Use profile when using Erlang http client

Author: MarcialRosales

deps/oauth2_client/src/oauth2_client.erl

@@ -7,9 +7,9 @@
 -module(oauth2_client).
 -export([get_access_token/2, get_expiration_time/1,
         refresh_access_token/2,
-        get_jwks/2, get_jwks/3,
+        get_jwks/1,
         get_oauth_provider/1, get_oauth_provider/2,
-        get_openid_configuration/2,get_openid_configuration/3,
+        get_openid_configuration/1,
         build_openid_discovery_endpoint/3,         
         merge_openid_configuration/2,
         merge_oauth_provider/2,
@@ -30,52 +30,66 @@ get_access_token(OAuthProvider, Request) ->
     rabbit_log:debug("get_access_token using OAuthProvider:~p and client_id:~p",
         [OAuthProvider, Request#access_token_request.client_id]),
         URL = OAuthProvider#oauth_provider.token_endpoint,
+    Id = OAuthProvider#oauth_provider.id,
     Header = [],
     Type = ?CONTENT_URLENCODED,
     Body = build_access_token_request_body(Request),
     HTTPOptions = 
         map_ssl_options_to_httpc_option(OAuthProvider#oauth_provider.ssl_options) ++
         map_timeout_to_httpc_option(Request#access_token_request.timeout),
-    Response = http_post(URL, Header, Type, Body, HTTPOptions, 
+    Response = http_post(Id, URL, Header, Type, Body, HTTPOptions, 
         OAuthProvider#oauth_provider.proxy_options),
     parse_access_token_response(Response).
 
 -spec refresh_access_token(oauth_provider(), refresh_token_request()) ->
     {ok, successful_access_token_response()} | 
     {error, unsuccessful_access_token_response() | any()}.
 refresh_access_token(OAuthProvider, Request) ->
+    Id = OAuthProvider#oauth_provider.id,
     URL = OAuthProvider#oauth_provider.token_endpoint,
     Header = [],
     Type = ?CONTENT_URLENCODED,
     Body = build_refresh_token_request_body(Request),
     HTTPOptions = 
         map_ssl_options_to_httpc_option(OAuthProvider#oauth_provider.ssl_options) ++
         map_timeout_to_httpc_option(Request#refresh_token_request.timeout),
-    Response = http_post(URL, Header, Type, Body, HTTPOptions, 
+    Response = http_post(Id, URL, Header, Type, Body, HTTPOptions, 
         OAuthProvider#oauth_provider.proxy_options),
     parse_access_token_response(Response).
 
-http_post(URL, Header, Type, Body, HTTPOptions, ProxyOptions) ->
-    case ProxyOptions of 
-        undefined -> httpc:request(post, {URL, Header, Type, Body}, HTTPOptions, []);
-        _ ->
-            case httpc:set_options(map_proxy_to_httpc_option(ProxyOptions)) of
-                ok -> 
-                    httpc:request(post, {URL, Header, Type, Body},
-                        HTTPOptions ++ map_proxy_auth_to_httpc_option(ProxyOptions), []);
-                {error, _} = Error -> Error 
-            end
+ensure_http_client_started(Id) ->
+    Profile = case Id of 
+        root -> root;
+        _ -> binary_to_atom(Id)
+    end,
+    case inets:start(httpc, [{profile, Profile}]) of 
+        ok -> {ok, Profile};
+        {error, {already_started, _}} -> {ok, Profile};
+        Error -> Error
     end.
-http_get(URL, HTTPOptions, ProxyOptions) ->
-    case ProxyOptions of 
-        undefined -> httpc:request(get, {URL, []}, HTTPOptions, []);
-        _ ->
-            case httpc:set_options(map_proxy_to_httpc_option(ProxyOptions)) of 
-                ok -> 
-                    httpc:request(get, {URL, []},
-                        HTTPOptions ++ map_proxy_auth_to_httpc_option(ProxyOptions), []);
-                {error, _} = Error -> Error 
-            end
+http_post(Id, URL, Header, Type, Body, HTTPOptions, ProxyOptions) ->
+    http_request(Id, post, {URL, Header, Type, Body}, HTTPOptions, ProxyOptions).
+http_get(Id, URL, HTTPOptions, ProxyOptions) ->
+    ct:log("~p ~p", [Id, URL]),
+    http_request(Id, get, {URL, []}, HTTPOptions, ProxyOptions).
+http_request(Id, Method, Payload, HTTPOptions, ProxyOptions) ->
+    case ensure_http_client_started(Id) of
+        {ok, Profile} ->
+            case ProxyOptions of
+                undefined ->
+                    httpc:request(Method, Payload, HTTPOptions, [], Profile);
+                _ ->
+                    case httpc:set_options(map_proxy_to_httpc_option(ProxyOptions),
+                                            Profile) of
+                        ok ->
+                            httpc:request(Method, Payload,
+                                HTTPOptions ++ map_proxy_auth_to_httpc_option(ProxyOptions),
+                                [],
+                                Profile);
+                        {error, _} = Error -> Error
+                    end
+            end;
+        {error, _} = Error -> Error
     end.
 
 append_paths(Path1, Path2) ->
@@ -123,38 +137,27 @@ drop_trailing_path_separator(Path) when is_list(Path) ->
         _ -> Path
     end.
 
