Fix schema mapping issues

And location of cert files when running
multioauth test suites locally

Author: MarcialRosales

deps/rabbitmq_management/src/rabbit_mgmt_schema.erl

@@ -21,7 +21,6 @@ extract_value({_Name,V}) -> V.
 translate_oauth_resource_servers(Conf) ->
     Settings = cuttlefish_variable:filter_by_prefix(
         "management.oauth_resource_servers", Conf),
-    rabbit_log:debug("Settings: ~p", [Settings]),
     Map = merge_list_of_maps([
         extract_resource_server_properties(Settings),
         extract_resource_server_endpoint_params(oauth_authorization_endpoint_params, Settings),
@@ -45,23 +44,23 @@ merge_list_of_maps(ListOfMaps) ->
     lists:foldl(fun(Elem, AccIn) -> maps:merge_with(fun(_K,V1,V2) -> V1 ++ V2 end,
         Elem, AccIn) end, #{}, ListOfMaps).
 
+convert_list_to_binary(V) when is_list(V) ->
+    list_to_binary(V);
+convert_list_to_binary(V) ->
+    V.
 
 extract_resource_server_properties(Settings) ->
-    KeyFun = fun extract_key/1,
+    KeyFun = fun extract_key_as_binary/1,
     ValueFun = fun extract_value/1,
 
-    OAuthProviders = [{Name, {list_to_atom(Key), V}}
+    OAuthResourceServers = [{Name, {list_to_atom(Key), convert_list_to_binary(V)}}
         || {["management","oauth_resource_servers", Name, Key], V} <- Settings ],
-    rabbit_log:debug("extract_resource_server_properties ~p", [Settings]),
-    Result = maps:groups_from_list(KeyFun, ValueFun, OAuthProviders),
-    rabbit_log:debug("extract_resource_server_properties -> ~p", [Result]),
+    maps:groups_from_list(KeyFun, ValueFun, OAuthResourceServers).
 
-    Result.
 
 extract_resource_server_endpoint_params(Variable, Settings) ->
-    KeyFun = fun extract_key/1,
+    KeyFun = fun extract_key_as_binary/1,
 
-    rabbit_log:debug("extract_resource_server_endpoint_params ~p ~p", [Variable, Settings]),
     IndexedParams = [{Name, {list_to_binary(ParamName), list_to_binary(V)}} ||
         {["management","oauth_resource_servers", Name, EndpointVar, ParamName], V}
             <- Settings, EndpointVar == atom_to_list(Variable) ],

deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl

@@ -80,6 +80,9 @@ extract_oauth2_and_mgt_resources(OAuth2BackendProps, ManagementProps) ->
   MgtResources = maps:map(
     fun(K,V) -> merge_oauth_provider_info(maps:get(K, OAuth2Resources, #{}), V, ManagementProps) end,
     skip_disabled_mgt_resource_servers(MgtResources1)),
+  rabbit_log:debug("ManagementProps: ~p", [ManagementProps]),
+  rabbit_log:debug("extract_oauth2_and_mgt_resources OAuth2Resources: ~p, MgtResources0: ~p MgtResources1: ~p MgtResources: ~p",
+    [OAuth2Resources, MgtResources0, MgtResources1, MgtResources]),
   case maps:size(MgtResources) of
     0 -> {};
     _ -> {MgtResources}

deps/rabbitmq_management/test/config_schema_SUITE_data/rabbitmq_management.snippets

@@ -636,7 +636,7 @@
                           {oauth_scopes, "openid profile rabbitmq.*"},
                           {oauth_initiated_logon_type, idp_initiated},
                           {oauth_token_endpoint_params, [
-                            {"param2", <<"value2">>}
+                            {<<"param2">>, <<"value2">>}
                           ]}
                          ]}
   ], [rabbitmq_management]
@@ -660,28 +660,28 @@
                           {oauth_enabled, true},
                           {oauth_resource_servers,
                             #{
-                             "3" => [
-                               {oauth_provider_url, "http://three"},
+                             <<"3">> => [
+                               {oauth_provider_url, <<"http://three">>},
                                {oauth_initiated_logon_type, idp_initiated},
-                               {id, "3"}
+                               {id, <<"3">>}
                              ],
-                             "resource-one" => [
+                             <<"resource-one">> => [
                                 {oauth_token_endpoint_params, [
                                    {<<"param2">>, <<"value2">>}
                                 ]},
-                                {oauth_scopes, "openid profile rabbitmq.*"},
-                                {oauth_client_id, "one"},
-                                {label, "One"},
-                                {id, "resource-one"},
-                                {oauth_provider_url, "http://one:8080"}
+                                {oauth_scopes, <<"openid profile rabbitmq.*">>},
+                                {oauth_client_id, <<"one">>},
+                                {label, <<"One">>},
+                                {id, <<"resource-one">>},
+                                {oauth_provider_url, <<"http://one:8080">>}
                               ],
-                              "resource-two" => [
+                              <<"resource-two">> => [
                                 {oauth_authorization_endpoint_params, [
                                    {<<"param1">>, <<"value1">>}
                                 ]},
-                                {oauth_client_id, "two"},
-                                {id, "resource-two"},
-                                {oauth_provider_url, "http://two"}
+                                {oauth_client_id, <<"two">>},
+                                {id, <<"resource-two">>},
+                                {oauth_provider_url, <<"http://two">>}
                               ]
                             }
                           }

