Simplify proxy configuration

Author: MarcialRosales

deps/oauth2_client/include/types.hrl

@@ -21,8 +21,7 @@
 -type openid_configuration() :: #openid_configuration{}.
 
 -record(proxy_options, {
-    https :: boolean(),
-    host :: uri_string:uri_string(),
+    host :: string(),
     port :: integer(),
     username :: option(string() | binary()),
     password :: option(string() | binary())

deps/oauth2_client/src/oauth2_client.erl

@@ -17,8 +17,7 @@
         map_proxy_to_httpc_option/1,
         map_ssl_options_to_httpc_option/1,
         map_timeout_to_httpc_option/1,
-        format_ssl_options/1, format_oauth_provider/1, format_oauth_provider_id/1,
-        extract_proxy_options_from_url/1
+        format_ssl_options/1, format_oauth_provider/1, format_oauth_provider_id/1        
         ]).
 
 -include("oauth2_client.hrl").
@@ -433,39 +432,29 @@ lookup_root_oauth_provider() ->
         ssl_options = extract_ssl_options_as_list(Map),
         proxy_options = extract_proxy_options(Map)
     }.
-
--spec extract_proxy_options_from_url(list()|binary()) -> proxy_options().
-extract_proxy_options_from_url(URL) when is_binary(URL) ->
-    extract_proxy_options_from_url(binary_to_list(URL));
-extract_proxy_options_from_url(URL) when is_list(URL) ->
-    #{host := Host, port := Port, scheme := Scheme} = uri_string:parse(URL),
-    #proxy_options{
-        https = 
-            case Scheme of 
-                "http" -> false;
-                "https" -> true
-            end,
-        host = Host,
-        port = Port
-    }.
-        
+  
 -spec extract_proxy_options(#{atom() => any()}|list()) -> proxy_options() | undefined.
 extract_proxy_options(List) when is_list(List) ->
-    case proplists:get_value(proxy, List, undefined) of 
-        undefined -> undefined;
-        URL -> 
-            Options = extract_proxy_options_from_url(URL),
-            Options#proxy_options{
+    case {proplists:get_value(proxy_host, List, undefined),
+        proplists:get_value(proxy_port, List, 0)} of 
+        {undefined, _} -> undefined;
+        {_, 0} -> undefined;
+        {H, P} ->
+            #proxy_options{
+                host = H,
+                port = P,
                 username = proplists:get_value(proxy_username, List, undefined),
                 password = proplists:get_value(proxy_password, List, undefined)
             }
     end;
 extract_proxy_options(Map) ->
-    case maps:get(proxy, Map, undefined) of
-        undefined -> undefined;
-        URL -> 
-            Options = extract_proxy_options_from_url(URL),            
-            Options#proxy_options{
+    case {maps:get(proxy_host, Map, undefined), maps:get(proxy_port, Map, 0)} of
+        {undefined, _} -> undefined;
+        {_, 0} -> undefined;
+        {H, P} ->
+            #proxy_options{
+                host = H,
+                port = P,
                 username = maps:get(proxy_username, Map, undefined),
                 password = maps:get(proxy_password, Map, undefined)
             }
@@ -617,10 +606,7 @@ map_proxy_to_httpc_option(ProxyOptions) ->
             {undefined, _} -> [];
             {Host, Port} ->
                 P = {{Host, Port},[]},
-                case Proxy#proxy_options.https of 
-                    true -> [{https_proxy, P}];
-                    false -> [{proxy, P}]
-                end
+                [{proxy, P}]                
             end
     end.
 
@@ -736,9 +722,8 @@ format_proxy_options(undefined) ->
     lists:flatten(io_lib:format("{no proxy}", []));
 
 format_proxy_options(ProxyOptions) ->
-    lists:flatten(io_lib:format("{https: ~p, host: ~p, port: ~p, username: ~p, " ++
+    lists:flatten(io_lib:format("{host: ~p, port: ~p, username: ~p, " ++
         "password: ~p }", [
-        ProxyOptions#proxy_options.https,
         ProxyOptions#proxy_options.host,
         ProxyOptions#proxy_options.port,
         ProxyOptions#proxy_options.username,

deps/oauth2_client/test/system_SUITE.erl

@@ -322,7 +322,7 @@ build_openid_discovery_endpoint(Issuer, Path) ->
 
 get_openid_configuration(Config) ->
     ExpectedOAuthProvider = ?config(oauth_provider, Config),
-    SslOptions = [{ssl, ExpectedOAuthProvider#oauth_provider.ssl_options}],
+    SslOptions = ExpectedOAuthProvider#oauth_provider.ssl_options,
     {ok, ActualOpenId} = oauth2_client:get_openid_configuration(
         build_openid_discovery_endpoint(build_issuer("https")),
         SslOptions,
@@ -345,7 +345,7 @@ get_openid_configuration_returns_partial_payload(Config) ->
         token_endpoint = ExpectedOAuthProvider0#oauth_provider.token_endpoint,
         jwks_uri = ExpectedOAuthProvider0#oauth_provider.jwks_uri},
 
