1818-define (AUTH_PORT , 8000 ).
1919
2020
21- all () ->
22- [
23- {group , with_rabbitmq_node },
24- {group , with_resource_server_id },
25- {group , without_resource_server_id },
26- {group , with_resource_servers },
27- {group , with_resource_servers_and_resource_server_id },
28- {group , inheritance_group }
29-
30- ].
31- groups () ->
32- [
33- {with_rabbitmq_node , [], [
34- add_signing_keys_for_specific_oauth_provider ,
35- add_signing_keys_for_root_oauth_provider ,
36-
37- replace_signing_keys_for_root_oauth_provider ,
38- replace_signing_keys_for_specific_oauth_provider
39-
40- ]
41- },
42-
43- {with_resource_server_id , [], [
44- get_default_resource_server_id ,
45- get_allowed_resource_server_ids_returns_resource_server_id ,
46- get_resource_server_id_for_rabbit_audience_returns_rabbit ,
47- get_resource_server_id_for_none_audience_should_fail ,
48- get_resource_server_id_for_unknown_audience_should_fail ,
49- {with_verify_aud_false , [], [
50- get_resource_server_id_for_rabbit_audience_returns_rabbit ,
51- get_resource_server_id_for_none_audience_returns_rabbit ,
52- get_resource_server_id_for_unknown_audience_returns_rabbit
53- ]},
54- find_audience_in_resource_server_ids_found_resource_server_id ,
55- get_oauth_provider_root_with_jwks_uri_should_fail ,
56- get_default_key_should_fail ,
57- {with_default_key , [], [
58- get_default_key
59- ]},
60- {with_static_signing_keys , [], [
61- get_signing_keys
62- ]},
63- {with_static_signing_keys_for_oauth_provider_A , [], [
64- get_signing_keys_for_oauth_provider_A
65- ]},
66- get_algorithms_should_return_undefined ,
67- {with_algorithms , [], [
68- get_algorithms
69- ]},
70- {with_jwks_url , [], [
71- get_oauth_provider_should_return_root_oauth_provider_with_jwks_uri ,
72- {with_oauth_providers_A_with_jwks_uri , [], [
73- get_oauth_provider_should_return_root_oauth_provider_with_jwks_uri ,
74- {with_default_oauth_provider_A , [], [
75- get_oauth_provider_should_return_oauth_provider_A_with_jwks_uri
76- ]
77- }
78- ]
79- },
80- {with_oauth_providers_A_B_with_jwks_uri , [], [
81- get_default_key_for_provider_A_should_fail ,
82- {with_default_key , [], [
21+ all () -> [
22+ {group , with_rabbitmq_node },
23+ {group , with_resource_server_id },
24+ {group , without_resource_server_id },
25+ {group , with_resource_servers },
26+ {group , with_resource_servers_and_resource_server_id },
27+ {group , inheritance_group }
28+ ].
29+ groups () -> [
30+ {with_rabbitmq_node , [], [
31+ add_signing_keys_for_specific_oauth_provider ,
32+ add_signing_keys_for_root_oauth_provider ,
33+
34+ replace_signing_keys_for_root_oauth_provider ,
35+ replace_signing_keys_for_specific_oauth_provider ,
36+ {with_root_static_signing_keys , [], [
37+ replace_merge_root_static_keys_with_newly_added_keys ,
38+ replace_override_root_static_keys_with_newly_added_keys
39+ ]}
40+ ]},
41+ {with_resource_server_id , [], [
42+ get_default_resource_server_id ,
43+ get_allowed_resource_server_ids_returns_resource_server_id ,
44+ get_resource_server_id_for_rabbit_audience_returns_rabbit ,
45+ get_resource_server_id_for_none_audience_should_fail ,
46+ get_resource_server_id_for_unknown_audience_should_fail ,
47+ {with_verify_aud_false , [], [
48+ get_resource_server_id_for_rabbit_audience_returns_rabbit ,
49+ get_resource_server_id_for_none_audience_returns_rabbit ,
50+ get_resource_server_id_for_unknown_audience_returns_rabbit
