2f0faec58c
Fix test cases
2024-10-08 08:17:47 +02:00
b5230f7afd
Fix some test cases
2024-10-08 08:17:47 +02:00
66d9323148
Simplify module names
2024-10-08 08:17:47 +02:00
34f5d107d2
WIP fix more test cases
2024-10-08 08:17:47 +02:00
158fa3b6b1
WIP fix some test cases
...
Pending to add more scenarios whch
combine +2 resources with and without
verify_aud and with and without audience
in token
2024-10-08 08:17:47 +02:00
aecb86d56d
WIP Fix test cases
2024-10-08 08:17:47 +02:00
4576aaa32e
Refactor assertion function
2024-10-08 08:17:47 +02:00
af4ce0b1e8
WIP Fix compilation errors
...
Fixing test cases
2024-10-08 08:17:47 +02:00
91e46668b0
WIP Continue refactoring + clean up
2024-10-08 08:17:47 +02:00
9984eef2d1
WIP Fix compilation errors
2024-10-08 08:17:47 +02:00
7064969ca5
WIP More refactoring
...
split rabbit_oauth2_config into
- rabbit_oauth2_resource_server
- rabbit_oauth2_oauth_provider
and their respective test modules
Signing keys is an oauth provider
concern hence it stays with the
oauth_provider module.
2024-10-08 08:17:47 +02:00
2a3dcb3679
WIP Refactor code
...
before implementing oidc endpoints parameters
2024-10-08 08:17:47 +02:00
6fb83af48e
Reduce logging verbosity
2024-10-08 08:17:47 +02:00
3cf5b7e03e
Reduce verbosity of some log statements
2024-10-08 08:17:47 +02:00
4da45996ca
Minor refactor
...
Improve logging
Fix an issue running selenium tests locally
WIP modify schema to configure queryParameters for
oauth2 endpoints
2024-10-08 08:17:47 +02:00
a1206dc801
Move selenium to the root of the repo
2024-09-04 14:59:58 +01:00
c831ae46d1
Fix a typo in rabbit_oauth2_config_SUITE, references #11965
2024-09-01 04:50:56 -04:00
ef1ca774ff
bazel run gazelle
2024-08-30 04:02:30 +00:00
17ca51dcc5
Test merge signing keys when using oauth_providers
2024-08-29 15:19:03 +01:00
18bd43aa50
Improve formatting and add misisng test case
2024-08-29 12:44:49 +01:00
72b6bbdb35
Add more test cases
2024-08-29 12:44:49 +01:00
77e8172009
Support tokens without kid when using multiple resources
2024-08-29 12:44:49 +01:00
0397035669
Add test for AMQP 1.0 clients using OAuth token
2024-07-31 12:05:22 +02:00
7fb78338c6
Disconnect MQTT client when its credential expires
...
Fixes https://github.com/rabbitmq/rabbitmq-server/discussions/11854
Fixes https://github.com/rabbitmq/rabbitmq-server/issues/11862
This commit uses the same approach as implemented for AMQP 1.0 and
Streams: When a token expires, RabbitMQ will close the connection.
2024-07-30 19:55:46 +02:00
bbfa066d79
Cleanup .gitignore files for the monorepo
...
We don't need to duplicate so many patterns in so many
files since we have a monorepo (and want to keep it).
If I managed to miss something or remove something that
should stay, please put it back. Note that monorepo-wide
patterns should go in the top-level .gitignore file.
Other .gitignore files are for application or folder-
specific patterns.
2024-06-28 12:00:52 +02:00
27f735f49e
Use emqx/emqtt instead of a fork ( #11479 )
...
* Use emqx/emqtt instead of a fork
* Specify SNI in test connections (otherwise OTP26 secure TLS defaults make some tests fail)
2024-06-19 14:03:30 +02:00
5debebfaf3
Use rules_elixir to build the cli without mix
...
