From f121f78d44974e5f3b1be4e18c84c3abdcb8a23d Mon Sep 17 00:00:00 2001 From: Marcial Rosales Date: Thu, 13 Apr 2023 11:21:17 +0200 Subject: [PATCH 1/7] Deprecate uaa settings from management plugin (cherry picked from commit 1c1e4515f73c98dd06927e1eb0b868cbe2873cb7) # Conflicts: # deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js # deps/rabbitmq_management/src/rabbit_mgmt_oauth_bootstrap.erl # deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl --- .../rabbitmq_auth_backend_oauth2.schema | 2 +- .../priv/schema/rabbitmq_management.schema | 14 --- .../priv/www/js/oidc-oauth/helper.js | 25 +---- .../selenium/test/oauth/rabbitmq.conf | 1 - .../src/rabbit_mgmt_oauth_bootstrap.erl | 96 +++++++++++++++++++ .../src/rabbit_mgmt_wm_auth.erl | 44 +++++++++ 6 files changed, 145 insertions(+), 37 deletions(-) create mode 100644 deps/rabbitmq_management/src/rabbit_mgmt_oauth_bootstrap.erl diff --git a/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema b/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema index db8abe8928..6f8c048516 100644 --- a/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema +++ b/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema @@ -5,7 +5,7 @@ %% %% ---------------------------------------------------------------------------- -%% A prefix used for scopes in UAA to avoid scope collisions (or unintended overlap). It is an empty string by default. +%% A prefix used for scopes to avoid scope collisions (or unintended overlap). It is an empty string by default. %% %% {resource_server_id, <<"my_rabbit_server">>}, diff --git a/deps/rabbitmq_management/priv/schema/rabbitmq_management.schema b/deps/rabbitmq_management/priv/schema/rabbitmq_management.schema index e2bcf5c5c7..289bd73443 100644 --- a/deps/rabbitmq_management/priv/schema/rabbitmq_management.schema +++ b/deps/rabbitmq_management/priv/schema/rabbitmq_management.schema @@ -432,20 +432,6 @@ end}. %% =========================================================================== %% Authorization -%% Configure OAuth2 in the management ui to work with old versions of UAA (which versions?) -{mapping, "management.enable_uaa", "rabbitmq_management.enable_uaa", - [{datatype, {enum, [true, false]}}]}. - -%% Your client application's identifier as registered with the OIDC/OAuth2. Deprecated, switch to oauth_client_id -{mapping, "management.uaa_client_id", "rabbitmq_management.uaa_client_id", - [{datatype, string}]}. -{mapping, "management.uaa_client_secret", "rabbitmq_management.uaa_client_secret", - [{datatype, string}]}. - -%% The URL of the OIDC/OAuth2 provider -{mapping, "management.uaa_location", "rabbitmq_management.uaa_location", - [{datatype, string}]}. - %% Enable OAuth2 in the management ui {mapping, "management.oauth_enabled", "rabbitmq_management.oauth_enabled", [{datatype, {enum, [true, false]}}]}. diff --git a/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js b/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js index 6d376aca56..2b944a4b23 100644 --- a/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js +++ b/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js @@ -21,21 +21,11 @@ function oauth_initialize_if_required() { function auth_settings_apply_defaults(authSettings) { +<<<<<<< HEAD if (authSettings.enable_uaa == "true") { +======= +>>>>>>> 1c1e4515f7 (Deprecate uaa settings from management plugin) - if (!authSettings.oauth_provider_url) { - authSettings.oauth_provider_url = authSettings.uaa_location - } - if (!authSettings.oauth_client_id) { - authSettings.oauth_client_id = authSettings.uaa_client_id - } - if (!authSettings.oauth_client_secret) { - authSettings.oauth_client_secret = authSettings.uaa_client_secret - } - if (!authSettings.oauth_scopes) { - authSettings.oauth_scopes = "openid profile " + authSettings.oauth_resource_id + ".