From f7d59120efa37026b286dc20c29adbe15e2d8b70 Mon Sep 17 00:00:00 2001
From: Marcial Rosales <marcial.rosales@broadcom.com>
Date: Mon, 2 Dec 2024 12:40:54 +0100
Subject: [PATCH] WIP Test oauth-proxy in isolation

Configure rabbitmq with oath-proxy
---
 selenium/bin/components/keycloak                   |  3 +--
 selenium/bin/components/oauth-proxy                |  6 +++---
 selenium/bin/components/proxy                      |  2 +-
 .../authnz-mgt/oauth-with-keycloak-via-proxy.sh    |  2 +-
 selenium/test/oauth/env.docker.oauth-proxy         |  2 ++
 selenium/test/oauth/env.docker.proxy               |  3 ---
 selenium/test/oauth/env.local.keycloak             |  1 -
 selenium/test/oauth/env.local.oauth-proxy          |  2 ++
 selenium/test/oauth/env.local.proxy                |  3 ---
 .../oauth/{httpd-proxy => oauth-proxy}/.htpasswd   |  0
 .../oauth/{httpd-proxy => oauth-proxy}/httpd.conf  | 14 ++++++++++----
 .../oauth/rabbitmq.oauth-proxy-oauth-provider.conf |  5 +++++
 12 files changed, 25 insertions(+), 18 deletions(-)
 create mode 100644 selenium/test/oauth/env.docker.oauth-proxy
 delete mode 100644 selenium/test/oauth/env.docker.proxy
 create mode 100644 selenium/test/oauth/env.local.oauth-proxy
 delete mode 100644 selenium/test/oauth/env.local.proxy
 rename selenium/test/oauth/{httpd-proxy => oauth-proxy}/.htpasswd (100%)
 rename selenium/test/oauth/{httpd-proxy => oauth-proxy}/httpd.conf (98%)
 create mode 100644 selenium/test/oauth/rabbitmq.oauth-proxy-oauth-provider.conf

diff --git a/selenium/bin/components/keycloak b/selenium/bin/components/keycloak
index f77df9f6f1c3..3bb9cecd0b1a 100644
--- a/selenium/bin/components/keycloak
+++ b/selenium/bin/components/keycloak
@@ -12,8 +12,7 @@ ensure_keycloak() {
 init_keycloak() {
   KEYCLOAK_CONFIG_PATH=${KEYCLOAK_CONFIG_PATH:-oauth/keycloak}
   KEYCLOAK_CONFIG_DIR=$(realpath ${TEST_DIR}/${KEYCLOAK_CONFIG_PATH})
-  KEYCLOAK_URL=${OAUTH_PROVIDER_URL}
-
+  
   print "> KEYCLOAK_CONFIG_DIR: ${KEYCLOAK_CONFIG_DIR}"
   print "> KEYCLOAK_URL: ${KEYCLOAK_URL}"
   print "> KEYCLOAK_DOCKER_IMAGE: ${KEYCLOAK_DOCKER_IMAGE}"
diff --git a/selenium/bin/components/oauth-proxy b/selenium/bin/components/oauth-proxy
index 06e803323fb0..8e89db8dfd3b 100644
--- a/selenium/bin/components/oauth-proxy
+++ b/selenium/bin/components/oauth-proxy
@@ -17,6 +17,7 @@ init_oauth-proxy() {
   print "> OAUTH_PROVIDER_URL: ${OAUTH_PROVIDER_URL}"
   print "> PROXY_HOSTNAME: ${PROXY_HOSTNAME}"
   print "> PROXY_PORT: ${PROXY_PORT}"
+  
 }
 start_oauth-proxy() {
   begin "Starting oauth-proxy ..."
@@ -38,7 +39,6 @@ start_oauth-proxy() {
     --mount "type=bind,source=${MOUNT_HTTPD_CONFIG_DIR},target=/usr/local/apache2/conf" \
     ${HTTPD_DOCKER_IMAGE}
 
