Merge pull request #12258 from rabbitmq/make-some-oauth2-settings-optional

Make some OAuth2 settings optional

Author: michaelklishin

.github/workflows/test-authnz.yaml

@@ -62,23 +62,10 @@ jobs:
       with:
         credentials_json: ${{ secrets.REMOTE_CACHE_CREDENTIALS_JSON }}
 
-    - name: Configure Bazel
-      run: |
-        if [ -n "${{ secrets.REMOTE_CACHE_BUCKET_NAME }}" ]; then
-        cat << EOF >> user.bazelrc
-          build --remote_cache=https://storage.googleapis.com/${{ secrets.REMOTE_CACHE_BUCKET_NAME }}
-          build --google_default_credentials
-
-          build --remote_download_toplevel
-        EOF
-        fi
-        cat << EOF >> user.bazelrc
-          build --color=yes
-        EOF
-
     - name: Build & Load RabbitMQ OCI
       run: |
-        bazelisk run packaging/docker-image:rabbitmq-amd64
+        make package-generic-unix
+        make docker-image
 
     - name: Configure Docker Network
       run: |
@@ -91,7 +78,8 @@ jobs:
 
     - name: Run Suites
       run: |
-        RABBITMQ_DOCKER_IMAGE=bazel/packaging/docker-image:rabbitmq-amd64 \
+        IMAGE_TAG=$(find PACKAGES/rabbitmq-server-generic-unix-*.tar.xz | awk -F 'PACKAGES/rabbitmq-server-generic-unix-|.tar.xz' '{print $2}')
+        RABBITMQ_DOCKER_IMAGE=pivotalrabbitmq/rabbitmq:$IMAGE_TAG \
          ${SELENIUM_DIR}/run-suites.sh full-suite-authnz-messaging
 
     - name: Upload Test Artifacts

.github/workflows/test-management-ui-for-pr.yaml

@@ -42,23 +42,10 @@ jobs:
       with:
         credentials_json: ${{ secrets.REMOTE_CACHE_CREDENTIALS_JSON }}
 
-    - name: Configure Bazel
-      run: |
-        if [ -n "${{ secrets.REMOTE_CACHE_BUCKET_NAME }}" ]; then
-        cat << EOF >> user.bazelrc
-          build --remote_cache=https://storage.googleapis.com/${{ secrets.REMOTE_CACHE_BUCKET_NAME }}
-          build --google_default_credentials
-
-          build --remote_download_toplevel
-        EOF
-        fi
-        cat << EOF >> user.bazelrc
-          build --color=yes
-        EOF
-
     - name: Build & Load RabbitMQ OCI
       run: |
-        bazelisk run packaging/docker-image:rabbitmq-amd64
+         make package-generic-unix
+         make docker-image
 
     - name: Configure Docker Network
       run: |
@@ -71,8 +58,9 @@ jobs:
 
     - name: Run full ui suites on a standalone rabbitmq server
       run: |
-        RABBITMQ_DOCKER_IMAGE=bazel/packaging/docker-image:rabbitmq-amd64 \
-            ${SELENIUM_DIR}/run-suites.sh
+        IMAGE_TAG=$(find PACKAGES/rabbitmq-server-generic-unix-*.tar.xz | awk -F 'PACKAGES/rabbitmq-server-generic-unix-|.tar.xz' '{print $2}')
+        RABBITMQ_DOCKER_IMAGE=pivotalrabbitmq/rabbitmq:$IMAGE_TAG \
+          ${SELENIUM_DIR}/run-suites.sh short-suite-management-ui       
         mkdir -p /tmp/full-suite
         mv /tmp/selenium/* /tmp/full-suite
         mkdir -p /tmp/full-suite/logs

.github/workflows/test-management-ui.yaml

@@ -56,23 +56,10 @@ jobs:
       with:
         credentials_json: ${{ secrets.REMOTE_CACHE_CREDENTIALS_JSON }}
 
-    - name: Configure Bazel
-      run: |
-        if [ -n "${{ secrets.REMOTE_CACHE_BUCKET_NAME }}" ]; then
-        cat << EOF >> user.bazelrc
-          build --remote_cache=https://storage.googleapis.com/${{ secrets.REMOTE_CACHE_BUCKET_NAME }}
-          build --google_default_credentials
-
-          build --remote_download_toplevel
-        EOF
-        fi
-        cat << EOF >> user.bazelrc
-          build --color=yes
-        EOF
-
     - name: Build & Load RabbitMQ OCI
       run: |
-        bazelisk run packaging/docker-image:rabbitmq-amd64
+        make package-generic-unix
+        make docker-image
 
     - name: Configure Docker Network
       run: |
@@ -84,9 +71,10 @@ jobs:
         docker build -t mocha-test --target test .
 
