From 0ed973aa06240e9f8cf18dbdfa3caa27cd991008 Mon Sep 17 00:00:00 2001 From: Hathoute Date: Mon, 18 Nov 2024 17:42:59 +0100 Subject: [PATCH 1/5] rabbitmq-auth-backend-oauth2: correctly map additional_scopes_key (cherry picked from commit 0d799a50ebe8880b905b1c88d013f39c9aa3b683) (cherry picked from commit 0d51ee9ec050437865dfbd2b515797a257c0578f) # Conflicts: # deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl # deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl --- .../src/rabbit_oauth2_schema.erl | 14 +++++++++ .../test/rabbit_oauth2_schema_SUITE.erl | 29 +++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl b/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl index d79972509ba0..a47b6ac6900e 100644 --- a/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl +++ b/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl @@ -14,6 +14,15 @@ translate_signing_keys/1 ]). +-define(RESOURCE_SERVERS_SYNONYMS, #{ + "additional_scopes_key" => "extra_scopes_source" +}). + +resource_servers_key_synonym(Name) -> + case maps:find(Name, ?RESOURCE_SERVERS_SYNONYMS) of {ok, Synonym} -> Synonym; + error -> Name + end. + extract_key_as_binary({Name,_}) -> list_to_binary(Name). extract_value({_Name,V}) -> V. @@ -99,8 +108,13 @@ extract_resource_server_properties(Settings) -> KeyFun = fun extract_key_as_binary/1, ValueFun = fun extract_value/1, +<<<<<<< HEAD OAuthProviders = [{Name, {list_to_atom(Key), list_to_binary(V)}} || {["auth_oauth2","resource_servers", Name, Key], V} <- Settings ], +======= + OAuthProviders = [{Name, {list_to_atom(resource_servers_key_synonym(Key)), list_to_binary(V)}} + || {[?AUTH_OAUTH2, ?RESOURCE_SERVERS, Name, Key], V} <- Settings ], +>>>>>>> 0d51ee9ec0 (rabbitmq-auth-backend-oauth2: correctly map additional_scopes_key) maps:groups_from_list(KeyFun, ValueFun, OAuthProviders). mapOauthProviderProperty({Key, Value}) -> diff --git a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl index 58e69c334d83..6c1f64ba09c5 100644 --- a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl +++ b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl @@ -81,6 +81,7 @@ test_oauth_providers_attributes(_) -> } = sort_settings(rabbit_oauth2_schema:translate_oauth_providers(Conf)). test_resource_servers_attributes(_) -> +<<<<<<< HEAD Conf = [{["auth_oauth2","resource_servers","rabbitmq1","id"],"rabbitmq1xxx"}, {["auth_oauth2","resource_servers","rabbitmq1","scope_prefix"],"somescope."}, {["auth_oauth2","resource_servers","rabbitmq1","additional_scopes_key"],"roles"}, @@ -88,6 +89,21 @@ test_resource_servers_attributes(_) -> {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","2"],"groupid"} ], #{<<"rabbitmq1xxx">> := [{additional_scopes_key, <<"roles">>}, +======= + Conf = [ + {["auth_oauth2","resource_servers","rabbitmq1","id"], + "rabbitmq1xxx"}, + {["auth_oauth2","resource_servers","rabbitmq1","scope_prefix"], + "somescope."}, + {["auth_oauth2","resource_servers","rabbitmq1","additional_scopes_key"], + "roles"}, + {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","1"], + "userid"}, + {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","2"], + "groupid"} + ], + #{<<"rabbitmq1xxx">> := [{extra_scopes_source, <<"roles">>}, +>>>>>>> 0d51ee9ec0 (rabbitmq-auth-backend-oauth2: correctly map additional_scopes_key) {id, <<"rabbitmq1xxx">>}, {preferred_username_claims, [<<"userid">>, <<"groupid">>]}, {scope_prefix, <<"somescope.">>} @@ -95,12 +111,25 @@ test_resource_servers_attributes(_) -> } = sort_settings(rabbit_oauth2_schema:translate_resource_servers(Conf)), Conf2 = [ +<<<<<<< HEAD {["auth_oauth2","resource_servers","rabbitmq1","scope_prefix"],"somescope."