*"; - } - } if (!authSettings.oauth_response_type) { authSettings.oauth_response_type = "code"; // although the default value in oidc client } @@ -71,7 +61,7 @@ function oauth_initialize(authSettings) { authority: authSettings.oauth_provider_url, client_id: authSettings.oauth_client_id, response_type: authSettings.oauth_response_type, - scope: authSettings.oauth_scopes, // for uaa we may need to include .* + scope: authSettings.oauth_scopes, resource: authSettings.oauth_resource_id, redirect_uri: rabbit_base_uri + "/js/oidc-oauth/login-callback.html", post_logout_redirect_uri: rabbit_base_uri + "/", @@ -89,13 +79,6 @@ function oauth_initialize(authSettings) { oidcSettings.metadataUrl = authSettings.oauth_metadata_url; } - if (authSettings.enable_uaa == true) { - // This is required for old versions of UAA because the newer ones do expose - // the end_session_endpoint on the oidc discovery endpoint, .a.k.a. metadataUrl - oidcSettings.metadataSeed = { - end_session_endpoint: authSettings.oauth_provider_url + "/logout.do" - } - } oidc.Log.setLevel(oidc.Log.DEBUG); oidc.Log.setLogger(console); diff --git a/deps/rabbitmq_management/selenium/test/oauth/rabbitmq.conf b/deps/rabbitmq_management/selenium/test/oauth/rabbitmq.conf index 12065e8f58..d5c3f18e33 100644 --- a/deps/rabbitmq_management/selenium/test/oauth/rabbitmq.conf +++ b/deps/rabbitmq_management/selenium/test/oauth/rabbitmq.conf @@ -1,7 +1,6 @@ auth_backends.1 = rabbit_auth_backend_oauth2 management.login_session_timeout = 1 -management.enable_uaa = true management.oauth_enabled = true management.oauth_client_id = rabbit_client_code management.oauth_scopes = ${OAUTH_SCOPES} diff --git a/deps/rabbitmq_management/src/rabbit_mgmt_oauth_bootstrap.erl b/deps/rabbitmq_management/src/rabbit_mgmt_oauth_bootstrap.erl new file mode 100644 index 0000000000..65a38ee184 --- /dev/null +++ b/deps/rabbitmq_management/src/rabbit_mgmt_oauth_bootstrap.erl @@ -0,0 +1,96 @@ +%% This Source Code Form is subject to the terms of the Mozilla Public +%% License, v. 2.0. If a copy of the MPL was not distributed with this +%% file, You can obtain one at https://mozilla.org/MPL/2.0/. +%% +%% Copyright (c) 2011-2022 VMware, Inc. or its affiliates. All rights reserved. +%% + +-module(rabbit_mgmt_oauth_bootstrap). + +-export([init/2]). + +-include_lib("rabbitmq_management_agent/include/rabbit_mgmt_records.hrl"). +-include_lib("amqp_client/include/amqp_client.hrl"). + +%%-------------------------------------------------------------------- + +init(Req0, State) -> + bootstrap_oauth(rabbit_mgmt_headers:set_no_cache_headers( + rabbit_mgmt_headers:set_common_permission_headers(Req0, ?MODULE), ?MODULE), State). + +bootstrap_oauth(Req0, State) -> + JSContent = oauth_initialize_if_required() ++ set_token_auth(Req0), + {ok, cowboy_req:reply(200, #{<<"content-type">> => <<"text/javascript; charset=utf-8">>}, JSContent, Req0), State}. + +authSettings() -> + EnableOAUTH = application:get_env(rabbitmq_management, oauth_enabled, false), + Data = case EnableOAUTH of + true -> + OAuthInitiatedLogonType = application:get_env(rabbitmq_management, oauth_initiated_logon_type, sp_initiated), + OAuthProviderUrl = application:get_env(rabbitmq_management, oauth_provider_url, ""), + case OAuthInitiatedLogonType of + sp_initiated -> + OAuthClientId = application:get_env(rabbitmq_management, oauth_client_id, ""), + OAuthClientSecret = application:get_env(rabbitmq_management, oauth_client_secret, undefined), + OAuthMetadataUrl = application:get_env(rabbitmq_management, oauth_metadata_url, undefined), + OAuthScopes = application:get_env(rabbitmq_management, oauth_scopes, undefined), + OAuthResourceId = application:get_env(rabbitmq_auth_backend_oauth2, resource_server_id, ""), + case is_invalid([OAuthResourceId]) of + true -> + json_field(oauth_enabled, false, true); + false -> + case is_invalid([OAuthClientId, OAuthProviderUrl]) of + true -> + json_field(oauth_enabled, false, true); + false -> + json_field(oauth_enabled, true) ++ + json_field(oauth_client_id, OAuthClientId) ++ + json_field(oauth_client_secret, OAuthClientSecret) ++ + json_field(oauth_provider_url, OAuthProviderUrl) ++ + json_field(oauth_scopes, OAuthScopes) ++ + json_field(oauth_metadata_url, OAuthMetadataUrl) ++ + json_field(oauth_resource_id, OAuthResourceId, true) + end + end; + idp_initiated -> + [ json_field(oauth_enabled, true) ++ + json_field(oauth_initiated_logon_type, idp_initiated) ++ + json_field(oauth_provider_url, OAuthProviderUrl, true) + ] + end; + false -> + [ json_field(oauth_enabled, false, true) ] + end, + "{" ++ Data ++ "}". + +is_invalid(List) -> + lists:any(fun(V) -> V == "" end, List). + +json_field(Field, Value) -> json_field(Field, Value, false). + +json_field(_Field, Value, _LastField) when Value == undefined -> [ ]; +json_field(Field, Value, LastField) when is_number(Value) -> + ["\"", atom_to_list(Field), "\": ", Value, append_comma_if(not LastField)]; +json_field(Field, Value, LastField) when is_boolean(Value) -> + ["\"", atom_to_list(Field), "\": ", atom_to_list(Value), append_comma_if(not LastField)]; +json_field(Field, Value, LastField) when is_atom(Value) -> + ["\"", atom_to_list(Field), "\": \"", atom_to_list(Value), "\"", append_comma_if(not LastField)]; +json_field(Field, Value, LastField) -> + ["\"", atom_to_list(Field), "\": \"", Value, "\"", append_comma_if(not LastField)]. + + +append_comma_if(Append) when Append == true -> ","; +append_comma_if(Append) when Append == false -> "". + +oauth_initialize_if_required() -> + "function oauth_initialize_if_required() { return oauth_initialize(" ++ authSettings() ++ ") }". + +set_token_auth(Req0) -> + case application:get_env(rabbitmq_management, oauth_enabled, false) of + true -> + case cowboy_req:parse_header(<<"authorization">>, Req0) of + {bearer, Token} -> ["set_token_auth('", Token, "');"]; + _ -> [] + end; + false -> [] + end. diff --git a/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl b/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl index 8c00e5caff..22b5386681 100644 --- a/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl +++ b/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl @@ -24,6 +24,50 @@ variances(Req, Context) -> content_types_provided(ReqData, Context) -> {rabbit_mgmt_util:responder_map(to_json), ReqData, Context}. +<<<<<<< HEAD +======= +authSettings() -> + EnableOAUTH = application:get_env(rabbitmq_management, oauth_enabled, false), + case EnableOAUTH of + true -> + OAuthInitiatedLogonType = application:get_env(rabbitmq_management, oauth_initiated_logon_type, sp_initiated), + OAuthProviderUrl = application:get_env(rabbitmq_management, oauth_provider_url, ""), + case OAuthInitiatedLogonType of + sp_initiated -> + OAuthClientId = application:get_env(rabbitmq_management, oauth_client_id, ""), + OAuthClientSecret = application:get_env(rabbitmq_management, oauth_client_secret, ""), + OAuthMetadataUrl = application:get_env(rabbitmq_management, oauth_metadata_url, ""), + OAuthScopes = application:get_env(rabbitmq_management, oauth_scopes, ""), + OAuthResourceId = application:get_env(rabbitmq_auth_backend_oauth2, resource_server_id, ""), + case is_invalid([OAuthResourceId]) of + true -> + [{oauth_enabled, false}]; + false -> + case is_invalid([OAuthClientId, OAuthProviderUrl]) of + true -> + [{oauth_enabled, false}, {oauth_client_id, <<>>}, {oauth_provider_url, <<>>}]; + false -> + append_oauth_optional_secret([ + {oauth_enabled, true}, + {oauth_client_id, rabbit_data_coercion:to_binary(OAuthClientId)}, + {oauth_provider_url, rabbit_data_coercion:to_binary(OAuthProviderUrl)}, + {oauth_scopes, rabbit_data_coercion:to_binary(OAuthScopes)}, + {oauth_metadata_url, rabbit_data_coercion:to_binary(OAuthMetadataUrl)}, + {oauth_resource_id, rabbit_data_coercion:to_binary(OAuthResourceId)} + ], OAuthClientSecret) + end + end; + idp_initiated -> + [{oauth_enabled, true}, + {oauth_initiated_logon_type, rabbit_data_coercion:to_binary(OAuthInitiatedLogonType)}, + {oauth_provider_url, rabbit_data_coercion:to_binary(OAuthProviderUrl)} + ] + end; + false -> + [{oauth_enabled, false}] + end. + +>>>>>>> 1c1e4515f7 (Deprecate uaa settings from management plugin) to_json(ReqData, Context) -> EnableUAA = application:get_env(rabbitmq_management, enable_uaa, false), EnableOAUTH = application:get_env(rabbitmq_management, oauth_enabled, false), From 34b2e9b244ded2ae7e0902c1d3989f5c186ca97b Mon Sep 17 00:00:00 2001 From: Michael Klishin Date: Fri, 14 Apr 2023 18:50:45 +0400 Subject: [PATCH 2/7] Resolve conflicts (#7887) --- deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js | 4 ---- deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl | 3 --- 2 files changed, 7 deletions(-) diff --git a/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js b/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js index 2b944a4b23..456373101e 100644 --- a/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js +++ b/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js @@ -21,10 +21,6 @@ function oauth_initialize_if_required() { function auth_settings_apply_defaults(authSettings) { -<<<<<<< HEAD - if (authSettings.enable_uaa == "true") { -======= ->>>>>>> 1c1e4515f7 (Deprecate uaa settings from management plugin) if (!authSettings.oauth_response_type) { authSettings.oauth_response_type = "code"; // although the default value in oidc client diff --git a/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl b/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl index 22b5386681..d5c5f01fd9 100644 --- a/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl +++ b/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl @@ -24,8 +24,6 @@ variances(Req, Context) -> content_types_provided(ReqData, Context) -> {rabbit_mgmt_util:responder_map(to_json), ReqData, Context}. -<<<<<<< HEAD -======= authSettings() -> EnableOAUTH = application:get_env(rabbitmq_management, oauth_enabled, false), case EnableOAUTH of @@ -67,7 +65,6 @@ authSettings() -> [{oauth_enabled, false}] end. ->>>>>>> 1c1e4515f7 (Deprecate uaa settings from management plugin) to_json(ReqData, Context) -> EnableUAA = application:get_env(rabbitmq_management, enable_uaa, false), EnableOAUTH = application:get_env(rabbitmq_management, oauth_enabled, false), From 1209b866718a379eada6f204208c7ccb1426442a Mon Sep 17 00:00:00 2001 From: Michael Klishin Date: Fri, 14 Apr 2023 19:02:08 +0400 Subject: [PATCH 3/7] Remove an old version of rabbit_mgmt_wm_auth rabbit_mgmt_oauth_bootstrap is not hooked up to the dispatcher, and appears to be an older version of what is now rabbit_mgmt_wm_auth --- .../src/rabbit_mgmt_oauth_bootstrap.erl | 96 ------------------- .../src/rabbit_mgmt_wm_auth.erl | 48 +--------- 2 files changed, 2 insertions(+), 142 deletions(-) delete mode 100644 deps/rabbitmq_management/src/rabbit_mgmt_oauth_bootstrap.erl diff --git a/deps/rabbitmq_management/src/rabbit_mgmt_oauth_bootstrap.erl b/deps/rabbitmq_management/src/rabbit_mgmt_oauth_bootstrap.erl deleted file mode 100644 index 65a38ee184..0000000000 --- a/deps/rabbitmq_management/src/rabbit_mgmt_oauth_bootstrap.erl +++ /dev/null @@ -1,96 +0,0 @@ -%% This Source Code Form is subject to the terms of the Mozilla Public -%% License, v. 2.0. If a copy of the MPL was not distributed with this -%% file, You can obtain one at https://mozilla.org/MPL/2.0/. -%% -%% Copyright (c) 2011-2022 VMware, Inc. or its affiliates. All rights