     - name: Run short ui suite on a 3-node rabbitmq cluster
-      run: |
-        RABBITMQ_DOCKER_IMAGE=bazel/packaging/docker-image:rabbitmq-amd64 \
-            ADDON_PROFILES=cluster ${SELENIUM_DIR}/run-suites.sh short-suite-management-ui
+      run: |        
+        IMAGE_TAG=$(find PACKAGES/rabbitmq-server-generic-unix-*.tar.xz | awk -F 'PACKAGES/rabbitmq-server-generic-unix-|.tar.xz' '{print $2}')
+        RABBITMQ_DOCKER_IMAGE=pivotalrabbitmq/rabbitmq:$IMAGE_TAG \
+          ${SELENIUM_DIR}/run-suites.sh short-suite-management-ui
         mkdir -p /tmp/short-suite
         mv /tmp/selenium/* /tmp/short-suite
         mkdir -p /tmp/short-suite/logs

deps/oauth2_client/app.bzl

@@ -64,7 +64,7 @@ def all_srcs(name = "all_srcs"):
     )
     filegroup(
         name = "public_hdrs",
-        srcs = ["include/oauth2_client.hrl"],
+        srcs = ["include/oauth2_client.hrl", "include/types.hrl"],
     )
     filegroup(
         name = "license_files",
@@ -88,7 +88,7 @@ def test_suite_beam_files(name = "test_suite_beam_files"):
         testonly = True,
         srcs = ["test/system_SUITE.erl"],
         outs = ["test/system_SUITE.beam"],
-        hdrs = ["include/oauth2_client.hrl"],
+        hdrs = ["include/oauth2_client.hrl", "include/types.hrl"],
         app_name = "oauth2_client",
         erlc_opts = "//:test_erlc_opts",
     )
@@ -97,7 +97,7 @@ def test_suite_beam_files(name = "test_suite_beam_files"):
         testonly = True,
         srcs = ["test/unit_SUITE.erl"],
         outs = ["test/unit_SUITE.beam"],
-        hdrs = ["include/oauth2_client.hrl"],
+        hdrs = ["include/oauth2_client.hrl", "include/types.hrl"],
         app_name = "oauth2_client",
         erlc_opts = "//:test_erlc_opts",
     )

deps/oauth2_client/include/oauth2_client.hrl

@@ -5,6 +5,7 @@
 %% Copyright (c) 2020-2023 VMware, Inc. or its affiliates.  All rights reserved.
 %%
 
+-include("types.hrl").
 
 % define access token request common constants
 
@@ -44,66 +45,3 @@
 -define(RESPONSE_END_SESSION_ENDPOINT, <<"end_session_endpoint">>).
 -define(RESPONSE_JWKS_URI, <<"jwks_uri">>).
 -define(RESPONSE_TLS_OPTIONS, <<"ssl_options">>).
-
-%% The closest we have to a type import in Erlang
--type option(T) :: rabbit_types:option(T).
-
--type oauth_provider_id() :: root | binary().
-
--record(openid_configuration, {
-  issuer :: option(uri_string:uri_string()),
-  token_endpoint :: option(uri_string:uri_string()),
-  authorization_endpoint :: option(uri_string:uri_string()),
-  end_session_endpoint :: option(uri_string:uri_string()),
-  jwks_uri :: option(uri_string:uri_string())
-  }).
--type openid_configuration() :: #openid_configuration{}.
-
--record(oauth_provider, {
-  id :: oauth_provider_id(),
-  issuer :: option(uri_string:uri_string()),
-  token_endpoint :: option(uri_string:uri_string()),
-  authorization_endpoint :: option(uri_string:uri_string()),
-  end_session_endpoint :: option(uri_string:uri_string()),
-  jwks_uri :: option(uri_string:uri_string()),
-  ssl_options :: option(list())
-  }).
-
--type oauth_provider() :: #oauth_provider{}.
-
--record(access_token_request, {
-  client_id :: string() | binary(),
-  client_secret :: string() | binary(),
-  scope :: string() | binary() | undefined,
-  timeout :: option(integer())
-  }).
-
--type access_token_request() :: #access_token_request{}.
-
--record(successful_access_token_response, {
-  access_token :: binary(),
-  token_type :: binary(),
-  refresh_token :: option(binary()),    % A refresh token SHOULD NOT be included
-                                        % .. for client-credentials flow.
-                                        % https://www.rfc-editor.org/rfc/rfc6749#section-4.4.3
-  expires_in :: option(integer())
-}).
-
--type successful_access_token_response() :: #successful_access_token_response{}.
-
--record(unsuccessful_access_token_response, {
-  error :: integer(),
-  error_description :: binary() | string() | undefined
-}).
-
--type unsuccessful_access_token_response() :: #unsuccessful_access_token_response{}.
-
--record(refresh_token_request, {
-  client_id :: string() | binary(),
-  client_secret :: string() | binary(),
-  scope :: string() | binary() | undefined,
-  refresh_token :: binary(),
-  timeout :: option(integer())
-  }).
-
--type refresh_token_request() :: #refresh_token_request{}.

