Test translation function of scope_aliases

Author: MarcialRosales

deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl

@@ -210,7 +210,7 @@ extract_oauth_providers_signing_keys(Settings) ->
     KeyFun = fun extract_key_as_binary/1,
 
     IndexedSigningKeys = [{Name, {list_to_binary(Kid), list_to_binary(V)}} ||
-        {[?AUTH_OAUTH2, ?OAUTH_PROVIDERS, Name, "signing_keys", Kid], V} 
+        {[?AUTH_OAUTH2, ?OAUTH_PROVIDERS, Name, ?SIGNING_KEYS, Kid], V} 
             <- Settings ],
     maps:map(fun(_K,V)-> [{signing_keys, translate_list_of_signing_keys(V)}] end,
         maps:groups_from_list(KeyFun, fun({_, V}) -> V end, IndexedSigningKeys)).

deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl

@@ -27,7 +27,8 @@ all() ->
         test_without_resource_servers,
         test_with_one_resource_server,
         test_with_many_resource_servers,
-        test_resource_servers_attributes
+        test_resource_servers_attributes,
+        test_scope_aliases
 
     ].
 
@@ -39,21 +40,27 @@ test_without_resource_servers(_) ->
     #{} = rabbit_oauth2_schema:translate_resource_servers([]).
 
 test_with_one_oauth_provider(_) ->
-    Conf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"https://rabbit"}
-            ],
+    Conf = [
+        {["auth_oauth2","oauth_providers","keycloak","issuer"],
+            "https://rabbit"}
+    ],
     #{<<"keycloak">> := [{issuer, <<"https://rabbit">>}]
     } = rabbit_oauth2_schema:translate_oauth_providers(Conf).
 
 test_with_one_resource_server(_) ->
-    Conf = [{["auth_oauth2","resource_servers","rabbitmq1","id"],"rabbitmq1"}
-            ],
+    Conf = [
+        {["auth_oauth2","resource_servers","rabbitmq1","id"],"rabbitmq1"}
+    ],
     #{<<"rabbitmq1">> := [{id, <<"rabbitmq1">>}]
     } = rabbit_oauth2_schema:translate_resource_servers(Conf).
 
 test_with_many_oauth_providers(_) ->
-    Conf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"https://keycloak"},
-            {["auth_oauth2","oauth_providers","uaa","issuer"],"https://uaa"}
-            ],
+    Conf = [
+        {["auth_oauth2","oauth_providers","keycloak","issuer"],
+            "https://keycloak"},
+        {["auth_oauth2","oauth_providers","uaa","issuer"],
+            "https://uaa"}
+    ],
     #{<<"keycloak">> := [{issuer, <<"https://keycloak">>}
                         ],
       <<"uaa">> := [{issuer, <<"https://uaa">>}
@@ -62,31 +69,43 @@ test_with_many_oauth_providers(_) ->
 
 
 test_with_many_resource_servers(_) ->
-    Conf = [{["auth_oauth2","resource_servers","rabbitmq1","id"],"rabbitmq1"},
-            {["auth_oauth2","resource_servers","rabbitmq2","id"],"rabbitmq2"}
-            ],
+    Conf = [
+        {["auth_oauth2","resource_servers","rabbitmq1","id"],
+            "rabbitmq1"},
+        {["auth_oauth2","resource_servers","rabbitmq2","id"],
+            "rabbitmq2"}
+    ],
     #{<<"rabbitmq1">> := [{id, <<"rabbitmq1">>}
                         ],
       <<"rabbitmq2">> := [{id, <<"rabbitmq2">>}
                     ]
     } = rabbit_oauth2_schema:translate_resource_servers(Conf).
 
 test_oauth_providers_attributes(_) ->
-    Conf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"https://keycloak"},
-            {["auth_oauth2","oauth_providers","keycloak","default_key"],"token-key"}
-            ],
+    Conf = [
+        {["auth_oauth2","oauth_providers","keycloak","issuer"],
+            "https://keycloak"},
+        {["auth_oauth2","oauth_providers","keycloak","default_key"],
+            "token-key"}
+    ],
     #{<<"keycloak">> := [{default_key, <<"token-key">>},
                          {issuer, <<"https://keycloak">>}
                         ]
     } = sort_settings(rabbit_oauth2_schema:translate_oauth_providers(Conf)).
 