--spec get_openid_configuration(DiscoveryEndpoint :: uri_string:uri_string(),
-    ssl:tls_option() | []) -> {ok, openid_configuration()} | {error, term()}.
-get_openid_configuration(DiscoverEndpoint, TLSOptions) ->    
-    get_openid_configuration(DiscoverEndpoint, TLSOptions, undefined).
-
--spec get_openid_configuration(DiscoveryEndpoint :: uri_string:uri_string(),
-    ssl:tls_option() | [], proxy_options() | undefined | 'none') -> 
-        {ok, openid_configuration()} | {error, term()}.
-get_openid_configuration(DiscoverEndpoint, TLSOptions, ProxyOptions) ->    
-    rabbit_log:debug("get_openid_configuration from ~p (~p) [~p]", [DiscoverEndpoint,
-        format_ssl_options(TLSOptions), format_proxy_options(ProxyOptions)]),
+-spec get_openid_configuration(oauth_provider()) -> {ok, openid_configuration()} | {error, term()}.
+get_openid_configuration(#oauth_provider{id = Id, discovery_endpoint = Endpoint,
+        ssl_options = SslOptions, proxy_options = ProxyOptions}) ->       
+    rabbit_log:debug("get_openid_configuration from ~p (~p) [~p]", [Endpoint,
+        format_ssl_options(SslOptions), format_proxy_options(ProxyOptions)]),
     HTTPOptions = 
-        map_ssl_options_to_httpc_option(TLSOptions) ++
+        map_ssl_options_to_httpc_option(SslOptions) ++
         map_timeout_to_httpc_option(?DEFAULT_HTTP_TIMEOUT),
-    Response = http_get(DiscoverEndpoint, HTTPOptions, ProxyOptions),
+
+    Response = http_get(Id, Endpoint, HTTPOptions, ProxyOptions),
     parse_openid_configuration_response(Response).
 
--spec get_jwks(JWKSEndpoint :: uri_string:uri_string(),
-    ssl:tls_option() | []) -> {ok, openid_configuration()} | {error, term()}.
-get_jwks(JWKSEndpoint, TLSOptions) ->
-    get_jwks(JWKSEndpoint, TLSOptions, undefined).
-
--spec get_jwks(JWKSEndpoint :: uri_string:uri_string(),
-    ssl:tls_option() | [], proxy_options() | undefined | 'none')
-         -> {ok, openid_configuration()} | {error, term()}.
-get_jwks(JWKSEndpoint, TLSOptions, ProxyOptions) ->
-    rabbit_log:debug("get_jwks from ~p (~p) [~p]", [JWKSEndpoint,
-        format_ssl_options(TLSOptions), format_proxy_options(ProxyOptions)]),
+-spec get_jwks(oauth_provider()) -> {ok, term()} | {error, term()}.
+get_jwks(#oauth_provider{id = Id, jwks_uri = JwksUrl,
+        ssl_options = SslOptions, proxy_options = ProxyOptions}) ->    
+    rabbit_log:debug("get_jwks from ~p (~p) [~p]", [JwksUrl,
+        format_ssl_options(SslOptions), format_proxy_options(ProxyOptions)]),
     HTTPOptions = 
-        map_ssl_options_to_httpc_option(TLSOptions) ++
+        map_ssl_options_to_httpc_option(SslOptions) ++
         map_timeout_to_httpc_option(?DEFAULT_HTTP_TIMEOUT),
-    http_get(JWKSEndpoint, HTTPOptions, ProxyOptions).    
+    http_get(Id, JwksUrl, HTTPOptions, ProxyOptions).    
 
