,V1) -> maps:is_key(oauth_provider_url, V1) end, MgtResourceServers).    
+  maps:filter(fun(_K1,V1) -> maps:is_key(oauth_provider_url, V1) end, MgtResourceServers).
 
 ensure_oauth_resource_server_properties_are_binaries(Key, Value) ->
-  case Key of 
+  case Key of
     oauth_authorization_endpoint_params -> Value;
     oauth_token_endpoint_params -> Value;
     _ -> to_binary(Value)
   end.
 
 produce_auth_settings(MgtResourceServers, ManagementProps) ->
-  ConvertValuesToBinary = fun(_K,V) -> [ 
-    {K1, ensure_oauth_resource_server_properties_are_binaries(K1, V1)} || {K1,V1} 
+  ConvertValuesToBinary = fun(_K,V) -> [
+    {K1, ensure_oauth_resource_server_properties_are_binaries(K1, V1)} || {K1,V1}
       <- maps:to_list(V)] end,
   FilteredMgtResourceServers = filter_mgt_resource_servers_without_oauth_provider_url(
     filter_mgt_resource_servers_without_oauth_client_id_for_sp_initiated(MgtResourceServers, ManagementProps)),
@@ -202,14 +205,14 @@ to_tuple(Key, Proplist) ->
 
 to_tuple(Key, Proplist, ConvertFun, DefaultValue) ->
     case proplists:is_defined(Key, Proplist) of
-        true -> 
-            {Key, case ConvertFun of 
+        true ->
+            {Key, case ConvertFun of
                     undefined -> proplists:get_value(Key, Proplist);
                     _ -> ConvertFun(proplists:get_value(Key, Proplist))
                 end
             };
-        false -> 
-            case DefaultValue of 
+        false ->
+            case DefaultValue of
                 undefined -> {};
                 _ -> {Key, proplists:get_value(Key, Proplist, DefaultValue)}
             end

deps/rabbitmq_management/test/config_schema_SUITE_data/rabbitmq_management.snippets

@@ -621,15 +621,23 @@
    management.oauth_client_id = rabbitmq_client_code
    management.oauth_client_secret = rabbitmq_client_secret
    management.oauth_scopes = openid profile rabbitmq.*
+   management.oauth_authorization_endpoint_params.param1 = value1
+   management.oauth_token_endpoint_params.param2 = value2
    management.oauth_initiated_logon_type = idp_initiated",
   [
    {rabbitmq_management, [
+                          {oauth_authorization_endpoint_params, [
+                            {"param1", <<"value1">>}
+                          ]},
                           {oauth_enabled, true},
                           {oauth_provider_url, "http://localhost:8080"},
                           {oauth_client_id, "rabbitmq_client_code"},
                           {oauth_client_secret, "rabbitmq_client_secret"},
                           {oauth_scopes, "openid profile rabbitmq.*"},
-                          {oauth_initiated_logon_type, idp_initiated}
+                          {oauth_initiated_logon_type, idp_initiated},
+                          {oauth_token_endpoint_params, [
+                            {"param2", <<"value2">>}
+                          ]}
                          ]}
   ], [rabbitmq_management]
  },
@@ -640,7 +648,9 @@
    management.oauth_resource_servers.1.label = One
    management.oauth_resource_servers.1.oauth_client_id = one
    management.oauth_resource_servers.1.oauth_scopes = openid profile rabbitmq.*
+   management.oauth_resource_servers.1.oauth_token_endpoint_params.param2 = value2
    management.oauth_resource_servers.2.oauth_provider_url = http://two
+   management.oauth_resource_servers.2.oauth_authorization_endpoint_params.param1 = value1
    management.oauth_resource_servers.2.id = resource-two
    management.oauth_resource_servers.2.oauth_client_id = two
    management.oauth_resource_servers.3.oauth_initiated_logon_type = idp_initiated
@@ -650,21 +660,28 @@
                           {oauth_enabled, true},
                           {oauth_resource_servers,
                             #{
-                              <<"resource-one">> => [
+                             "3" => [
+                               {oauth_provider_url, "http://three"},
+                               {oauth_initiated_logon_type, idp_initiated},
+                               {id, "3"}
+                             ],
+                             "resource-one" => [
+                                {oauth_token_endpoint_params, [
+                                   {"param2", <<"value2">>}
+                                ]},
                                 {oauth_scopes, "openid profile rabbitmq.*"},
                                 {oauth_client_id, "one"},
-                                {id, "resource-one"},
                                 {label, "One"},
+                                {id, "resource-one"},
                                 {oauth_provider_url, "http://one:8080"}
                               ],
-                              <<"resource-two">> => [
+                              "resource-two" => [
+                                {oauth_authorization_endpoint_params, [
+                                   {"param1", <<"value1">>}
+                                ]},
                                 {oauth_client_id, "two"},
                                 {id, "resource-two"},
                                 {oauth_provider_url, "http://two"}
-                              ],
-                              <<"3">> => [
-                                {oauth_initiated_logon_type, idp_initiated},
-                                {oauth_provider_url, "http://three"}
                               ]
                             }
                           }