 test_resource_servers_attributes(_) ->
-    Conf = [{["auth_oauth2","resource_servers","rabbitmq1","id"],"rabbitmq1xxx"},
-            {["auth_oauth2","resource_servers","rabbitmq1","scope_prefix"],"somescope."},
-            {["auth_oauth2","resource_servers","rabbitmq1","additional_scopes_key"],"roles"},
-            {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","1"],"userid"},
-            {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","2"],"groupid"}
-            ],
+    Conf = [
+        {["auth_oauth2","resource_servers","rabbitmq1","id"],
+            "rabbitmq1xxx"},
+        {["auth_oauth2","resource_servers","rabbitmq1","scope_prefix"],
+            "somescope."},
+        {["auth_oauth2","resource_servers","rabbitmq1","additional_scopes_key"],
+            "roles"},
+        {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","1"],
+            "userid"},
+        {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","2"],
+            "groupid"}
+    ],
     #{<<"rabbitmq1xxx">> := [{additional_scopes_key, <<"roles">>},
                           {id, <<"rabbitmq1xxx">>},
                           {preferred_username_claims, [<<"userid">>, <<"groupid">>]},
@@ -95,11 +114,15 @@ test_resource_servers_attributes(_) ->
     } = sort_settings(rabbit_oauth2_schema:translate_resource_servers(Conf)),
 
     Conf2 = [
-            {["auth_oauth2","resource_servers","rabbitmq1","scope_prefix"],"somescope."},
-            {["auth_oauth2","resource_servers","rabbitmq1","additional_scopes_key"],"roles"},
-            {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","1"],"userid"},
-            {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","2"],"groupid"}
-            ],
+        {["auth_oauth2","resource_servers","rabbitmq1","scope_prefix"],
+            "somescope."},
+        {["auth_oauth2","resource_servers","rabbitmq1","additional_scopes_key"],
+            "roles"},
+        {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","1"],
+            "userid"},
+        {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","2"],
+            "groupid"}
+    ],
     #{<<"rabbitmq1">> := [{additional_scopes_key, <<"roles">>},
                           {id, <<"rabbitmq1">>},
                           {preferred_username_claims, [<<"userid">>, <<"groupid">>]},
@@ -108,36 +131,52 @@ test_resource_servers_attributes(_) ->
     } = sort_settings(rabbit_oauth2_schema:translate_resource_servers(Conf2)).
 
 test_oauth_providers_attributes_with_invalid_uri(_) ->
-    Conf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"http://keycloak"},
-            {["auth_oauth2","oauth_providers","keycloak","default_key"],"token-key"}
-            ],
+    Conf = [
+        {["auth_oauth2","oauth_providers","keycloak","issuer"],
+            "http://keycloak"},
+        {["auth_oauth2","oauth_providers","keycloak","default_key"],
+            "token-key"}
+    ],
     try sort_settings(rabbit_oauth2_schema:translate_oauth_providers(Conf)) of
         _ -> {throw, should_have_failed}
     catch
         _ -> ok
     end.
 
 test_oauth_providers_algorithms(_) ->
-    Conf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"https://keycloak"},
-            {["auth_oauth2","oauth_providers","keycloak","algorithms","2"],"HS256"},
-            {["auth_oauth2","oauth_providers","keycloak","algorithms","1"],"RS256"}
-            ],
+    Conf = [
+        {["auth_oauth2","oauth_providers","keycloak","issuer"],
+            "https://keycloak"},
+        {["auth_oauth2","oauth_providers","keycloak","algorithms","2"],
+            "HS256"},
+        {["auth_oauth2","oauth_providers","keycloak","algorithms","1"],
+            "RS256"}
+    ],
     #{<<"keycloak">> := [{algorithms, [<<"RS256">>, <<"HS256">>]},
                          {issuer, <<"https://keycloak">>}
                          ]
     } = sort_settings(rabbit_oauth2_schema:translate_oauth_providers(Conf)).
 
