Added README
This commit is contained in:
Daniil Fedotov
parent
7d101f2c95
commit
10518c3468
|
|
@ -0,0 +1,75 @@
|
|||
# Overview
|
||||
|
||||
This plugin provides ability to cache authentication and authorization backend
|
||||
responses to configurable amount of time.
|
||||
It's not an independent auth backend, but proxy for existing backends.
|
||||
|
||||
This plugin will cache all requests to upstream auth backend for specific
|
||||
(configurable) amount of time. This makes few sense if used with broker
|
||||
internal auth backend but can be useful in LDAP, HTTP or other backends that use
|
||||
network for access checks.
|
||||
|
||||
**Be aware that this implementation does not provide any automatical invalidation other than TTL**
|
||||
|
||||
As with all authentication plugins, this one requires rabbitmq-server
|
||||
2.3.1 or later.
|
||||
|
||||
## Building
|
||||
|
||||
You can build and install it like any other plugin (see
|
||||
[the plugin development guide](http://www.rabbitmq.com/plugin-development.html)).
|
||||
|
||||
## Enabling the Plugin
|
||||
|
||||
To enable the plugin, set the value of the `auth_backends` configuration item
|
||||
for the `rabbit` application to include `rabbit_auth_backend_cache`.
|
||||
`auth_backends` is a list of authentication providers to try in order.
|
||||
|
||||
|
||||
So a configuration fragment that enables this plugin *only* would look like:
|
||||
|
||||
[{rabbit, [{auth_backends, [rabbit_auth_backend_cache]}]}].
|
||||
|
||||
To configure upstream auth backend, you should use `cached_backend` configuration item
|
||||
for the `rabbitmq_auth_backend_cache` application.
|
||||
|
||||
Configuration to use LDAP auth backend:
|
||||
|
||||
[{rabbitmq_auth_backend_cache, [{cached_backend, rabbit_auth_backend_ldap}]}].
|
||||
|
||||
You can use different backends for authorization and authentication same way,
|
||||
[as it used in broker](https://www.rabbitmq.com/access-control.html):
|
||||
|
||||
The following example configures plugin to use LDAP backend for authentication
|
||||
but internal backend for authorisation:
|
||||
|
||||
[{rabbitmq_auth_backend_cache, [{cached_backend, {rabbit_auth_backend_ldap,
|
||||
rabbit_auth_backend_internal}}]}].
|
||||
|
||||
## Configuring the plugin
|
||||
|
||||
You can configure TTL for cache items, by using `cache_ttl` configuration item, specified in **milliseconds**
|
||||
|
||||
[{rabbitmq_auth_backend_cache, [{cached_backend, rabbit_auth_backend_ldap}
|
||||
{cache_ttl, 5000}]}].
|
||||
|
||||
You can also use a custom cache module to store cached requests. This module
|
||||
should be an erlang module implementing `rabbit_auth_cache` behaviour.
|
||||
|
||||
This repository contains three such modules:
|
||||
|
||||
- `rabbit_auth_cache_dict` stores cache in internal process dictionary **this module is for demonstration only and should not be used in production**
|
||||
- `rabbit_auth_cache_ets` stores cache in `ets` table and uses timers to invalidate **this is default module**
|
||||
- `rabbit_auth_cache_ets_segmented` stores cache in multiple `ets` tables and do not deletes individual cache items, deletes tables during garbage collection periodically.
|
||||
|
||||
|
||||
To specify module for caching you should use `cache_module` configuration item and
|
||||
specify start args with `cache_module_args`.
|
||||
|
||||
[{rabbitmq_auth_backend_cache, [{cache_module, rabbit_auth_backend_ets_segmented},
|
||||
{cache_module_args, [10000]}]}].
|
||||
|
||||
Default values is `rabbit_auth_cache_ets` and `[]` respectively.
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue