Declare display order of oauth2 resources

Using the index attribute defined in the
managemnet.oauth_resource_servers.<>.index

Author: MarcialRosales

deps/rabbitmq_management/priv/schema/rabbitmq_management.schema

@@ -529,6 +529,12 @@ end}.
   [{datatype, string}]
 }.
 
+{mapping,
+  "management.oauth_resource_servers.$name.index",
+  "rabbitmq_management.oauth_resource_servers",
+  [{datatype, string}]
+}.
+
 {mapping,
   "management.oauth_resource_servers.$name.oauth_provider_url",
   "rabbitmq_management.oauth_resource_servers",

deps/rabbitmq_management/src/rabbit_mgmt_schema.erl

@@ -15,11 +15,12 @@
 ]).
 
 extract_key_as_binary({Name,_}) -> list_to_binary(Name).
+extract_value({_Name,V}) -> V.
 
 -spec translate_oauth_resource_servers([{list(), binary()}]) -> map().
 translate_oauth_resource_servers(Conf) ->
     Settings = cuttlefish_variable:filter_by_prefix(
-        "management.oauth_resource_servers", Conf),
+        "management.oauth_resource_servers", Conf),    
     Map = merge_list_of_maps([
         extract_resource_server_properties(Settings),
         extract_resource_server_endpoint_params(oauth_authorization_endpoint_params, Settings),
@@ -48,18 +49,13 @@ convert_list_to_binary(V) when is_list(V) ->
 convert_list_to_binary(V) ->
     V.
 
-extract_resource_server_properties(Settings) ->    
+extract_resource_server_properties(Settings) ->
+    KeyFun = fun extract_key_as_binary/1,
+    ValueFun = fun extract_value/1,
+
     OAuthResourceServers = [{Name, {list_to_atom(Key), convert_list_to_binary(V)}}
         || {["management","oauth_resource_servers", Name, Key], V} <- Settings ],
-    OAuthResourceServers1 = lists:foldl(fun ({K, Value}, Acc) ->
-        Key = list_to_binary(K),
-        Attrs = case maps:get(Key, Acc, []) of 
-            [] -> [] ++ [{index, maps:size(Acc)+1}, Value];
-            List -> List ++ [Value]
-        end,
-        maps:put(Key, Attrs, Acc) end, #{}, OAuthResourceServers),
-    ct:log("OAuthResourceServers1: ~p", [OAuthResourceServers1]),
-    OAuthResourceServers1.
+    maps:groups_from_list(KeyFun, ValueFun, OAuthResourceServers).
 
 
 extract_resource_server_endpoint_params(Variable, Settings) ->

deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl

@@ -13,6 +13,7 @@
 
 -include_lib("rabbitmq_management_agent/include/rabbit_mgmt_records.hrl").
 -include_lib("oauth2_client/include/oauth2_client.hrl").
+-include_lib("kernel/include/logger.hrl").
 
 %%--------------------------------------------------------------------
 
@@ -119,6 +120,7 @@ buildRootResourceServerIfAny(Id, Props) ->
 
 authSettings() ->
     ManagementProps = application:get_all_env(rabbitmq_management),
+    ?LOG_DEBUG("ManagementProps: ~p", [ManagementProps]),
     OAuth2BackendProps = application:get_all_env(rabbitmq_auth_backend_oauth2),
     EnableOAUTH = proplists:get_value(oauth_enabled, ManagementProps, false),
     case EnableOAUTH of

deps/rabbitmq_management/test/rabbit_mgmt_schema_SUITE.erl

@@ -19,8 +19,7 @@ all() ->
         test_invalid_endpoint_params,
         test_translate_endpoint_params,
         test_with_one_resource_server,
-        test_with_many_resource_servers,
-        test_preserve_order_when_using_many_resource_servers
+        test_with_many_resource_servers
     ].
 
 
@@ -71,39 +70,6 @@ test_with_many_resource_servers(_) ->
         ]
     } = translate_oauth_resource_servers(Conf).
 
-test_preserve_order_when_using_many_resource_servers(_) ->
-    Conf = [
-        {["management","oauth_resource_servers","uaa","label"],"Uaa"},
-        {["management","oauth_resource_servers","uaa","oauth_client_id"],"uaa-client"},
-        {["management","oauth_resource_servers","spring","label"],"Spring"},
-        {["management","oauth_resource_servers","spring","oauth_client_id"],"spring-client"},
-        {["management","oauth_resource_servers","keycloak","label"],"Keycloak"},
-        {["management","oauth_resource_servers","keycloak","oauth_client_id"],"keycloak-client"}
-    ],
-    SortByIndex = fun({_, A}, {_, B}) -> 
-        proplists:get_value(index, A) =< proplists:get_value(index, B) end,
-
-    [
-        {<<"uaa">>, [
-            {index, 1},
-            {label, <<"Uaa">>},
-            {oauth_client_id, <<"uaa-client">>},
-            {id, <<"uaa">>}
-        ]},
-        {<<"spring">>, [
-            {index, 2},
-            {label, <<"Spring">>},
-            {oauth_client_id, <<"spring-client">>},
-            {id, <<"spring">>}            
-        ]},
-        {<<"keycloak">>, [
-            {index, 3},
-            {label, <<"Keycloak">>},
-            {oauth_client_id, <<"keycloak-client">>},
-            {id, <<"keycloak">>}            
-        ]}
-     ] = lists:sort(SortByIndex, maps:to_list(translate_oauth_resource_servers(Conf))).
-
 cert_filename(Conf) ->
     string:concat(?config(data_dir, Conf), "certs/cert.pem").
 

