WIP Test oauth-proxy in isolation

Configure rabbitmq with oath-proxy

selenium/bin/components/keycloak

@@ -12,8 +12,7 @@ ensure_keycloak() {
 init_keycloak() {
   KEYCLOAK_CONFIG_PATH=${KEYCLOAK_CONFIG_PATH:-oauth/keycloak}
   KEYCLOAK_CONFIG_DIR=$(realpath ${TEST_DIR}/${KEYCLOAK_CONFIG_PATH})
-  KEYCLOAK_URL=${OAUTH_PROVIDER_URL}
-
+
   print "> KEYCLOAK_CONFIG_DIR: ${KEYCLOAK_CONFIG_DIR}"
   print "> KEYCLOAK_URL: ${KEYCLOAK_URL}"
   print "> KEYCLOAK_DOCKER_IMAGE: ${KEYCLOAK_DOCKER_IMAGE}"

selenium/bin/components/oauth-proxy

@@ -17,6 +17,7 @@ init_oauth-proxy() {
   print "> OAUTH_PROVIDER_URL: ${OAUTH_PROVIDER_URL}"
   print "> PROXY_HOSTNAME: ${PROXY_HOSTNAME}"
   print "> PROXY_PORT: ${PROXY_PORT}"
+
 }
 start_oauth-proxy() {
   begin "Starting oauth-proxy ..."
@@ -38,7 +39,6 @@ start_oauth-proxy() {
     --mount "type=bind,source=${MOUNT_HTTPD_CONFIG_DIR},target=/usr/local/apache2/conf" \
     ${HTTPD_DOCKER_IMAGE}
 
-  PROXY_URL=$(calculate_forward_proxy_url $OAUTH_PROVIDER_URL $PROXY_HOSTNAME $PROXY_PORT)
-
-  end "Proxy is ready"
+  wait_for_url $OAUTH_PROVIDER_URL ${PROXY_HOSTNAME}:${PROXY_PORT}
+  end "oauth-proxy is ready"
 }

selenium/bin/components/proxy

@@ -9,7 +9,7 @@ ensure_proxy() {
  fi
 }
 init_proxy() {
-  HTTPD_CONFIG_DIR=${TEST_CONFIG_DIR}/httpd-proxy
+  HTTPD_CONFIG_DIR=${TEST_CONFIG_DIR}/oauth-proxy
   PUBLIC_RABBITMQ_HOST=${PUBLIC_RABBITMQ_HOST:-proxy:9090}
   PROXIED_RABBITMQ_URL=$(calculate_rabbitmq_url $PUBLIC_RABBITMQ_HOST)
 

selenium/suites/authnz-mgt/oauth-with-keycloak-via-proxy.sh

@@ -7,4 +7,4 @@ TEST_CONFIG_PATH=/oauth
 PROFILES="oauth-proxy keycloak proxy-oauth-provider keycloak-mgt-oauth-provider tls"
 
 source $SCRIPT/../../bin/suite_template $@
-runWith keycloak forward-proxy
+runWith keycloak oauth-proxy

selenium/test/oauth/env.docker.oauth-proxy

@@ -0,0 +1,2 @@
+export OAUTH_PROXY_CA_CERT=/config/oauth/oauth-proxy/ca_oauth-proxy_certificate.pem
+export OAUTH_PROXY_URL=https://proxy:9092/realms/test

selenium/test/oauth/env.local.keycloak

@@ -1,3 +1,2 @@
 export KEYCLOAK_URL=https://localhost:8443/realms/test
-#export OAUTH_PROVIDER_URL=https://localhost:8443/realms/test
 export KEYCLOAK_CA_CERT=selenium/test/oauth/keycloak/ca_keycloak_certificate.pem

selenium/test/oauth/env.local.oauth-proxy

@@ -0,0 +1,2 @@
+export OAUTH_PROXY_CA_CERT=selenium/test/oauth/oauth-proxy/ca_oauth-proxy_certificate.pem
+export OAUTH_PROXY_URL=https://localhost:9092/realms/test

selenium/test/oauth/httpd-proxy/httpd.conf → selenium/test/oauth/oauth-proxy/httpd.conf

@@ -49,7 +49,7 @@ ServerRoot "/usr/local/apache2"
 # prevent Apache from glomming onto all bound IP addresses.
 #
 #Listen 12.34.56.78:80
-Listen 9090
+Listen 9092
 
 #
 # Dynamic Shared Object (DSO) Support
@@ -238,7 +238,7 @@ ServerAdmin [email protected]
 #
 # If your host doesn't have a registered DNS name, enter its IP address here.
 #
-ServerName ${PUBLIC_RABBITMQ_HOST}
+ServerName oauth-proxy
 
 #
 # Deny access to the entirety of your server's filesystem. You must
@@ -502,10 +502,16 @@ SSLRandomSeed startup builtin
 SSLRandomSeed connect builtin
 </IfModule>
 
-<VirtualHost *:9090>
-  ServerName "proxy"
+<VirtualHost *:9092>
+  ServerName "oauth-proxy"
   ProxyRequests On
   ProxyVia On
+  SSLProxyEngine On
+  SSLProxyVerify require
+  SSLProxyVerifyDepth 10
+
+  SSLProxyCACertificateFile /etc/httpd/conf/certs/ca.pem
+
   <Proxy "*">
     Allow from all
   </Proxy>

selenium/test/oauth/rabbitmq.oauth-proxy-oauth-provider.conf

@@ -0,0 +1,5 @@
+auth_oauth2.issuer = ${OAUTH_PROVIDER_URL}
+auth_oauth2.https.cacertfile = ${OAUTH_PROXY_CA_CERT}
+auth_oauth2.proxy = ${OAUTH_PROXY_URL}
+#auth_oauth2.proxy_username = ${OAUTH_PROXY_USERNAME}
+#auth_oauth2.proxy_password = ${OAUTH_PROXY_PASSWORD}