-    SslOptions = [{ssl, ExpectedOAuthProvider0#oauth_provider.ssl_options}],
+    SslOptions = ExpectedOAuthProvider0#oauth_provider.ssl_options,
     {ok, Actual} = oauth2_client:get_openid_configuration(
         build_openid_discovery_endpoint(build_issuer("https")),
         SslOptions,
@@ -355,7 +355,7 @@ get_openid_configuration_returns_partial_payload(Config) ->
 
 get_openid_configuration_using_path(Config) ->
     ExpectedOAuthProvider = ?config(oauth_provider, Config),
-    SslOptions = [{ssl, ExpectedOAuthProvider#oauth_provider.ssl_options}],
+    SslOptions = ExpectedOAuthProvider#oauth_provider.ssl_options,
     {ok, Actual} = oauth2_client:get_openid_configuration(
         build_openid_discovery_endpoint(build_issuer("https", ?ISSUER_PATH)),
         SslOptions,
@@ -364,7 +364,7 @@ get_openid_configuration_using_path(Config) ->
     assertOpenIdConfiguration(ExpectedOpenId,Actual).
 get_openid_configuration_using_path_and_custom_endpoint(Config) ->
     ExpectedOAuthProvider = ?config(oauth_provider, Config),
-    SslOptions = [{ssl, ExpectedOAuthProvider#oauth_provider.ssl_options}],
+    SslOptions = ExpectedOAuthProvider#oauth_provider.ssl_options,
     {ok, Actual} = oauth2_client:get_openid_configuration(
         build_openid_discovery_endpoint(build_issuer("https", ?ISSUER_PATH),
         ?CUSTOM_OPENID_CONFIGURATION_ENDPOINT), SslOptions, 
@@ -373,7 +373,7 @@ get_openid_configuration_using_path_and_custom_endpoint(Config) ->
     assertOpenIdConfiguration(ExpectedOpenId, Actual).
 get_openid_configuration_using_custom_endpoint(Config) ->
     ExpectedOAuthProvider = ?config(oauth_provider, Config),
-    SslOptions = [{ssl, ExpectedOAuthProvider#oauth_provider.ssl_options}],
+    SslOptions = ExpectedOAuthProvider#oauth_provider.ssl_options,
     {ok, Actual} = oauth2_client:get_openid_configuration(
         build_openid_discovery_endpoint(build_issuer("https"),
         ?CUSTOM_OPENID_CONFIGURATION_ENDPOINT), SslOptions,

deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema

@@ -221,18 +221,23 @@
  end}.
 
 {mapping,
- "auth_oauth2.proxy",
- "rabbitmq_auth_backend_oauth2.key_config.proxy",
- [{datatype, string}, {validators, ["uri"]}]}.
+ "auth_oauth2.proxy.host",
+ "rabbitmq_auth_backend_oauth2.proxy.host",
+ [{datatype, string}]}.
 
 {mapping,
- "auth_oauth2.proxy_username",
- "rabbitmq_auth_backend_oauth2.key_config.proxy_username",
+ "auth_oauth2.proxy.port",
+ "rabbitmq_auth_backend_oauth2.proxy.port",
+ [{datatype, integer}]}.
+
+{mapping,
+ "auth_oauth2.proxy.username",
+ "rabbitmq_auth_backend_oauth2.proxy.username",
  [{datatype, string}]}.
 
 {mapping,
- "auth_oauth2.proxy_password",
- "rabbitmq_auth_backend_oauth2.key_config.proxy_password",
+ "auth_oauth2.proxy.password",
+ "rabbitmq_auth_backend_oauth2.proxy.password",
  [{datatype, string}]}.
 
 {mapping,
@@ -338,17 +343,22 @@
  [{datatype, integer}]}.
 
 {mapping,
- "auth_oauth2.oauth_providers.$name.proxy",
+ "auth_oauth2.oauth_providers.$name.proxy.host",
  "rabbitmq_auth_backend_oauth2.oauth_providers",
- [{datatype, string}, {validators, ["uri"]}]}.
+ [{datatype, string}]}.
+
+{mapping,
+ "auth_oauth2.oauth_providers.$name.proxy.port",
+ "rabbitmq_auth_backend_oauth2.oauth_providers",
+ [{datatype, integer}]}.
 
