Support for advertising different hostname for TLS stream connections

Use case: Allow plain connections over one (internal IP), and TLS connections over another IP (eg. internet routable IP). Without this patch a cluster can only support access over one or the other IP, not both. (cherry picked from commit b9e6aad035)
2021-09-27 22:52:36 +02:00 · 2021-09-27 22:52:36 +02:00 · 52791c677b
parent f932c3e0bc
commit 52791c677b
4 changed files with 30 additions and 3 deletions
--- a/deps/rabbitmq_stream/priv/schema/rabbitmq_stream.schema
+++ b/deps/rabbitmq_stream/priv/schema/rabbitmq_stream.schema
@ -193,10 +193,19 @@ fun(Conf) ->
    list_to_binary(cuttlefish:conf_get("stream.advertised_host", Conf))
 end}.

+{mapping, "stream.advertised_tls_host", "rabbitmq_stream.advertised_tls_host", [
+    {datatype, string}
+]}.
+
+{translation, "rabbitmq_stream.advertised_tls_host",
+fun(Conf) ->
+    list_to_binary(cuttlefish:conf_get("stream.advertised_tls_host", Conf))
+end}.
+
 {mapping, "stream.advertised_port", "rabbitmq_stream.advertised_port", [
    {datatype, integer}
 ]}.

 {mapping, "stream.advertised_tls_port", "rabbitmq_stream.advertised_tls_port", [
    {datatype, integer}
-]}.
+]}.
--- a/deps/rabbitmq_stream/src/rabbit_stream.erl
+++ b/deps/rabbitmq_stream/src/rabbit_stream.erl
@ -20,6 +20,7 @@

 -export([start/2,
         host/0,
+         tls_host/0,
         port/0,
         tls_port/0,
         kill_connection/1]).
@ -44,6 +45,15 @@ start(_Type, _Args) ->
                                 {queue_type, ?STREAM_QUEUE_TYPE}]),
    rabbit_stream_sup:start_link().

+tls_host() ->
+    case application:get_env(rabbitmq_stream, advertised_tls_host, undefined)
+    of
+        undefined ->
+            hostname_from_node();
+        Host ->
+            rabbit_data_coercion:to_binary(Host)
+    end.
+
 host() ->
    case application:get_env(rabbitmq_stream, advertised_host, undefined)
    of
--- a/deps/rabbitmq_stream/src/rabbit_stream_reader.erl
+++ b/deps/rabbitmq_stream/src/rabbit_stream_reader.erl
@ -1374,7 +1374,13 @@ handle_frame_pre_auth(Transport,
                                                     VirtualHost,
                                                     {socket, S},
                                                     #{}),
-            AdvertisedHost = rabbit_stream:host(),
+            AdvertisedHost =
+                case TransportLayer of
+                    tcp ->
+                        rabbit_stream:host();
+                    ssl ->
+                        rabbit_stream:tls_host()
+                end,
            AdvertisedPort =
                case TransportLayer of
                    tcp ->
--- a/deps/rabbitmq_stream/test/config_schema_SUITE_data/rabbitmq_stream.snippets
+++ b/deps/rabbitmq_stream/test/config_schema_SUITE_data/rabbitmq_stream.snippets
@ -54,9 +54,11 @@
  [rabbitmq_stream]},
  {advertised_host_port,
      "stream.advertised_host = some-host
+       stream.advertised_tls_host = some-other-host
       stream.advertised_port = 5556
       stream.advertised_tls_port = 5553",
      [{rabbitmq_stream,[{advertised_host, <<"some-host">>},
+                          {advertised_tls_host, <<"some-other-host">>},
                         	{advertised_port, 5556},
                         	{advertised_tls_port, 5553}]}],
      [rabbitmq_stream]},
@ -72,4 +74,4 @@
      [{rabbitmq_stream,[{initial_credits, 100000},
                         	{credits_required_for_unblocking, 25000}]}],
      [rabbitmq_stream]}
-].
+].