-  PROXY_URL=$(calculate_forward_proxy_url $OAUTH_PROVIDER_URL $PROXY_HOSTNAME $PROXY_PORT)
-  
-  end "Proxy is ready"
+  wait_for_url $OAUTH_PROVIDER_URL ${PROXY_HOSTNAME}:${PROXY_PORT}
+  end "oauth-proxy is ready"
 }
diff --git a/selenium/bin/components/proxy b/selenium/bin/components/proxy
index 911ddd70d46b..afbc207057d9 100644
--- a/selenium/bin/components/proxy
+++ b/selenium/bin/components/proxy
@@ -9,7 +9,7 @@ ensure_proxy() {
  fi
 }
 init_proxy() {
-  HTTPD_CONFIG_DIR=${TEST_CONFIG_DIR}/httpd-proxy
+  HTTPD_CONFIG_DIR=${TEST_CONFIG_DIR}/oauth-proxy
   PUBLIC_RABBITMQ_HOST=${PUBLIC_RABBITMQ_HOST:-proxy:9090}
   PROXIED_RABBITMQ_URL=$(calculate_rabbitmq_url $PUBLIC_RABBITMQ_HOST)
 
diff --git a/selenium/suites/authnz-mgt/oauth-with-keycloak-via-proxy.sh b/selenium/suites/authnz-mgt/oauth-with-keycloak-via-proxy.sh
index 4f787b1156a5..dcd6121adf5d 100755
--- a/selenium/suites/authnz-mgt/oauth-with-keycloak-via-proxy.sh
+++ b/selenium/suites/authnz-mgt/oauth-with-keycloak-via-proxy.sh
@@ -7,4 +7,4 @@ TEST_CONFIG_PATH=/oauth
 PROFILES="oauth-proxy keycloak proxy-oauth-provider keycloak-mgt-oauth-provider tls"
 