deps/rabbitmq_management/test/rabbit_mgmt_schema_SUITE.erl

@@ -46,8 +46,8 @@ test_with_one_resource_server(_) ->
         {["management","oauth_resource_servers","rabbitmq1","id"],"rabbitmq1"}
     ],
     #{
-        "rabbitmq1" := [
-            {id, "rabbitmq1"}
+        <<"rabbitmq1">> := [
+            {id, <<"rabbitmq1">>}
         ]
     } = translate_oauth_resource_servers(Conf).
 
@@ -57,13 +57,13 @@ test_with_many_resource_servers(_) ->
         {["management","oauth_resource_servers","uaa","label"],"Uaa"}
     ],
     #{
-        "keycloak" := [
-            {label, "Keycloak"},
-            {id, "keycloak"}
+        <<"keycloak">> := [
+            {label, <<"Keycloak">>},
+            {id, <<"keycloak">>}
         ],
-        "uaa" := [
-            {label, "Uaa"},
-            {id, "uaa"}
+        <<"uaa">> := [
+            {label, <<"Uaa">>},
+            {id, <<"uaa">>}
         ]
     } = translate_oauth_resource_servers(Conf).
 

deps/rabbitmq_management/test/rabbit_mgmt_wm_auth_SUITE.erl

@@ -22,6 +22,7 @@ all() ->
      {group, verify_mgt_oauth_provider_url_with_single_resource_and_another_resource},
      {group, verify_end_session_endpoint_with_single_resource},
      {group, verify_end_session_endpoint_with_single_resource_and_another_resource},
+     {group, verify_multi_resource_and_provider},
      {group, verify_oauth_initiated_logon_type_for_sp_initiated},
      {group, verify_oauth_initiated_logon_type_for_idp_initiated},
      {group, verify_oauth_disable_basic_auth},
@@ -31,6 +32,22 @@ all() ->
 
 groups() ->
     [
+
+      {verify_multi_resource_and_provider, [], [
+        {with_oauth_enabled, [], [
+            {with_oauth_providers_idp1_idp2, [], [
+                {with_default_oauth_provider_idp1, [], [
+                    {with_resource_server_a, [], [
+                        should_return_disabled_auth_settings,
+                        {with_mgt_resource_server_a_with_client_id_x, [], [
+                            should_return_oauth_enabled,
+                            should_return_oauth_resource_server_a_with_client_id_x
+                        ]}
+                    ]}
+                ]}
+            ]}
+        ]}
+      ]},
       {without_any_settings, [], [
         should_return_disabled_auth_settings
       ]},
@@ -325,7 +342,6 @@ groups() ->
                   {with_mgt_resource_server_a_with_token_endpoint_params_1, [], [
                     should_return_mgt_oauth_resource_a_with_token_endpoint_params_1
                   ]}
-
                 ]}
               ]}
             ]}
@@ -452,6 +468,7 @@ init_per_group(with_mgt_resource_server_a_with_client_id_x, Config) ->
   set_attribute_in_entry_for_env_variable(rabbitmq_management, oauth_resource_servers,
     ?config(a, Config), oauth_client_id, ?config(x, Config)),
   Config;
+
 init_per_group(with_default_oauth_provider_idp1, Config) ->
   set_env(rabbitmq_auth_backend_oauth2, default_oauth_provider, ?config(idp1, Config)),
   Config;

selenium/test/multi-oauth/env.local.devkeycloak

@@ -1,2 +1,2 @@
 export DEVKEYCLOAK_URL=https://localhost:8442/realms/dev
-export DEVKEYCLOAK_CA_CERT=test/multi-oauth/devkeycloak/ca_certificate.pem
+export DEVKEYCLOAK_CA_CERT=${SELENIUM}/test/multi-oauth/devkeycloak/ca_certificate.pem

selenium/test/multi-oauth/env.local.prodkeycloak

@@ -1,2 +1,2 @@
 export PRODKEYCLOAK_URL=https://localhost:8443/realms/prod
-export PRODKEYCLOAK_CA_CERT=test/multi-oauth/prodkeycloak/ca_certificate.pem
+export PRODKEYCLOAK_CA_CERT=${SELENIUM}/test/multi-oauth/prodkeycloak/ca_certificate.pem