From ad023f6dcb142b6d564128289c91f4f56ea76f79 Mon Sep 17 00:00:00 2001
From: Marcial Rosales <marcial.rosales@broadcom.com>
Date: Thu, 23 May 2024 10:54:59 +0200
Subject: [PATCH] Verify multi providers + end_session_endpoint

---
 .../test/rabbit_mgmt_wm_auth_SUITE.erl        | 71 ++++++++++++++++++-
 1 file changed, 69 insertions(+), 2 deletions(-)

diff --git a/deps/rabbitmq_management/test/rabbit_mgmt_wm_auth_SUITE.erl b/deps/rabbitmq_management/test/rabbit_mgmt_wm_auth_SUITE.erl
index 8f4946586104..d47350d2b926 100644
--- a/deps/rabbitmq_management/test/rabbit_mgmt_wm_auth_SUITE.erl
+++ b/deps/rabbitmq_management/test/rabbit_mgmt_wm_auth_SUITE.erl
@@ -20,6 +20,7 @@ all() ->
      {group, verify_mgt_oauth_provider_url_with_single_resource},
      {group, verify_mgt_oauth_provider_url_with_single_resource_and_another_resource},
      {group, verify_end_session_endpoint_with_single_resource},
+     {group, verify_end_session_endpoint_with_single_resource_and_another_resource},
      {group, verify_oauth_initiated_logon_type_for_sp_initiated},
      {group, verify_oauth_initiated_logon_type_for_idp_initiated},
      {group, verify_oauth_disable_basic_auth},
@@ -129,6 +130,38 @@ groups() ->
           ]}
         ]}
       ]},
+      {verify_end_session_endpoint_with_single_resource_and_another_resource, [], [
+        {with_resource_server_id_rabbit, [], [
+          {with_resource_server_a, [], [
+            {with_root_issuer_url1, [], [
+              {with_oauth_enabled, [], [
+                should_return_disabled_auth_settings,
+                {with_mgt_oauth_client_id_z, [], [
+                  should_not_return_end_session_endpoint,
+                  should_return_oauth_resource_server_a_without_end_session_endpoint,
+                  {with_root_end_session_endpoint_0, [], [
+                    should_return_end_session_endpoint_0,
+                    should_return_oauth_resource_server_a_with_end_session_endpoint_0                  
+                  ]},
+                  {with_oauth_providers_idp1_idp2, [], [
+                    {with_default_oauth_provider_idp1, [], [
+                      {with_end_session_endpoint_for_idp1_1, [], [
+                        should_return_end_session_endpoint_1,
+                        should_return_oauth_resource_server_a_with_end_session_endpoint_1,
+                        {with_oauth_provider_idp2_for_resource_server_a, [], [
+                          {with_end_session_endpoint_for_idp2_2, [], [
+                            should_return_oauth_resource_server_a_with_end_session_endpoint_2
+                          ]}                          
+                        ]}
+                      ]}
+                    ]}
+                  ]} 
+                ]}
+              ]}
+            ]}
+          ]}
+        ]}
+      ]},
       {verify_mgt_oauth_provider_url_with_single_resource_and_another_resource, [], [
         {with_resource_server_id_rabbit, [], [
           {with_resource_server_a, [], [
@@ -272,6 +305,7 @@ init_per_suite(Config) ->
     {url1, <<"https://url1">>},
     {logout_url_0, <<"https://logout_0">>},
     {logout_url_1, <<"https://logout_1">>},
+    {logout_url_2, <<"https://logout_2">>},
     {a, <<"a">>},
     {b, <<"b">>},
     {q, <<"q">>},
@@ -371,6 +405,15 @@ init_per_group(with_end_session_endpoint_for_idp1_1, Config) ->
   set_attribute_in_entry_for_env_variable(rabbitmq_auth_backend_oauth2, oauth_providers,
     ?config(idp1, Config), end_session_endpoint, ?config(logout_url_1, Config)),
   Config;
+init_per_group(with_end_session_endpoint_for_idp2_2, Config) ->
+  set_attribute_in_entry_for_env_variable(rabbitmq_auth_backend_oauth2, oauth_providers,
+    ?config(idp2, Config), end_session_endpoint, ?config(logout_url_2, Config)),
+  Config;
+
+init_per_group(with_oauth_provider_idp2_for_resource_server_a, Config) ->
+  set_attribute_in_entry_for_env_variable(rabbitmq_auth_backend_oauth2, resource_servers,
+    ?config(a, Config), oauth_provider_id, ?config(idp2, Config)),
+  Config;
 