51+ ]},
52+ find_audience_in_resource_server_ids_found_resource_server_id ,
53+ get_oauth_provider_root_with_jwks_uri_should_fail ,
54+ get_default_key_should_fail ,
55+ {with_default_key , [], [
56+ get_default_key
57+ ]},
58+ {with_static_signing_keys , [], [
59+ get_signing_keys
60+ ]},
61+ {with_static_signing_keys_for_oauth_provider_A , [], [
62+ get_signing_keys_for_oauth_provider_A
63+ ]},
64+ get_algorithms_should_return_undefined ,
65+ {with_algorithms , [], [
66+ get_algorithms
67+ ]},
68+ {with_jwks_url , [], [
69+ get_oauth_provider_should_return_root_oauth_provider_with_jwks_uri ,
70+ {with_oauth_providers_A_with_jwks_uri , [], [
71+ get_oauth_provider_should_return_root_oauth_provider_with_jwks_uri ,
72+ {with_default_oauth_provider_A , [], [
73+ get_oauth_provider_should_return_oauth_provider_A_with_jwks_uri
74+ ]}
75+ ]},
76+ {with_oauth_providers_A_B_with_jwks_uri , [], [
77+ get_default_key_for_provider_A_should_fail ,
78+ {with_default_key , [], [
8379 get_default_key_for_provider_A_should_fail
84- ]},
85- {with_default_key_for_provider_A , [], [
80+ ]},
81+ {with_default_key_for_provider_A , [], [
8682 get_default_key_for_provider_A
87- ]},
88- get_algorithms_for_provider_A_should_return_undefined ,
89- {with_algorithms_for_provider_A , [], [
83+ ]},
84+ get_algorithms_for_provider_A_should_return_undefined ,
85+ {with_algorithms_for_provider_A , [], [
9086 get_algorithms_for_provider_A
91- ]},
92- get_oauth_provider_should_return_root_oauth_provider_with_jwks_uri ,
93- {with_default_oauth_provider_B , [], [
94- get_oauth_provider_should_return_oauth_provider_B_with_jwks_uri
95- ]
96- }
97- ]
98- }
99- ]
100- },
101- {with_oauth_providers_A_with_jwks_uri , [], [
102- get_oauth_provider_root_with_jwks_uri_should_fail ,
103- {with_default_oauth_provider_A , [], [
104- get_oauth_provider_should_return_oauth_provider_A_with_jwks_uri
105- ]
106- }
107- ]
108- },
109- {with_issuer , [], [
110- get_oauth_provider_should_return_root_oauth_provider_with_all_discovered_endpoints ,
111- {with_oauth_providers_A_with_issuer , [], [
112- get_oauth_provider_should_return_root_oauth_provider_with_all_discovered_endpoints ,
113- {with_default_oauth_provider_A , [], [
114- get_oauth_provider_should_return_oauth_provider_A_with_all_discovered_endpoints
115- ]
116- }
117- ]
118- },
119- {with_oauth_providers_A_B_with_issuer , [], [
120- get_oauth_provider_should_return_root_oauth_provider_with_all_discovered_endpoints ,
121- {with_default_oauth_provider_B , [], [
122- get_oauth_provider_should_return_oauth_provider_B_with_all_discovered_endpoints
123- ]
124- }
125- ]
126- }
127- ]
128- }
129- ]
130- },
131- {without_resource_server_id , [], [
132- get_default_resource_server_id_returns_error ,
133- get_allowed_resource_server_ids_returns_empty_list
134- ]
135- },
136- {with_resource_servers , [], [
137- get_allowed_resource_server_ids_returns_resource_servers_ids ,
138- find_audience_in_resource_server_ids_found_one_resource_servers ,
139- index_resource_servers_by_id_else_by_key ,
140- is_verify_aud_for_resource_two_returns_true ,
141- {with_verify_aud_false_for_resource_two , [], [
87+ ]},
88+ get_oauth_provider_should_return_root_oauth_provider_with_jwks_uri ,
89+ {with_default_oauth_provider_B , [], [
90+ get_oauth_provider_should_return_oauth_provider_B_with_jwks_uri
91+ ]}
92+ ]}
93+ ]},
94+ {with_oauth_providers_A_with_jwks_uri , [], [
95+ get_oauth_provider_root_with_jwks_uri_should_fail ,
96+ {with_default_oauth_provider_A , [], [
97+ get_oauth_provider_should_return_oauth_provider_A_with_jwks_uri
98+ ]}
99+ ]},
100+ {with_issuer , [], [
101+ get_oauth_provider_should_return_root_oauth_provider_with_all_discovered_endpoints ,
102+ {with_oauth_providers_A_with_issuer , [], [
103+ get_oauth_provider_should_return_root_oauth_provider_with_all_discovered_endpoints ,
104+ {with_default_oauth_provider_A , [], [
105+ get_oauth_provider_should_return_oauth_provider_A_with_all_discovered_endpoints
106+ ]}
107+ ]},
108+ {with_oauth_providers_A_B_with_issuer , [], [
109+ get_oauth_provider_should_return_root_oauth_provider_with_all_discovered_endpoints ,
110+ {with_default_oauth_provider_B , [], [
111+ get_oauth_provider_should_return_oauth_provider_B_with_all_discovered_endpoints
112+ ]}
113+ ]}
114+ ]}
115+ ]},
116+ {without_resource_server_id , [], [
117+ get_default_resource_server_id_returns_error ,
118+ get_allowed_resource_server_ids_returns_empty_list
119+ ]},
120+ {with_resource_servers , [], [
121+ get_allowed_resource_server_ids_returns_resource_servers_ids ,
122+ find_audience_in_resource_server_ids_found_one_resource_servers ,
123+ index_resource_servers_by_id_else_by_key ,
124+ is_verify_aud_for_resource_two_returns_true ,
125+ {with_verify_aud_false_for_resource_two , [], [
142126 is_verify_aud_for_resource_one_returns_true ,
143127 is_verify_aud_for_resource_two_returns_false
144- ]},
145- {with_jwks_url , [], [
146- get_oauth_provider_for_both_resources_should_return_root_oauth_provider ,
147- {with_oauth_providers_A_with_jwks_uri , [], [
148- {with_default_oauth_provider_A , [], [
149- get_oauth_provider_for_both_resources_should_return_oauth_provider_A
150- ]
151- }
152- ]
153- },
154- {with_different_oauth_provider_for_each_resource , [], [
155- {with_oauth_providers_A_B_with_jwks_uri , [], [
128+ ]},
129+ {with_jwks_url , [], [
130+ get_oauth_provider_for_both_resources_should_return_root_oauth_provider ,
131+ {with_oauth_providers_A_with_jwks_uri , [], [
132+ {with_default_oauth_provider_A , [], [
133+ get_oauth_provider_for_both_resources_should_return_oauth_provider_A
134+ ]}
135+ ]},
136+ {with_different_oauth_provider_for_each_resource , [], [
137+ {with_oauth_providers_A_B_with_jwks_uri , [], [
156138 get_oauth_provider_for_resource_one_should_return_oauth_provider_A ,
157139 get_oauth_provider_for_resource_two_should_return_oauth_provider_B
158- ]}
159- ]
160- }
161- ]
162- }
163- ]
164- },
165- {with_resource_servers_and_resource_server_id , [], [
166- get_allowed_resource_server_ids_returns_all_resource_servers_ids ,
167- find_audience_in_resource_server_ids_found_resource_server_id ,
168- find_audience_in_resource_server_ids_found_one_resource_servers ,
169- find_audience_in_resource_server_ids_using_binary_audience
170-
171- ]
172- },
173-
174- {inheritance_group , [], [
175- get_additional_scopes_key ,
176- get_additional_scopes_key_when_not_defined ,
177- is_verify_aud ,
178- is_verify_aud_when_is_false ,
179- get_default_preferred_username_claims ,
180- get_preferred_username_claims ,
181- get_scope_prefix ,
182- get_scope_prefix_when_not_defined ,
183- get_resource_server_type ,
184- get_resource_server_type_when_not_defined ,
185- has_scope_aliases ,
186- has_scope_aliases_when_not_defined ,
187- get_scope_aliases
188- ]
189- }
190-
191- ].