}, {["auth_oauth2","resource_servers","rabbitmq1","additional_scopes_key"],"roles"}, {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","1"],"userid"}, {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","2"],"groupid"} ], #{<<"rabbitmq1">> := [{additional_scopes_key, <<"roles">>}, +======= + {["auth_oauth2","resource_servers","rabbitmq1","scope_prefix"], + "somescope."}, + {["auth_oauth2","resource_servers","rabbitmq1","additional_scopes_key"], + "roles"}, + {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","1"], + "userid"}, + {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","2"], + "groupid"} + ], + #{<<"rabbitmq1">> := [{extra_scopes_source, <<"roles">>}, +>>>>>>> 0d51ee9ec0 (rabbitmq-auth-backend-oauth2: correctly map additional_scopes_key) {id, <<"rabbitmq1">>}, {preferred_username_claims, [<<"userid">>, <<"groupid">>]}, {scope_prefix, <<"somescope.">>} From 85e8b97bd25748a3839f26a85b47aca8bf940572 Mon Sep 17 00:00:00 2001 From: Hathoute Hamza <36712446+Hathoute@users.noreply.github.com> Date: Mon, 18 Nov 2024 18:29:54 +0100 Subject: [PATCH 2/5] Update rabbit_oauth2_schema.erl (cherry picked from commit ed5f29cec84ef10ea29d840f0d97952fe52904df) (cherry picked from commit f1ee5b551a9a69613c740896bb5e500deb7ff8ea) # Conflicts: # deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl --- .../src/rabbit_oauth2_schema.erl | 24 ++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl b/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl index a47b6ac6900e..892899b620f2 100644 --- a/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl +++ b/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl @@ -7,6 +7,21 @@ -module(rabbit_oauth2_schema). +<<<<<<< HEAD +======= +-define(AUTH_OAUTH2, "auth_oauth2"). +-define(SCOPE_ALIASES, "scope_aliases"). +-define(RESOURCE_SERVERS, "resource_servers"). +-define(OAUTH_PROVIDERS, "oauth_providers"). +-define(SIGNING_KEYS, "signing_keys"). +-define(AUTH_OAUTH2_SCOPE_ALIASES, ?AUTH_OAUTH2 ++ "." ++ ?SCOPE_ALIASES). +-define(AUTH_OAUTH2_RESOURCE_SERVERS, ?AUTH_OAUTH2 ++ "." ++ ?RESOURCE_SERVERS). +-define(AUTH_OAUTH2_OAUTH_PROVIDERS, ?AUTH_OAUTH2 ++ "." ++ ?OAUTH_PROVIDERS). +-define(AUTH_OAUTH2_SIGNING_KEYS, ?AUTH_OAUTH2 ++ "." ++ ?SIGNING_KEYS). +-define(RESOURCE_SERVERS_SYNONYMS, #{ + "additional_scopes_key" => "extra_scopes_source" +}). +>>>>>>> f1ee5b551a (Update rabbit_oauth2_schema.erl) -export([ translate_oauth_providers/1, @@ -14,14 +29,7 @@ translate_signing_keys/1 ]). --define(RESOURCE_SERVERS_SYNONYMS, #{ - "additional_scopes_key" => "extra_scopes_source" -}). - -resource_servers_key_synonym(Name) -> - case maps:find(Name, ?RESOURCE_SERVERS_SYNONYMS) of {ok, Synonym} -> Synonym; - error -> Name - end. +resource_servers_key_synonym(Key) -> maps:get(Key, ?RESOURCE_SERVERS_SYNONYMS, Key). extract_key_as_binary({Name,_}) -> list_to_binary(Name). extract_value({_Name,V}) -> V. From 