 -spec merge_openid_configuration(openid_configuration(), oauth_provider()) ->
     oauth_provider().
@@ -337,9 +340,7 @@ download_oauth_provider(OAuthProvider) ->
         undefined -> {error, {missing_oauth_provider_attributes, [issuer]}};
         URL ->
             rabbit_log:debug("Downloading oauth_provider using ~p ", [URL]),
-            case get_openid_configuration(URL, 
-                    OAuthProvider#oauth_provider.ssl_options,
-                    OAuthProvider#oauth_provider.proxy_options) of
+            case get_openid_configuration(OAuthProvider) of
                 {ok, OpenIdConfiguration} ->
                     {ok, update_oauth_provider_endpoints_configuration(
                         merge_openid_configuration(OpenIdConfiguration, OAuthProvider))};

deps/oauth2_client/test/system_SUITE.erl

@@ -184,6 +184,7 @@ get_openid_configuration_http_expectation(TestCaseAtom) ->
         nomatch ->  ?DEFAULT_OPENID_CONFIGURATION_PATH;
         _ ->        ?CUSTOM_OPENID_CONFIGURATION_ENDPOINT
     end,
+    ct:log("Expect path: ~p and endpoint: ~p", [Path, Endpoint]),
     build_http_mock_behaviour(build_http_get_openid_configuration_request(Endpoint, Path),
         build_http_200_json_response(Payload)).
 
@@ -322,14 +323,25 @@ build_openid_discovery_endpoint(Issuer, Path) ->
 
 get_openid_configuration(Config) ->
     ExpectedOAuthProvider = ?config(oauth_provider, Config),
-    SslOptions = ExpectedOAuthProvider#oauth_provider.ssl_options,
     {ok, ActualOpenId} = oauth2_client:get_openid_configuration(
-        build_openid_discovery_endpoint(build_issuer("https")),
-        SslOptions,
-        ExpectedOAuthProvider#oauth_provider.proxy_options),
+        ensure_discovery_endpoint(ExpectedOAuthProvider)),
     ExpectedOpenId = map_oauth_provider_to_openid_configuration(ExpectedOAuthProvider),
     assertOpenIdConfiguration(ExpectedOpenId, ActualOpenId).
 
+ensure_issuer(OAuthProvider, IssuerURL) ->
+    OAuthProvider#oauth_provider{
+        issuer = IssuerURL
+    }.
+ensure_discovery_endpoint(OAuthProvider) ->
+    OAuthProvider#oauth_provider{
+        discovery_endpoint = build_openid_discovery_endpoint(OAuthProvider#oauth_provider.issuer)
+    }. 
+ensure_discovery_endpoint(OAuthProvider, DiscoveryEndpointPath) ->
+    OAuthProvider#oauth_provider{
+                discovery_endpoint = build_openid_discovery_endpoint(
+                    OAuthProvider#oauth_provider.issuer, 
+                    DiscoveryEndpointPath)
+    }.
 map_oauth_provider_to_openid_configuration(OAuthProvider) ->
     #openid_configuration{
         issuer = OAuthProvider#oauth_provider.issuer,
@@ -345,39 +357,30 @@ get_openid_configuration_returns_partial_payload(Config) ->
         token_endpoint = ExpectedOAuthProvider0#oauth_provider.token_endpoint,
         jwks_uri = ExpectedOAuthProvider0#oauth_provider.jwks_uri},
 
-    SslOptions = ExpectedOAuthProvider0#oauth_provider.ssl_options,
     {ok, Actual} = oauth2_client:get_openid_configuration(
-        build_openid_discovery_endpoint(build_issuer("https")),
-        SslOptions,
-        ExpectedOAuthProvider0#oauth_provider.proxy_options),
+        ensure_discovery_endpoint(ExpectedOAuthProvider0)),
     ExpectedOpenId = map_oauth_provider_to_openid_configuration(ExpectedOAuthProvider),
     assertOpenIdConfiguration(ExpectedOpenId, Actual).
 
 get_openid_configuration_using_path(Config) ->
     ExpectedOAuthProvider = ?config(oauth_provider, Config),
-    SslOptions = ExpectedOAuthProvider#oauth_provider.ssl_options,
-    {ok, Actual} = oauth2_client:get_openid_configuration(
-        build_openid_discovery_endpoint(build_issuer("https", ?ISSUER_PATH)),
-        SslOptions,
-        ExpectedOAuthProvider#oauth_provider.proxy_options),
+    {ok, Actual} = oauth2_client:get_openid_configuration(        
+        ensure_discovery_endpoint(
+            ensure_issuer(ExpectedOAuthProvider, build_issuer("https", ?ISSUER_PATH)))),
     ExpectedOpenId = map_oauth_provider_to_openid_configuration(ExpectedOAuthProvider),
     assertOpenIdConfiguration(ExpectedOpenId,Actual).
 get_openid_configuration_using_path_and_custom_endpoint(Config) ->
-    ExpectedOAuthProvider = ?config(oauth_provider, Config),
-    SslOptions = ExpectedOAuthProvider#oauth_provider.ssl_options,
+    ExpectedOAuthProvider = ?config(oauth_provider, Config),    
     {ok, Actual} = oauth2_client:get_openid_configuration(
-        build_openid_discovery_endpoint(build_issuer("https", ?ISSUER_PATH),
-        ?CUSTOM_OPENID_CONFIGURATION_ENDPOINT), SslOptions, 
-        ExpectedOAuthProvider#oauth_provider.proxy_options),
+        ensure_discovery_endpoint(
+            ensure_issuer(ExpectedOAuthProvider, build_issuer("https", ?ISSUER_PATH)),
+            ?CUSTOM_OPENID_CONFIGURATION_ENDPOINT)),
     ExpectedOpenId = map_oauth_provider_to_openid_configuration(ExpectedOAuthProvider),
     assertOpenIdConfiguration(ExpectedOpenId, Actual).
 get_openid_configuration_using_custom_endpoint(Config) ->
     ExpectedOAuthProvider = ?config(oauth_provider, Config),
-    SslOptions = ExpectedOAuthProvider#oauth_provider.ssl_options,
     {ok, Actual} = oauth2_client:get_openid_configuration(
-        build_openid_discovery_endpoint(build_issuer("https"),
-        ?CUSTOM_OPENID_CONFIGURATION_ENDPOINT), SslOptions,
-        ExpectedOAuthProvider#oauth_provider.proxy_options),
+        ensure_discovery_endpoint(ExpectedOAuthProvider, ?CUSTOM_OPENID_CONFIGURATION_ENDPOINT)),
     ExpectedOpenId = map_oauth_provider_to_openid_configuration(ExpectedOAuthProvider),
     assertOpenIdConfiguration(ExpectedOpenId, Actual).
 

