rabbitmq_management: Fix issue with oauth2+basic_auth

[MarcialRosales]

Proposed Changes

Fix: OAuth2 + basic auth — basic-auth users lost stored credentials on reload

Types of Changes

What types of changes does your code introduce to this project?
Put an x in the boxes that apply

• Bug fix (non-breaking change which fixes issue #NNNN)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause an observable behavior change in existing systems)
• Documentation improvements (corrections, new content, etc)
• Cosmetic change (whitespace, formatting, etc)
• Build system and/or CI

Checklist

Put an x in the boxes that apply.
You can also fill these out after creating the PR.
This is simply a reminder of what we are going to look for before merging your code.

• Mandatory: I (or my employer/client) have have signed the CA (see https://github.com/rabbitmq/cla)
• I have read the CONTRIBUTING.md document
• I have added tests that prove my fix is effective or that my feature works
• All tests pass locally with my changes
• If relevant, I have added necessary documentation to https://github.com/rabbitmq/rabbitmq-website
• If relevant, I have added this change to the first version(s) in release-notes that I expect to introduce it

Further Comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution
you did and what alternatives you considered, etc.

[michaelklishin]

@MarcialRosales this looks good, I have corrected a few small things.

I have one remaining question: wher should IDP_TOKEN_ENDPOINT that fakeproxy uses come from? Nothing, including the workflows, seems to be setting that value.

Am I missing something?

[MarcialRosales]

The test suite that runs idp initiated login via a proxy is https://github.com/rabbitmq/rabbitmq-server/blob/fix-oauth2-basic-auth-reload/selenium/suites/authnz-mgt/oauth-idp-initiated-with-uaa-via-proxy.sh

That file declares the configuration directory (test/oauth) and the profiles it uses — in this case fakeportal and uaa (among others). Selenium combines those profiles to produce a .env file. When running in Docker, a docker profile is also added, which causes it to pick up — among other env files — env.docker.fakeportal.uaa, which contains:

export IDP_TOKEN_ENDPOINT=https://uaa:8443/oauth/token

That generated .env file is then sourced by all bootstrapping scripts — for RabbitMQ itself, for dependencies like fakeproxy, for configuration generation like rabbitmq.conf, and for the test runners — so every component picks up IDP_TOKEN_ENDPOINT from the same place.