reserved. -%% - --module(rabbit_mgmt_oauth_bootstrap). - --export([init/2]). - --include_lib("rabbitmq_management_agent/include/rabbit_mgmt_records.hrl"). --include_lib("amqp_client/include/amqp_client.hrl"). - -%%-------------------------------------------------------------------- - -init(Req0, State) -> - bootstrap_oauth(rabbit_mgmt_headers:set_no_cache_headers( - rabbit_mgmt_headers:set_common_permission_headers(Req0, ?MODULE), ?MODULE), State). - -bootstrap_oauth(Req0, State) -> - JSContent = oauth_initialize_if_required() ++ set_token_auth(Req0), - {ok, cowboy_req:reply(200, #{<<"content-type">> => <<"text/javascript; charset=utf-8">>}, JSContent, Req0), State}. - -authSettings() -> - EnableOAUTH = application:get_env(rabbitmq_management, oauth_enabled, false), - Data = case EnableOAUTH of - true -> - OAuthInitiatedLogonType = application:get_env(rabbitmq_management, oauth_initiated_logon_type, sp_initiated), - OAuthProviderUrl = application:get_env(rabbitmq_management, oauth_provider_url, ""), - case OAuthInitiatedLogonType of - sp_initiated -> - OAuthClientId = application:get_env(rabbitmq_management, oauth_client_id, ""), - OAuthClientSecret = application:get_env(rabbitmq_management, oauth_client_secret, undefined), - OAuthMetadataUrl = application:get_env(rabbitmq_management, oauth_metadata_url, undefined), - OAuthScopes = application:get_env(rabbitmq_management, oauth_scopes, undefined), - OAuthResourceId = application:get_env(rabbitmq_auth_backend_oauth2, resource_server_id, ""), - case is_invalid([OAuthResourceId]) of - true -> - json_field(oauth_enabled, false, true); - false -> - case is_invalid([OAuthClientId, OAuthProviderUrl]) of - true -> - json_field(oauth_enabled, false, true); - false -> - json_field(oauth_enabled, true) ++ - json_field(oauth_client_id, OAuthClientId) ++ - json_field(oauth_client_secret, OAuthClientSecret) ++ - json_field(oauth_provider_url, OAuthProviderUrl) ++ - json_field(oauth_scopes, OAuthScopes) ++ - json_field(oauth_metadata_url, OAuthMetadataUrl) ++ - json_field(oauth_resource_id, OAuthResourceId, true) - end - end; - idp_initiated -> - [ json_field(oauth_enabled, true) ++ - json_field(oauth_initiated_logon_type, idp_initiated) ++ - json_field(oauth_provider_url, OAuthProviderUrl, true) - ] - end; - false -> - [ json_field(oauth_enabled, false, true) ] - end, - "{" ++ Data ++ "}". - -is_invalid(List) -> - lists:any(fun(V) -> V == "" end, List). - -json_field(Field, Value) -> json_field(Field, Value, false). - -json_field(_Field, Value, _LastField) when Value == undefined -> [ ]; -json_field(Field, Value, LastField) when is_number(Value) -> - ["\"", atom_to_list(Field), "\": ", Value, append_comma_if(not LastField)]; -json_field(Field, Value, LastField) when is_boolean(Value) -> - ["\"", atom_to_list(Field), "\": ", atom_to_list(Value), append_comma_if(not LastField)]; -json_field(Field, Value, LastField) when is_atom(Value) -> - ["\"", atom_to_list(Field), "\": \"", atom_to_list(Value), "\"", append_comma_if(not LastField)]; -json_field(Field, Value, LastField) -> - ["\"", atom_to_list(Field), "\": \"", Value, "\"", append_comma_if(not LastField)]. - - -append_comma_if(Append) when Append == true -> ","; -append_comma_if(Append) when Append == false -> "". - -oauth_initialize_if_required() -> - "function oauth_initialize_if_required() { return oauth_initialize(" ++ authSettings() ++ ") }". - -set_token_auth(Req0) -> - case application:get_env(rabbitmq_management, oauth_enabled, false) of - true -> - case cowboy_req:parse_header(<<"authorization">>, Req0) of - {bearer, Token} -> ["set_token_auth('", Token, "');"]; - _ -> [] - end; - false -> [] - end. diff --git a/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl b/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl index d5c5f01fd9..6d77671b6d 