Certain elixir-native deps are still build with mix, but this can be
corrected later
2024-06-18 14:50:34 +02:00
bd06d8c90d
Fix duplicate dep in rabbitmq_auth_backend_oauth2
2024-06-10 09:42:33 +02:00
341f3daae9
Strip some trailing whitespace
2024-06-03 16:44:47 -04:00
72ab1944bf
Make end_session_endpoint configurable
2024-05-27 11:19:09 +02:00
cfa3de4b2b
Remove unused imports (thanks elp!)
2024-05-23 16:36:08 +02:00
ef3888220a
jose dependency belongs to rabbitmq-components.mk
...
and not oauth2_client or the OAuth 2 plugin.
Pair: Rin Kuryloski
2024-05-06 12:17:19 -04:00
6a9d668def
Set PLT_APPS in a number of plugins where it was missing
2024-04-29 14:54:28 +02:00
7c544ea0a1
Add configuration alias to schema
...
It was added to the code but not to
the schema
2024-04-15 10:16:53 +02:00
f7e25b4611
Remove duplicate code
...
that returns an Erlang ssl options
from RabbitMq Configuration
2024-04-15 10:16:53 +02:00
e6e7f1aa96
Remove unnecessary function
2024-04-15 10:16:53 +02:00
354df19a66
Remote obsolete function and refactor ssl_option
...
function so that there is only one function which
provides default ssl options
2024-04-15 10:16:53 +02:00
070265d00c
Add oauth2_client to rabbitmq_auth_backend_oauth2 make deps
2024-03-26 14:50:58 +01:00
49e8772565
Remove wrong and unncessary log statement
2024-03-06 16:37:12 +01:00
9f9cd9fdbb
Fix issue introduced while removing ssl_options function
2024-02-28 10:04:50 +01:00
4cad467d51
Remove obsolete function
2024-02-28 10:04:50 +01:00
d5624ab5dc
Add gazelle directive to stabilize bazel run gazelle
...
rabbit_common is indirectly included via rabbit_stream_reader.hrl, and
the rules_erlang gazelle extension does not yet know how to detect
this, therefore the directive manually declares it
2024-02-19 12:53:58 +01:00
41237fbb3b
Fix gaxelle issues around oauth2 dependencies
2024-02-14 18:55:39 +01:00
a8518156c2
OAuth 2: improve debug log message consistency
2024-02-12 09:59:16 -05:00
8a248ef630
Fix indentitation to 4 characters
2024-02-10 21:12:00 +01:00
ca73662ca4
Fix dialyze errors
2024-02-10 20:12:21 +01:00
06a7f48d4b
Apply feedback from @knilson
2024-02-10 20:12:20 +01:00
a3b2269583
Deprecate has_additional_scopes_key
...
and instead use only get_additional_scopes_key
As Per @kjnilsson suggestion
2024-02-10 20:12:20 +01:00
3e65938aa7
One more outdated license header
2024-02-10 20:12:16 +01:00
bf21dbe303
Update a 2023 era license header
2024-02-10 20:12:16 +01:00
7b955f154c
OAuth 2 plugin: cosmetics
...
(cherry picked from commit 7989bfc88e
2024-02-10 20:12:16 +01:00
f292114256
Fix formatting issues
2024-02-10 20:12:14 +01:00
31df65da5d
Drop comment line
2024-02-10 20:12:13 +01:00
fa77072eaa
Add last scenarios
2024-02-10 20:12:06 +01:00
a78120c214
Fix test cases
2024-02-10 20:12:06 +01:00
dbbab67a87
Fix issue setting up mock http server
2024-02-10 20:12:05 +01:00
daebd5fd7a
Fix issue building openid connect url
...
And add more tests
2024-02-10 20:12:05 +01:00
f6ce99ef72
Add failing test
2024-02-10 20:12:05 +01:00
a0680c0f1e
Fix issue resolving oauth provider
...
And add more test coverage
2024-02-10 20:12:05 +01:00
d827b72ce1
Create Oauth2 client
2024-02-10 20:12:04 +01:00
9c79ad8d55
More missed license header updates #9969
2024-02-05 12:26:25 -05:00
f414c2d512
More missed license header updates #9969
2024-02-05 11:53:50 -05:00
1f89ede396
Remove rabbit_authz_backend:state_can_expire/0
...
Use expiry_timestamp/1 instead, which returns 'never'
if the credentials do not expire.