deps/oauth2_client/include/types.hrl

@@ -0,0 +1,75 @@
+%% This Source Code Form is subject to the terms of the Mozilla Public
+%% License, v. 2.0. If a copy of the MPL was not distributed with this
+%% file, You can obtain one at https://mozilla.org/MPL/2.0/.
+%%
+%% Copyright (c) 2020-2023 VMware, Inc. or its affiliates.  All rights reserved.
+%%
+
+%% Matches the option type in rabbit_types without introducing a dependency
+%% on that module and RabbitMQ core (rabbit_common)
+-type(option(T) :: T | 'none' | 'undefined').
+
+-type oauth_provider_id() :: root | binary().
+
+-record(openid_configuration, {
+    issuer :: option(uri_string:uri_string()),
+    token_endpoint :: option(uri_string:uri_string()),
+    authorization_endpoint :: option(uri_string:uri_string()),
+    end_session_endpoint :: option(uri_string:uri_string()),
+    jwks_uri :: option(uri_string:uri_string())
+}).
+-type openid_configuration() :: #openid_configuration{}.
+
+-record(oauth_provider, {
+    id :: oauth_provider_id(),
+    issuer :: option(uri_string:uri_string()),
+    discovery_endpoint :: option(uri_string:uri_string()),
+    token_endpoint :: option(uri_string:uri_string()),
+    authorization_endpoint :: option(uri_string:uri_string()),
+    end_session_endpoint :: option(uri_string:uri_string()),
+    jwks_uri :: option(uri_string:uri_string()),
+    ssl_options :: option(list())
+}).
+
+-type query_list() :: [{unicode:chardata(), unicode:chardata() | true}].
+
+-type oauth_provider() :: #oauth_provider{}.
+
+-record(access_token_request, {
+    client_id :: string() | binary(),
+    client_secret :: string() | binary(),
+    scope :: option(string() | binary()),
+    extra_parameters :: option(query_list()),
+    timeout :: option(integer())
+}).
+
+-type access_token_request() :: #access_token_request{}.
+
+-record(successful_access_token_response, {
+    access_token :: binary(),
+    token_type :: binary(),
+    %% Note: a refresh token SHOULD NOT be included
+    %% ... for client-credentials flow.
+    %% See https://www.rfc-editor.org/rfc/rfc6749#section-4.4.3
+    refresh_token :: option(binary()),
+    expires_in :: option(integer())
+}).
+
+-type successful_access_token_response() :: #successful_access_token_response{}.
+
+-record(unsuccessful_access_token_response, {
+    error :: integer(),
+    error_description :: binary() | string() | undefined
+}).
+
+-type unsuccessful_access_token_response() :: #unsuccessful_access_token_response{}.
+
+-record(refresh_token_request, {
+    client_id :: string() | binary(),
+    client_secret :: string() | binary(),
+    scope :: string() | binary() | undefined,
+    refresh_token :: binary(),
+    timeout :: option(integer())
+}).
+
+-type refresh_token_request() :: #refresh_token_request{}.