 test_oauth_providers_https(Conf) ->
 
-    CuttlefishConf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"https://keycloak"},
-            {["auth_oauth2","oauth_providers","keycloak","https","verify"],verify_none},
-            {["auth_oauth2","oauth_providers","keycloak","https","peer_verification"],verify_peer},
-            {["auth_oauth2","oauth_providers","keycloak","https","depth"],2},
-            {["auth_oauth2","oauth_providers","keycloak","https","hostname_verification"],wildcard},
-            {["auth_oauth2","oauth_providers","keycloak","https","crl_check"],false},
-            {["auth_oauth2","oauth_providers","keycloak","https","fail_if_no_peer_cert"],true},
-            {["auth_oauth2","oauth_providers","keycloak","https","cacertfile"],cert_filename(Conf)}
-            ],
+    CuttlefishConf = [
+        {["auth_oauth2","oauth_providers","keycloak","issuer"],
+            "https://keycloak"},
+        {["auth_oauth2","oauth_providers","keycloak","https","verify"],
+            verify_none},
+        {["auth_oauth2","oauth_providers","keycloak","https","peer_verification"],
+            verify_peer},
+        {["auth_oauth2","oauth_providers","keycloak","https","depth"],
+            2},
+        {["auth_oauth2","oauth_providers","keycloak","https","hostname_verification"],
+            wildcard},
+        {["auth_oauth2","oauth_providers","keycloak","https","crl_check"],
+            false},
+        {["auth_oauth2","oauth_providers","keycloak","https","fail_if_no_peer_cert"],
+            true},
+        {["auth_oauth2","oauth_providers","keycloak","https","cacertfile"],
+            cert_filename(Conf)}
+    ],
     #{<<"keycloak">> := [{https, [{verify, verify_none},
                                   {peer_verification, verify_peer},
                                   {depth, 2},
@@ -152,20 +191,27 @@ test_oauth_providers_https(Conf) ->
 
 test_oauth_providers_https_with_missing_cacertfile(_) ->
 
-    Conf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"https://keycloak"},
-            {["auth_oauth2","oauth_providers","keycloak","https","cacertfile"],"/non-existent.pem"}
-            ],
+    Conf = [
+        {["auth_oauth2","oauth_providers","keycloak","issuer"],
+            "https://keycloak"},
+        {["auth_oauth2","oauth_providers","keycloak","https","cacertfile"],
+            "/non-existent.pem"}
+        ],
     try sort_settings(rabbit_oauth2_schema:translate_oauth_providers(Conf)) of
         _ -> {throw, should_have_failed}
     catch
         _ -> ok
     end.
 
 test_oauth_providers_signing_keys(Conf) ->
-    CuttlefishConf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"https://keycloak"},
-            {["auth_oauth2","oauth_providers","keycloak","signing_keys","2"], cert_filename(Conf)},
-            {["auth_oauth2","oauth_providers","keycloak","signing_keys","1"], cert_filename(Conf)}
-            ],
+    CuttlefishConf = [
+        {["auth_oauth2","oauth_providers","keycloak","issuer"],
+            "https://keycloak"},
+        {["auth_oauth2","oauth_providers","keycloak","signing_keys","2"], 
+            cert_filename(Conf)},
+        {["auth_oauth2","oauth_providers","keycloak","signing_keys","1"], 
+            cert_filename(Conf)}
+    ],
     #{<<"keycloak">> := [{issuer, <<"https://keycloak">>},
                          {signing_keys, SigningKeys}
                          ]
@@ -175,6 +221,23 @@ test_oauth_providers_signing_keys(Conf) ->
       <<"2">> := {pem, <<"I'm not a certificate">>}
       } = SigningKeys.
 
+test_scope_aliases(_) ->
+    CuttlefishConf = [
+        {["auth_oauth2","scope_aliases","1","alias"],
+            "admin"},
+        {["auth_oauth2","scope_aliases","1","scope"], 
+            "rabbitmq.tag:administrator"},
+        {["auth_oauth2","scope_aliases","2","alias"],
+            "developer"},
+        {["auth_oauth2","scope_aliases","2","scope"], 
+            "rabbitmq.tag:management rabbitmq.read:*/*"}        
+    ],
+    #{
+        <<"admin">> := [<<"rabbitmq.tag:administrator">>],
+        <<"developer">> := [<<"rabbitmq.tag:management">>, <<"rabbitmq.read:*/*">>]                         
+    } = rabbit_oauth2_schema:translate_scope_aliases(CuttlefishConf).
+    
+
 cert_filename(Conf) ->
     string:concat(?config(data_dir, Conf), "certs/cert.pem").