140+ ]}
141+ ]}
142+ ]}
143+ ]},
144+ {with_resource_servers_and_resource_server_id , [], [
145+ get_allowed_resource_server_ids_returns_all_resource_servers_ids ,
146+ find_audience_in_resource_server_ids_found_resource_server_id ,
147+ find_audience_in_resource_server_ids_found_one_resource_servers ,
148+ find_audience_in_resource_server_ids_using_binary_audience
149+ ]},
150+
151+ {inheritance_group , [], [
152+ get_additional_scopes_key ,
153+ get_additional_scopes_key_when_not_defined ,
154+ is_verify_aud ,
155+ is_verify_aud_when_is_false ,
156+ get_default_preferred_username_claims ,
157+ get_preferred_username_claims ,
158+ get_scope_prefix ,
159+ get_scope_prefix_when_not_defined ,
160+ get_resource_server_type ,
161+ get_resource_server_type_when_not_defined ,
162+ has_scope_aliases ,
163+ has_scope_aliases_when_not_defined ,
164+ get_scope_aliases
165+ ]}
166+ ].
192167
193168init_per_suite (Config ) ->
194169 rabbit_ct_helpers :log_environment (),
@@ -208,6 +183,16 @@ init_per_group(with_default_key, Config) ->
208183 application :set_env (rabbitmq_auth_backend_oauth2 , key_config ,
209184 proplists :delete (default_key , KeyConfig ) ++ [{default_key ,<<" default-key"
210185 Config ;
186+ init_per_group (with_root_static_signing_keys , Config ) ->
187+ KeyConfig = application :get_env (rabbitmq_auth_backend_oauth2 , key_config , []),
188+ SigningKeys = #{
189+ <<" mykey-root-1" => <<" some key root-1"
190+ <<" mykey-root-2" => <<" some key root-2"
191+ },
192+ application :set_env (rabbitmq_auth_backend_oauth2 , key_config ,
193+ proplists :delete (default_key , KeyConfig ) ++ [{signing_keys ,SigningKeys }]),
194+ Config ;
195+
211196init_per_group (with_default_key_for_provider_A , Config ) ->
212197 OAuthProviders = application :get_env (rabbitmq_auth_backend_oauth2 , oauth_providers , #{}),
213198 OAuthProvider = maps :get (<<" A" OAuthProviders , []),
@@ -401,6 +386,11 @@ init_per_group(_any, Config) ->
401386
402387end_per_group (with_rabbitmq_node , Config ) ->
403388 rabbit_ct_helpers :run_steps (Config , rabbit_ct_broker_helpers :teardown_steps ());
389+ end_per_group (with_root_static_signing_keys , Config ) ->
390+ KeyConfig = application :get_env (rabbitmq_auth_backend_oauth2 , key_config , []),
391+ application :set_env (rabbitmq_auth_backend_oauth2 , key_config ,
392+ proplists :delete (signing_keys , KeyConfig )),
393+ Config ;
404394
405395end_per_group (with_resource_server_id , Config ) ->
406396 application :unset_env (rabbitmq_auth_backend_oauth2 , resource_server_id ),
@@ -596,6 +586,21 @@ add_signing_keys_for_specific_oauth_provider(Config) ->
596586 ? assertEqual (<<" some key 3-1"
597587 call_get_signing_key (Config , [<<" mykey-3-1" " my-oauth-provider-3"
598588
589+ replace_merge_root_static_keys_with_newly_added_keys (Config ) ->
590+ NewKeys = #{<<" key-2" => <<" some key 2" " key-3" => <<" some key 3"
591+ call_replace_signing_keys (Config , [NewKeys ]),
592+ #{ <<" mykey-root-1" = <<" some key root-1"
593+ <<" mykey-root-2" = <<" some key root-2"
594+ <<" key-2" = <<" some key 2"
595+ <<" key-3" = <<" some key 3"
596+ } = call_get_signing_keys (Config ).
597+ replace_override_root_static_keys_with_newly_added_keys (Config ) ->
598+ NewKeys = #{<<" mykey-root-1" => <<" new key root-1" " key-3" => <<" some key 3"
599+ call_replace_signing_keys (Config , [NewKeys ]),
600+ #{ <<" mykey-root-1" = <<" new key root-1"
601+ <<" mykey-root-2" = <<" some key root-2"
602+ <<" key-3" = <<" some key 3"
603+ } = call_get_signing_keys (Config ).
599604replace_signing_keys_for_root_oauth_provider (Config ) ->
600605 call_add_signing_key (Config , [<<" mykey-1" " some key 1"
601606 NewKeys = #{<<" key-2" => <<" some key 2" " key-3" => <<" some key 3"
0 commit comments