93c57da481447fda7041828aad5abcdfae7aa98d Mon Sep 17 00:00:00 2001 From: Hathoute Date: Mon, 18 Nov 2024 20:24:59 +0100 Subject: [PATCH 3/5] Fix failing test (cherry picked from commit 6459111f86fedfe16557d45dc04a006c8611d4a9) (cherry picked from commit c44c5150f2cf76cf286e6d0bb64d7e6bc19519eb) --- .../rabbitmq_auth_backend_oauth2.snippets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/rabbitmq_auth_backend_oauth2.snippets b/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/rabbitmq_auth_backend_oauth2.snippets index a76c0cdf1a23..08ecdb9dec77 100644 --- a/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/rabbitmq_auth_backend_oauth2.snippets +++ b/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/rabbitmq_auth_backend_oauth2.snippets @@ -91,7 +91,7 @@ {id, <<"rabbitmq-operations">>} ], <<"rabbitmq-customers">> => [ - {additional_scopes_key, <<"roles">>}, + {extra_scopes_source, <<"roles">>}, {id, <<"rabbitmq-customers">>} ] } From 3a6133030fd294027a4990d247c6783ed4dba40b Mon Sep 17 00:00:00 2001 From: Michael Klishin Date: Tue, 19 Nov 2024 05:44:04 -0500 Subject: [PATCH 4/5] Resolve a conflict #12752 #12758 --- .../src/rabbit_oauth2_schema.erl | 27 ++++--------------- 1 file changed, 5 insertions(+), 22 deletions(-) diff --git a/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl b/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl index 892899b620f2..6c1e251dacb6 100644 --- a/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl +++ b/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl @@ -7,28 +7,16 @@ -module(rabbit_oauth2_schema). -<<<<<<< HEAD -======= --define(AUTH_OAUTH2, "auth_oauth2"). --define(SCOPE_ALIASES, "scope_aliases"). --define(RESOURCE_SERVERS, "resource_servers"). --define(OAUTH_PROVIDERS, "oauth_providers"). --define(SIGNING_KEYS, "signing_keys"). --define(AUTH_OAUTH2_SCOPE_ALIASES, ?AUTH_OAUTH2 ++ "." ++ ?SCOPE_ALIASES). --define(AUTH_OAUTH2_RESOURCE_SERVERS, ?AUTH_OAUTH2 ++ "." ++ ?RESOURCE_SERVERS). --define(AUTH_OAUTH2_OAUTH_PROVIDERS, ?AUTH_OAUTH2 ++ "." ++ ?OAUTH_PROVIDERS). --define(AUTH_OAUTH2_SIGNING_KEYS, ?AUTH_OAUTH2 ++ "." ++ ?SIGNING_KEYS). --define(RESOURCE_SERVERS_SYNONYMS, #{ - "additional_scopes_key" => "extra_scopes_source" -}). ->>>>>>> f1ee5b551a (Update rabbit_oauth2_schema.erl) - -export([ translate_oauth_providers/1, translate_resource_servers/1, translate_signing_keys/1 ]). +-define(RESOURCE_SERVERS_SYNONYMS, #{ + "additional_scopes_key" => "extra_scopes_source" + }). + resource_servers_key_synonym(Key) -> maps:get(Key, ?RESOURCE_SERVERS_SYNONYMS, Key). extract_key_as_binary({Name,_}) -> list_to_binary(Name). @@ -116,13 +104,8 @@ extract_resource_server_properties(Settings) -> KeyFun = fun extract_key_as_binary/1, ValueFun = fun extract_value/1, -<<<<<<< HEAD - OAuthProviders = [{Name, {list_to_atom(Key), list_to_binary(V)}} - || {["auth_oauth2","resource_servers", Name, Key], V} <- Settings ], -======= OAuthProviders = [{Name, {list_to_atom(resource_servers_key_synonym(Key)), list_to_binary(V)}} - || {[?AUTH_OAUTH2, ?RESOURCE_SERVERS, Name, Key], V} <- Settings ], ->>>>>>> 0d51ee9ec0 (rabbitmq-auth-backend-oauth2: correctly map additional_scopes_key) + || {["auth_oauth2","resource_servers", Name, Key], V} <- Settings ], maps:groups_from_list(KeyFun, ValueFun, OAuthProviders). mapOauthProviderProperty({Key, Value}) -> From 5ffb395e86a8e38a4bf842ea36e9319b089a93ed Mon Sep 17 00:00:00 2001 From: Michael Klishin Date: Tue, 19 Nov 2024 05:49:41 -0500 Subject: [PATCH 5/5] Resolve a conflict #12752 #12758 --- .../test/rabbit_oauth2_schema_SUITE.erl | 39 +++---------------- 1 file changed, 5 insertions(+), 34 deletions(-) diff --git a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl index 6c1f64ba09c5..0e20f0844863 100644 --- a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl +++ b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl @@ -81,59 +81,30 @@ test_oauth_providers_attributes(_) -> } = sort_settings(rabbit_oauth2_schema:translate_oauth_providers(Conf)). test_resource_servers_attributes(_) -> -<<<<<<< HEAD Conf = [{["auth_oauth2","resource_servers","rabbitmq1","id"],"rabbitmq1xxx"}, {["auth_oauth2","resource_servers","rabbitmq1","scope_prefix"],"somescope."}, {["auth_oauth2","resource_servers","rabbitmq1","additional_scopes_key"],"roles"}, {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","1"],"userid"}, {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","2"],"groupid"} ], - #{<<"rabbitmq1xxx">> := [{additional_scopes_key, <<"roles">>}, -======= - Conf = [ - {["auth_oauth2","resource_servers","rabbitmq1","id"], - "rabbitmq1xxx"}, - {["auth_oauth2","resource_servers","rabbitmq1","scope_prefix"], - "somescope."}, - {["auth_oauth2","resource_servers","rabbitmq1","additional_scopes_key"], - "roles"}, - {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","1"], - "userid"}, - {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","2"], - "groupid"} - ], #{<<"rabbitmq1xxx">> := [{extra_scopes_source, <<"roles">>}, ->>>>>>> 0d51ee9ec0 (rabbitmq-auth-backend-oauth2: correctly map additional_scopes_key) - {id, <<"rabbitmq1xxx">>}, - {preferred_username_claims, [<<"userid">>, <<"groupid">>]}, - {scope_prefix, <<"somescope.">>} - ] + {id, <<"rabbitmq1xxx">>}, + {preferred_username_claims, [<<"userid">>, <<"groupid">>]}, + {scope_prefix, <<"somescope.">>} + ] } = sort_settings(rabbit_oauth2_schema:translate_resource_servers(Conf)), Conf2 = [ -<<<<<<< HEAD {["auth_oauth2","resource_servers","rabbitmq1","scope_prefix"],"somescope."}, {["auth_oauth2","resource_servers","rabbitmq1","additional_scopes_key"],"roles"}, {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","1"],"userid"}, {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","2"],"groupid"} ], - #{<<"rabbitmq1">> := [{additional_scopes_key, <<"roles">>}, -======= - {["auth_oauth2","resource_servers","rabbitmq1","scope_prefix"], - "somescope."}, - {["auth_oauth2","resource_servers","rabbitmq1","additional_scopes_key"], - "roles"}, - {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","1"], - "userid"}, - {["auth_oauth2","resource_servers","rabbitmq1","preferred_username_claims","2"], - "groupid"} - ], #{<<"rabbitmq1">> := [{extra_scopes_source, <<"roles">>}, ->>>>>>> 0d51ee9ec0 (rabbitmq-auth-backend-oauth2: correctly map additional_scopes_key) {id, <<"rabbitmq1">>}, {preferred_username_claims, [<<"userid">>, <<"groupid">>]}, {scope_prefix, <<"somescope.">>} - ] + ] } = sort_settings(rabbit_oauth2_schema:translate_resource_servers(Conf2)). test_oauth_providers_attributes_with_invalid_uri(_) ->