 source $SCRIPT/../../bin/suite_template $@
-runWith keycloak forward-proxy
+runWith keycloak oauth-proxy
diff --git a/selenium/test/oauth/env.docker.oauth-proxy b/selenium/test/oauth/env.docker.oauth-proxy
new file mode 100644
index 000000000000..0adea9c0a2a4
--- /dev/null
+++ b/selenium/test/oauth/env.docker.oauth-proxy
@@ -0,0 +1,2 @@
+export OAUTH_PROXY_CA_CERT=/config/oauth/oauth-proxy/ca_oauth-proxy_certificate.pem
+export OAUTH_PROXY_URL=https://proxy:9092/realms/test
diff --git a/selenium/test/oauth/env.docker.proxy b/selenium/test/oauth/env.docker.proxy
deleted file mode 100644
index 03a9f9e31a6b..000000000000
--- a/selenium/test/oauth/env.docker.proxy
+++ /dev/null
@@ -1,3 +0,0 @@
-#export OAUTH_PROVIDER_URL=https://proxy:9090/realms/test
-export PROXY_CA_CERT=/config/oauth/httpd-proxy/ca_httpd-proxy_certificate.pem
-export PROXY_URL=https://proxy:9090/realms/test
diff --git a/selenium/test/oauth/env.local.keycloak b/selenium/test/oauth/env.local.keycloak
index 5c2843dbf00e..d237c6b593ed 100644
--- a/selenium/test/oauth/env.local.keycloak
+++ b/selenium/test/oauth/env.local.keycloak
@@ -1,3 +1,2 @@
 export KEYCLOAK_URL=https://localhost:8443/realms/test
-#export OAUTH_PROVIDER_URL=https://localhost:8443/realms/test
 export KEYCLOAK_CA_CERT=selenium/test/oauth/keycloak/ca_keycloak_certificate.pem
diff --git a/selenium/test/oauth/env.local.oauth-proxy b/selenium/test/oauth/env.local.oauth-proxy
new file mode 100644
index 000000000000..dcf3c0864115
--- /dev/null
+++ b/selenium/test/oauth/env.local.oauth-proxy
@@ -0,0 +1,2 @@
+export OAUTH_PROXY_CA_CERT=selenium/test/oauth/oauth-proxy/ca_oauth-proxy_certificate.pem
+export OAUTH_PROXY_URL=https://localhost:9092/realms/test
diff --git a/selenium/test/oauth/env.local.proxy b/selenium/test/oauth/env.local.proxy
deleted file mode 100644
index 53547063fadc..000000000000
--- a/selenium/test/oauth/env.local.proxy
+++ /dev/null
@@ -1,3 +0,0 @@
-#export OAUTH_PROVIDER_URL=https://localhost:9090/realms/test
-export PROXY_CA_CERT=selenium/test/oauth/httpd-proxy/ca_httpd-proxy_certificate.pem
-export PROXY_URL=https://localhost:9090/realms/test
diff --git a/selenium/test/oauth/httpd-proxy/.htpasswd b/selenium/test/oauth/oauth-proxy/.htpasswd
similarity index 100%
rename from selenium/test/oauth/httpd-proxy/.htpasswd
rename to selenium/test/oauth/oauth-proxy/.htpasswd
diff --git a/selenium/test/oauth/httpd-proxy/httpd.conf b/selenium/test/oauth/oauth-proxy/httpd.conf
similarity index 98%
rename from selenium/test/oauth/httpd-proxy/httpd.conf
rename to selenium/test/oauth/oauth-proxy/httpd.conf
index da290f6c7e5d..94b69a4210f1 100644
--- a/selenium/test/oauth/httpd-proxy/httpd.conf
+++ b/selenium/test/oauth/oauth-proxy/httpd.conf
@@ -49,7 +49,7 @@ ServerRoot "/usr/local/apache2"
 # prevent Apache from glomming onto all bound IP addresses.
 #
 #Listen 12.34.56.78:80
-Listen 9090
+Listen 9092
 
 #
 # Dynamic Shared Object (DSO) Support
@@ -238,7 +238,7 @@ ServerAdmin you@example.com
 #
 # If your host doesn't have a registered DNS name, enter its IP address here.
 #
-ServerName ${PUBLIC_RABBITMQ_HOST}
+ServerName oauth-proxy
 
 #
 # Deny access to the entirety of your server's filesystem. You must
@@ -502,10 +502,16 @@ SSLRandomSeed startup builtin
 SSLRandomSeed connect builtin
 </IfModule>
 
-<VirtualHost *:9090>
-  ServerName "proxy"
+<VirtualHost *:9092>
+  ServerName "oauth-proxy"
   ProxyRequests On
   ProxyVia On
+  SSLProxyEngine On
+  SSLProxyVerify require
+  SSLProxyVerifyDepth 10
+ 
+  SSLProxyCACertificateFile /etc/httpd/conf/certs/ca.pem
+ 
   <Proxy "*">
     Allow from all
   </Proxy>
diff --git a/selenium/test/oauth/rabbitmq.oauth-proxy-oauth-provider.conf b/selenium/test/oauth/rabbitmq.oauth-proxy-oauth-provider.conf
new file mode 100644
index 000000000000..2f5e2ceebf82
--- /dev/null
+++ b/selenium/test/oauth/rabbitmq.oauth-proxy-oauth-provider.conf
@@ -0,0 +1,5 @@
+auth_oauth2.issuer = ${OAUTH_PROVIDER_URL}
+auth_oauth2.https.cacertfile = ${OAUTH_PROXY_CA_CERT}
+auth_oauth2.proxy = ${OAUTH_PROXY_URL}
+#auth_oauth2.proxy_username = ${OAUTH_PROXY_USERNAME}
+#auth_oauth2.proxy_password = ${OAUTH_PROXY_PASSWORD}