100644 --- a/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl +++ b/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl @@ -65,52 +65,8 @@ authSettings() -> [{oauth_enabled, false}] end. -to_json(ReqData, Context) -> - EnableUAA = application:get_env(rabbitmq_management, enable_uaa, false), - EnableOAUTH = application:get_env(rabbitmq_management, oauth_enabled, false), - Data = case EnableOAUTH of - true -> - OAuthInitiatedLogonType = application:get_env(rabbitmq_management, oauth_initiated_logon_type, sp_initiated), - OAuthProviderUrl = application:get_env(rabbitmq_management, oauth_provider_url, ""), - - case OAuthInitiatedLogonType of - sp_initiated -> - OAuthClientId = application:get_env(rabbitmq_management, oauth_client_id, ""), - OAuthClientSecret = application:get_env(rabbitmq_management, oauth_client_secret, ""), - OAuthMetadataUrl = application:get_env(rabbitmq_management, oauth_metadata_url, ""), - OAuthScopes = application:get_env(rabbitmq_management, oauth_scopes, ""), - OAuthResourceId = application:get_env(rabbitmq_auth_backend_oauth2, resource_server_id, ""), - case is_invalid([OAuthResourceId]) of - true -> - rabbit_log:warning("Disabling OAuth 2 authorization, missing resource_server_id in oauth2 plugin", []), - [{oauth_enabled, false}]; - false -> - case is_invalid([OAuthClientId, OAuthProviderUrl]) of - true -> - rabbit_log:warning("Disabling OAuth 2 authorization, missing relevant configuration in management plugin", []), - [{oauth_enabled, false}, {oauth_client_id, <<>>}, {oauth_provider_url, <<>>}]; - false -> - append_oauth_optional_secret([ - {oauth_enabled, true}, - {enable_uaa, rabbit_data_coercion:to_binary(EnableUAA)}, - {oauth_client_id, rabbit_data_coercion:to_binary(OAuthClientId)}, - {oauth_provider_url, rabbit_data_coercion:to_binary(OAuthProviderUrl)}, - {oauth_scopes, rabbit_data_coercion:to_binary(OAuthScopes)}, - {oauth_metadata_url, rabbit_data_coercion:to_binary(OAuthMetadataUrl)}, - {oauth_resource_id, rabbit_data_coercion:to_binary(OAuthResourceId)} - ], OAuthClientSecret) - end - end; - idp_initiated -> - [{oauth_enabled, true}, - {oauth_initiated_logon_type, rabbit_data_coercion:to_binary(OAuthInitiatedLogonType)}, - {oauth_provider_url, rabbit_data_coercion:to_binary(OAuthProviderUrl)} - ] - end; - false -> - [{oauth_enabled, false}] - end, - rabbit_mgmt_util:reply(Data, ReqData, Context). + to_json(ReqData, Context) -> + rabbit_mgmt_util:reply(authSettings(), ReqData, Context). is_authorized(ReqData, Context) -> {true, ReqData, Context}. From e4e6691153a3be998a02c73fe6b55237d320e86c Mon Sep 17 00:00:00 2001 From: Michal Kuratczyk Date: Fri, 14 Apr 2023 09:43:00 +0000 Subject: [PATCH 4/7] Handle all queue types in is_process_hibernated (cherry picked from commit d6c4135ff1515add9c484029daed41d31cfc76db) --- deps/rabbit/src/rabbit_process.erl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/deps/rabbit/src/rabbit_process.erl b/deps/rabbit/src/rabbit_process.erl index 056f9dd3ec..0fe093ff7f 100644 --- a/deps/rabbit/src/rabbit_process.erl +++ b/deps/rabbit/src/rabbit_process.erl @@ -87,4 +87,7 @@ is_registered_process_alive(Name) -> %% false otherwise. is_process_hibernated(Pid) when is_pid(Pid) -> - {current_function,{erlang,hibernate,3}} == erlang:process_info(Pid, current_function). + {current_function,{erlang,hibernate,3}} == erlang:process_info(Pid, current_function); +is_process_hibernated(_) -> + %% some queue types, eg QQs, have a tuple as a Pid, but they are never hibernated + false. From 0c2d1c5b0de4603c2b9b64cfc8ecc4f8de487d3f Mon Sep 17 00:00:00 2001 From: Rin Kuryloski Date: Thu, 13 Apr 2023 22:39:25 +0200 Subject: [PATCH 5/7] Fix dialyzer errors for rabbitmq_shovel on OTP 26 `-Wunknown` is on by default in OTP 26, so for some plugins we must now set `-Wno_unknown` (cherry