deps/rabbitmq_auth_backend_oauth2/src/uaa_jwks.erl

@@ -2,36 +2,15 @@
 -export([get/2, get/3]).
 
 -import(oauth2_client, [
-    map_ssl_options_to_httpc_option/1,
-    map_timeout_to_httpc_option/1,
-    map_proxy_auth_to_httpc_option/1,
-    map_proxy_to_httpc_option/1]).
+    get_jwks/2, get_jwks/3]).
 
 -spec get(uri_string:uri_string(), list()) -> {ok, term()} | {error, term()}.
 get(JwksUrl, SslOptions) ->
-    http_get(JwksUrl, SslOptions, undefined).
+    get_jwks(JwksUrl, SslOptions).
 
--spec get(uri_string:uri_string(), list(), oauth2_client:proxy_options() | undefined | 'none') -> 
-        {ok, term()} | {error, term()}.
+-spec get(uri_string:uri_string(), list(), 
+    oauth2_client:proxy_options() | undefined | 'none') -> {ok, term()} | {error, term()}.
 get(JwksUrl, SslOptions, undefined) ->
-    get(JwksUrl, SslOptions);
+    get_jwks(JwksUrl, SslOptions);
 get(JwksUrl, SslOptions, ProxyOptions) ->
-    http_get(JwksUrl, SslOptions, ProxyOptions).    
-
-http_get(URL, SslOptions, ProxyOptions) ->
-    HttpOptions = map_timeout_to_httpc_option(60000) 
-                    ++ map_ssl_options_to_httpc_option(SslOptions),
-    {HttpProxyOptions, SetOptions} = 
-        case ProxyOptions of 
-            undefined -> {[], ok};
-        _ ->
-            case httpc:set_options(map_proxy_to_httpc_option(ProxyOptions)) of 
-                ok -> {map_proxy_auth_to_httpc_option(ProxyOptions), ok};
-                {error, _} = Error -> {undefined, Error}
-            end
-    end,
-    case SetOptions of 
-        ok -> httpc:request(get, {URL, []}, HttpOptions ++ HttpProxyOptions, []);
-        {error, _} -> SetOptions
-    end.
-        
+    get_jwks(JwksUrl, SslOptions, ProxyOptions).    

deps/rabbitmq_auth_backend_oauth2/src/uaa_jwt.erl

@@ -42,11 +42,9 @@ add_signing_key(KeyId, Type, Value) ->
     end.
 
 -spec update_jwks_signing_keys(oauth_provider()) -> ok | {error, term()}.
-update_jwks_signing_keys(#oauth_provider{id = Id, jwks_uri = JwksUrl,
-        ssl_options = SslOptions, proxy_options = ProxyOptions}) ->
-    rabbit_log:debug("Downloading signing keys from ~tp (TLS options: ~p)",
-        [JwksUrl, format_ssl_options(SslOptions)]),
-    case uaa_jwks:get(JwksUrl, SslOptions, ProxyOptions) of
+update_jwks_signing_keys(#oauth_provider{id = Id} = OAuthProvider) ->
+    rabbit_log:debug("Downloading signing keys from OauthProvider: ~tp", [Id]),
+    case oauth2_client:get_jwks(OAuthProvider) of
         {ok, {_, _, JwksBody}} ->
             KeyList = maps:get(<<"keys">>,
                 jose:decode(erlang:iolist_to_binary(JwksBody)), []),