selenium/bin/components/devkeycloak

@@ -48,7 +48,7 @@ start_devkeycloak() {
     --https-certificate-key-file=/opt/keycloak/data/import/server_devkeycloak_key.pem \
     --hostname=devkeycloak --hostname-admin=devkeycloak --https-port=8442
 
-  wait_for_oidc_endpoint devkeycloak $DEVKEYCLOAK_URL $MOUNT_DEVKEYCLOAK_CONF_DIR/ca_certificate.pem
+  wait_for_oidc_endpoint devkeycloak $DEVKEYCLOAK_URL $MOUNT_DEVKEYCLOAK_CONF_DIR/ca_devkeycloak_certificate.pem
   end "devkeycloak is ready"
   print " Note: If you modify devkeycloak configuration, make sure to run the following command to export the configuration."
   print " docker exec -it devkeycloak /opt/keycloak/bin/kc.sh export --users realm_file --realm test --dir /opt/keycloak/data/import/"

selenium/bin/components/prodkeycloak

@@ -47,7 +47,7 @@ start_prodkeycloak() {
     --https-certificate-key-file=/opt/keycloak/data/import/server_prodkeycloak_key.pem \
     --hostname=prodkeycloak --hostname-admin=prodkeycloak --https-port=8443
 
-  wait_for_oidc_endpoint prodkeycloak $PRODKEYCLOAK_URL $MOUNT_PRODKEYCLOAK_CONF_DIR/ca_certificate.pem
+  wait_for_oidc_endpoint prodkeycloak $PRODKEYCLOAK_URL $MOUNT_PRODKEYCLOAK_CONF_DIR/ca_prodkeycloak_certificate.pem
   end "prodkeycloak is ready"
   print " Note: If you modify prodkeycloak configuration, make sure to run the following command to export the configuration."
   print " docker exec -it prodkeycloak /opt/keycloak/bin/kc.sh export --users realm_file --realm test --dir /opt/keycloak/data/import/"

selenium/test/multi-oauth/rabbitmq.conf

@@ -40,9 +40,11 @@ management.oauth_scopes = openid profile rabbitmq.tag:management rabbitmq.tag:ad
 ## Management ui settings for each declared resource server
 management.oauth_resource_servers.1.id = rabbit_prod
 management.oauth_resource_servers.1.oauth_client_id = rabbit_prod_mgt_ui
+management.oauth_resource_servers.1.index = 1
 
 management.oauth_resource_servers.2.id = rabbit_dev
 management.oauth_resource_servers.2.oauth_client_id = rabbit_dev_mgt_ui
+management.oauth_resource_servers.2.index = 2
 
 management.oauth_resource_servers.3.id = rabbit_internal
 management.oauth_resource_servers.3.disabled = true

selenium/test/multi-oauth/without-basic-auth/landing.js

@@ -27,15 +27,20 @@ describe('Given three oauth resources but only two enabled, an unauthenticated u
     resources = await homePage.getOAuthResourceOptions()
     if (hasProfile("with-resource-label")) {
       assertAllOptions([
-        { value : "rabbit_dev", text : "RabbitMQ Development" },
-        { value : "rabbit_prod", text : "RabbitMQ Production" }
-        ], resources)
+        { value : "rabbit_prod", text : "RabbitMQ Production" },
+        { value : "rabbit_dev", text : "RabbitMQ Development" }
+        ], resources);
+        // assert resources are rendered in the same order they are configured : prod and then dev
+        assert.equal("RabbitMQ Production", resources[0].text);
+        assert.equal("RabbitMQ Development", resources[1].text);
     }else {
       assertAllOptions([
-        { value : "rabbit_dev", text : "rabbit_dev" },
-        { value : "rabbit_prod", text : "rabbit_prod" }
-        ], resources)
-    }
+        { value : "rabbit_prod", text : "rabbit_prod" },
+        { value : "rabbit_dev", text : "rabbit_dev" }
+        ], resources);
+        assert.equal("rabbit_prod", resources[0].text);
+        assert.equal("rabbit_dev", resources[1].text);
+    }    
   })
 
   it('should not be presented with a login button to log in using Basic Auth', async function () {