Fixes #10382
2024-01-24 09:58:59 +01:00
33c64d06ea
Add expiry_timestamp/1 callback to authz backend behavior
...
Backends return 'never' or the timestamp of the expiry time
of the credentials. Only the OAuth2 backend returns a timestamp,
other RabbitMQ authz backends return 'never'.
Client code uses rabbit_access_control, so it contains now
a new expiry_timestamp/1 function that returns the earliest
expiry time of the underlying backends.
Fixes #10298
2024-01-19 14:46:47 +01:00
01092ff31f
(c) year bumps
2024-01-01 22:02:20 -05:00
1b642353ca
Update (c) according to [1]
...
1. https://investors.broadcom.com/news-releases/news-release-details/broadcom-and-vmware-intend-close-transaction-november-22-2023
2023-11-21 23:18:22 -05:00
2270a30af0
Point emqtt to rabbitmq/emqtt:master
...
emqtt repos:
emqx/emqtt PR #196 is based on rabbitmq:otp-26-compatibility
emqx/emqtt PR #198 is based on ansd:master
rabbitmq/master contains both of these 2 PRs cherry-picked.
rabbitmq-server repos:
main branch points emqtt to rabbitmq:otp-26-compatibility
mqtt5 branch points emqtt to rabbitmq:master
Therefore, the current mqtt5 branch is OTP 26 compatible and can support
multiple subscription identifiers.
2023-06-21 17:14:08 +01:00
55442aa914
Replace @rabbitmq.com addresses with rabbitmq-core@groups.vmware.com
...
Don't ask why we have to do it. Because reasons!
2023-06-20 15:40:13 +04:00
77ee572467
Fixes #8547
2023-06-14 09:39:03 +02:00
84e8d172e6
Make scopes optional for oauth2 authentication
2023-05-30 16:56:12 +02:00
f5ea10eff8
Squash a compiler warning in a test
2023-05-29 04:09:05 +04:00
1cd84b36ec
Test scope prefix within scope alias mapping
2023-05-16 08:40:29 +02:00
ea4074c1df
Make parameter optional
2023-05-16 08:40:29 +02:00
faffd6fa98
Configure Oauth scope prefix
...
separate from resource_server_id
2023-05-16 08:40:28 +02:00
eb94a58bc9
Add a workflow to compare the bazel/erlang.mk output
...
To catch any drift between the builds
2023-05-15 13:54:14 +02:00
858ed1bff6
Switch to an emqtt fork/branch for OTP26
...
This change should be reverted once emqx/emqtt is OTP26 compatible.
Our fork/branch isn't either at this point, but at least partially
works. Let's use this branch for now to uncover server-side OTP26
incompatibilities (and continue working on OTP26 support for emqtt of
course).
2023-04-26 11:06:23 +02:00
a944439fba
Replace globs in bazel with explicit lists of files
...
As this is preferred in rules_erlang 3.9.14
2023-04-25 17:29:12 +02:00
854d01d9a5
Restore the original -include_lib statements from before #6466
...
since this broke erlang_ls
requires rules_erlang 3.9.13
2023-04-20 12:40:45 +02:00
c0ed80c625
Merge pull request #6466 from rabbitmq/gazelle
...
Use gazelle for some maintenance of bazel BUILD files
2023-04-19 09:33:44 +04:00
de4fa24444
Minor code change
2023-04-18 17:06:05 +02:00
6227dfd15d
Fix issue #7178
2023-04-18 16:29:42 +02:00
8de8f59d47
Use gazelle generated bazel files
...
Bazel build files are now maintained primarily with `bazel run
gazelle`. This will analyze and merge changes into the build files as
necessitated by certain code changes (e.g. the introduction of new
modules).
In some cases there hints to gazelle in the build files, such as `#
gazelle:erlang...` or `# keep` comments. xref checks on plugins that
depend on the cli are a good example.
2023-04-17 18:13:18 +02:00
933d6a586c
Ignore warnings when building plt for rabbitmq_auth_backend_oauth2
...