 {mapping,
- "auth_oauth2.oauth_providers.$name.proxy_username",
+ "auth_oauth2.oauth_providers.$name.proxy.username",
  "rabbitmq_auth_backend_oauth2.oauth_providers",
  [{datatype, string}]}.
 
 {mapping,
- "auth_oauth2.oauth_providers.$name.proxy_password",
+ "auth_oauth2.oauth_providers.$name.proxy.password",
  "rabbitmq_auth_backend_oauth2.oauth_providers",
  [{datatype, string}]}.
 

deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl

@@ -158,6 +158,7 @@ translate_oauth_providers(Conf) ->
             Settings),
         extract_oauth_providers_algorithm(Settings),
         extract_oauth_providers_https(Settings),
+        extract_oauth_providers_proxy(Settings),
         extract_oauth_providers_signing_keys(Settings)
         ]).
 
@@ -261,12 +262,18 @@ mapOauthProviderProperty({Key, Value}) ->
             cuttlefish:invalid(io_lib:format(
                 "Invalid attribute (~p) value: should be a map of Key,Value pairs", 
                     [Key]));
-        proxy -> validator_uri(Key, Value);
-        proxy_username -> binary_to_list(Value);
-        proxy_password -> binary_to_list(Value);
         _ -> Value
     end}.
 
+extract_oauth_providers_proxy(Settings) ->
+    ExtractProviderNameFun = fun extract_key_as_binary/1,
+    AttributesPerProvider = [{Name, mapProxyProperty({list_to_atom(Key), V})} ||
+        {[?AUTH_OAUTH2, ?OAUTH_PROVIDERS, Name, "proxy", Key], V} <- Settings ],
+
+    maps:map(fun(_K,V)-> [{proxy, V}] end,
+        maps:groups_from_list(ExtractProviderNameFun, fun({_, V}) -> V end, 
+            AttributesPerProvider)).
+
 extract_oauth_providers_https(Settings) ->
     ExtractProviderNameFun = fun extract_key_as_binary/1,
 
@@ -283,6 +290,9 @@ mapHttpProperty({Key, Value}) ->
         _ -> Value
     end}.
 
+mapProxyProperty({Key, Value}) ->
+    {Key, Value}.
+
 extract_oauth_providers_algorithm(Settings) ->
     KeyFun = fun extract_key_as_binary/1,
 

deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/rabbitmq_auth_backend_oauth2.snippets

@@ -318,25 +318,31 @@
        ], []
   },
   {proxy, 
-     "auth_oauth2.proxy = http://localproxy:8080
-      auth_oauth2.proxy_username = proxyuser
-      auth_oauth2.proxy_password = proxypwd
-      auth_oauth2.oauth_providers.keycloak.proxy = http://localproxy2:8080
-      auth_oauth2.oauth_providers.keycloak.proxy_username = proxyuser2
-      auth_oauth2.oauth_providers.keycloak.proxy_password = proxypwd2",
+     "auth_oauth2.proxy.host = localproxy
+      auth_oauth2.proxy.port = 8080
+      auth_oauth2.proxy.username = proxyuser
+      auth_oauth2.proxy.password = proxypwd
+      auth_oauth2.oauth_providers.keycloak.proxy.host = localproxy2
+      auth_oauth2.oauth_providers.keycloak.proxy.port = 8080
+      auth_oauth2.oauth_providers.keycloak.proxy.username = proxyuser2
+      auth_oauth2.oauth_providers.keycloak.proxy.password = proxypwd2",
       [
       {rabbitmq_auth_backend_oauth2, [
-          {key_config, [
-              {proxy_password, "proxypwd"},
-              {proxy_username, "proxyuser"},
-              {proxy, "http://localproxy:8080"}                            
+          {proxy, [
+              {host, "localproxy"},
+              {password, "proxypwd"},
+              {port, 8080},
+              {username, "proxyuser"}
           ]},
           {oauth_providers,
               #{
                 <<"keycloak">> => [
-                  {proxy_password, "proxypwd2"},
-                  {proxy_username, "proxyuser2"},
-                  {proxy, "http://localproxy2:8080"}
+                  {proxy, [
+                    {password, "proxypwd2"},
+                    {username, "proxyuser2"},
+                    {port, 8080},
+                    {host, "localproxy2"}                    
+                  ]}                  
                 ]
               }
           }

deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_provider_SUITE.erl

@@ -69,9 +69,6 @@ verify_provider() -> [
     ,{oauth_provider_with_proxy, [], [
         get_oauth_provider_has_proxy
     ]}
-    ,{oauth_provider_with_https_proxy, [], [
-        get_oauth_provider_has_https_proxy
-    ]}
 ].
 