 init_per_group(_, Config) ->
   Config.
@@ -459,6 +502,15 @@ end_per_group(with_end_session_endpoint_for_idp1_1, Config) ->
   remove_attribute_from_entry_from_env_variable(rabbitmq_auth_backend_oauth2, oauth_providers,
     ?config(idp1, Config), end_session_endpoint),
   Config;
+end_per_group(with_end_session_endpoint_for_idp2_2, Config) ->
+  remove_attribute_from_entry_from_env_variable(rabbitmq_auth_backend_oauth2, oauth_providers,
+    ?config(idp2, Config), end_session_endpoint),
+  Config;
+end_per_group(with_oauth_provider_idp2_for_resource_server_a, Config) ->
+  remove_attribute_from_entry_from_env_variable(rabbitmq_auth_backend_oauth2, resource_servers,
+    ?config(a, Config), oauth_provider_id),
+  Config;
+
 end_per_group(_, Config) ->
   Config.
 
@@ -589,15 +641,28 @@ should_not_return_end_session_endpoint(Config) ->
     Config, rabbit, end_session_endpoint).
 
 should_return_end_session_endpoint_0(Config) ->
-  ct:log("settings: ~p", [rabbit_mgmt_wm_auth:authSettings()]),
   assertEqual_on_attribute_for_oauth_resource_server(rabbit_mgmt_wm_auth:authSettings(),
     Config, rabbit, end_session_endpoint, ?config(logout_url_0, Config)).
 
 should_return_end_session_endpoint_1(Config) ->
-  ct:log("settings: ~p", [rabbit_mgmt_wm_auth:authSettings()]),
   assertEqual_on_attribute_for_oauth_resource_server(rabbit_mgmt_wm_auth:authSettings(),
     Config, rabbit, end_session_endpoint, ?config(logout_url_1, Config)).
 
+should_return_oauth_resource_server_a_without_end_session_endpoint(Config) ->
+  assert_attribute_not_defined_for_oauth_resource_server(rabbit_mgmt_wm_auth:authSettings(),
+    Config, a, end_session_endpoint).
+
+should_return_oauth_resource_server_a_with_end_session_endpoint_0(Config) ->
+  assertEqual_on_attribute_for_oauth_resource_server(rabbit_mgmt_wm_auth:authSettings(),
+    Config, a, end_session_endpoint, ?config(logout_url_0, Config)).
+
+should_return_oauth_resource_server_a_with_end_session_endpoint_1(Config) ->
+  assertEqual_on_attribute_for_oauth_resource_server(rabbit_mgmt_wm_auth:authSettings(),
+    Config, a, end_session_endpoint, ?config(logout_url_1, Config)).
+
+should_return_oauth_resource_server_a_with_end_session_endpoint_2(Config) ->
+  assertEqual_on_attribute_for_oauth_resource_server(rabbit_mgmt_wm_auth:authSettings(),
+    Config, a, end_session_endpoint, ?config(logout_url_2, Config)).
 
 %% -------------------------------------------------------------------
 %% Utility/helper functions
@@ -647,7 +712,9 @@ assert_not_defined_oauth_resource_server(Actual, Config, ConfigKey) ->
 
 set_attribute_in_entry_for_env_variable(Application, EnvVar, Key, Attribute, Value) ->
   Map = application:get_env(Application, EnvVar, #{}),
+  ct:log("set_attribute_in_entry_for_env_variable before ~p", [Map]),
   Map1 = maps:put(Key, [ { Attribute, Value} | maps:get(Key, Map, []) ], Map),
+  ct:log("set_attribute_in_entry_for_env_variable after ~p", [Map1]),
   application:set_env(Application, EnvVar, Map1).
 
 log(AuthSettings) ->