The plugin itself still dialyzes cleanly, these warnings just mean
that the limited set of dependencies needed for the plugin are
incomplete with respect to each other (Or at least that is how I'm
intrepreting the results at this time).
2023-04-14 12:41:39 +02:00
1c1e4515f7
Deprecate uaa settings from management plugin
2023-04-13 11:22:05 +02:00
efb1b5bd10
Fix 2549
...
Allow list of preferred_username_claims in cuttlefish
config style.
Use new config style on two selenium test suites
Test oauth2 backend's config schema and oauth2 management
config schema
2023-02-28 10:38:28 +01:00
bf2a97a20a
Bump emqx/emqtt to 1.8.2
2023-02-21 17:25:19 +01:00
2dfa762bbb
Merge pull request #7177 from rabbitmq/oauth-mqtt-test
...
Add OAuth 2.0 MQTT system test
2023-02-06 23:18:17 -05:00
bf2b11d7ba
Fixing the rabbitmq_auth_backend_oauth2 schema
...
Fixing reference to the old key 'additional_rabbitmq_scopes'. Removing redundant mapping
2023-02-04 11:41:26 +01:00
2d0826c335
Add OAuth 2.0 MQTT system test
...
Add a test that rabbitmq_auth_backend_oauth2 works with MQTT.
See https://github.com/rabbitmq/rabbitmq-oauth2-tutorial#mqtt-protocol
2023-02-03 14:08:51 +00:00
9339ad1114
Comment why we are propagating authz_backends
...
when opening an internal amqp connection
2023-01-31 11:45:59 +01:00
51e27f8a3f
Fix issue #6909
...
Use the outcome from first authentication
stored in the #user.authz_backends to authenticate
subsequent attempts which occur when a session is
opened.
In particular, during the first authentication attempt
which occurs during the sasl handshake, the amqp 1.0
plugins reads and validates JWT token present in the
password field.
When a new AMQP 1.0 session is opened, the plugin creates
an internal AMQP connection which triggers a second/nth
authentication. For this second/nth authentication, the
plugin propagates as Authentication Credentials the outcome
from the first authentication which is stored in the
`#user.authz_backends`.
The Oauth2 backend first attempts to authenticate using
the password credentials else it uses the credential with the
key `rabbit_auth_backend_oauth2` which has a function which
returns the decoded token
2023-01-31 11:45:59 +01:00
b84e746ee9
Rework plt/dialyze for rabbitmqctl and plugins that depend on it
...
This allows us to stop ignorning undefined callback warnings
When mix compiles rabbitmqctl, it produces a 'consolidated' directory
alongside the 'ebin' dir. Some of the modules in consolidated are
intended to be used instead of those provided by elixir. We now handle
the conflicts properly in the bazel build.
2023-01-19 17:29:23 +01:00
8164df8bb2
Fix all dialyzer warnings in auth backends
2023-01-19 16:01:30 +01:00
5ef8923462
Avoid the need to pass package name to rabbitmq_integration_suite
2023-01-18 15:25:27 +01:00
a317b30807
Use improved assert_suites2 macro from rules_erlang 3.9.0
2023-01-18 15:07:06 +01:00
9fca4a7446
Improve coverage
2023-01-03 07:09:02 -05:00
9354397cbf
Support Idp initiated logon in mgt ui with Oauth
...
Configure preferred username from a token
Make client_secret optional
2023-01-03 07:09:00 -05:00
0a8dd19434
Cosmetics
...
(cherry picked from commit 042725d8364bac3fed40df4dcdb534728dd56576)
2023-01-02 07:15:58 -05:00
ec4f1dba7d
(c) year bump: 2022 => 2023
2023-01-01 23:17:36 -05:00
09d84e6bd5
See #4842 . Obfuscate impl value
2022-11-09 15:14:51 -08:00
Marcial Rosales
Marcial Rosales
Michael Klishin
GitHub
David Ansari
Loïc Hoguin
Michal Kuratczyk
Rin Kuryloski
Loïc Hoguin
Michal Kuratczyk
Michael Klishin
Arnaud Cogoluègnes
Rin Kuryloski
brunomedeirosdedalus
Alexey Lebedeff
Simon Unge