 init_per_suite(Config) ->
@@ -157,7 +154,8 @@ init_per_group(with_resource_server_id, Config) ->
 
 init_per_group(oauth_provider_with_proxy, Config) ->
     Proxy = [
-        {proxy, "http://idp:8080"},
+        {proxy_host, "idp"},
+        {proxy_port, 8080},
         {proxy_username, <<"user1">>},
         {proxy_password, <<"pwd1">>}
     ],
@@ -175,26 +173,6 @@ init_per_group(oauth_provider_with_proxy, Config) ->
      {proxy_username, <<"user1">>},
      {proxy_password, <<"pwd1">>}] ++ Config;
 
-init_per_group(oauth_provider_with_https_proxy, Config) ->
-    Proxy = [
-        {proxy, "https://idp:8843"},
-        {proxy_username, <<"user1">>},
-        {proxy_password, <<"pwd1">>}
-    ],
-    case ?config(oauth_provider_id, Config) of 
-        root -> 
-            KeyConfig = get_env(key_config, []),
-            set_env(key_config, KeyConfig ++ Proxy);
-        Id -> 
-            OAuthProviders = get_env(oauth_providers, #{}),
-            OAuthProvider = maps:get(Id, OAuthProviders, []),
-            set_env(oauth_providers, maps:put(Id, Proxy ++ OAuthProvider, OAuthProviders))
-    end,
-    [{proxy_hostname, "idp"},
-     {proxy_port, 8843}, 
-     {proxy_username, <<"user1">>},
-     {proxy_password, <<"pwd1">>}] ++ Config;
-
 init_per_group(with_algorithms, Config) ->
     KeyConfig = get_env(key_config, []),
     set_env(key_config, KeyConfig ++ [{algorithms, [<<"HS256">>, <<"RS256">>]}]),
@@ -240,16 +218,16 @@ end_per_group(oauth_provider_with_proxy, Config) ->
     case ?config(oauth_provider_id, Config) of 
         root -> 
             KeyConfig = get_env(key_config, []),    
-            KeyConfig0 = proplists:delete(proxy, KeyConfig),
-            KeyConfig1 = proplists:delete(proxy_username, KeyConfig0),
-            KeyConfig2 = proplists:delete(proxy_password, KeyConfig1),
-            set_env(key_config, KeyConfig2);
+            KeyConfig0 = proplists:delete(proxy_host, KeyConfig),
+            KeyConfig1 = proplists:delete(proxy_port, KeyConfig0),
+            KeyConfig2 = proplists:delete(proxy_username, KeyConfig1),
+            KeyConfig3 = proplists:delete(proxy_password, KeyConfig2),
+            set_env(key_config, KeyConfig3);
         Id -> 
-            unset_oauth_provider_properties(Id, [proxy, proxy_username, proxy_password])
+            unset_oauth_provider_properties(Id, 
+                [proxy_host, proxy_port, proxy_username, proxy_password])
     end,
     Config;
-end_per_group(oauth_provider_with_https_proxy, Config) ->
-    end_per_group(oauth_provider_with_proxy, Config);
 
 end_per_group(with_root_static_signing_keys, Config) ->
     KeyConfig = call_get_env(Config, key_config, []),
@@ -474,25 +452,7 @@ get_oauth_provider_has_jwks_uri(Config) ->
 get_oauth_provider_has_proxy(Config) ->
     {ok, OAuthProvider} = get_oauth_provider(
         ?config(oauth_provider_id, Config), [jwks_uri]),    
-    ?assertEqual(false, 
-        OAuthProvider#oauth_provider.proxy_options#proxy_options.https),
-
-    ?assertEqual(?config(proxy_port, Config), 
-        OAuthProvider#oauth_provider.proxy_options#proxy_options.port),
-    ?assertEqual(?config(proxy_hostname, Config), 
-        OAuthProvider#oauth_provider.proxy_options#proxy_options.host),
-    ?assertEqual(?config(proxy_username, Config), 
-        OAuthProvider#oauth_provider.proxy_options#proxy_options.username),
-    ?assertEqual(?config(proxy_password, Config), 
-        OAuthProvider#oauth_provider.proxy_options#proxy_options.password).
-
-
-get_oauth_provider_has_https_proxy(Config) ->
-    {ok, OAuthProvider} = get_oauth_provider(
-        ?config(oauth_provider_id, Config), [jwks_uri]),    
-    ?assertEqual(true, 
-        OAuthProvider#oauth_provider.proxy_options#proxy_options.https),
-
+    
     ?assertEqual(?config(proxy_port, Config), 
         OAuthProvider#oauth_provider.proxy_options#proxy_options.port),
     ?assertEqual(?config(proxy_hostname, Config),