picked from commit c8db137adacc9ede17c2dfded008fe781eaaadb5) --- BUILD.bazel | 5 +++++ deps/rabbitmq_shovel/BUILD.bazel | 1 + 2 files changed, 6 insertions(+) diff --git a/BUILD.bazel b/BUILD.bazel index a622cad68e..caf52ae0fc 100644 --- a/BUILD.bazel +++ b/BUILD.bazel @@ -63,6 +63,11 @@ string_flag( plt( name = "base_plt", + dialyzer_opts = select({ + "@erlang_config//:erlang_26": ["-Wno_unknown"], + "@erlang_config//:erlang_26_0-rc2": ["-Wno_unknown"], + "//conditions:default": [], + }), visibility = ["//visibility:public"], ) diff --git a/deps/rabbitmq_shovel/BUILD.bazel b/deps/rabbitmq_shovel/BUILD.bazel index 409b19c871..5729a685d6 100644 --- a/deps/rabbitmq_shovel/BUILD.bazel +++ b/deps/rabbitmq_shovel/BUILD.bazel @@ -69,6 +69,7 @@ plt( apps = EXTRA_APPS, libs = ["//deps/rabbitmq_cli:elixir"], deps = ["//deps/rabbitmq_cli:elixir"] + BUILD_DEPS + DEPS + RUNTIME_DEPS, + ignore_warnings = True, ) dialyze( From 4fb5be1c70717644b95bce8fb7a7fa0f0e1a7943 Mon Sep 17 00:00:00 2001 From: Rin Kuryloski Date: Fri, 14 Apr 2023 09:09:55 +0200 Subject: [PATCH 6/7] Use rules_erlang 3.9.12 which has the new plt attrs (cherry picked from commit 42268d8c75bdc69924a9fbd5d0216bcb271398eb) --- BUILD.bazel | 8 ++------ MODULE.bazel | 2 +- WORKSPACE | 2 +- 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/BUILD.bazel b/BUILD.bazel index caf52ae0fc..ffab183c11 100644 --- a/BUILD.bazel +++ b/BUILD.bazel @@ -4,7 +4,7 @@ load( "string_flag", ) load("@rules_pkg//:mappings.bzl", "pkg_files", "strip_prefix") -load("@rules_erlang//:dialyze.bzl", "plt") +load("@rules_erlang//:dialyze.bzl", "DEFAULT_PLT_APPS", "plt") load("@rules_erlang//:shell.bzl", "shell") load("@rules_erlang//:erl_eval.bzl", "erl_eval") load("@bazel_gazelle//:def.bzl", "gazelle") @@ -63,11 +63,7 @@ string_flag( plt( name = "base_plt", - dialyzer_opts = select({ - "@erlang_config//:erlang_26": ["-Wno_unknown"], - "@erlang_config//:erlang_26_0-rc2": ["-Wno_unknown"], - "//conditions:default": [], - }), + apps = DEFAULT_PLT_APPS + ["compiler", "crypto"], visibility = ["//visibility:public"], ) diff --git a/MODULE.bazel b/MODULE.bazel index 8e06079a47..4f45b4c564 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -31,7 +31,7 @@ bazel_dep( bazel_dep( name = "rules_erlang", - version = "3.9.11", + version = "3.9.12", ) erlang_config = use_extension( diff --git a/WORKSPACE b/WORKSPACE index 92f93ec250..96d53254e8 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -6,7 +6,7 @@ load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository", "new_git_r git_repository( name = "rules_erlang", remote = "https://github.com/rabbitmq/rules_erlang.git", - tag = "3.9.11", + tag = "3.9.12", ) load("@rules_erlang//:internal_deps.bzl", "rules_erlang_internal_deps") From 7b8beb1c692d95b68b5f41eda56d02b80d299b65 Mon Sep 17 00:00:00 2001 From: Rin Kuryloski Date: Fri, 14 Apr 2023 12:41:39 +0200 Subject: [PATCH 7/7] Ignore warnings when building plt for rabbitmq_auth_backend_oauth2 The plugin itself still dialyzes cleanly, these warnings just mean that the limited set of dependencies needed for the plugin are incomplete with respect to each other (Or at least that is how I'm intrepreting the results at this time). (cherry picked from commit 933d6a586c9a373618fef641ac78bd345d3d295a) --- deps/rabbitmq_auth_backend_oauth2/BUILD.bazel | 1 + 1 file changed, 1 insertion(+) diff --git a/deps/rabbitmq_auth_backend_oauth2/BUILD.bazel b/deps/rabbitmq_auth_backend_oauth2/BUILD.bazel index f8d2d0aa18..357c873314 100644 --- a/deps/rabbitmq_auth_backend_oauth2/BUILD.bazel +++ b/deps/rabbitmq_auth_backend_oauth2/BUILD.bazel @@ -57,6 +57,7 @@ plt( libs = ["//deps/rabbitmq_cli:elixir"], plt = "//:base_plt", deps = ["//deps/rabbitmq_cli:elixir"] + BUILD_DEPS + DEPS + RUNTIME_DEPS, + ignore_warnings = True, ) dialyze(